[sudo-workers] Possible to assign NOEXEC for all users for certain commands ...

Alek O. Komarnitsky (N-CSC) alek at ast.lmco.com
Wed Sep 22 11:57:13 EDT 2004

The new "noexec" feature of sudo is pretty cool ... but it breaks
a few ways we do things that aren't easily worked around.

Per the sudoers documentation, I see where I can tag certain commands
for a certain user as "noexec" ... but what I really want to do is a
"global" noexec for a certain command.

I.e. by default, noexec is NOT set ... but if ANY user runs vi,
I want noexec enabled. Yea, I can modify EVERY single user entry,
but what would be cleaner/more desireable would be to have some
options on the noexec tag where you could specify program path names.

Have I missed a clever way to do this with the current release?


More information about the sudo-workers mailing list