Posted on 2010-09-03
I am configuring sudoers so that some users can do "vi" and "nano" against any file except shadow and sudoers files. I have the following contents in /etc/sudoers file.
User_Alias USER1 = bob,smith
Cmnd_Alias EDIT_CMD =/bin/vi,/usr/bin/nano
Cmnd_Alias DENY_EDIT_CMD = /bin/vi /etc/shadow,/usr/bin/nano /etc/shadow,/bin/vi /etc/sudoers,/usr/bin/nano /etc/sudoers
But still it is allowing bob and smith to run vi on /etc/shadow...
Any ideas where it is going wrong ...
The machine is running sudo-1.7