[sudo-users] Problem with CD command while using sudo

Bob Proulx bob at proulx.com
Fri Jul 29 12:20:19 EDT 2005 

Mousumi Kadham wrote:
> Here is the situation. There are certain commands to be executed, files to
> be edited in a protected directory which has a long path. Without sudo and
> every one using root, administrators simply will do cd to the final
> directory and do many things like editing a few files etc. However with
> sudo, for every command, a long path has to be given and can quickly become
> very irksome to the administrators. Hence the question about 'cd' with sudo.

The problem is that 'cd' is a built-in to the command line shell.

  type -a cd
  cd is a shell builtin

It is not possible to invoke it separately because on UNIX systems the
current working directory is not something that is separate from the
process.  This is a fundamental difference between UNIX and MS
systems.  Therefore on UNIX systems it will never be effective to try
to allow the 'cd' command to have privileges because the 'cd' command
is not something that does anything by itself.

Probably your best bet is to open the directory permissions up so that
you don't need root to access the directory.  Or alternatively if you
do not want non-root users to be able to see into this directory you
could set up a group to own the directory.  Make it readable and
searchable by that group and place the members of the team that need
access in that group.  Using group permissions is the traditional way
of handling this.  But it means that you would need to add all of your
team members to that group.  (Hint: If you are using HP-UX as I
believe that you are then you will need /etc/logingroup to be a
symlink to /etc/group.)

Another possibility would be to create a script to do the common
tasks.  The script would embed all of those long and inconvenient
paths and avoid the need for the users to type those in on the command
line.  Think of the way that 'vipw', 'visudo', and others of that like
work.  If you were editing a file you could create a script
'edit_myfile' or some such and allow it sudo access.

Bob

More information about the sudo-users mailing list