[CentOS] Wheel and YUM!!

Eric DuToit edutoit at gipnetworks.com
Fri Jun 27 16:38:23 UTC 2008

In a flurry of recycled electrons Plant, Dean wrote:

>  All my
> sudoers lines that call groups like he was trying to do always have a
> !SU, !SHELLS to specifically deny root access.
> Anyway I will shut up now as none of this will help fix his problem.

If you ever grant someone ALL commands and then try and restrict them from 
getting a root shell your fighting a loosing battle.  Vi/Vim as root can bang 
out to a root shell, more can bang out to a root shell, and what's to stop 
someone from writing a shell script and executing it as root?

You may already have this covered and I'm not directing this specifically at 
your post, but I've seen some really poorly written sudoers files that open up 
huge holes.

I know this isn't contributing either so I'm going to lunch!

More information about the CentOS mailing list