[sudo-users] Correction -> IMHO -> sudo-users Digest, Vol 37, Issue 12

Russell Van Tassell russell+sudo-users at loosenut.com
Fri Jan 27 16:55:36 EST 2006


On Fri, Jan 27, 2006 at 01:41:18PM -0700, Stoddard, Kevin M wrote:
> 
> You may want to consider setting up a group, such as, "WEBFOLKS", assign the necessary users to this group, and then create, "chmod root.WEBFOLKS",
> 
> ...This should read, "chown root.WEBFOLKS"...
> ...Followed by, "chmod 77n"...

Overall, this is probably the best bet (ie. what Mr. Stoddard mentioned,
creating a non-sudo-required structure).  A couple of minor corrections
or caveats, at least...

You'll need a "chown -R owner:group" and a "chmod -R g+w /opt/WebSphere"
(ie. make everything group writeable, since changing other bits in the
files/directories might be bad).  Though, I'd recommend using "chgrp"
instead of "chown" for reasons cited below (among others not mentioned).

Please note that the syntax of chown varies depending on platform...
most SysV-ish systems (eg. Solaris, maybe HPux) will want a colon to
delimit user and group and most BSD-ish systems (eg. linux, *BSD) will
use a period.  This can be avoided with a recursive "chown -R username"
(if you want the owner changed to a given user) followed by a recursive
"chgrp -R groupname" however.

If you're ambitious enough to try it with files versus directories, you
can use "find" to make the modifications for you (it's good practice to
make the group perm on directories "sticky" so that newly created files
won't revert to a given user's default group, for example -- adding
group sticky to files can have other implications, though).  However,
to recollection, the "find" command seems to be one of the more largely
inconsistent system utilities between platforms that I can presently
think of... so, your mileage may vary (YMMV).  For reference, here are
the Solaris versions of the commands I'd recommend:

	find /opt/WebShere -type d -exec chmod g+ws {} \;
	find /opt/WebShere -type f -exec chmod g+w {} \;

...and Solaris *DOES* require the escaped colon at the end of an exec
within find (also note that many of the commands, above, should likely
be prefaced with "sudo," of course... *grin*)


> > I need to give a group full root access to a directory /opt/WebSphere  and
> > all its subdirectories.  The only way I know to do this is by using a
> > wildcard /opt/WebSphere/*  but that seems to only give me access to
> > anything within that directory but not any of the subdirectories.
> > 
> > Is there an easy way to give full root access to /optWebSphere and all of
> > its 1500+ subdirectories.
> > 
> > Any suggestions would be greatly appreciated.
> > 
> > Thank you.
> > Dean Price
> > dprice1 at metlife.com

-- 
Russell M. Van Tassell
russell at loosenut.com

 "That married couples can live together day after day is a miracle that
  the Vatican has overlooked.                              -- Bill Cosby



More information about the sudo-users mailing list