Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am confused about editing Sudoers file as what to write and what not to? Can you please help me?
I am trying to edit Sudoers for running few commands like copying, moving, listing, searching, creating, changing permissions on files and directories in the home directory for user e.g. a test user but i am not sure how to restrict the user action to a particular directory or restrict the commands all other commands except ls, cp, grep, wc, cat, touch, chmod, chown running at root level (e.g. rm -r command)? What would be the syntax?
Allowing a user to use cp, chmod or chown with sudo is basically the same as giving them your root password. The user is easily able to chmod or chown the sudoers-file or just copy over a already prepared sudoers file, giving himself or other users any permission he wants.
This is a serious security issue, don't even consider it.
If you want to restrict the user's actions to a limited set of directories sudo is not the appropriate tool, you should use the permission system, in particular different user-groups for that.
I think there is a misunderstanding. I don't think that shahmeer75 wants the testuser to modify / chown /rm etc the sudoers file.
And that exactly is the problem. If the testuser has the right to start the commands mv, cp, chown, chmod (or many other programs) as root using sudo the testuser is able to modify those files (or use many other nasty hacks) to become effectively root. If you don't trust the user so that you have to give him limited rights with sudo then you shouldn't trust him not to modify those files.
Therefore a different approach should be taken. Since shahmeer75 asks
Quote:
how to restrict the user action to a particular directory or restrict the commands all other commands except ls, cp, grep, wc, cat, touch, chmod, chown running at root level
IMHO the correct approach would be to use file permissions or, if necessary, ACL (Access Control Lists).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
