[olug] /etc/sudoers notes for entries with multiple "tags".

Christopher Cashell topher-olug at zyp.org
Wed Aug 20 20:31:55 UTC 2008


On Wed, Aug 20, 2008 at 1:53 PM, Dan Linder <dan at linder.org> wrote:
> I'm trying to setup a single user account ("myuser") so that they can
> execute a program (ex: /usr/bin/vi) as root without a password.  To
> achieve just that I need to use the NOPASSWD Tag_Spec, here's the
> simple entry in /etc/sudoers:

I've never tried to manually lock down vi with sudo, because I've
always heard that there's lots of 'gotchas' and that it's almost
impossible to do, especially with vi == vim these days.

My recommendation, however, would be to look into sudoedit.  It's
another way of running sudo (basically uses the -e option) to do truly
safe editing.  The functionality was added to sudo a little while
back, although I don't remember exactly which version.



More information about the OLUG mailing list