Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 11-22-2005, 10:02 AM   #1
Registered: Jun 2002
Posts: 302

Rep: Reputation: 31
Restricting Editing in Sudo (Advanced Sudo Question)

I am trying to use sudo to delegate responsibility of the Apache server to one of the users on the system. However, I run into a problem in that I want the user to be able to edit only a single configuration file (httpd.conf) as the user apache and not edit any of the other files owned by the user apache. Is this possible? When I set it to vim with the exact path, the user was able to allow vim to open other files as the user apache. Thanks for your time.
Old 11-23-2005, 04:23 AM   #2
LQ Addict
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian Squeeze
Posts: 5,846

Rep: Reputation: 342Reputation: 342Reputation: 342Reputation: 342
The common access to files in Linux is controlled by permissions. In order to refine those permissions as you desire, you must use ACL (Access Control List).

I leave it to you to do the research.
Old 11-23-2005, 06:28 AM   #3
Registered: Jun 2002
Posts: 302

Original Poster
Rep: Reputation: 31
Thansk bigrigdriver. I know that this can be done with ACLs but I was wondering if there is a sudo-specific approach. The nice thing about a sudo-specific approach would be that you can leave the ACLs as is and you could easily delegate authority. On the other hand, using ACLs would mean that if you ever wanted to delegate the authority to a different user, you would have to modify the ACL. You also only have ACL support on ext2/ext3. I was thinking of some way to run an editor such as vim without allowing it to open any files other than the one specified as a parameter.
Old 11-23-2005, 06:38 AM   #4
Registered: Dec 2003
Distribution: Desktop: Slackware 13.1 &13.37 | Server: Debian 6.0
Posts: 270

Rep: Reputation: 32
you could check what happens if you change group ownership of httpd.conf by creating new group with apache user in it.

if there are no consequences, create new group, add your user and apache user to this groupd, change group ownership of this file to the new group and restart apache.

Old 11-04-2006, 04:20 PM   #5
Registered: Jun 2002
Posts: 302

Original Poster
Rep: Reputation: 31
Just to up date an old post of mine with the answer which I found. What I was looking for can be solved using sudoedit for anyone interested.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SUDO question sajjad02 Linux - Newbie 1 03-07-2005 11:21 PM
sudo question satimis Linux - Software 3 12-07-2004 09:47 AM
Sudo question satimis Fedora 6 11-24-2004 09:58 PM
Sudo question. wbdune Linux - Newbie 2 10-14-2003 01:40 AM
sudo question darthtux Linux - General 1 06-07-2002 03:27 AM

All times are GMT -5. The time now is 07:58 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration