Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )

Advanced DNS Management
New ZoneEdit. New Managment.


Sign Up Now
> Editing sudoers still gives users full access, After editing sudoers, still can execute blocked commands
post Sep 15 2006, 03:49 PM
Post #1

Whats this Lie-nix Thing?

Group: Members
Posts: 1
Joined: 15-September 06
Member No.: 7,240

I need some help. I am trying to harden a linux pc so that non-root users can not run root level, except for one
I have the following entry in my /etc/sudoers via the visudo command

admin ALL=!/bin/[]*,!/usr/[]*,!/sbin/[]*,/bin/sh /etc/rc5.d/S99AdminApp, NOPASSWD: ALL

So basically, all I want the user to be able to run as from a sudo -u root point of view is /etc/rc5.d/S99AdminApp without being prompted for a password, hence the NOPASSWD. This application also loads at boot-time, thats why its in the RC directory.

Problem I am having is that any user can still run commands like
sudo -u root ls /opt/application even though in the sudo -l is lists

User admin may run the following commands on this host:
(root) !/bin/[]*
(root) !/usr/[]*
(root) !/sbin/[]*
(root) /bin/sh /etc/rc5.d/S99AdminApp

Furthermore, /opt/application is completely isolated from all users except root since I do not want any user to have access to this directory except root.

Any ideas what I am doing wrong.

Go to the top of the page
+Quote Post

Posts in this topic

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:


RSS Lo-Fi Version Time is now: 17th March 2018 - 09:29 AM