Forgot about the home directory. Path could be /tmp, /var, /usr or anything else - it's not important.
/home/user/this_is_not_bash was only used as an example.
Quote:
The user either copies, or moves, bash executabe to another name, say /home/user/this_is_not_bash.
Quote:
Sudo checks sudoers file, and there is no restriction on running /home/user/this_is_not_bash (or any other name the user decides on)
What I want to stop, pure and simple, is a user copying a shell executable (bash, ksh, sh, etc) to any other location and then executing it via sudo.
It's unrealistic to think all users are the same. Some require greater freedoms (like admins) and they can't be locked down as tightly as you suggest. They require access to more commands than need to be restricted. In these cases, wouldn't it be easier to allow all commands and only restrict the handful that they shouldn't be using?
Is it possible, without having to specifically list (even with wildcards) every allowed command in sudoers?
Is my previously defined example possible on your system, and if not why not?
Thanks