(I asked the same question on http://superuser.com/ One person recommended me to use this website instead of super user. I hope this question is quite apporopriate here and I can get more detailed information.)
I learned about the way to prevent risks caused by these configurations:
user_name ALL=(ALL) /usr/bin/vim /etc/httpd/confs/httpd.conf
or
%group_name ALL=(ALL) /usr/bin/vim /etc/httpd/confs/httpd.conf
If I write these scripts in /etc/sudoers, serious damage to the server can happen. I have obtained one opinion which recommended I use vim -Z.
I googled vim -Z and found some facts. It is similar to (the same as?) rvim. However, vim -Z still allows us to use some commands. In order to prevent normal users from executing commands, we have to add several scripts in .vimrc.
To be honest, I do not understand fully what commands we cannot use in restricted mode. I found this website, but this only mentions vim although its title is rvim... http://ift.tt/1x8ybnl
I would like to know what settings are necessay to enable normal users to use sudo vim -Z (or sudo rvim) securely.
Aucun commentaire:
Enregistrer un commentaire