03-19-2010
Quote:
Originally Posted by
noam128
i have defined a rule in the sudoers file so a specific user is able to run some commands as sudo with no password.
my question is: is it possible to restrict a user to run commands as sudo only in a certain directory? for example: chown only the files that are located in /var/tmp.
Thank you.
*EDIT*:solved the problem
Create a script which restricts "chown" to files /var/tmp only.
Grant the specific user the right to execute the script you created with root privileges using sudo (sudoers file)
10 More Discussions You Might Find Interesting
1. Linux
Hi,
I have edited 'sudoers' file to allow 'cads' user shutdown the system without providing a password.
Can someone tell me what's wrong with my file?
It's not working when I 'sudo SHUTDOWN' command:
sudo: SHUTDOWN: command not found
Thanks a lot!
# Host alias specification... (4 Replies)
Discussion started by: whatisthis
4 Replies
2. UNIX for Advanced & Expert Users
Does anyone know of a utility that can parse through a sudoers file and create an "expansion" dump of all users defined in the User Specification, outputting user, host, and command based on all defined Aliases? (3 Replies)
Discussion started by: jasondavey
3 Replies
3. Solaris
All,
I have sudo setup installed on my Soalris 10 box. Everything working fine as expected. I would like to setup granular level access for one of the user
I use Rational Clearcase application which has its own command prompt /usr/atria/bin/cleartool
Once i invloked i can run its... (4 Replies)
Discussion started by: baluchen
4 Replies
4. Cybersecurity
Hi all,
I'm trying to setup my sudoer file at work to have the right security, but I'm not able to refine to the level I want.
Here's what I would like to have:
=> OS Users
- John (group staff)
- Bob (group staff)
- app20adm (group app20grp)
- app70adm (group app70grp)
- sys20adm... (0 Replies)
Discussion started by: victorbrca
0 Replies
5. Shell Programming and Scripting
Hello,
Recently our team noticed access to groups had not been revoked per sudo file.
We currently have around 160 AIX LPARS.
I am hoping someone can help me write a script that would copy all sudoers file at each machine and dump into 1 large file for me to review.
I have public... (1 Reply)
Discussion started by: audis$
1 Replies
6. UNIX for Dummies Questions & Answers
Hi,
I was asked to create sudoers file for operation team so they can sudo as another user and run few commands.
I have updated /etc/sudoers file.
User_Alias LEVEL1 = JamesF, dennisW, juanC, steveS,
Cmnd_Alias SU_PROD=/bin/su prod, /bin/su - prod
Cmnd_Alias SU_NYOP=/bin/su... (2 Replies)
Discussion started by: samnyc
2 Replies
7. Emergency UNIX and Linux Support
Hi,
I need the details of which ids belong to the sudoers file, and which groups these ids belong to.
Can anyone suggest a way to derive that information into a flat file please?
G (4 Replies)
Discussion started by: ggayathri
4 Replies
8. UNIX for Dummies Questions & Answers
Hi
using Solaris 10. trying to update /etc/sudoers file
I need to add all the fist level operation team. This is what I have but it doesn't seem to work. Please help.Error message
sudo su -
>>> sudoers file: parse error, line 9 <<<
>>> sudoers file: parse error, line 9 <<<
... (2 Replies)
Discussion started by: samnyc
2 Replies
9. Solaris
In the sudoers file in Solaris...
I am trying to limit the DEVELOPER user privileges to where those users can only use the “rm” command in certain directories. This is to prevent them from deleting directories or files and destroying a server. I want them to be able to use the "rm" command but... (1 Reply)
Discussion started by: nzonefx
1 Replies
10. UNIX for Beginners Questions & Answers
Hi,
I have several employees of whom we have created Linux user ids as below.
fred
mohtashim
jhon
matt
croft
....
$ id
uid=1018(jhon) gid=1003(techx) groups=1003(techx) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Note: All my employee users belong to techx... (3 Replies)
Discussion started by: mohtashims
3 Replies
LEARN ABOUT DEBIAN
0store-secure-add
0STORE-SECURE-ADD(1) 0STORE-SECURE-ADD(1)
NAME
0store-secure-add -- add an implementation to the system cache
SYNOPSIS
0store-secure-add DIGEST
DESCRIPTION
This command imports the current directory into the system-wide shared Zero Install cache, as /var/cache/0install.net/implementa-
tions/DIGEST. This allows a program downloaded by one user to be shared with other users.
The current directory must contain a file called '.manifest' listing all the files to be added (in the format required by DIGEST), and this
file must have the given digest. If not, the import is refused. Therefore, it is only possible to add a directory to the cache if its name
matches its contents.
It is intended that it be safe to grant untrusted users permission to call this command with elevated privileges. To set this up, see
below.
SETTING UP SHARING
To enable sharing, the system administrator should follow these steps:
Create a new system user to own the cache:
adduser --system zeroinst
Create the shared directory, owned by this new user:
mkdir /var/cache/0install.net
chown zeroinst /var/cache/0install.net
Use visudo(8) to add these lines to /etc/sudoers:
Defaults>zeroinst env_reset,always_set_home
ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add
Create a script called 0store-secure-add-helper in PATH to call it. This script must be executable and contain these two lines:
#!/bin/sh
exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null
The other Zero Install programs will call this helper script automatically.
FILES
/var/cache/0install.net/implementations
System-wide Zero Install cache.
LICENSE
Copyright (C) 2009 Thomas Leonard.
You may redistribute copies of this program under the terms of the GNU Lesser General Public License.
BUGS
This program is EXPERIMENTAL. It has not been audited. Do not use it yet in security-critial environments.
The env_reset line in sudoers may not be required. sudo(1) seems to do it automatically.
If sudo let us check whether we could call a command then we could switch to using it automatically, instead of needing to add the helper
script. Currently, sudo delays for one second and writes to auth.log if we try to use this system when it hasn't been set up.
Please report bugs to the developer mailing list:
http://0install.net/support.html
AUTHOR
Zero Install was created by Thomas Leonard.
SEE ALSO
0store(1)
The Zero Install web-site:
http://0install.net
Thomas Leonard 2010 0STORE-SECURE-ADD(1)