Todd C. Miller
Todd.Miller at courtesan.com
Thu May 27 15:48:36 EDT 2004
In message <F6E6EB8E-B00C-11D8-AA31-000A9579FDFC at mac.com>
so spake Jacob Pszonowsky (jdp16):
> What is it I need to do to enable "noexec" in the beta version?
This is documented in the sudoers man page, though it could probably
do with more examples.
There are two ways:
1) The "noexec" Defaults option can turn off exec on a more or less
global basis. It works just like the other Defaults things in sudoers.
Default noexec at Hostname
Note that many programs require that they be able to execute other
programs in order to function.
2) There is a per-entry NOEXEC flag that is syntactically similar
to the NOPASSWD modifier.
bob server = NOEXEC: /usr/bin/more, /usr/bin/vi
would allow bob to run more and vi on the machine "server" with
More information about the sudo-workers