Is there a way to stop users envoking a root shell with sudo on Solaris 10.
I want users to use sudo <cmd> but not sudo -s
Unless you really limit what command that is, there are many clever ways to invoke a shell. Many users would sudo su or sudo bash, but you can even sudo vi and invoke a shell.
man 5 sudoers has many examples to help limit commands to sudoers
I can see commands with sudoreplay. However, some users are using a shell and I'm loosing the command history.
Luke's being sneaky and vader is playing nice in example below.
vader@log > sudo sudoreplay -l user luke
Dec 29 11:46:28 2015 : luke : TTY=/dev/pts/5 ; CWD=/export/home/luke ; USER=root ; TSID=00000O ; COMMAND=/usr/bin/ksh
vader@log > sudo sudoreplay -l user vader
Jan 5 17:28:27 2016 : vader: TTY=/dev/pts/4 ; CWD=/var/log ; USER=root ; TSID=00001S ; COMMAND=/usr/bin/cat /etc/syslog
Jan 5 17:28:32 2016 : vader: TTY=/dev/pts/4 ; CWD=/var/log ; USER=root ; TSID=00001T ; COMMAND=/usr/bin/cat syslog
vader@log >
From the manual:
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\
/usr/local/bin/tcsh, /usr/bin/rsh,\
/usr/local/bin/zsh
%wheel ALL = ALL, !SHELLS
This should help the casual sneaky. You'd need to makes changes though depending on what your /etc/sudoers looks like now and what shells you've available.
1 Like
Works perfectly - thanks.