Shall we allow shells to run under sudo or not?

Solution Unverified - Updated -

Issue

  • sudo ssh
  • As part of the security enhancement, we are trying to limit the use of root by using sudo.
  • Unfortunately, when we configured sudo with all (commands), still you will be able to get root using sudo ssh.
  • We have this issue since we are running in ssh password less between all the nodes as we need to run some parallel exclusion tools that depends on the ssh key such as psh,pssh.
  • Now, we have been trying to remove the ssh using !NOSSH in the sudoers file wher NOSSH=/usr/bin/ssh. However, that did not help although yes sudo /usr/bin/ssh localhost will be blocked, doing an easy trick by copying /usr/bin/ssh to a different place with different name will break that and it is already tested.
  • You have enabled all commands to run under sudo, but you want to exclude some particular commands (like shells) from this permission.

Environment

  • Red Hat Enterprise Linux 5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content