A system administrator needs to grant a junior administrator the ability to run a system backup script located at /usr/local/bin/backup.sh as the root user. To enhance security, the administrator wants to prevent the script from being able to execute any other commands or spawn a shell. Which of the following /etc/sudoers entries should be used to meet this specific requirement?
The correct answer is junioradmin ALL=(root) NOEXEC: /usr/local/bin/backup.sh. The NOEXEC tag is a crucial security feature in sudoers that prevents the specified command from executing any other programs or shell commands. This directly addresses the requirement to stop the script from spawning other processes. The NOPASSWD tag only bypasses the password prompt but does not restrict the command's ability to execute other programs. The entry for the wheel group is incorrect because the rule needs to apply specifically to the junioradmin user. The entry junioradmin ALL=(root) NOPRIV: /usr/local/bin/backup.sh is incorrect as NOPRIV is not a valid sudoers tag.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the NOEXEC tag in sudoers do?
Open an interactive chat with Bash
How does NOPASSWD differ from NOEXEC in sudoers?
Open an interactive chat with Bash
Why is the %wheel group entry inappropriate in this scenario?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access