On Thursday 29 December 2011, Damien Fleuriot wrote: [snip]
> "sudo su -" or "sudo sh" and the customer gets a native root shell > which does *not* log commands ! [snip] > Say the customer can sudo commands located in > /usr/local/libexec/CUSTOMER/ > > All he has to do is write a simple link to sh/bash, and sudo it. But if it's possible to determine exactly what commands the customer needs to run as root then putting suitable incantations into /usr/local/etc/sudoers should prevent the customer from being able to use tricks like that. -- Mike Clarke _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"