Chris Davies schrieb: > Berthold Cogel <co...@uni-koeln.de> wrote: >> We're doing somthing like this in /etc/sudoers: > > >> Cmnd_Alias SHELLS = /bin/sh, \ >> /bin/bash, \ > [...] > >> TRUSTED_USR ALL = NOPASSWD: ALL ,!SHELLS, NOROOT > > Surely this breaks trivially? > > ln -s /bin/bash /tmp/somethingelse > sudo /tmp/somethingelse > > Chris > >
Of course you're right... But in this case TRUSTED_USR means what it says... It's only to prevent colleagues to shoot themselves. For the very special setup on some of our systems they need a lot of permissions. But we don't want them do be root for some reasons. Surely they can break the setup if they want. But they gain nothing if they do. It's not a setup we make for every user. But it would be a waste to define each single command in this case. If they really need to be root, they can use sudosh. Berthold -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
