Berthold Cogel <cogel@uni-koeln.de> wrote: > We're doing somthing like this in /etc/sudoers: > Cmnd_Alias SHELLS = /bin/sh, \ > /bin/bash, \ [...] > TRUSTED_USR ALL = NOPASSWD: ALL ,!SHELLS, NOROOT Surely this breaks trivially? ln -s /bin/bash /tmp/somethingelse sudo /tmp/somethingelse Chris