[sudo-users] [SOLVED] Re: Command with argument not working as expected
GMenini at ose.com.uy
Thu Feb 11 10:04:45 EST 2010
sudo-users-bounces at courtesan.com escribió el 2010-02-03 15:33:05:
> Hello, list.
> Since I want users to chmod files only under certain directory, I have
> following in my /etc/sudoers file:
> # User alias specification
> User_Alias ADMINS = myname,yourname
> # Cmnd alias specification
> Cmnd_Alias CHMOD = /usr/bin/chmod /dir/where/chmod/is/allowed/*
Finally, my peer found the way to set the correct syntax:
Cmnd_Alias CHMOD = /usr/bin/chmod u+x /dir/where/chmod/is/allowed/*
I was missing the chmod options u+x. Sure, this line only sets
executable-by-owner bit but, it's enough for me so far.
> # Runas alias specification
> # User privilege specification
> root ALL=(ALL) ALL
> ADMINS myhostname=(root) CHMOD,sudoedit
> [..file continues here; omitted for simplicity...]
> The sudoers file listed above doesn't allow to chmod on that dir.
> My target is: ADMINS are able to create scripts in `
> /dir/where/chmod/is/allowed/' and then make them executables.
> However, until now I've just been able to set ADMINS to issue chmod on a
> system wide basis but this behaviour is not as expected --not to mention
> it's an enormous security flaw!
> Sudo version 1.7.0
> OS: IBM Unix AIX 18.104.22.168
Thank you Patrick for sharing your Perl wrappers for chmod and chown. I am
still studying them :-)
More information about the sudo-users