[sudo-users] Setting up chmod to allow all files/directories for a specified path but not allow ..
James J. Perry
jjperry at water.com
Wed Dec 9 16:08:03 EST 2009
I have been banging my head against this all day long and cannot seem to
find a solution. I am trying to setup users to be able to chown
directories under a base path, say /oracle/main, but not allow then to
do /oracle/main/.. or /oracle/main/../.., which globs out to /. I would
prefer to not have to write a wrapper script if there is some way to use
globbing properly to set the restrictions.
I tried a lot of possibilities but here is the latest Cmnd_Alias set
that should work but seems not to for some reason.
Cmnd_Alias CHM = /bin/chmod -h -R oracle:oracle /oracle/main/*, \
!/bin/chmod -h -R oracle:oracle /oracle/main/*..*
I also tried /bin/chmod -h -R oracle:oracle /oracle/main/[!.][!.] and
all sorts of other permutations.
I was still able to change ownership of /oracle and /oracle/main.
Thanks!
-Jim
More information about the sudo-users
mailing list