[sudo-users] Setting up chmod to allow all files/directories for a specified path but not allow ..

James J. Perry jjperry at water.com
Wed Dec 9 16:08:03 EST 2009

I have been banging my head against this all day long and cannot seem to
find a solution.  I am trying to setup users to be able to chown
directories under a base path, say /oracle/main, but not allow then to
do /oracle/main/.. or /oracle/main/../.., which globs out to /.  I would
prefer to not have to write a wrapper script if there is some way to use
globbing properly to set the restrictions.


I tried a lot of possibilities but here is the latest Cmnd_Alias set
that should work but seems not to for some reason.


Cmnd_Alias CHM = /bin/chmod -h -R oracle:oracle /oracle/main/*, \

       !/bin/chmod -h -R oracle:oracle /oracle/main/*..*


I also tried /bin/chmod -h -R oracle:oracle /oracle/main/[!.][!.] and
all sorts of other permutations. 


I was still able to change ownership of /oracle and /oracle/main.  




More information about the sudo-users mailing list