[sudo-users] sudo locked down Cmnd alias
Richard van den Berg
richard at vdberg.org
Fri Dec 17 06:55:45 EST 2010
On 17-12-10 09:23 , Brent Clark wrote:
> I have a client that has two users on our server. He would like to
> chown and chmod all files in his directory that are owned by www-data.
>
> Understandibilty, we are concerned about giving sudo access.
>
> Does anyone know if its possible to have a locked down Cmnd alias of
> chmod and chown.
For chown:
/usr/bin/chown john /home/john/*
!/usr/bin/chown john /home/john/*..*
!/usr/bin/chown john /home/john/* *
You can do something similar for chmod, but it depends on what they
need. For example:
/usr/bin/chmod g+r,o+r /home/john/*
!/usr/bin/chmod g+r,o+r /home/john/*..*
!/usr/bin/chmod g+r,o+r /home/john/* *
Be careful. A combination of sudo's for chmod and chown set too widely
can easily lead to a root shell.
Cheers,
Richard
More information about the sudo-users
mailing list