How-To Prevent command execution in vi - SUDO

Toni L. Harbaugh-Blackford harbaugh at
Tue Mar 16 10:43:55 EST 2004


Many commands provide shell escapes like vi does.  You can't allow users
to run these commands with sudo, because there is no way to stop them from
using a shell escape.  The only way to restrict an account the way you want
to is to either give it a restricted shell *or* provide a chroot jail.


On Tue, 16 Mar 2004 David.Knight at wrote:

  > ALl,
  >         I am currently in to process of implementing SUDO on my Tru64
  > Servers. However, I have one question:
  > 1) I need to be able to lock down accounts to the point of only allowing
  > them access to a very very limited command set I.E Just "ls" "pwd" "cd"
  > and "vi"  however I have found that SUDO is mainly to allow users access
  > to commands ran by other users. so I figured that I could write a script
  > to force them to use sudo or a limited command set however I find that if
  > you allow some one access to the "vi" command they can execute any command
  > the wish by doing a :! and the command. I have been unable to find any
  > options to SUDO either on compile time or execution nor with vi that will
  > prevent this from happening. any help would be grateful.
  > Thanks in advance,
  > David Knight
  > ____________________________________________________________
  > sudo-workers mailing list <sudo-workers at>
  > For list information, options, or to unsubscribe, visit:

Toni Harbaugh-Blackford                   harbaugh at
System Administrator
SAIC/NCI Frederick Advanced Biomedical Computing Center

More information about the sudo-workers mailing list