[sudo-users] allow user a to copy files as user b
Russell Van Tassell
russell+sudo-users at loosenut.com
Thu Jun 9 15:43:21 EDT 2005
On Thu, Jun 09, 2005 at 01:32:20PM -0400, George Kahler wrote:
> sudo -u yim cp <some-file> /dira/dirb/<some-file>
> User_Alias YIM = wouser
> Cmnd_Alias YIM_CMD = /sbin/su yim cp * /dira/dirb/*
> CP_YIM ALL = NOPASSWD: YIM_CMD
Very first thing that jumps out (and visudo should have complained about
this, as well); YIM isn't used, here, and CP_YIM isn't defined.
...also, I'd suspect you want the command to simply be something more
Cmnd_Alias YIM_CMD = cp * /dira/dirb/*
You should *always* use "sudo -l" as the user to verify the commands,
BTW, if you're unsure as to what the real effect might be (at least in
my own "safe practices).
..personally though, I'd just write a script that does the copy with
the commands, name it "copy_yim" and be done with it. The pseudocode
for such being something to the effect of:
cp $ARGV /your/destination/
...and then just allow the user copy privs as the user.
User_Alias YIM_USERS = wouser
Cmnd_Alias YIM_CMD = /path/to/script/scriptname
YIM_USERS ALL = (yim) YIM_CMD
...and I personally don't ever use the "NOPASSWD" option.
Hope that helps...
Russell M. Van Tassell
russell at loosenut.com
"Why does bug system have P4, P5, LATER, Enhancement and Release? All
the same, right? How about just "NO"?" - Quote from work
More information about the sudo-users