Login or Register to Ask a Question and Join Our Community


Solaris

restrict sudo and chown in specified directory

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris restrict sudo and chown in specified directory
# 1  
Old 02-05-2012
Question restrict sudo and chown in specified directory
Hi Dears,

I have one requirement like this:
  1. general user A can execute command C with root privilege by sudo configuration
  2. some folders and files are created during the command C execution
  3. user A cannot access those folders and files because the owner is root user, so I want the user A can execute chown command but restrict the scope as the parent directory created by the command C.
How to make the bold statement the truth?

Thanks!
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Restrict sudo -i

Hi, I wanted add a group to the sudoers file so they can run sudo commands and blocked su command but it seems they can just run sudo -i to switch to root which defeats my purpose. Is it possible to block sudo -i with the help of sudoers file or any other way. Please advise. The below... (1 Reply)
Discussion started by: Jartan
1 Replies

2. AIX

How to restrict user to a particular directory?

hi, I want to restrict some user access to only 1 directory (including all sub-directories/files in it). can you please explain me, how can we do this? example; Filesystem GB blocks Used Free %Used Mounted on /dev/hd4 2.61 1.02 1.59 40% / /dev/hd2 ... (7 Replies)
Discussion started by: aaron8667
7 Replies

3. Shell Programming and Scripting

Chmod working in sudo run script but chown isn't

My git user has permission in sudoers to run a wrapper script to move files into my webroot. Everything is working fine except for the chown line. After the script has run, the files ar still root:root instead of apache:apache. Scratching my head...:confused: #!/bin/sh echo echo "****... (4 Replies)
Discussion started by: dheian
4 Replies

4. Shell Programming and Scripting

excluding a directory with chown, chmod

does anyone know how to exclude a directory with chown or chmod? im trying to do something like this chown $username:$username $directory/* chown $username:$username $directory/.* chown $username:$username $directory and find $directory/* -type f -exec... (1 Reply)
Discussion started by: vanessafan99
1 Replies

5. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a... (17 Replies)
Discussion started by: explorer007
17 Replies

6. OS X (Apple)

sudo chown -R `whoami` /usr/local

I was following a tutorial on installing Homebrew and I changed the ownership of /usr/local/ to me. Now McAfee Security won't start This is the exact line I typed: sudo chown -R `whoami` /usr/local Then I tried to fix it with: sudo chown -R root /usr/local I still can't start mcafee. It say... (7 Replies)
Discussion started by: chancho
7 Replies

7. Shell Programming and Scripting

chown of a Directory

Hi All, I need your help in changing the owner of a directory. I have a created a direcotry TEST with user "abc"....for the group "ftp". Now i wnated to change the owner of the directory TEST. i used the below command to do so: chown abc:sftp TEST This is giving me an error... (5 Replies)
Discussion started by: ch33ry
5 Replies

8. Red Hat

Restrict user to a particular directory

Hi I have a Fedora10 server and i need a particular user to view files only in a particular folder. All other files in other folders having "read" permission for all shouldn't be accessible to this user. Please let me know if ther's a way. Thanks, HG (5 Replies)
Discussion started by: Hari_Ganesh
5 Replies

9. UNIX for Dummies Questions & Answers

chown -R under root directory

Hi I executed command "chown -R xxx:xxx /" with user root... and it was too late when I found the mistake. Ownership of some files under the root directory had already become xxx:xxx. Is there a way that can recovery the ownership of all my files back to the point where they were? I really thanks. (2 Replies)
Discussion started by: password636
2 Replies

10. UNIX for Dummies Questions & Answers

Restrict my search to current directory.

Hi every1, There is a folder with .lst files which has email id's of our project group. I want to find files which has my email id starting with sachin but i dont want find command to search subdirectories. I have read about prune but i didnt understand that. I am pretty new in this field.... (7 Replies)
Discussion started by: sachin.gangadha
7 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

0store-secure-add

0STORE-SECURE-ADD(1)													      0STORE-SECURE-ADD(1)

NAME

       0store-secure-add -- add an implementation to the system cache

SYNOPSIS

       0store-secure-add DIGEST

DESCRIPTION

       This  command  imports  the  current  directory	into  the  system-wide	shared	Zero Install cache, as /var/cache/0install.net/implementa-
       tions/DIGEST.  This allows a program downloaded by one user to be shared with other users.

       The current directory must contain a file called '.manifest' listing all the files to be added (in the format required by DIGEST), and this
       file  must have the given digest. If not, the import is refused. Therefore, it is only possible to add a directory to the cache if its name
       matches its contents.

       It is intended that it be safe to grant untrusted users permission to call this command with elevated  privileges.  To  set  this  up,  see
       below.

SETTING UP SHARING

       To enable sharing, the system administrator should follow these steps:

       Create a new system user to own the cache:

       adduser --system zeroinst

       Create the shared directory, owned by this new user:

       mkdir /var/cache/0install.net

       chown zeroinst /var/cache/0install.net

       Use visudo(8) to add these lines to /etc/sudoers:

       Defaults>zeroinst env_reset,always_set_home

       ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add

       Create a script called 0store-secure-add-helper in PATH to call it. This script must be executable and contain these two lines:

       #!/bin/sh

       exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null

       The other Zero Install programs will call this helper script automatically.

FILES

       /var/cache/0install.net/implementations
	      System-wide Zero Install cache.

LICENSE

       Copyright (C) 2009 Thomas Leonard.

       You may redistribute copies of this program under the terms of the GNU Lesser General Public License.

BUGS

       This program is EXPERIMENTAL. It has not been audited. Do not use it yet in security-critial environments.

       The env_reset line in sudoers may not be required. sudo(1) seems to do it automatically.

       If  sudo  let us check whether we could call a command then we could switch to using it automatically, instead of needing to add the helper
       script. Currently, sudo delays for one second and writes to auth.log if we try to use this system when it hasn't been set up.

       Please report bugs to the developer mailing list:

       http://0install.net/support.html

AUTHOR

       Zero Install was created by Thomas Leonard.

SEE ALSO

       0store(1)

       The Zero Install web-site:

       http://0install.net

Thomas Leonard							       2010						      0STORE-SECURE-ADD(1)