restricting chown to certain users for certain directories
Rich Quinn
rquinn at sss.sight-n-sound.com
Tue Aug 8 13:47:41 EDT 2000
Hi,
I read some of your archives on this but didn't see anything that matched
my problem exactly. If the answer is indeed in the archives, then please
let me know which one to look in and I'll look again. Otherwise, here goes:
I am trying to restrict my users so that they can only use the chown
command inside of a certain directory and that they can only chown a
given file to certain users.
I have been able to restrict which directory they can run chown in easily.
However, I cannot seem to get sudo to restrict which users a file can be
chowned to. Here is my sudoers file:
----------------------------------------------------------------------------
-------------------
# sudoers file.
User_Alias SS = bob, stan, kim
Cmnd_Alias CHOWN = /bin/chown SS /net/usr1/[A-z]*, /bin/chown -R SS
/net/usr1/[A-z]*
SS ALL = NOPASSWD: CHOWN, DIAG
root ALL=(ALL) ALL
----------------------------------------------------------------------------
------------------
As I said, if I specify a specific user(eg stan) INSTEAD of User_Alias SS
in that CHOWN Cmnd_Alias, then I can
restrict the chown command so that users in the SS group can only change
ownership of files to stan
under only the /net/usr1 directory.
However, if I try to employ the SS User Alias as it is above, I cannot run,
say:
sudo chown kim /net/usr1/junkfile
I get an error that user cannot perform that operation.
Is my use of the User_Alias SS inappropriate for the Cmnd_Alias line? Any
ideas?
thanks,
Rich
More information about the sudo-users
mailing list