Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm working on a program in a shared environment on CentOS that needs to copy files to multiple users home directories, and have them owned by the respective users.
The way I'm doing it now is with sudo...I did something like this:
chris ALL=(root) NOPASSWD: ALL
then in my code I do something like:
sudo cp files /home/other_user/files
sudo chown -R other_user /home/other_user/files
sudo chgrp -R other_user /home/other_user/files
Unfortunately though...I had a bit of a bug in my code, and I ended up running:
sudo chown -R other_user /
Needless to say, this caused some serious problems.
How can I set this up so it's safer?...can I limit my access in the sudoers file?
In both cases you should not need 'sudo' in your commands. With the setuid method, all users will be able to execute your program as root while the sudoers method restricts that to user chris.
Thanks for the feedback...but it still doesn't seem to be the solution I'm after.
Instead of limiting access to what programs can be run with sudo...is it possible to limit which files I can chown?
Or is there a better way of doing this?
My script will always be run as the same user by a webserver, and needs to create files in other users home directories. Then lastly, change the owner, and group to that other user.
What I am doing now works...but seems unsafe.
Essentially running cp and chown with root priveleges, which allows me to do things like 'chown -R user /'...
I'd like to limit it...so that I can only do chowing to folders in /home. And further...there are certain user folders in /home that I would like to exclude as well.
The only way I know would be to perform checks on the variable you are using to store the home directory.
Example code:
Code:
###
### Example shell script to copy files to users home directories
### and change the permissions
###
##l_user= code for selecting the user here
l_home_dir=`grep '^$l_user:' /etc/passwd|cut -d':' -f6`
l_chk_home=`echo "$l_home_dir"|grep '^/home/'|wc -l`
if [ $l_chk_home -gt 0 ]
then
###
### users home dir is in /home
### safe to continue?
###
# code to copy files and change permissions here.
fi
Last edited by Disillusionist; 10-10-2007 at 03:42 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.