[sudo-users] Restrict commands to a specific directory tree
Robin Holt
holt at sgi.com
Sun Apr 19 06:31:11 EDT 2009
On Sat, Apr 18, 2009 at 11:23:14AM -0700, Russell Van Tassell wrote:
>
> You'll most-likely need to script something like that, if you really
> need repeated chown/chmod in a given tree... there's nothing native in
> sudo to restrict a user to a directory structure. If you really want to
> use sudo for it, chances are a simple script or two can provide the
> functionality you need (eg. one script that auto-fixes an entire tree,
> another that works under a chroot'd environment and takes arguments,
> etc).
>
> Note: generally you can get creative with un*x permissions (including
> things like stick bits) to accomplish limited shared files or similar.
> Most modern OSes also include things like ACLs these days, which go over
> and above traditional un*x permissions.
XFS filesystem has ACLs. I use them for exactly the above. It is being
included with most distros now as well and will be soon on RedHat
Enterprise.
Thanks,
Robin
More information about the sudo-users
mailing list