| 1 |
On Sun, 2006-11-12 at 05:54 -0500, Mike Frysinger wrote: |
| 2 |
> in the example usages you cited, people where using `sudo` to just |
| 3 |
> avoid running `su -` first ... in other words, their sudo was |
| 4 |
> unlimited ... updating the sudoers file to allow EDITOR via env_keep |
| 5 |
> would work fine for them |
| 6 |
> |
| 7 |
> in that scenario, running any app via EDITOR is not a concern as they |
| 8 |
> already have the ability to run any command |
| 9 |
|
| 10 |
That is right. And I've already raised concerns about this approach in |
| 11 |
my mail: |
| 12 |
http://thread.gmane.org/gmane.linux.gentoo.devel/44218/focus=44238 |
| 13 |
|
| 14 |
And that is not an answer on question I've asked in this sub-thread: |
| 15 |
|
| 16 |
Do you know any way *how* to specify "safe" editors list inside sudoers? |
| 17 |
|
| 18 |
I've spent some time and did not found how can I force sudo to edit |
| 19 |
files with only known editors inside EDITOR. env_keep just keep env |
| 20 |
variable and does not allow to specify "safe" editors list. I suppose |
| 21 |
that this is impossible. |
| 22 |
|
| 23 |
Or... what do you mean by that: |
| 24 |
"the sudo file has the ability to specify editor's, so why not tell |
| 25 |
people to change their sudo config file ?" |
| 26 |
|
| 27 |
English is not my native language thus may be I just misunderstood your |
| 28 |
idea here. Sorry. |
| 29 |
|
| 30 |
Peter. |
Archives