[sudo-users] [SOLVED] Re: Command with argument not working as expected
Gabriel Menini
GMenini at ose.com.uy
Thu Feb 11 10:04:45 EST 2010
sudo-users-bounces at courtesan.com escribió el 2010-02-03 15:33:05:
> Hello, list.
>
> Since I want users to chmod files only under certain directory, I have
the
> following in my /etc/sudoers file:
>
> # User alias specification
> User_Alias ADMINS = myname,yourname
>
> # Cmnd alias specification
> Cmnd_Alias CHMOD = /usr/bin/chmod /dir/where/chmod/is/allowed/*
Hi,
Finally, my peer found the way to set the correct syntax:
Cmnd_Alias CHMOD = /usr/bin/chmod u+x /dir/where/chmod/is/allowed/*
I was missing the chmod options u+x. Sure, this line only sets
executable-by-owner bit but, it's enough for me so far.
>
>
> # Runas alias specification
>
> # User privilege specification
> root ALL=(ALL) ALL
>
>
> ADMINS myhostname=(root) CHMOD,sudoedit
/dir/where/chmod/is/allowed/*
>
> [..file continues here; omitted for simplicity...]
>
> The sudoers file listed above doesn't allow to chmod on that dir.
>
> My target is: ADMINS are able to create scripts in `
> /dir/where/chmod/is/allowed/' and then make them executables.
>
> However, until now I've just been able to set ADMINS to issue chmod on a
> system wide basis but this behaviour is not as expected --not to mention
> it's an enormous security flaw!
>
>
> Sudo version 1.7.0
> OS: IBM Unix AIX 6.1.0.0
Thank you Patrick for sharing your Perl wrappers for chmod and chown. I am
still studying them :-)
Regards,
--
Gabriel Menini
More information about the sudo-users
mailing list