From: Bill Thompson (bill.thompson@GOODYEAR.COM)
Date: Sat Apr 17 2004 - 10:52:50 EDT
While "sudo sh" will work be aware that this will give the user running this command full root access. He/she will be in a shell as
root - very dangerous.
sudo is a great tool for allowing access to commands a user does not normally have rights to run but it does not replace Unix
permissions. i.e.: user "A" needs to be able to edit all of the files in directory /foo/bar however, these files are owned by root.
There is no easy way to get sudo to do this. You would think configuring something along the lines of "/bin/vi /foo/bar/*" would be
the answer and this will allow the user to edit said files, but it will also allow the user to edit ANY file on the system. e.g.:
"sudo /bin/vi /foo/bar/../../etc/sudoers" will work just fine!
If anybody knows of a good way to do this (other than a wrapper script) please share. I'd be very interested in seeing how other
people have solved this problem.
Bill Thompson
Sr UNIX Systems Administrator
The Goodyear Tire & Rubber Co.
Contains Confidential and/or Proprietary Information
May Not Be Copied or Disseminated Without Express Consent of The Goodyear Tire & Rubber Company.
AIX-L Archives: http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
----- Original Message -----
From: "Michael Cheselka" <cheselka@LINUX.CACTUS.ORG>
Newsgroups: bit.listserv.aix-l
To: <aix-l@Princeton.EDU>
Sent: Saturday, April 17, 2004 10:04 AM
Subject:
Bill Thompson
Sr UNIX Systems Administrator
The Goodyear Tire & Rubber Co.
Contains Confidential and/or Proprietary Information
May Not Be Copied or Disseminated Without Express Consent of The Goodyear Tire & Rubber Company.
AIX-L Archives: http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
----- Original Message -----
From: "Michael Cheselka" <cheselka@LINUX.CACTUS.ORG>
Newsgroups: bit.listserv.aix-l
To: <aix-l@Princeton.EDU>
Sent: Saturday, April 17, 2004 10:04 AM
Subject: Re: Sudo question
> No, sudo sets up a sub-shell, executes the command( in this case
> "cd"), and then exits upon the command's completion.
>
> You might want to sudo a shell( "sudo csh" or "sudo sh") and then cd
> while in the new shell or create a shell script and do the samething
> in the script.
>
> On Fri, Apr 16, 2004 at 02:02:03PM -0400, Miller, Dave (I.S.) wrote:
> > When I allow someone to cd /some/directory as root, with sudo, it takes
> > the command, but
> > Does not make that directory current....Is there a way to do that?
> >
> > Thanks.
> --
> Michael R. M. Cheselka ryoohki@ryoohki.org
> Itsu Made Mo "Love & Peace" ryoohki@spymac.com
> http://www.cactus.org/~cheselka cheselka@cactus.org
> No, sudo sets up a sub-shell, executes the command( in this case
> "cd"), and then exits upon the command's completion.
>
> You might want to sudo a shell( "sudo csh" or "sudo sh") and then cd
> while in the new shell or create a shell script and do the samething
> in the script.
>
> On Fri, Apr 16, 2004 at 02:02:03PM -0400, Miller, Dave (I.S.) wrote:
> > When I allow someone to cd /some/directory as root, with sudo, it takes
> > the command, but
> > Does not make that directory current....Is there a way to do that?
> >
> > Thanks.
> --
> Michael R. M. Cheselka ryoohki@ryoohki.org
> Itsu Made Mo "Love & Peace" ryoohki@spymac.com
> http://www.cactus.org/~cheselka cheselka@cactus.org
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:50 EDT