[sudo-users] What is the opposite of ALL?
Grant Taylor
gtaylor at tnetconsulting.net
Tue Nov 16 11:24:41 MST 2021
What is the opposite of ALL in the command list in following rule?
%group ALL = (ALL) ALL
My kneejerk reaction is to use the following.
%group ALL = (ALL) !ALL
But "!ALL" seems ... wrong to me.
Yes, I know the dangers of negation. I'm trying to set a safety net /
trap for a legacy group that's no longer being used after a migration to
a new group.
%oldgroup ALL = (ALL) !ALL
%newgroup ALL = (ALL) NewGroupCommands
My intention is to cause a hard / fast failure if ID Administration
inadvertently adds new users to the old group instead of the new group.
--
Grant. . . .
unix || die
More information about the sudo-users
mailing list