0
Last time I asked about the way to prevent risks caused by these configurations:
user_name ALL=(ALL) /usr/bin/vim /etc/httpd/confs/httpd.conf
or
%group_name ALL=(ALL) /usr/bin/vim /etc/httpd/confs/httpd.conf
If I write these scripts in /etc/sudoers, serious damage to the server can happen. Although the question was closed as primarily opinion-based, I received one opinion which recommended I use vim -Z.
I googled vim -Z and found some facts. It is similar to (the same as?) rvim. However, vim -Z still allows us to use some commands. In order to prevent normal users from executing commands, we have to add several scripts in .vimrc.
To be honest, I do not understand fully what commands we cannot use in restricted mode. I found this website, but this only mentions vim although its title is rvim... http://linux.about.com/library/cmd/blcmdl1_rvim.htm
Could you tell me what settings are necessay to enable normal users to use sudo vim -Z (or sudo rvim) securely.
aob
Posted 2015-01-15T19:13:41.360
Reputation: 635
4This really is outside the scope of this site. It's better to only allow the use of
sudoedit, which runs the editor as the normal user then only uses root power to replace the file with the new edited version. – Heptite – 2015-01-15T20:22:42.590To be clear, when you use
sudoedit, you don't have to uservim/vim -Z(the two are the same thing, just different ways of invoking it). – Heptite – 2015-01-15T22:11:35.823Which website should I use? Do you have any recommendation? I would like to know to build my knowledge even if it is not practical. – aob – 2015-01-16T00:39:19.673
Although I don't frequent it, there's security.stackexchange.com. I don't know if your question would be appropriate there. – Heptite – 2015-01-16T00:41:53.807