Edit - Unix & Linux Stack Exchange

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

Rev

Incidentally, why do you negate /bin/su? If you want to prevent a user from getting a root shell, then your !/bin/su is insufficient. sudo bash or cp /bin/su /tmp/su && sudo /tmp/su are just two of many ways to still get a root shell on most systems. (ignoring grsec, systrace policies, etc.)

etherfish
– etherfish

2014-05-13 07:47:37 +00:00
Commented May 13, 2014 at 7:47
Thanks for the tip, also !/usr/sbin/visudo is missing. it was essentially just a test to see if a command is really blocked.

mohrphium
– mohrphium

2014-05-13 10:47:06 +00:00
Commented May 13, 2014 at 10:47
@etherfish your correct on that but one really should be mounting tmp, var, /dev/shm, /home and the like as noexec thus leaving only /{,usr,usr/local}/[s]bin as the only spots that are mounted with exec perms.

Dwight Spencer
– Dwight Spencer

2015-08-27 15:46:05 +00:00
Commented Aug 27, 2015 at 15:46

Add a comment |

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
indent code by 4 spaces
backtick escapes `like _so_`
quote by placing > at start of line
to make links (use https whenever possible)

<https://example.com>

[example](https://example.com)

<a href="https://example.com">example</a>

formatting help »
answering help »