[ale] restricting sudo

[Casey Allen Shobe]

Why not just doing the following instead?:

vi /etc/group
(add:) hausers::150:root,user1,user2,whomever
chown root /opt/package/bin/ha
chgrp hausers /opt/package/bin/ha
chmod o-wx /opt/package/bin/ha

- Casey

On Tue, 17 Jul 2001, Robert L. Harris wrote:
> I need to keep some users from executing
> 
> /opt/package/bin/ha*.
> 
> I have a command alias for sudo that says:
> 
> Cmnd_Alias    HAALIAS    = /opt/package/bin/ha*
> 
> and this keeps them from executing the full path, but they can do
> 
> cd /opt/package/bin/
> sudo ./hacommand
> 
> 
> It doesn't like the command alias:
> Cmnd_Alias    HAALIAS    = /opt/package/bin/ha*, ./ha* 
> 
> either.  Thoughts?
> 
> 
> 
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                |  Micros~1 :  
> Senior System Engineer          |    For when quality, reliability 
>   at RnD Consulting             |      and security just aren't
>                                 \_       that important!
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
-- 
Casey Allen Shobe
cshobe at softhome.net
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.