restricting chown to certain users for certain directories

Rich Quinn rquinn at
Tue Aug 8 13:47:41 EDT 2000

I read some of your archives on this but didn't see anything that matched
my problem exactly.  If the answer is indeed in the archives, then please
let me know which one to look in and I'll look again.  Otherwise, here goes:

I am trying to restrict my users so that they can only use the chown
command inside of a certain directory and that they can only chown a 
given file to certain users.

I have been able to restrict which directory they can run chown in easily.
However, I cannot seem to get sudo to restrict which users a file can be
chowned to.  Here is my sudoers file:
# sudoers file.

User_Alias      SS = bob, stan, kim
Cmnd_Alias      CHOWN = /bin/chown SS /net/usr1/[A-z]*, /bin/chown -R SS

root    ALL=(ALL) ALL
As I said, if I specify a specific user(eg stan) INSTEAD of User_Alias SS
in that CHOWN Cmnd_Alias, then I can
restrict the chown command so that users in the SS group can only change
ownership of files to stan
under only the /net/usr1 directory.

However, if I try to employ the SS User Alias as it is above, I cannot run,
sudo chown kim /net/usr1/junkfile

I get an error that user cannot perform that operation.
Is my use of the User_Alias SS inappropriate for the Cmnd_Alias line?  Any


More information about the sudo-users mailing list