restricted chmod - follow up
Smith, Kevin (CAP, GCF)
Kevin.Smith3 at gecapital.com
Tue Mar 21 04:16:36 EST 2000
Emil (And sudoers list)
Yes, it does prevent users from executing /bin/chmod -f 1111 /their/file (or
some other combination)
However, a small mod to the sudoers file was required ...
from: !/bin/chmod [1-4]??? *
to: !/bin/chmod * [1-4]??? *
Thanks for your help
Kev Smith
GCF Unix technical support
Kingswood, Bristol, UK
[44] (0)117 991 2645
-----Original Message-----
From: Emil Isberg [mailto:emil.isberg at mds.mdh.se]
Sent: Tuesday, March 21, 2000 8:45 AM
To: Smith, Kevin (CAP, GCF)
Cc: 'sudo-users at courtesan.com'
Subject: Re: restricted chmod - follow up
On Tue, 21 Mar 2000, Smith, Kevin (CAP, GCF) wrote:
>Many thanks to those who responded to my enquiry regarding running a
>restricted chmod. {Emil & Matt}
We're here to help as much as we can.
>I have found that
>!/bin/chmod [1-4]??? * in /etc/sudoers
>Appears to work. Basically I wanted to stop users from setting the
>sticky/setuid bit on a file.
>Upon testing, normal chmod using any octal works and any 'other' bit
setting
>[between 1 and 4] fails
Does it also stop the users from executing /bin/chmod -f 1111 /their/file?
Or -R 1111 /their/file
Or -fR, -rF, -r -F, or some other combination.
--
"We have the right to survive!"
"Not be killing others."
-- Deela and Kirk, "Wink of An Eye", stardate 5710.5
More information about the sudo-users
mailing list