Sudo question - Linux

Zarnick · #1 (**permalink**) 01-16-2008

Hello, I would like to know what should I put on the sudoers file to block a determined group os using just one specific command as root?
He can do anything, but not execute program X, how can I do this?

Thank you very much.

RTM · #2 (**permalink**) 01-17-2008

By using the ! and the program you don't want to run...BUT,

Quote:

It is generally not effective to ``subtract'' commands from ALL using the '!' operator. A user can trivially circumvent this by copying the desired command to a different name and then executing that. For example:

bill ALL = ALL, !SU, !SHELLS

Doesn't really prevent bill from running the commands listed in SU or SHELLS since he can simply copy those commands to a different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy).

Suggest you look at the options available and do it a different way.
sudoers manual

Zarnick · #3 (**permalink**) 01-22-2008

Thank you very much.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
sudo question	melias	Security	12	05-26-2008 01:10 AM
sudo, or not sudo: that is the question	iBot	UNIX and Linux RSS News	1	02-07-2008 09:40 AM
Sudo question	Katkota	UNIX for Dummies Questions & Answers	10	01-18-2008 01:35 AM
SUDO question - please help	sajjad02	UNIX for Advanced & Expert Users	5	04-27-2005 08:22 AM
sudo question	TRUEST	UNIX for Dummies Questions & Answers	1	01-16-2004 08:53 PM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode