[sudo-users] Command with argument not working as expected
Gabriel Menini
GMenini at ose.com.uy
Wed Feb 3 12:33:05 EST 2010
Hello, list.
Since I want users to chmod files only under certain directory, I have the
following in my /etc/sudoers file:
# User alias specification
User_Alias ADMINS = myname,yourname
# Cmnd alias specification
Cmnd_Alias CHMOD = /usr/bin/chmod /dir/where/chmod/is/allowed/*
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
ADMINS myhostname=(root) CHMOD,sudoedit /dir/where/chmod/is/allowed/*
[..file continues here; omitted for simplicity...]
The sudoers file listed above doesn't allow to chmod on that dir.
My target is: ADMINS are able to create scripts in `
/dir/where/chmod/is/allowed/' and then make them executables.
However, until now I've just been able to set ADMINS to issue chmod on a
system wide basis but this behaviour is not as expected --not to mention
it's an enormous security flaw!
Sudo version 1.7.0
OS: IBM Unix AIX 6.1.0.0
Regards,
--
Gabriel Menini
More information about the sudo-users
mailing list