[sudo-users] Restrict commands to a specific directory tree

Robin Holt holt at sgi.com
Sun Apr 19 06:31:11 EDT 2009

On Sat, Apr 18, 2009 at 11:23:14AM -0700, Russell Van Tassell wrote:
> You'll most-likely need to script something like that, if you really
> need repeated chown/chmod in a given tree... there's nothing native in
> sudo to restrict a user to a directory structure.  If you really want to
> use sudo for it, chances are a simple script or two can provide the
> functionality you need (eg. one script that auto-fixes an entire tree,
> another that works under a chroot'd environment and takes arguments,
> etc).
> Note: generally you can get creative with un*x permissions (including
> things like stick bits) to accomplish limited shared files or similar.
> Most modern OSes also include things like ACLs these days, which go over
> and above traditional un*x permissions.

XFS filesystem has ACLs.  I use them for exactly the above.  It is being
included with most distros now as well and will be soon on RedHat


More information about the sudo-users mailing list