sudo access problem
Hi,
I provided some of the users sudo access and they have only read permissions for some conf files. But they edit the file and force writing in it using the below syntax. :w !sudo tee % and it loads the file with the changes. Please provide some suggestions to disable this, as it causing more problems. |
It's not a bug, it's a feature! :)
Set up command alias in sudoers file and give them sudo access to only the commands they need. If you give them sudo access to vi, they can even escape to a shell, rendering every file permission invalid. |
As segmentation_fault said; see the Security Notes section of http://linux.die.net/man/8/sudo.
Basically, sudo is for delineating which cmds users can use. File protection is done via ownerships, perms, acls, selinux. |
Thanks for the fast reply. so as far i understood, i need to block the vi, vim access to the users so that we can avoid these problems.
Is that right ? , i also need to know any other possibilities of blocking that syntax other than blocking the vi editors. |
Don't start by blocking. There are many many things you need to block. Start by allowing.
|
All times are GMT -5. The time now is 03:40 PM. |