mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 01:49:11 +00:00
64 lines
953 B
Plaintext
64 lines
953 B
Plaintext
A simple sudoers rule should not allow the user to set the cwd:
|
|
Parses OK
|
|
|
|
Entries for user root:
|
|
|
|
ALL = /bin/ls
|
|
host allowed
|
|
runas allowed
|
|
cmnd allowed
|
|
|
|
User root is not allowed to change directory to /
|
|
|
|
Command denied
|
|
|
|
User can run commands with cwd set to sudoers value:
|
|
Parses OK
|
|
|
|
Entries for user root:
|
|
|
|
ALL = CWD=/some/where/else /bin/ls
|
|
host allowed
|
|
runas allowed
|
|
cmnd allowed
|
|
|
|
Command allowed
|
|
|
|
User cannot override the sudoers cwd:
|
|
Parses OK
|
|
|
|
Entries for user root:
|
|
|
|
ALL = CWD=/some/where/else /bin/ls
|
|
host allowed
|
|
runas allowed
|
|
cmnd allowed
|
|
|
|
User root is not allowed to change directory to /
|
|
|
|
Command denied
|
|
|
|
User can set cwd if sudoers rule sets cwd to '*':
|
|
Parses OK
|
|
|
|
Entries for user root:
|
|
|
|
ALL = CWD=* /bin/ls
|
|
host allowed
|
|
runas allowed
|
|
cmnd allowed
|
|
|
|
Command allowed
|
|
|
|
User can set cwd runcwd Defaults is '*':
|
|
Parses OK
|
|
|
|
Entries for user root:
|
|
|
|
ALL = /bin/ls
|
|
host allowed
|
|
runas allowed
|
|
cmnd allowed
|
|
|
|
Command allowed
|