SUMMARY: sudo help

Date: Thu May 09 1996 - 07:20:52 CDT

Orginal Question:

For reasons not important here I would like
to grant a non-experienced user access to the
chown and chgrp commands. However, I want to
restrict using the -R option to these commands
so he will not accidently destroy the system by changing the
ownership of all system files.

my entry in the sudoers file is :
        user system=/bin/chown,/bin/chgrp,!/bin/chown -R,!/bin/chgrp -R

The documentation seems to imply this should work, but the
user has full access to the chown and chgrp commands including the -R

Any ideas?

Before I go any further I would like to stress the obvious, giving a
experienced user access to this command is giving him root access to
the system.

I had many responses including one from Todd Miller the care taker
(probably author) of the program. He thinks it is probably a bug in the code
and will check it out.

Most people sugested writting a script, perl or C program which
would in turn exec the chown command without allowing for the -R
option. This is fine except for the problem that ultimately they would
also have to execute the REAL chown command.

One person suggested using op which is more flexable. I am not at all
familiar with op, but may give it a try.

As always, thanks to all who responded.

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:59 CDT