limiting commands to directories

ccdrt at qwest.net ccdrt at qwest.net
Sat Aug 31 01:28:31 EDT 2002


How about ACL....



Matthew Hannigan wrote:

> Clift Robert T CONT DLVA wrote:
>
>> All,
>>
>>     I want to be able to limit the directories where commands can be
>> applied. In other words, I want my users to only be able to "chmod" in
>> /local/develop. Thanks in advance,
>
>
> Sudo doesn't do restrictions.
>
> You could write a limited version of chmod, and only let them run
> that, (hide/change permissions on the real chmod) but that still
> wouldn't need the involvement of sudo.  And it would be a lot of
> hard to maintain stuff.
>
> And anyway, they could still write their own chmod command in C,
> or perl, or python or ....it's not hard.
>
> If you cared to restate your problem, maybe I could help a little
> more.  What I think you might need is what's known as MAC --
> mandatory access control, and that just doesn't come in any
> standard commercial operating system.  There might be Linux
> kernel modifications / modules to do it though.
>
> Matt
>
>
> ____________________________________________________________ 
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
>





More information about the sudo-users mailing list