If you grant sudo for a user to execute vi as root, it simply means you give that user a root shell. This is because user can use vi to invoke a shell by using ":!" vi command. Moreover, user can also use vi to open any abritary file as vi does not restrict the files to be read/written to its file list parameters upon invokation.
The best ways to grant sudo to user to edit a file are:
#1 find a text editor that cannot invoke a shell and can open files that are provided as command line arguments upon invokation only
Or #2 chgrp that file to be group editable and add that user into that group
![[FSF Associate Member]](http://static.fsf.org/nosvn/associate/fsf-12534.png)
5 Money Scams on Craigslist Boise
-
Craigslist Boise is a great site for finding deals on used items, but it
can also be a place where scammers attempt to take advantage of people.
Recently...
1 year ago
Posts
1 comments:
If you're using vim instead of vi (and I assume you are since you're using something silly like sudo), you can give it the -Z argument to make it restricted.
Post a Comment