Limiting Sudo Access
I have some developers who need to be granted sudo access but I want to limit the access from 'ALL' to just being able to manage items in /opt/rational/ directory but nothing above that hierarchy directory (hope that makes sense)
How would I so something like this? |
sudo is about giving permissions to run certain processes as another account. You are looking for some access control for directories. Do the developers need plain root access, or would it be sufficient to limit it to certain commands which could be granted to them, or not granting root but another account?
Being root they could otherwise adjust anything to change other files as well. |
limiting sudo Access
You can give to your developers team a permission to run a script, command or job of root or another user such as in the following lines by editing the /etc/sudoers file:
Cmnd_Alias CMD_SUDO_Developers = /usr/bin/su - devel, /usr/bin/su - devel -c * Cmnd_Alias CMD_SUDO_run = /root/commands/to/run Cmnd_Alias SUDO = /usr/bin/sudo, /usr/local/bin/sudo, /bin/sudo, \ /opt/freeware/bin/sudo # group privilege specification %root ALL = (ALL) CMD_SUDO_ROOT %developers ALL = (ALL) CMD_SUDO_Developers, SUDO |
All times are GMT -5. The time now is 10:59 AM. |