limiting commands to directories
Lamar.Saxon at americredit.com
Wed Aug 28 10:31:59 EDT 2002
Can't you simply create a command alias like:
Cmnd_Alias CHMOD=/usr/bin/chown userid /local/develop/*
Seems to work fine in my environment...
From: Matthew Hannigan [mailto:mlh at zip.com.au]
Sent: Wednesday, August 28, 2002 8:25 AM
To: Clift Robert T CONT DLVA
Cc: 'sudo-users at sudo.ws'
Subject: Re: limiting commands to directories
Clift Robert T CONT DLVA wrote:
> I want to be able to limit the directories where commands can be
> applied. In other words, I want my users to only be able to "chmod" in
> /local/develop. Thanks in advance,
Sudo doesn't do restrictions.
You could write a limited version of chmod, and only let them run
that, (hide/change permissions on the real chmod) but that still
wouldn't need the involvement of sudo. And it would be a lot of
hard to maintain stuff.
And anyway, they could still write their own chmod command in C,
or perl, or python or ....it's not hard.
If you cared to restate your problem, maybe I could help a little
more. What I think you might need is what's known as MAC --
mandatory access control, and that just doesn't come in any
standard commercial operating system. There might be Linux
kernel modifications / modules to do it though.
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 2881 bytes
Desc: not available
More information about the sudo-users