Linuxhelp > Editing sudoers still gives users full access

Full Version: Editing sudoers still gives users full access

Linuxhelp > Support > Programming in Linux

Subby

Sep 15 2006, 03:49 PM

I need some help. I am trying to harden a linux pc so that non-root users can not run root level, except for one
I have the following entry in my /etc/sudoers via the visudo command

admin ALL=!/bin/[]*,!/usr/[]*,!/sbin/[]*,/bin/sh /etc/rc5.d/S99AdminApp, NOPASSWD: ALL

So basically, all I want the user to be able to run as from a sudo -u root point of view is /etc/rc5.d/S99AdminApp without being prompted for a password, hence the NOPASSWD. This application also loads at boot-time, thats why its in the RC directory.

Problem I am having is that any user can still run commands like
sudo -u root ls /opt/application even though in the sudo -l is lists

User admin may run the following commands on this host:
(root) !/bin/[]*
(root) !/usr/[]*
(root) !/sbin/[]*
(root) /bin/sh /etc/rc5.d/S99AdminApp
(root) NOPASSWD: ALL

Furthermore, /opt/application is completely isolated from all users except root since I do not want any user to have access to this directory except root.

Any ideas what I am doing wrong.

Thanks
Subby

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.