Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Question: Is there a way in the sudoers file to restrict access to a certain directory?, I know the sudoers file is used to manage permissions on how much privileges in terms of commands. The user needs root access, but we want to restrict an access to certain directories.
What does the user need to do in these directories? You might be able to either use chroot to restrict them to a directory, or wrap the command(s) they need in a script that allows only the authorized actions.
So the problem is that they are engineers and need to install software and make system changes to make this software build that they install work. As system admins we dont know their required commands. So we are trying to make a setting that allows all root access without them explicitly changing permissions and accessing certain directories.. Certain parts of /etc
My favorite way to approach that is using Linux containers (either LXC or OpenVZ) to give each engineer a virtual machine. Even better than chroot, each has what looks like an entire linux workstation with complete access to ALL files - yet they cannot affect the virtual machine of the next engineer or see ANY of his (or her) files. Just as they are walled away from each other, they are also walled away from the host (DOM0) physical server.
As a side benefit, it is fairly easy to take a working container and use it to make a template that can be used to deploy multiple copies as needed. So if they get it REALLY right, they can safely share with all of the other engineers.
So is there a way to make it so users with sudoers privileges can not access other home directories and restrict access to directories like Audit.
That all depends on what you have already setup. For example are the directories already setup to not allow them access as normal user? If so then you would remove the ability to run the 'cd' command as sudo.
But if you want to restrict the users use of commands they can use you should lock all commands and only allow the commands you want them to use.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.