UPDATED(Summary Sudo access and vi)

From: MADHU BARKUR <madhu_barkur_at_yahoo.com>
Date: Thu Aug 30 2001 - 17:43:06 EDT
This is an update on the above summary
 
Sean Quaint pointed out that 

you can create default ACLS on directories.  These are
inhereted by the files in the directory.

# setfacl -m d:u::7,d:g::5,d:o:0,d:u:some_user:7,d:m:7
dir_name

 So simply changing the ACL's on all the directories
and their contents one time fixed my problem. I don't
require to compile VIM or replace default "vi".


Thanks to all for the quick response.

Madhu B. 


The bottom line is sudo cannot control the child
> > > process from "vi". Some pointed to use ACL to
> > change
> > > the permission on files. This cannot be used on
> > > dynamically created files, which needs to be
> > edited.
> > >
> > > some pointed out in security threat in editing
the
> > > /etc/passwd /.profile files as command line
> > arguments
> > > on /usr/bin/vi. But fortunately these will be
> > reported
> > > in SUDO log file and which will be monitored
> > > continuously.
> > >
> > > Few suggested to use "pico" instead of "vi" ,
> > > unfortunately users are not ready to learn the
new
> > > editor.
> > >
> > > I have end up with two options:
> > >
> > > 1) create a cron job to use setfacl on newly
> > created
> > > files
> > > 2) recompile VIM to remove the shell mode or
file
> > edit
> > > mode.

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com
Received on Thu Aug 30 22:43:06 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:25:03 EDT