I wrote:
> Fellow admins,
> I have a question about using editors with the sudo/op
> programs. I am looking for a vi based editor to give to users with
> restricted functionality. In particular, I want to be able to
> specify exactly which files are editable. For example, I want
> to be able to say vi <file>, and edit <file> and <file> only.
> I want the user to be unable to change the filename or read in
> another file or do anything else except edit the file specified
> on the command line.
>
> I was wondering if anybody has already modified an editor to do these
> things. I've got solaris 2.4, gcc + sunsoft C.
>
To summarise the answers,
The answer is no. If I want something like this, I'll have to either
1. hack the the source code for some editor myself; or
2. copy the file to edit to a safe place + owner, edit the file as
te safe owner, then copy it back.
I received one other suggestion to use "rvi". I had already seen it,
and I think it's not useful for this. FYI, "rvi" is a setuid perl
wrapper that checks permissions and stops you changing your shell: but
it does not stop you reading in other files.
I think I will go with option 1, it seems easier.
Thanks to:
Brett Lymn <blymn@awadi.com.au>
Fedor Gnuchev <qwe@ht.eimb.rssi.ru>
Sanford Whitehouse <sanford@lsil.com>
"H. Milton Johnson" <mjohnson@knee.brooks.af.mil>
Thank you all, if I do find one that is publicly available, I will
let you all know.
Francis
--
Francis.Liu@uts.edu.au Talk: +61 2 330 2091
Systems Programmer Fax : +61 2 330 1999
University of Technology, Sydney - Information Technology Division
PO BOX 123, Broadway, NSW 2007, Australia
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:59 CDT