diff options
-rw-r--r-- | sudoers.pod | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sudoers.pod b/sudoers.pod index 52bfbf604..9edd4f703 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -312,8 +312,11 @@ This flag is I<on> by default. If set, root is allowed to run B<sudo> too. Disabling this prevents users from "chaining" B<sudo> commands to get a root shell by doing something -like C<"sudo sudo /bin/sh">. -This flag is I<on> by default. +like C<"sudo sudo /bin/sh">. Note, however, that turning off I<root_sudo> +will also prevent root and from running B<sudoedit>. +Disabling I<root_sudo> provides no real additional security; it +exists purely for historical reasons. +This flag is I<@root_sudo@> by default. =item log_host |