Unix/Linux Go Back    

Solaris The Solaris Operating System, usually known simply as Solaris, is a Unix-based operating system introduced by Sun Microsystems. The Solaris OS is now owned by Oracle.

Sudo access of rm to non-root user


Thread Tools Search this Thread Display Modes
Old Unix and Linux 08-24-2017   -   Original Discussion by solaris_1977
apmcd47's Unix or Linux Image
apmcd47 apmcd47 is online now
Registered User
Join Date: Feb 2011
Last Activity: 12 December 2017, 5:01 AM EST
Posts: 283
Thanks: 13
Thanked 76 Times in 73 Posts
Originally Posted by solaris_1977 View Post
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give rm access to app_user, only to that file, via sudoers ? So that, he can delete only that file, not any other path or file or folder.

I'm willing to bet that when you come back with why the file is written by root it is because the directory /opt/vpp/dom1.2/pdd is owned by root.

Consider this:

dewi(6)$ file xyzzy
xyzzy: cannot open `xyzzy' (No such file or directory)
dewi(7)$ sudo touch xyzzy
[sudo] password for apm: 
dewi(8)$ ls -l xyzzy
-rw-r--r-- 1 root root 0 24 Aug 11:29 xyzzy
dewi(9)$ rm xyzzy
rm: remove write-protected regular empty file 'xyzzy'? y
dewi(10)$ ls -l xyzzy
ls: cannot access 'xyzzy': No such file or directory
dewi(11)$ sudo mkdir XYZZY
dewi(12)$ ls -ld XYZZY/                                                        
drwxr-xr-x 2 root root 4096 24 Aug 11:31 XYZZY/
dewi(13)$ cd XYZZY/                                                            
dewi(14)$ sudo touch xyzzy
dewi(15)$ ls -la
total 8
drwxr-xr-x  2 root root 4096 24 Aug 11:32 .
drwxr-xr-x 19 apm  sog  4096 24 Aug 11:31 ..
-rw-r--r--  1 root root    0 24 Aug 11:32 xyzzy
dewi(16)$ rm -f xyzzy 
rm: cannot remove 'xyzzy': Permission denied

So because I own the parent directory I was able to deleted the first xyzzy file, but because root owned the directory XYZZY I was unable to delete the second xyzzy file.

So why does the file today_23 need to be created in the directory /opt/vpp/dom1.2/pdd? Can it be created elsewhere? Failing that, could the directory pdd be modified to give the user the required write permission to create and delete the file without root access?

Sponsored Links
Old Unix and Linux 08-24-2017   -   Original Discussion by solaris_1977
bakunin's Unix or Linux Image
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
Join Date: May 2005
Last Activity: 10 December 2017, 6:03 PM EST
Location: In the leftmost byte of /dev/kmem
Posts: 5,647
Thanks: 109
Thanked 1,613 Times in 1,184 Posts
Originally Posted by solaris_1977 View Post
But, is it possible at all, to give sudo access to app_user to remove that root owned file ? I just want to have my statement correct, before jumping into discussion with them.
In fact it is possible to set such a sudo-rule. Put the follwoing in /etc/sudoers:

username ALL=(ALL:ALL) NOPASSWD: /path/to/rm /path/to/file

PLEASE NOTICE, though, this does not invalidate what my colleagues have already said about problems, symptoms and patching over them. I just want to tell you that - if every other way of correcting the underlying problem fails - there is a last-ditch solution you could employ. You still should try your utmost to avoid needing that. See also here, which is basically the same principle at work.

I hope this helps.

The Following 2 Users Say Thank You to bakunin For This Useful Post:
rbatte1 (08-25-2017), solaris_1977 (08-24-2017)
Sponsored Links
Old Unix and Linux 08-24-2017   -   Original Discussion by solaris_1977
solaris_1977's Unix or Linux Image
solaris_1977 solaris_1977 is offline
Registered User
Join Date: Mar 2011
Last Activity: 28 September 2017, 4:34 PM EDT
Posts: 454
Thanks: 54
Thanked 4 Times in 4 Posts
Thanks much.
But as you and other suggested, I will try to fix ownership issue with app team, then we may not need to tweek sudoers
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Sudo to user other than root but do not allow sudo to root westmoreland Red Hat 1 02-03-2015 01:40 PM
Sudo to delegate permission from non-root user to another non-root user canar UNIX for Dummies Questions & Answers 1 04-06-2012 06:59 PM
sudo/root access daWonderer UNIX for Dummies Questions & Answers 0 02-10-2012 06:47 AM
sudo user access daveisme AIX 2 07-15-2010 04:39 PM
How to allow access to some commands having root privleges to be run bu non root user suryashikha UNIX for Dummies Questions & Answers 5 10-30-2009 06:46 AM

All times are GMT -4. The time now is 06:11 AM.