problem restricting chown to a certain dir. and a certain group of users
Ritesh Raj Joshi
ritesh at mos.com.np
Sun Aug 20 05:27:31 EDT 2000
Same here. I was about to post it on the list too!
Any inputs?
Rgds,
\\Ritesh
| r i t e s h r a j j o s h i
| system administrator
| MERCANTILE COMMUNICATIONS PVT. LTD
| www.mos.com.np
| hotline:240920
On Fri, 18 Aug 2000, Rich Quinn wrote:
> Hi,
>
> I am trying to get my command alias to work in conjunction with a user alias.
>
> I am trying to restrict my users so that they can only use the chown
> command inside of a certain directory and, on top of that, they can only
> chown
> to certain users listed in the User_Alias SS.
>
> I have been able to restrict which directory they can run chown in easily
> via the
> CHOWN Cmnd_Alias.
>
> However, I cannot seem to get sudo to restrict chown with regard to which
> directory
> to run chown in together with which users it can chown to.
> ===========================================================================
> # sudoers file.
> User_Alias SS = bob, stan, kim
> Cmnd_Alias CHOWN = /bin/chown SS /net/usr1/[A-z]*, /bin/chown -R SS
> /net/usr1/[A-z]*
>
> SS ALL = NOPASSWD: CHOWN, DIAG
> root ALL=(ALL) ALL
> ===========================================================================
> So, if I change the above Cmnd_Alias in my sudoers file to substitute user
> kim for
> User_Alias SS, then I can do the following without any problems:
> $ sudo chown kim /net/usr1/any_dir
>
> However, if I leave the User_Alias and the Cmnd_Alias above as it is in my
> sudoers file,
> I get an error that the sudo user cannot perform that operation.
>
> Any ideas?
> thanks,
> Rich
>
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at courtesan.com>
> For list information, options, or to unsubscribe, visit:
> http://www.courtesan.com/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list