On 21.09.23 20:14, Rob Crittenden via FreeIPA-users wrote:
Ulf Volmer via FreeIPA-users wrote:
So with HBAC I'm able to let a user to run 'vim /etc/fstab' and prevent
him from escaping and start a shell?
That's great! I should try to look into it.
Not really. If you allow sudo to be executed then you're back to the
same issues. What the original poster ask for was a way to not allow
users to run sudo-i. That is possible with HBAC.
In this case maybe the OP ask the wrong question.
I assumed, he don't want to disallow only 'sudo -i', I thought he want
to disable all shell access, so 'sudo bash' and so on. But maybe I was
wrong.
Best regards
Ulf
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue