user not allowed
emil.isberg at mds.mdh.se
Tue Apr 24 14:08:47 EDT 2001
On Tue, 24 Apr 2001, john ctr kelly wrote:
>Can anyone tell me why I can not do a chmod on the following file when I
>have the following defiend in the sudoer file
Since you try to execute the string "cmd arg dir/file" and only have given
access to the string "cmd dir/*" the problem is easy:
Since the strings doesn't match then sudo don't allow the execution.
You should probably list all the combinations of args they might and are
allowed to use... but easier still is to create a wrapperscript/program
for chmod that checks the args for the right files... so when you call
'sudo chown o+w /var/www/cgi-bin/*'
sudo checks and find that it should (as the user nes) execute
'shadowchown o+w /var/www/cgi-bin/printen /var/www/cgi-bin/test-cg'
and shadowchown tells that those are in the right dirs (checking realpath
and such things naturally) and execute
'chown o+w /var/www/cgi-bin/printen /var/www/cgi-bin/test-cg'
without the user knowing anything but that it works like a charm...
We have met the enemy, and he is us.
-- Walt Kelly
More information about the sudo-users