sudo under a defined directory
Woo, April
April.Woo at spirentcom.com
Mon Oct 7 09:51:06 EDT 2002
Robert,
This is what I have set up for our users. Per my tests below, I think I was
unable to lock the commands down to specific directories.
april ;-)
***********************************************************************
SUDOERS FILE #1:
Cmnd_Alias RUN_BASIC =\
/usr/bin/export,\
/usr/bin/ls,\
/usr/bin/find,\
/usr/bin/grep,\
/usr/bin/ps,\
/usr/bin/rm,\
/usr/bin/vi,\
/usr/bin/pwd,\
/usr/bin/cd,\
/usr/bin/cp
Cmnd_Alias RUN_EXTENDED =\
/usr/bin/chgrp,\
/usr/bin/chown,\
/usr/bin/chmod,\
/usr/bin/mv
jsmith testserv1=NOPASSWD:RUN_BASIC,\
RUN_EXTENDED,\
/home/jsmith,\
/usr/local/share/bin
************************************************************************
SIMPLE TEST #1:
# su - jsmith
<testserv1>: id
uid=8888(jsmith) gid=1(staff)
<testserv1>: chmod 777 /home/user1/.profile
chmod: /home/user1/.profile: The file access permissions do not allow the
specified action.
<testserv1>: ls -la
total 136
drwxr-xr-x 4 jsmith staff 512 May 17 12:22 .
drwxr-xr-x 227 bin bin 5632 Oct 07 08:31 ..
-rw-r--r-- 1 jsmith staff 7138 Jul 15 09:39 .profile
<testserv1>: chmod 777 /home/jsmith/.profile
<testserv1>: ls -la /home/jsmith/.profile
-rwxrwxrwx 1 jsmith staff 7138 Jul 15 09:39 /home/jsmith/.profile
***********************************************************************
SUDOERS FILE #2: (removed RUN_EXTENDED command list)
jsmith ganymede=NOPASSWD:RUN_BASIC,\
/home/jsmith,\
/usr/local/share/bin
SIMPLE TEST #2:
# su - jsmith
<testserv1>: id
uid=8888(jsmith) gid=1(staff)
<testserv1>: chown 777 /home/jsmith/.profile
chown: /home/jsmith/.profile: Operation not permitted.
************************************************************************
-----Original Message-----
From: meiemoehl at a1.net [mailto:meiemoehl at a1.net]
Sent: Sunday, October 06, 2002 8:16 AM
To: robert.gruber at inode.at
Subject: sudo under a defined directory
Hello!
How can I setup /etc/sudoers that a command like /bin/chmod can only work
with
superuser rights within a specified directory?
My /etc/sudoers:
---
Host_Alias WWW = 192.168.0.1
# User alias specification
# Cmnd alias specification
Cmnd_Alias CHOWN = /bin/chown
Cmnd_Alias CHGRP = /bin/chgrp
Cmnd_Alias CHMOD = /bin/chmod
# User privilege specification
root ALL=(ALL) ALL
user1 WWW = NOPASSWD: CHOWN, CHGRP
user2 WWW = NOPASSWD: CHOWN, CHGRP, CHMOD
---
Thank you for help!!
bye,
Robert
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list