[sudo-users] sudoedit allow people to edit a file at the same time
Todd C. Miller
Todd.Miller at courtesan.com
Wed Aug 10 11:00:31 EDT 2011
On Wed, 10 Aug 2011 04:01:58 +0200, Michael wrote:
> The command code should probably be a separate binary, i don't see
> the need to include it into sudo codebase. In my view, it has nothing
> to do with the sudo functionality. It's basically a thing many other
> software packages would welcome too, and could as well be a generic
> 'safe-edit' command for anything.
The reason this functionality is inside sudo itself, rather than
in a standalone executable, is twofold. Firstly, it makes it
possible to run "sudoedit file" instead of "sudo safe-edit file".
Secondly, it allows the admin to give sudoedit access to non-root
owned files. E.g.
user ALL = (nonroot) sudoedit
to allow user to edit any file owned by "nonroot".
It's not impossible to achieve this with a separate binary but there
would have to be fairly tight coupling between sudo and the safe
editor. To get the same semantics the sudoers policy would need
to convert the pseudo-command "sudoedit" into something like
"safe-edit -u file_user -U real_user -e editor_path files ..."
and run it as root.
More information about the sudo-users