LinuxQuestions.org - sudo access problem

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - sudo access problem (https://www.linuxquestions.org/questions/linux-newbie-8/sudo-access-problem-4175424788/)

skp	08-30-2012 10:34 AM

sudo access problem

Hi,

I provided some of the users sudo access and they have only read permissions for some conf files. But they edit the file and force writing in it using the below syntax.

:w !sudo tee %

and it loads the file with the changes. Please provide some suggestions to disable this, as it causing more problems.

segmentation_fault

08-30-2012 04:42 PM

It's not a bug, it's a feature! :)
Set up command alias in sudoers file and give them sudo access to only the commands they need. If you give them sudo access to vi, they can even escape to a shell, rendering every file permission invalid.

chrism01

08-30-2012 05:40 PM

As segmentation_fault said; see the Security Notes section of http://linux.die.net/man/8/sudo.
Basically, sudo is for delineating which cmds users can use.
File protection is done via ownerships, perms, acls, selinux.

skp	09-01-2012 01:14 AM

Thanks for the fast reply. so as far i understood, i need to block the vi, vim access to the users so that we can avoid these problems.
Is that right ? , i also need to know any other possibilities of blocking that syntax other than blocking the vi editors.

segmentation_fault

09-01-2012 05:10 AM

Don't start by blocking. There are many many things you need to block. Start by allowing.

All times are GMT -5. The time now is 03:40 PM.