diff options
| author | Todd C. Miller <Todd.Miller@courtesan.com> | 2004-02-01 20:20:55 +0000 |
|---|---|---|
| committer | Todd C. Miller <Todd.Miller@courtesan.com> | 2004-02-01 20:20:55 +0000 |
| commit | 46d5d9483fda6bfe546cc17f605100c4826fdece (patch) | |
| tree | 4416d5d47fb836a723217c7d3131f0226f2ea02d | |
| parent | e1ca17663be727c33434212587a6b8140c870e98 (diff) | |
| download | sudo-46d5d9483fda6bfe546cc17f605100c4826fdece.tar.gz | |
Mention that disabling "root_sudo" is pretty pointless.
| -rw-r--r-- | sudoers.pod | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sudoers.pod b/sudoers.pod index 52bfbf604..9edd4f703 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -312,8 +312,11 @@ This flag is I<on> by default. If set, root is allowed to run B<sudo> too. Disabling this prevents users from "chaining" B<sudo> commands to get a root shell by doing something -like C<"sudo sudo /bin/sh">. -This flag is I<on> by default. +like C<"sudo sudo /bin/sh">. Note, however, that turning off I<root_sudo> +will also prevent root and from running B<sudoedit>. +Disabling I<root_sudo> provides no real additional security; it +exists purely for historical reasons. +This flag is I<@root_sudo@> by default. =item log_host |