[sudo-users] Dynamic sudo configuration to restrict users

Michael Potter pottmi at gmail.com
Mon Dec 4 17:08:14 EST 2006


Use a wrapper script.

here is why:
1) with a wrapper script you can do a lot more checking, and produce a lot
friendly error messsages.
2) SUDO_USER is available to the script
3) You can do additional error checks such that the input does not contain

For instance, if the rule that you are trying to implemented worked, a user
could do this:

sudo cp /home/myuser/tmp/passwd /somepath/../etc/passwd

To overlay your password file.

Michael Potter

On 12/4/06, Jaouich.Cyril at hydro.qc.ca <Jaouich.Cyril at hydro.qc.ca> wrote:
> Hi,
> Here is what I am hoping to do. I would like to restrict a command such
> as cp in this manner:
> Cmnd_Alias CP_EX             =/usr/bin/cp /USER_HOME_DIR/* /some_path/*
> USER_HOME_DIR would get replaced by the realuser's home. I have tried
> with different ENV variables such as SUDO_USER with no luck.
> Any ideas?
> -Cyril
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list