0
Last time I asked about the way to prevent risks caused by these configurations:
user_name ALL=(ALL) /usr/bin/vim /etc/httpd/confs/httpd.conf
or
%group_name ALL=(ALL) /usr/bin/vim /etc/httpd/confs/httpd.conf
If I write these scripts in /etc/sudoers, serious damage to the server can happen. Although the question was closed as primarily opinion-based, I received one opinion which recommended I use vim -Z.
I googled vim -Z and found some facts. It is similar to (the same as?) rvim. However, vim -Z still allows us to use some commands. In order to prevent normal users from executing commands, we have to add several scripts in .vimrc.
To be honest, I do not understand fully what commands we cannot use in restricted mode. I found this website, but this only mentions vim although its title is rvim... http://linux.about.com/library/cmd/blcmdl1_rvim.htm
Could you tell me what settings are necessay to enable normal users to use sudo vim -Z (or sudo rvim) securely.
4This really is outside the scope of this site. It's better to only allow the use of
sudoedit
, which runs the editor as the normal user then only uses root power to replace the file with the new edited version. – Heptite – 2015-01-15T20:22:42.590To be clear, when you use
sudoedit
, you don't have to uservim
/vim -Z
(the two are the same thing, just different ways of invoking it). – Heptite – 2015-01-15T22:11:35.823Which website should I use? Do you have any recommendation? I would like to know to build my knowledge even if it is not practical. – aob – 2015-01-16T00:39:19.673
Although I don't frequent it, there's security.stackexchange.com. I don't know if your question would be appropriate there. – Heptite – 2015-01-16T00:41:53.807