LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 07-07-2003, 10:02 AM   #1
AnthonyM
Member
 
Registered: Mar 2002
Location: Toronto, Ontario
Posts: 43

Rep: Reputation: 15
Question Creating file link -- user needs permissions?


I need to create a link to a log file for a user inside their home directory which I do using:
ln -s /var/log/apache/access /home/user/access_log

The user has no permissions to the log/apache directory, nor do I intend to give them to him, but I just want to give them access to the log file.
How would I do this and not open up a security risk?
I did a search and all I could find was having to mount the directory using NFS or using a hard link (but that would exceed the users disk quota)

Thanks in advance.
 
Old 07-07-2003, 12:18 PM   #2
nxny
Member
 
Registered: May 2002
Location: AK - The last frontier.
Distribution: Red Hat 8.0, Slackware 8.1, Knoppix 3.7, Lunar 1.3, Sorcerer
Posts: 771

Rep: Reputation: 30
In one word, sudo. See sudoers(5) for overview and syntax.

Use command visudo to edit your sudoers file, create a host_alias, a user_alias called LOGVIEWERS or similar. Add groups (%users) or the login usernames of just the users you want to grant access to.

Add a Cmnd_Alias ACCESSLOGVIEW or similar. Something like /bin/rview /var/log/apache/access.

Now tie the user, host and command using
LOGVIEWERS HOSTLIST=ACCESSLOGVIEW
and you're all set.

The user(s) thus added will be able to view the log when they
sudo rview /var/log/apache/access
when they will be prompted for *their* password. ( You can add a 'NOPASSWD:' before ACCESSLOGVIEW to circumvent this.) It wont ask them for a password again for another sudo command for the next 5 minutes IIRC.

PS: /bin/view is a 'read-only' version of the visual editor. rview is a restricted view, as in the user cannot spawn a shell or run a command using the colon key.

Last edited by nxny; 07-07-2003 at 12:29 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
User file permissions tapanga Linux - Software 14 07-03-2008 11:36 PM
Creating a user with no permissions... defa0009 Linux - Newbie 4 05-15-2005 02:24 PM
Creating Multiple user accounts from a formatted file collern2 Programming 2 03-09-2005 09:15 PM
How can I define permissions on a /home/user dir _before_ creating it with adduser skunkburner Linux - General 6 03-18-2004 03:42 PM
Viewing my root password / creating an all permissions user ssobeht Linux - Security 16 11-01-2003 01:25 PM


All times are GMT -5. The time now is 06:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration