bmonroe at zipcon.net
Mon Mar 29 13:24:03 EST 2004
This question might have already been answered already, so I apologize in
Is there a prescribed method for wrapping chmod to disabling the setuid
and setgid bit?
So far I have:
Cmnd_Alias FILE_MOD = /usr/bin/chgrp
DEVELOP ALL=(ALL) NOPASSWD:FILE_MOD, \
!/usr/bin/chmod [1-4]??? *, \
!/usr/bin/chmod * [1-4]??? *, \
!/usr/bin/chmod *[s]* *, \
!/usr/bin/chmod * *[s]* *
This seems to work okay but it seems awfully cumbersome. Is there a
better way, or more importantly, are there any holes in the above?
More information about the sudo-workers