[sudo-users] allow user a to copy files as user b

Russell Van Tassell russell+sudo-users at loosenut.com
Thu Jun 9 15:43:21 EDT 2005

On Thu, Jun 09, 2005 at 01:32:20PM -0400, George Kahler wrote:
> sudo -u yim cp <some-file> /dira/dirb/<some-file>
>   [...]
> User_Alias      YIM       = wouser
> Cmnd_Alias      YIM_CMD   = /sbin/su yim cp * /dira/dirb/*

Very first thing that jumps out (and visudo should have complained about
this, as well); YIM isn't used, here, and CP_YIM isn't defined.

...also, I'd suspect you want the command to simply be something more

Cmnd_Alias      YIM_CMD   = cp * /dira/dirb/*

You should *always* use "sudo -l" as the user to verify the commands,
BTW, if you're unsure as to what the real effect might be (at least in
my own "safe practices).

..personally though, I'd just write a script that does the copy with
the commands, name it "copy_yim" and be done with it.  The pseudocode
for such being something to the effect of:

-- begin

  cp $ARGV /your/destination/

-- end

...and then just allow the user copy privs as the user.

User_Alias      YIM_USERS  = wouser
Cmnd_Alias      YIM_CMD    = /path/to/script/scriptname
YIM_USERS       ALL        = (yim) YIM_CMD

...and I personally don't ever use the "NOPASSWD" option.

Hope that helps...

Russell M. Van Tassell
russell at loosenut.com

"Why does bug system have P4, P5, LATER, Enhancement and Release? All
 the same, right? How about just "NO"?"                - Quote from work

More information about the sudo-users mailing list