On 15/02/2018 04:04, freeipa-users-requ...@lists.fedorahosted.org wrote:
I wanted to ask if there is any way to exclude only one sudo commands
and allow all the others.
For example, I want to exclude "passwd" command but allow all the others
without need to write each of the one by one.
This is more a sudo question than an IPA question but it is not
recommended to even try this.
For example, there would be nothing to stop them doing:
sudo sh -c passwd
or:
echo passwd | sudo sh
And there are many commands which will let you get out to a shell,
directly or indirectly.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
