rwp at hprwp.fc.hp.com
Wed Aug 6 12:44:38 EDT 2003
Chrastil, Dan wrote:
> Does anyone know what you would put in the visudo file to allow
> operations commands in a whole directory or do you have to specify
> each command?
Uh, I am just another reader on the list. But your question did not
parse, sorry, and could use some clarification.
You are asking for a way to allow sudo to run commands as root only
while in certain directories? That does not seem right since
obviously if you can run any command then you have unlimited access
both in that directory and outside of it. The system kernel does not
provide any restriction such as you are requesting. Once you are the
superuser you have complete access. There is nothing a program such
as sudo can do to prevent that full access if the user is allowed to
run any arbitrary command.
Therefore the aim of sudo is to limit the commands you can invoke and
the way you can invoke them to prevent the user from gaining any
escalation in privilege. Since everyone has their own custom needs it
is up to the admin to understand and to configure sudo the right level
of access for particular system.
More information about the sudo-workers