For reasons not important here I would like
to grant a non-experienced user access to the
chown and chgrp commands. However, I want to
restrict using the -R option to these commands
so he will not accidently destroy the system by changing the
ownership of all system files.
my entry in the sudoers file is :
user system=/bin/chown,/bin/chgrp,!/bin/chown -R,!/bin/chgrp -R
The documentation seems to imply this should work, but the
user has full access to the chown and chgrp commands including the -R
Before I go any further I would like to stress the obvious, giving a
experienced user access to this command is giving him root access to
I had many responses including one from Todd Miller the care taker
(probably author) of the program. He thinks it is probably a bug in the code
and will check it out.
Most people sugested writting a script, perl or C program which
would in turn exec the chown command without allowing for the -R
option. This is fine except for the problem that ultimately they would
also have to execute the REAL chown command.
One person suggested using op which is more flexable. I am not at all
familiar with op, but may give it a try.
As always, thanks to all who responded.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:59 CDT