[sudo-users] Allow the dir creation to one level only

Moisés Barba Pérez mbarperoi at gmail.com
Wed Apr 13 08:35:50 EDT 2011


That would be a very good solution if the server was only for me. This
server is integrated with LDAP and I can't inform all users about a script
to exec a specific command.

Somebody has any idea about how to workaround this problem????

2011/4/13 Jon Seymour <jon.seymour at gmail.com>

> On Wed, Apr 13, 2011 at 5:27 PM, Moisés Barba Pérez <mbarperoi at gmail.com>
> wrote:
> > Hi:
> >
> >   I would like to create a rule in sudoers file to allow an user the
> mkdir
> > comand. I'm looking for the way to limit the dir creation to one level,
> for
> > example:
> >
> > 1. The user can create a dir in /data: sudo mkdir /data/user
> > 2. The user *can't* create a subdir un /data: sudo mkdir /data/user/mydir
> (I
> > want to avoid this)
> >
>
> I think a better way to approach this problem is to define a script
> that implements your policy and then use sudo to provide access to
> this script. You should be free to implement what ever policy you want
> in the script without be constrained by the capabilities or otherwise
> of the sudo rules language.
>
> jon.
>



More information about the sudo-users mailing list