[sudo-users] sudoedit restrict allowed file changes
Grant Taylor
gtaylor at tnetconsulting.net
Thu Mar 26 19:16:09 MDT 2020
On 3/26/20 3:46 PM, LE BOUTER Leo wrote:
> Hello!
Hi,
> Well I'd certainly love to have my whole system under versioning
> with merge requests and codeowners mechanism! This problem has been
> hitting me many times over, I hope to figure out something proper
> and great one day.
I think that's possibly a little bit more extreme than I was thinking.
> I'll sort it out with an unprivileged rsyslog this time, I think.
> Can't undergo the bigger task of full ansible gitops or something on
> my system right now.
Something much shorter term you might think about is seeing if rsyslog
will support include files. If it will, think about a small script that
will generate the included files based on parameters your users specify.
That way they can only specify parameters to the script and as such
can't change things they shouldn't be changing.
You could probably make the script read parametrized input or a request
file and only act if the parameters / request is syntactically correct
and acceptable.
Sort of like a templating engine.
> Thanks a lot for the help.
You're welcome.
--
Grant. . . .
unix || die
More information about the sudo-users
mailing list