Sudoedit will allow the user to escape to a root shell-solvd

Post by **TrevorH** » 2015/02/05 12:09:01

sudoedit is a command that is part of the sudo package. It works in the same way as sudo but doesn't need sudo run to invoke it. What it does is it becomes root, copies the file to be edited elsewhere, drops root privileges back to the user, edits the file as the user who invoked it, when they quit/write it then it copies the file back to the original as root again. All editing is done as the user in question and root privileges are only used to copy the file to and back. If you run sudoedit /some/file and it doesn't allow you to run it when you believe that it should then you have set up sudoers incorrectly.

stevemowbray · Post by **stevemowbray** » 2015/02/05 12:10:44

sudoedit is equivalent to "sudo -e". I suggest you read the man page.

lorisalbanese · Post by **lorisalbanese** » 2015/02/06 12:56:56

Here's the trick.

i'm sorry for misunderstanding. This configuration is working correctly:

unprivuser ALL = sudoedit /etc/httpd/conf.d/ssl.conf

I miss the note:

" ** Note ** that if you specify the full path of sudoedit i.e. /usr/bin/sudoedit - you will need to run sudo sudoedit /etc/httpd/conf.d/ssl.conf, which means you can escape to the shell as root again. "

Thank you TrevorH and many thanks to you to Mark Flitter (RedHat community)

Loris

CentOS

Sudoedit will allow the user to escape to a root shell-solvd

Re: Sudoedit will allow the user to escape to a root shell

Re: Sudoedit will allow the user to escape to a root shell

Re: Sudoedit will allow the user to escape to a root shell