restriction by UID range?
bergman at merctech.com
bergman at merctech.com
Fri Sep 13 15:14:57 EDT 2002
I'd like to set up sudo (v. 1.6.6, under Solaris 9) so that trusted users can
spawn a shell as another user, but only if the named user has a UID within a
certain range.
In this hypothetical environment, user "joe" would be able to run anything
(including spawning a shell) as any of the webaccounts (30000 >= UID >= 65536).
#cat /etc/passwd # hypothetical password file
root:x:0:1:Super-User:/root:/usr/bin/bash
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
joe:x:200:Joe:/export/home/joe:/bin/bash
homepage:x:30025:30001:Home Page:/export/htdocs/homepage:/bin/bash
webmaster:x:30026:30001:Web Master:/export/htdocs/webmaster:/bin/bash
accounting:x:30027:30001:Accounting:/export/htdocs/accounting:/bin/bash
finanace:x:30028:30001:Finance:/export/htdocs/finance:/bin/bash
#cat /etc/sudoers # hypothetical sudoers config
Runas_Alias WEBACCOUNTS=#[30000-65535]
joe (WEBACCOUNTS) ALL
Is this possible, without a wrapper script?
Mark
More information about the sudo-users
mailing list