[sudo-workers] Possible to assign NOEXEC for all users for certain commands ...

Alek O. Komarnitsky (N-CSC) alek at ast.lmco.com
Wed Sep 22 13:24:29 EDT 2004

> From sudo-workers-bounces at courtesan.com Wed Sep 22 11:15 MDT 2004
> In message <200409221557.JAA01925 at hulk.ast.lmco.com>
> 	so spake "Alek O. Komarnitsky (N-CSC)" (alek):
> > I.e. by default, noexec is NOT set ... but if ANY user runs vi,
> > I want noexec enabled. Yea, I can modify EVERY single user entry,
> > but what would be cleaner/more desireable would be to have some
> > options on the noexec tag where you could specify program path names.
> There's no simple way to do that right now, though I've been
> considering adding per-command options like this.  I didn't see
> much point in that in the past but with noexec it would make sense.
> However, I think sudoedit is a better way to allow users to run
> editors safely.
>  - todd

The issue is more over-zealous admins that have sudo=ALL allready;
would like them to issue commands on the CLI rather than in vi.
Yes, I know there are other ways for them to workaround it,
but it would be a nice tidy way to close this up.

Yep, sudoedit definately the way to go for mere mortals.

More information about the sudo-workers mailing list