environment variable is _\bn_\bo_\bt modified and is passed unchanged to the
program that s\bsu\bud\bdo\bo executes.
- Users should not be granted s\bsu\bud\bdo\bo privileges to execute files that are
+ Users should _\bn_\be_\bv_\be_\br be granted s\bsu\bud\bdo\bo privileges to execute files that are
writable by the user or that reside in a directory that is writable by
the user. If the user can modify or replace the command there is no way
to limit what additional commands they can run. Likewise, users should
- not be granted s\bsu\bud\bdo\boe\bed\bdi\bit\bt permission to edit a file that resides in a
+ _\bn_\be_\bv_\be_\br be granted s\bsu\bud\bdo\boe\bed\bdi\bit\bt permission to edit a file that resides in a
directory the user has write access to. A user with directory write
access could replace the legitimate file with a link to some other,
arbitrary, file. Starting with version 1.8.15, s\bsu\bud\bdo\boe\bed\bdi\bit\bt will refuse to
\fBsudo\fR
executes.
.PP
-Users should not be granted
+Users should
+\fInever\fR
+be granted
\fBsudo\fR
privileges to execute files that are writable by the user or
that reside in a directory that is writable by the user.
If the user can modify or replace the command there is no way
to limit what additional commands they can run.
-Likewise, users should not be granted
+Likewise, users should
+\fInever\fR
+be granted
\fBsudoedit\fR
permission to edit a file that resides in a directory the user has
write access to.
.Nm
executes.
.Pp
-Users should not be granted
+Users should
+.Em never
+be granted
.Nm
privileges to execute files that are writable by the user or
that reside in a directory that is writable by the user.
If the user can modify or replace the command there is no way
to limit what additional commands they can run.
-Likewise, users should not be granted
+Likewise, users should
+.Em never
+be granted
.Nm sudoedit
permission to edit a file that resides in a directory the user has
write access to.
of _\b/_\be_\bt_\bc_\b/_\bm_\bo_\bt_\bd. After the file has been edited, _\b/_\be_\bt_\bc_\b/_\bm_\bo_\bt_\bd will be updated
with the contents of the temporary copy.
- Users should never be granted s\bsu\bud\bdo\boe\bed\bdi\bit\bt permission to edit a file that
+ Users should _\bn_\be_\bv_\be_\br be granted s\bsu\bud\bdo\boe\bed\bdi\bit\bt permission to edit a file that
resides in a directory the user has write access to, either directly or
via a wildcard. If the user has write access to the directory it is
possible to replace the legitimate file with a link to another file,
\fI/etc/motd\fR
will be updated with the contents of the temporary copy.
.PP
-Users should never be granted
+Users should
+\fInever\fR
+be granted
\fBsudoedit\fR
permission to edit a file that resides in a directory the user
has write access to, either directly or via a wildcard.
.Pa /etc/motd
will be updated with the contents of the temporary copy.
.Pp
-Users should never be granted
+Users should
+.Em never
+be granted
.Nm sudoedit
permission to edit a file that resides in a directory the user
has write access to, either directly or via a wildcard.
projects / sudo / commitdiff