In a flurry of recycled electrons Plant, Dean wrote:
All my sudoers lines that call groups like he was trying to do always have a !SU, !SHELLS to specifically deny root access. Anyway I will shut up now as none of this will help fix his problem.
If you ever grant someone ALL commands and then try and restrict them from getting a root shell your fighting a loosing battle. Vi/Vim as root can bang out to a root shell, more can bang out to a root shell, and what's to stop someone from writing a shell script and executing it as root?
You may already have this covered and I'm not directing this specifically at your post, but I've seen some really poorly written sudoers files that open up huge holes.
I know this isn't contributing either so I'm going to lunch! _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos