restricted chmod

Emil Isberg emil.isberg at
Mon Mar 20 13:47:09 EST 2000

On Mon, 20 Mar 2000, Smith, Kevin (CAP, GCF) wrote:
>Does any one know if :
>!/bin/chmod 4*** * is a valid NOT entry for the sudoers file?
>If not, has anyone managed to trap a certain chmod permission octal??

I think there are quite a few questions of the same kind, and the answer
to those questions are quite simple: No, you can't do that.

The understanding are a little bit harder as it demands some explaining
about the way sudo gives permissions via sudoers.

If you in sudoers give permission for a user to use a program but don't
want the user to use a certain combination of arguments to that program
you loose. But if you give permission for a user to use a program with a
certain combination of arguments they will not be able to run any other
argument before those.

But as most program can handle the arguments "the other way 'round" you
will loose again.

The ONLY way to be some certain are if you use a wrapperprogram and give
sudopermissions to that instead of the program in question.

Though there is one other way to solve the problem and that is to make the
users into real systemadministrators and give them full rights (and

Rune's Rule:
	If you don't care where you are, you ain't lost.

More information about the sudo-users mailing list