[sudo-users] Allow the dir creation to one level only

Jon Seymour jon.seymour at gmail.com
Wed Apr 13 04:32:11 EDT 2011


On Wed, Apr 13, 2011 at 5:27 PM, Moisés Barba Pérez <mbarperoi at gmail.com> wrote:
> Hi:
>
>   I would like to create a rule in sudoers file to allow an user the mkdir
> comand. I'm looking for the way to limit the dir creation to one level, for
> example:
>
> 1. The user can create a dir in /data: sudo mkdir /data/user
> 2. The user *can't* create a subdir un /data: sudo mkdir /data/user/mydir (I
> want to avoid this)
>

I think a better way to approach this problem is to define a script
that implements your policy and then use sudo to provide access to
this script. You should be free to implement what ever policy you want
in the script without be constrained by the capabilities or otherwise
of the sudo rules language.

jon.



More information about the sudo-users mailing list