[sudo-workers] Possible to assign NOEXEC for all users for certain commands ...

Todd C. Miller Todd.Miller at courtesan.com
Wed Sep 22 13:14:36 EDT 2004

In message <200409221557.JAA01925 at hulk.ast.lmco.com>
	so spake "Alek O. Komarnitsky (N-CSC)" (alek):

> I.e. by default, noexec is NOT set ... but if ANY user runs vi,
> I want noexec enabled. Yea, I can modify EVERY single user entry,
> but what would be cleaner/more desireable would be to have some
> options on the noexec tag where you could specify program path names.

There's no simple way to do that right now, though I've been
considering adding per-command options like this.  I didn't see
much point in that in the past but with noexec it would make sense.

However, I think sudoedit is a better way to allow users to run
editors safely.

 - todd

More information about the sudo-workers mailing list