-1.6.8 June 6, 2004 1
+1.6.8 June 8, 2004 1
-1.6.8 June 6, 2004 2
+1.6.8 June 8, 2004 2
-1.6.8 June 6, 2004 3
+1.6.8 June 8, 2004 3
-1.6.8 June 6, 2004 4
+1.6.8 June 8, 2004 4
-1.6.8 June 6, 2004 5
+1.6.8 June 8, 2004 5
-1.6.8 June 6, 2004 6
+1.6.8 June 8, 2004 6
-1.6.8 June 6, 2004 7
+1.6.8 June 8, 2004 7
-1.6.8 June 6, 2004 8
+1.6.8 June 8, 2004 8
-1.6.8 June 6, 2004 9
+1.6.8 June 8, 2004 9
-1.6.8 June 6, 2004 10
+1.6.8 June 8, 2004 10
-1.6.8 June 6, 2004 11
+1.6.8 June 8, 2004 11
-1.6.8 June 6, 2004 12
+1.6.8 June 8, 2004 12
-1.6.8 June 6, 2004 13
+1.6.8 June 8, 2004 13
-1.6.8 June 6, 2004 14
+1.6.8 June 8, 2004 14
-1.6.8 June 6, 2004 15
+1.6.8 June 8, 2004 15
-1.6.8 June 6, 2004 16
+1.6.8 June 8, 2004 16
-1.6.8 June 6, 2004 17
+1.6.8 June 8, 2004 17
-1.6.8 June 6, 2004 18
+1.6.8 June 8, 2004 18
-1.6.8 June 6, 2004 19
+1.6.8 June 8, 2004 19
To tell whether or not s\bsu\bud\bdo\bo supports _\bn_\bo_\be_\bx_\be_\bc, you can run
the following as root:
- \# sudo -V | grep "dummy exec"
+ sudo -V | grep "dummy exec"
If the resulting output contains a line that begins with:
-1.6.8 June 6, 2004 20
+1.6.8 June 8, 2004 20
ported.
To enable _\bn_\bo_\be_\bx_\be_\bc for a command, use the NOEXEC tag as doc
- umented in the User Specification section above. If you
- are unsure whether or not your system is capable of sup
- porting _\bn_\bo_\be_\bx_\be_\bc you can always just try it out and see if
- it works.
+ umented in the User Specification section above. Here is
+ that example again:
+
+ aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+
+ This allows user a\baa\bar\bro\bon\bn to run _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be and
+ _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bv_\bi with _\bn_\bo_\be_\bx_\be_\bc enabled. This will prevent those
+ two commands from executing other commands (such as a
+ shell). If you are unsure whether or not your system is
+ capable of supporting _\bn_\bo_\be_\bx_\be_\bc you can always just try it
+ out and see if it works.
Note that disabling shell escapes is not a panacea. Pro
grams running as root are still capable of many poten
-
-
-
-
-
-
-
-1.6.8 June 6, 2004 21
+1.6.8 June 8, 2004 21
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "June 6, 2004" "1.6.8" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "June 8, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers \- list of which users may execute what
.SH "DESCRIPTION"
the following as root:
.PP
.Vb 1
-\& \e# sudo -V | grep "dummy exec"
+\& sudo -V | grep "dummy exec"
.Ve
.PP
If the resulting output contains a line that begins with:
dld.sl, rld, or loader) to see if \f(CW\*(C`LD_PRELOAD\*(C'\fR is supported.
.PP
To enable \fInoexec\fR for a command, use the \f(CW\*(C`NOEXEC\*(C'\fR tag as documented
-in the User Specification section above. If you are unsure whether
-or not your system is capable of supporting \fInoexec\fR you can always
-just try it out and see if it works.
+in the User Specification section above. Here is that example again:
+.PP
+.Vb 1
+\& aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+.Ve
+.PP
+This allows user \fBaaron\fR to run \fI/usr/bin/more\fR and \fI/usr/bin/vi\fR
+with \fInoexec\fR enabled. This will prevent those two commands from
+executing other commands (such as a shell). If you are unsure
+whether or not your system is capable of supporting \fInoexec\fR you
+can always just try it out and see if it works.
.PP
Note that disabling shell escapes is not a panacea. Programs running
as root are still capable of many potentially hazardous operations
projects / sudo / commitdiff