Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I am confused about editing Sudoers file as what to write and what not to? Can you please help me?
I am trying to edit Sudoers for running few commands like copying, moving, listing, searching, creating, changing permissions on files and directories in the home directory for user e.g. a test user but i am not sure how to restrict the user action to a particular directory or restrict the commands all other commands except ls, cp, grep, wc, cat, touch, chmod, chown running at root level (e.g. rm -r command)? What would be the syntax?
Allowing a user to use cp, chmod or chown with sudo is basically the same as giving them your root password. The user is easily able to chmod or chown the sudoers-file or just copy over a already prepared sudoers file, giving himself or other users any permission he wants.
This is a serious security issue, don't even consider it.
If you want to restrict the user's actions to a limited set of directories sudo is not the appropriate tool, you should use the permission system, in particular different user-groups for that.
I think there is a misunderstanding. I don't think that shahmeer75 wants the testuser to modify / chown /rm etc the sudoers file.
And that exactly is the problem. If the testuser has the right to start the commands mv, cp, chown, chmod (or many other programs) as root using sudo the testuser is able to modify those files (or use many other nasty hacks) to become effectively root. If you don't trust the user so that you have to give him limited rights with sudo then you shouldn't trust him not to modify those files.
Therefore a different approach should be taken. Since shahmeer75 asks
how to restrict the user action to a particular directory or restrict the commands all other commands except ls, cp, grep, wc, cat, touch, chmod, chown running at root level
IMHO the correct approach would be to use file permissions or, if necessary, ACL (Access Control Lists).