[sudo-workers] Possible to assign NOEXEC for all users for certain commands ...
Alek O. Komarnitsky (N-CSC)
alek at ast.lmco.com
Wed Sep 22 13:24:29 EDT 2004
> From sudo-workers-bounces at courtesan.com Wed Sep 22 11:15 MDT 2004
> In message <200409221557.JAA01925 at hulk.ast.lmco.com>
> so spake "Alek O. Komarnitsky (N-CSC)" (alek):
> > I.e. by default, noexec is NOT set ... but if ANY user runs vi,
> > I want noexec enabled. Yea, I can modify EVERY single user entry,
> > but what would be cleaner/more desireable would be to have some
> > options on the noexec tag where you could specify program path names.
> There's no simple way to do that right now, though I've been
> considering adding per-command options like this. I didn't see
> much point in that in the past but with noexec it would make sense.
> However, I think sudoedit is a better way to allow users to run
> editors safely.
> - todd
The issue is more over-zealous admins that have sudo=ALL allready;
would like them to issue commands on the CLI rather than in vi.
Yes, I know there are other ways for them to workaround it,
but it would be a nice tidy way to close this up.
Yep, sudoedit definately the way to go for mere mortals.
More information about the sudo-workers