[sudo-users] limit editing files to one directory only?

Michael Potter pottmi at gmail.com
Sun Aug 20 23:11:03 EDT 2006


Juan,

How about using the sudoedit feature...

John ALL=(Fred)sudoedit /home/user/wiki/

then John will do this to edit the file:

sudo -e -u Fred /home/user/wiki/afile.html

sudoedit is a special Cmnd that enables the -e option of sudo.
The / at the end of the line is significant.  It means to allow edits on all
files in the directory.

This is safe because vi runs as John on a copy of afile.html.  only when the
edit session is done, the file is copied back as Fred.

I hope that helps.  I did not study everyone's responses, but it did not
look like anyone brought up the use of sudoedit.  btw: this is broke on mac
so you will need to get a patch if you want to use this on mac.

of course if you take the other user's suggestions of changing the
permissions you will need to change the Runas user in my suggestion.

good luck, please report back your results.

-- 
potter.



More information about the sudo-users mailing list