system wide read only user?
Hi there,
Sorry, i'm not sure if this should be in the newbie forum or here.. Basically I'm running red hat linux and frequently access root via sudo. We have some external developers that need to be able to read system log files etc, but i dont want them to be able to change any system files. Is there a way of writing up a sudoers file so that when they access sudo they can have read access to the entire filesystem but not be able to edit or execute anything? I thought about using chmod for this, but thought it would mess up permissions for system programs. If someone could help that would be great, thanks :-) |
Use setfacl/getfacl instead of normal permissions.
This would let the "developers" group read access to all files... setfacl -R -m g:developers:r-x / But not all distributions have acls enabled, you may have to remount your filesystem first with... mount / -o acl,remount |
sudo can't be used for filesystem access directly: it only tells you which commands a user is allowed to run.
What you could do is to write a set of scripts that will let your developers read your system files, and configure sudo to only run those scripts. They could even be fairly simple scripts, i.e Code:
#!/bin/bash |
All times are GMT -5. The time now is 12:44 AM. |