[Cialug] Prevent a command from being used w/ sudo
Zachary Kotlarek
zach at kotlarek.com
Tue May 17 16:18:57 CDT 2011
On May 17, 2011, at 4:10 PM, Matthew Nuzum wrote:
> Is there a way to prevent a command from being run with sudo? (in Ubuntu specifically) Would be awesome if I could spit out a user-friendly error message so I can remember why I chose not to allow that command to be run.
This should allow the group foo to run all commands except /full/path/to/cmd:
%foo ALL = ALL, !/full/path/to/cmd
You can even do it with specific arguments. For example, to allow changes to any password except root:
%foo ALL = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
URL: <http://cialug.org/pipermail/cialug/attachments/20110517/dcb2aa24/attachment.bin>
More information about the Cialug
mailing list