[sudo-workers] Possible to assign NOEXEC for all users for certain commands ...
Alek O. Komarnitsky (N-CSC)
alek at ast.lmco.com
Wed Sep 22 11:57:13 EDT 2004
The new "noexec" feature of sudo is pretty cool ... but it breaks
a few ways we do things that aren't easily worked around.
Per the sudoers documentation, I see where I can tag certain commands
for a certain user as "noexec" ... but what I really want to do is a
"global" noexec for a certain command.
I.e. by default, noexec is NOT set ... but if ANY user runs vi,
I want noexec enabled. Yea, I can modify EVERY single user entry,
but what would be cleaner/more desireable would be to have some
options on the noexec tag where you could specify program path names.
Have I missed a clever way to do this with the current release?
More information about the sudo-workers