limiting commands to directories

Matthew Hannigan mlh at zip.com.au
Wed Aug 28 09:24:48 EDT 2002


Clift Robert T CONT DLVA wrote:
> All,
> 
> 	I want to be able to limit the directories where commands can be
> applied. In other words, I want my users to only be able to "chmod" in
> /local/develop. Thanks in advance,

Sudo doesn't do restrictions.

You could write a limited version of chmod, and only let them run
that, (hide/change permissions on the real chmod) but that still
wouldn't need the involvement of sudo.  And it would be a lot of
hard to maintain stuff.

And anyway, they could still write their own chmod command in C,
or perl, or python or ....it's not hard.

If you cared to restate your problem, maybe I could help a little
more.  What I think you might need is what's known as MAC --
mandatory access control, and that just doesn't come in any
standard commercial operating system.  There might be Linux
kernel modifications / modules to do it though.

Matt





More information about the sudo-users mailing list