07-26-2010
Problem is you are allowing them to tail a file, this means they will be able to look at the contents of pretty much anything they want.
for instance:
sudo tail /root/.ssh/authorized_keys
Catch my drift???
I would say chgrp the files you want them to be able to tail, to a newly created group, toss the old group owner into that group and add matt and john to the new group.
This way they can only access the files that you chgrp to the new group.
This seems to becoming more of a permissions question than a sudo question...
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi Friends,
I am new user of linux operating system. I wanted to install a software but facing a difficulty.
I am not able to proceed to the next statement without resolving this. WFT is the software i need for my purpose.
Setup a MySQL user account for WTF that will have access to
... (1 Reply)
Discussion started by: alma
1 Replies
2. Linux
Hi
anyone know how to setup a setup a virtual IP to control 2 server load for linux? i only have 2 server, i don want to buy another just for the load balance... is there a way to do it?
Sumemr (0 Replies)
Discussion started by: summerpeh
0 Replies
3. AIX
I know that IBM's official stance is that NIM does not work on etherchannel environment, but has anyone able to get around it?
I'm working on a p5-590 LPAR system, and the NIM master and clients are all on the same frame.
Any help is appreciated. (1 Reply)
Discussion started by: pdtak
1 Replies
4. UNIX for Advanced & Expert Users
Hi,
Can anyone please guide me how can I remove/block a user from a server access.
/usr/sbin/adduser -d /home/john john
echo ****** | passwd --stdin john
I used the above command to add a user "john". How do I delete and block john.
Appreciate your responses. (1 Reply)
Discussion started by: sureshcisco
1 Replies
5. Linux
hi
i want to set up LInux mail server for intranet purpose. i used following document as reference Linux Mail Server
softwares used are :
Postfix # pre installed
Procmail # pre installed
Fetchmail # pre installed
SpamBayes
Mutt #... (1 Reply)
Discussion started by: zedex
1 Replies
6. AIX
I am working on setting sudo on a few AIX servers and wanted to know how to give users root access without allowing them access to the sudo logs, sudoers files and the /etc/security directory. (3 Replies)
Discussion started by: daveisme
3 Replies
7. Red Hat
i need to set up a user to execute a restricted command as another user and to be able to do so without entering a password. I understand the security concerns but let's not go there, unless you are really compelled to do so... The directive to permit is that I believe should work and did add to... (2 Replies)
Discussion started by: twk
2 Replies
8. Linux
Hi,
I am new in linux. Please help for create new user and also need to give sudo access in linux box. Please help me
Now i am having new access
Thanks,
Mani (2 Replies)
Discussion started by: Mani_apr08
2 Replies
9. UNIX for Dummies Questions & Answers
I have a home network set up that consists of a few windows clients and 3 centos, and 1 suse client. These are all virtual machines, VMware Workstation. One centos vm is set to be the Samba server. Do I need Samba set up on the other Linux clients?I have no problem seeing the windows clients... (0 Replies)
Discussion started by: ktb231
0 Replies
10. UNIX for Advanced & Expert Users
How do I setup a Samba server to always ask to user and password, when a windows user, prints your files using a shared printer through a Samba Linux Server (CUPS)? (0 Replies)
Discussion started by: viga
0 Replies
LEARN ABOUT FREEBSD
chgrp
CHGRP(1) BSD General Commands Manual CHGRP(1)
NAME
chgrp -- change group
SYNOPSIS
chgrp [-fhvx] [-R [-H | -L | -P]] group file ...
DESCRIPTION
The chgrp utility sets the group ID of the file named by each file operand to the group ID specified by the group operand.
The following options are available:
-H If the -R option is specified, symbolic links on the command line are followed. (Symbolic links encountered in the tree traversal
are not followed.)
-L If the -R option is specified, all symbolic links are followed.
-P If the -R option is specified, no symbolic links are followed. This is the default.
-R Change the group ID for the file hierarchies rooted in the files instead of just the files themselves.
-f The force option ignores errors, except for usage errors and does not query about strange modes (unless the user does not have proper
permissions).
-h If the file is a symbolic link, the group ID of the link itself is changed rather than the file that is pointed to.
-v Cause chgrp to be verbose, showing files as the group is modified. If the -v flag is specified more than once, chgrp will print the
filename, followed by the old and new numeric group ID.
-x File system mount points are not traversed.
The -H, -L and -P options are ignored unless the -R option is specified. In addition, these options override each other and the command's
actions are determined by the last one specified.
The group operand can be either a group name from the group database, or a numeric group ID. If a group name is also a numeric group ID, the
operand is used as a group name.
The user invoking chgrp must belong to the specified group and be the owner of the file, or be the super-user.
FILES
/etc/group group ID file
EXIT STATUS
The chgrp utility exits 0 on success, and >0 if an error occurs.
COMPATIBILITY
In previous versions of this system, symbolic links did not have groups.
The -v and -x options are non-standard and their use in scripts is not recommended.
SEE ALSO
chown(2), fts(3), group(5), passwd(5), symlink(7), chown(8)
STANDARDS
The chgrp utility is expected to be IEEE Std 1003.2 (``POSIX.2'') compatible.
BSD
February 21, 2010 BSD