[sudo-users] Dynamic sudo configuration to restrict users
Michael Potter
pottmi at gmail.com
Mon Dec 4 17:08:14 EST 2006
Jaouich,
Use a wrapper script.
here is why:
1) with a wrapper script you can do a lot more checking, and produce a lot
friendly error messsages.
2) SUDO_USER is available to the script
3) You can do additional error checks such that the input does not contain
..
For instance, if the rule that you are trying to implemented worked, a user
could do this:
sudo cp /home/myuser/tmp/passwd /somepath/../etc/passwd
To overlay your password file.
--
Michael Potter
On 12/4/06, Jaouich.Cyril at hydro.qc.ca <Jaouich.Cyril at hydro.qc.ca> wrote:
>
> Hi,
>
> Here is what I am hoping to do. I would like to restrict a command such
> as cp in this manner:
>
> Cmnd_Alias CP_EX =/usr/bin/cp /USER_HOME_DIR/* /some_path/*
>
> USER_HOME_DIR would get replaced by the realuser's home. I have tried
> with different ENV variables such as SUDO_USER with no luck.
>
> Any ideas?
>
> -Cyril
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list