- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- security on vi
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2005 02:44 AM
тАО08-26-2005 02:44 AM
a simple question, i set up sudo on all servers. and let user to run sudo to get some root's permission. however, i find if i run
#sudo vi then escape to command line by !sh.
it go into root prompt. then can hide all operation here. in the syslog.log , you cann't trace , just find sudo vi .
is there any configuration to deny user escape to command line from vi.
thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2005 02:49 AM
тАО08-26-2005 02:49 AM
Re: security on vi
If you are granting your users access to run vi via sudo, then they can use that to edit the sudoers file and do what they like!
Don't let your users do this!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2005 02:52 AM
тАО08-26-2005 02:52 AM
Re: security on vi
in sudoers file, update vi command to run it as follows.
root (root) command1, command2, !SHELL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2005 02:52 AM
тАО08-26-2005 02:52 AM
Re: security on vi
You have to specify for the users , to use vi for their files only , in sudoers file
YOu can do following :
1. # visudo
2. And put the entires like this on the user alias :
Cmnd_Alias BACKUP_C = /opt/omni/*, \
/opt/omni/utilns/*, \
/var/opt/omni/*, \
/usr/bin/vi /etc/opt/omni/datalists/*, \
-------------------------------------------
To trace who are using sudo , you can check in /var/log/sudo.log file.
Hope this will help ,
Cheers ,
Raj.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2005 02:56 AM
тАО08-26-2005 02:56 AM
Re: security on vi
my sudo version is
what /usr/bin/sudo
$Sudo A.03.00-1.6.7p5 $
do you mean disable sudo to run vi. but maybe some user to edit some file other then their own.
i have ever seen this, let user sudo vi , but deny to escape to shell, i don't remember how to configure it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2005 03:03 AM
тАО08-26-2005 03:03 AM
SolutionFor root prepeare following wrapper.
#!/usr/bin/ksh
export SHELL=/usr/bin/false
/usr/bin/vi $1
Call this vi1, now root entry for root will look as follows.
root root, command1, vi1
This should help.
OR
In root's .profile file, put following.
export EXINIT='set shell=/usr/bin/false'
You can put set shell=/usr/bin/false in .exrc file of root's home dir.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2005 03:50 AM
тАО08-26-2005 03:50 AM
Re: security on vi
i test the configuraiton you told me.
1. .profile: because the normal user didn't run this script when they run sudo vi. so the SHELL was not set.
2. add vi1 to sudoers.
i configure root ALL=(ALL) ALL , so root can run anything.
i test wraperred vi1, it works. so i think the better way to rename vi and link vi to vi1 for all servers, is it ok?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2005 03:53 AM
тАО08-26-2005 03:53 AM
Re: security on vi
export EXINIT='set shell=/usr/bin/false'
You can also put set shell=/usr/bin/false in .exrc file in root's home directory.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2005 03:59 AM
тАО08-26-2005 03:59 AM
Re: security on vi
i test it, it doesn't work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-26-2005 05:05 AM
тАО08-26-2005 05:05 AM
Re: security on vi
Here is an attachment that will allow you to specify which files are governed by RCS. When users vi a file (a special file as dictate by the wrapper) then RCS will be invoked for the file.
Modify to your needs