Restricting Root Execution to Groups

[Barry Rein]

Hi,

I'm fairly new to sudo. After reading all documentation, sample file, and
faq, I'm still not sure if I can do what I want. Here it is,

We have several Suns running either Solaris 2.6 or 2.7. These Suns have
Netscape iPlanet software installed on them. The iPlanet software is very
complex, it has many packages, each with its own directory structure.
Included in this software are a lot of executable binaries, shell scripts,
etc.

What I want to be able to do is allow our developers to execute the iPlanet
software without having to become root. I would also like to prevent the
developers from executing other root commands. It seems like sudo is the
right software to do this.

Looking at the iPlanet software, it appears that all of it has user root,
and group other. So, I would like to know how to configure sudoers to allow
a specific User_Alias group to execute commands as root, but ONLY if those
commands have user root and group other.

Is there a way to do this?

Thanks,
Barry Rein




==========================================================
Barry Rein                    Information Security Officer
GlueCode, Inc.                          brein at gluecode.com
1452 2nd St.                                   310-570-4136
Santa Monica, CA  90401                   310-260-2617/fax
==========================================================