LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-10-2007, 04:11 AM   #1
mohrct
LQ Newbie
 
Registered: Oct 2007
Posts: 2

Rep: Reputation: 0
Sudo or user permissions?


Hello,

I'm working on a program in a shared environment on CentOS that needs to copy files to multiple users home directories, and have them owned by the respective users.

The way I'm doing it now is with sudo...I did something like this:
chris ALL=(root) NOPASSWD: ALL

then in my code I do something like:
sudo cp files /home/other_user/files
sudo chown -R other_user /home/other_user/files
sudo chgrp -R other_user /home/other_user/files


Unfortunately though...I had a bit of a bug in my code, and I ended up running:
sudo chown -R other_user /

Needless to say, this caused some serious problems.


How can I set this up so it's safer?...can I limit my access in the sudoers file?

Thanks,
Chris
 
Old 10-10-2007, 05:41 AM   #2
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,039

Rep: Reputation: 97
You can set limits on what you can do with sudo, however you have currently set it to ALL which means you can run anything.

You can modify what sudo allows users to do using `visudo`

Be very careful when modifying entries!

I normally suggest:
  1. Dont run visudo using sudo
  2. Keep a running root session whilst you test (in case you need to fix any mistakes)

If you want to restrict use of vi, then you would have a sudoers file containing something like:
Code:
root ALL=(ALL) ALL

my_user ALL=(ALL) ALL, !/usr/bin/vi
 
Old 10-10-2007, 08:15 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,411

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
BTW, you can change owner and group in one cmd:
chown [flags] other_userther_grp file-list

Last edited by chrism01; 10-10-2007 at 08:17 AM.
 
Old 10-10-2007, 09:02 AM   #4
almatic
Member
 
Registered: Mar 2007
Distribution: Debian
Posts: 547

Rep: Reputation: 67
Quote:
Originally Posted by mohrct View Post
The way I'm doing it now is with sudo...I did something like this:
chris ALL=(root) NOPASSWD: ALL
you can restrict the user chris to only execute your program as root with the following line instead of yours.

chris ALL=NOPASSWD: /path/to/your/program

you could also use the suid flag.

chown root /path/to/your/program && chmod u+s /path/to/your/program.

In both cases you should not need 'sudo' in your commands. With the setuid method, all users will be able to execute your program as root while the sudoers method restricts that to user chris.
 
Old 10-10-2007, 04:13 PM   #5
mohrct
LQ Newbie
 
Registered: Oct 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Further Clarification

Thanks for the feedback...but it still doesn't seem to be the solution I'm after.

Instead of limiting access to what programs can be run with sudo...is it possible to limit which files I can chown?

Or is there a better way of doing this?

My script will always be run as the same user by a webserver, and needs to create files in other users home directories. Then lastly, change the owner, and group to that other user.

What I am doing now works...but seems unsafe.
Essentially running cp and chown with root priveleges, which allows me to do things like 'chown -R user /'...

I'd like to limit it...so that I can only do chowing to folders in /home. And further...there are certain user folders in /home that I would like to exclude as well.

Thanks,
Chris
 
Old 10-10-2007, 04:40 PM   #6
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,039

Rep: Reputation: 97
The only way I know would be to perform checks on the variable you are using to store the home directory.

Example code:
Code:
###
### Example shell script to copy files to users home directories
### and change the permissions
###

##l_user= code for selecting the user here
l_home_dir=`grep '^$l_user:' /etc/passwd|cut -d':' -f6`

l_chk_home=`echo "$l_home_dir"|grep '^/home/'|wc -l`
if [ $l_chk_home -gt 0 ]
then
   ###
   ### users home dir is in /home
   ### safe to continue?
   ###
   # code to copy files and change permissions here.
fi

Last edited by Disillusionist; 10-10-2007 at 04:42 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sudo for more than one user MOCKBA Ubuntu 3 09-30-2006 03:38 AM
SUDO for user nobody tracer Linux - Newbie 3 01-12-2006 03:12 PM
sudo permissions problem cuto19 Ubuntu 8 12-01-2005 12:50 AM
Permissions in Debian - sudo works, su doesn't (etch/64Studio) greennick Linux - Software 0 09-12-2005 04:04 PM
sudo and permissions limit mfeoli Linux - General 2 05-05-2005 07:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration