mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 01:49:11 +00:00
62 lines
929 B
Plaintext
62 lines
929 B
Plaintext
A simple sudoers rule should not allow the user to chroot:
|
|
Parses OK
|
|
|
|
Entries for user root:
|
|
|
|
ALL = /bin/ls
|
|
host allowed
|
|
runas allowed
|
|
cmnd allowed
|
|
|
|
User root is not allowed to change root directory to /
|
|
|
|
Command denied
|
|
|
|
User can run commands with chroot set to sudoers value:
|
|
Parses OK
|
|
|
|
Entries for user root:
|
|
|
|
ALL = CHROOT=/some/where/else /bin/ls
|
|
host allowed
|
|
runas allowed
|
|
cmnd allowed
|
|
|
|
Command allowed
|
|
|
|
User cannot override the sudoers chroot:
|
|
Parses OK
|
|
|
|
Entries for user root:
|
|
|
|
ALL = CHROOT=/some/where/else /bin/ls
|
|
host allowed
|
|
runas allowed
|
|
cmnd unmatched
|
|
|
|
Command unmatched
|
|
|
|
User can chroot if sudoers rule sets chroot to '*':
|
|
Parses OK
|
|
|
|
Entries for user root:
|
|
|
|
ALL = CHROOT=* /bin/ls
|
|
host allowed
|
|
runas allowed
|
|
cmnd allowed
|
|
|
|
Command allowed
|
|
|
|
User can chroot if runchroot Defaults is '*':
|
|
Parses OK
|
|
|
|
Entries for user root:
|
|
|
|
ALL = /bin/ls
|
|
host allowed
|
|
runas allowed
|
|
cmnd allowed
|
|
|
|
Command allowed
|