[sudo-users] allow user a to copy files as user b
Russell Van Tassell
russell+sudo-users at loosenut.com
Thu Jun 9 15:43:21 EDT 2005
On Thu, Jun 09, 2005 at 01:32:20PM -0400, George Kahler wrote:
> sudo -u yim cp <some-file> /dira/dirb/<some-file>
>
> [...]
>
> User_Alias YIM = wouser
> Cmnd_Alias YIM_CMD = /sbin/su yim cp * /dira/dirb/*
> CP_YIM ALL = NOPASSWD: YIM_CMD
Very first thing that jumps out (and visudo should have complained about
this, as well); YIM isn't used, here, and CP_YIM isn't defined.
...also, I'd suspect you want the command to simply be something more
like:
Cmnd_Alias YIM_CMD = cp * /dira/dirb/*
You should *always* use "sudo -l" as the user to verify the commands,
BTW, if you're unsure as to what the real effect might be (at least in
my own "safe practices).
..personally though, I'd just write a script that does the copy with
the commands, name it "copy_yim" and be done with it. The pseudocode
for such being something to the effect of:
-- begin
#!/bin/yourshell
cp $ARGV /your/destination/
-- end
...and then just allow the user copy privs as the user.
User_Alias YIM_USERS = wouser
Cmnd_Alias YIM_CMD = /path/to/script/scriptname
YIM_USERS ALL = (yim) YIM_CMD
...and I personally don't ever use the "NOPASSWD" option.
Hope that helps...
--
Russell M. Van Tassell
russell at loosenut.com
"Why does bug system have P4, P5, LATER, Enhancement and Release? All
the same, right? How about just "NO"?" - Quote from work
More information about the sudo-users
mailing list