Berthold Cogel <[email protected]> writes: [...]
> We're doing somthing like this in /etc/sudoers: > > > Cmnd_Alias SHELLS = /bin/sh, \ > /bin/bash, \ > /bin/bash2, \ [...] > TRUSTED_USR ALL = NOPASSWD: ALL ,!SHELLS, NOROOT This works well for letting users know they shouldn't be running a shell, but beyond that it can be easily bypassed. A user could run vi then type ":!/bin/bash" to get a shell, for example, or copy /bin/bash into their home directory and run it from there. ---Scott. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
