[sudo-workers] Possible to assign NOEXEC for all users for certain commands ...
Todd C. Miller
Todd.Miller at courtesan.com
Wed Sep 22 13:14:36 EDT 2004
In message <200409221557.JAA01925 at hulk.ast.lmco.com>
so spake "Alek O. Komarnitsky (N-CSC)" (alek):
> I.e. by default, noexec is NOT set ... but if ANY user runs vi,
> I want noexec enabled. Yea, I can modify EVERY single user entry,
> but what would be cleaner/more desireable would be to have some
> options on the noexec tag where you could specify program path names.
There's no simple way to do that right now, though I've been
considering adding per-command options like this. I didn't see
much point in that in the past but with noexec it would make sense.
However, I think sudoedit is a better way to allow users to run
editors safely.
- todd
More information about the sudo-workers
mailing list