restricted chmod - follow up

Smith, Kevin (CAP, GCF) Kevin.Smith3 at
Tue Mar 21 04:16:36 EST 2000

Emil (And sudoers list)

Yes, it does prevent users from executing /bin/chmod -f 1111 /their/file (or
some other combination)
However, a small mod to the sudoers file was required ...

from: !/bin/chmod [1-4]??? *
to: !/bin/chmod * [1-4]??? *

Thanks for your help

Kev Smith 
GCF Unix technical support
Kingswood, Bristol, UK
[44] (0)117 991 2645

-----Original Message-----
From: Emil Isberg [mailto:emil.isberg at]
Sent: Tuesday, March 21, 2000 8:45 AM
To: Smith, Kevin (CAP, GCF)
Cc: 'sudo-users at'
Subject: Re: restricted chmod - follow up

On Tue, 21 Mar 2000, Smith, Kevin (CAP, GCF) wrote:
>Many thanks to those who responded to my enquiry regarding running a
>restricted chmod. {Emil & Matt}

We're here to help as much as we can.

>I have found that
>!/bin/chmod [1-4]??? * in /etc/sudoers
>Appears to work. Basically I wanted to stop users from setting the
>sticky/setuid bit on a file.
>Upon testing, normal chmod using any octal works and any 'other' bit
>[between 1 and 4] fails

Does it also stop the users from executing /bin/chmod -f 1111 /their/file?
Or -R 1111 /their/file
Or -fR, -rF, -r -F, or some other combination.

"We have the right to survive!"
"Not be killing others."
		-- Deela and Kirk, "Wink of An Eye", stardate 5710.5

More information about the sudo-users mailing list