Is there a way to ...
GDIECKHAUS at TRANSENTRIC.COM
GDIECKHAUS at TRANSENTRIC.COM
Thu Feb 28 11:22:27 EST 2002
I have a group of users that we would like to allow to run certain unix
command on certain directories.
I see how I can set up this group of users to do the unix commands, but
the way I have it set up allows them to run the commands anywhere.
My current user priv section has
SNA_ADMINS SNA_HOSTS = (SNA_OP) SNA_UNIX
Is there a way to make the SNA_ADMINS only be able to run these commands on
the /xyzapps directory? (and all directories underneath?)
I've attached the relevent information from my sudoers file below.
# ---------------- Begin Host alias specifications ----------------
Host_Alias SNA_HOSTS = ourhostname
# ---------------- End Host alias specifications ----------------
# ---------------- Begin User alias specifications ----------------
# User aliases for Infrastructure group Apache admins
# NOTE: The transweb account is explicitly NOT included because too many
# people use that account.
User_Alias SNA_ADMINS = userid1,userid2
# ---------------- End User alias specifications ----------------
# ---------------- Begin Runas alias specifications ---------------
Runas_Alias SNA_OP = root
# ---------------- End Runas alias specifications ---------------
# ---------------- Begin Cmnd alias specifications ----------------
Cmnd_Alias CHMOD = /bin/chmod
Cmnd_Alias CHGRP = /bin/chgrp
Cmnd_Alias CHOWN = /bin/chown
Cmnd_Alias KILL = /bin/kill
Cmnd_Alias SNA_UNIX = CHMOD, CHGRP, CHOWN, KILL
# ---------------- End Cmnd alias specifications ----------------
# -------------- Begin User privilege specifications --------------
# User privilege specification
# This root entry is from the original sudoers file.
root ALL=(ALL) ALL
# User privilege specifications for SNA Infrastructure admins
SNA_ADMINS SNA_HOSTS = (SNA_OP) SNA_UNIX
More information about the sudo-users
mailing list