HPE Community
Operating System - HP-UX
1833758 Members
2618 Online
110063 Solutions
New Discussion

Re: sudo and allowing a user access to all but one command

 
Marc Ahrendt
Super Advisor

‎02-18-2004 07:11 AM

‎02-18-2004 07:11 AM

sudo and allowing a user access to all but one command

cat /etc/sudoers
Host_Alias HOST1=riddler
User_Alias USER1=mahrendt
Cmnd_Alias COMMANDS1=ALL
root ALL=(ALL) ALL
USER1 HOST1=COMMANDS1

how can i modify the above to actaully allow mahrendt to sudo all commands except "shutdown" for example

i was thinking it would be something like the following

Cmnd_Alias COMMANDS0=/sbin/shutdown
USER1 HOST1=ALL, !COMMANDS0

i know a smart user could rename shutdown to run it or escape to a shell from an app to run it ...so i know this is not bullet proof but will help me out in my particular situation
hola
0 Kudos
Reply
3 REPLIES 3
Sridhar Bhaskarla
Honored Contributor

‎02-18-2004 07:16 AM

‎02-18-2004 07:16 AM

Re: sudo and allowing a user access to all but one command

Hi Marc,

Did you try it?. If it is not working then try

Cmnd_Alias COMMANDS0=!/sbin/shutdown

and specify

USER1 HOST1=(ALL) ALL COMMANDS0


-Sri



You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
James A. Donovan
Honored Contributor

‎02-18-2004 08:11 AM

‎02-18-2004 08:11 AM

Re: sudo and allowing a user access to all but one command

Marc,

What you have already will work. Like you said it's not bulletproof....heck, it's not even really bullet resistant ;-)

Remember, wherever you go, there you are...
0 Kudos
Reply
Marc Ahrendt
Super Advisor

‎03-16-2004 06:01 AM

‎03-16-2004 06:01 AM

Re: sudo and allowing a user access to all but one command

just wanted to state that sudo worked as i had detailed above ...and greatful for the feedback
hola
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.