problem restricting chown to a certain dir. and a certain group of users

Rich Quinn rquinn at
Fri Aug 18 22:46:49 EDT 2000


I am trying to get my command alias to work in conjunction with a user alias.

I am trying to restrict my users so that they can only use the chown
command inside of a certain directory and, on top of that, they can only
to certain users listed in the User_Alias SS.

I have been able to restrict which directory they can run chown in easily
via the 
CHOWN Cmnd_Alias.

However, I cannot seem to get sudo to restrict chown with regard to which
to run chown in together with which users it can chown to.
# sudoers file.
User_Alias      SS = bob, stan, kim
Cmnd_Alias      CHOWN = /bin/chown SS /net/usr1/[A-z]*, /bin/chown -R SS

root    ALL=(ALL) ALL
So, if I change the above Cmnd_Alias in my sudoers file to substitute user
kim for 
User_Alias SS, then I can do the following without any problems:		
$ sudo chown kim /net/usr1/any_dir	

However, if I leave the User_Alias and the Cmnd_Alias above as it is in my
sudoers file, 
I get an error that the sudo user cannot perform that operation.  

Any ideas?

More information about the sudo-users mailing list