block setfacl to specific group in sudo

Comments

Hi All,

Am trying to block the setfacl command for sudo user (my specific requirement) as below:
%testing ALL= NOPASSWD: !/usr/bin/setfacl -m g:testing:*

Dont want sudo user to perform any setfacl operation for testing group.

Am getting below error:
@localhost ]$ sudo setfacl -m g:testing:rw- somefile/
sudo: >>> /etc/sudoers: syntax error near line 111 <<<
sudo: parse error in /etc/sudoers near line 111
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

line number 111 is :
%testing ALL= NOPASSWD: !/usr/bin/setfacl -m g:testing:*

Started 2016-05-25T08:18:43+00:00 by

Gyan Shanker

Community Member 44 points

Responses

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

block setfacl to specific group in sudo

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links