problem restricting chown to a certain dir. and a certain group of users
Rich Quinn
rquinn at sss.sight-n-sound.com
Fri Aug 18 22:46:49 EDT 2000
Hi,
I am trying to get my command alias to work in conjunction with a user alias.
I am trying to restrict my users so that they can only use the chown
command inside of a certain directory and, on top of that, they can only
chown
to certain users listed in the User_Alias SS.
I have been able to restrict which directory they can run chown in easily
via the
CHOWN Cmnd_Alias.
However, I cannot seem to get sudo to restrict chown with regard to which
directory
to run chown in together with which users it can chown to.
===========================================================================
# sudoers file.
User_Alias SS = bob, stan, kim
Cmnd_Alias CHOWN = /bin/chown SS /net/usr1/[A-z]*, /bin/chown -R SS
/net/usr1/[A-z]*
SS ALL = NOPASSWD: CHOWN, DIAG
root ALL=(ALL) ALL
===========================================================================
So, if I change the above Cmnd_Alias in my sudoers file to substitute user
kim for
User_Alias SS, then I can do the following without any problems:
$ sudo chown kim /net/usr1/any_dir
However, if I leave the User_Alias and the Cmnd_Alias above as it is in my
sudoers file,
I get an error that the sudo user cannot perform that operation.
Any ideas?
thanks,
Rich
More information about the sudo-users
mailing list