Hi all,

I have a SPARC server with solaris 8 installed on it
recently i installed Sudo package for it and configured it so that it will limits users to what they can do

below is the config for sudoers file

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
User_Alias MAINTAINERS = chris
# Cmnd alias specification
Cmnd_Alias DEB = /usr/sbin/passwd, /usr/bin/useradd, /usr/local/MAINT/test.ksh

#
# User privilege specification
root ALL=(ALL) ALL
MAINTAINERS ALL = DEB

I was wonder there's a file that i need to edit by using 'vi' but as a normal user i only have read access to it where and what do i need to add in the 'sudoers' file in order to edit that file for e.g that file is located in '/etc/users'

cheers
Huy

Hi,

I don't believe this is really possible with sudo. Sudo will give you the ability to run commands, but as far as I know, you can't be that restrictive about what those commands can be used to do. e.g. you could give the user the ability to run vi as root, but then they can edit any file as root, spawn a shell as root etc. I'm guessing you've already worked that out too.

Personally if there's just one file and I need some specific users to have permission to edit it, then I would just use standard UNIX filesystem permissions and groups to do that. e.g. create a group called 'maint', make the file readable and writeable by that group and then add the users I wanted to be able to edit the file to the group.

Cheers,
Steve

You can use UFS ACLs to grant that particular user write access to this file.

eg: