Berthold Cogel <co...@uni-koeln.de> writes: [...]
> We're doing somthing like this in /etc/sudoers: > > > Cmnd_Alias SHELLS = /bin/sh, \ > /bin/bash, \ > /bin/bash2, \ [...] > TRUSTED_USR ALL = NOPASSWD: ALL ,!SHELLS, NOROOT This works well for letting users know they shouldn't be running a shell, but beyond that it can be easily bypassed. A user could run vi then type ":!/bin/bash" to get a shell, for example, or copy /bin/bash into their home directory and run it from there. ---Scott. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
