Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-10-2007, 04:11 AM
|
#1
|
LQ Newbie
Registered: Oct 2007
Posts: 2
Rep:
|
Sudo or user permissions?
Hello,
I'm working on a program in a shared environment on CentOS that needs to copy files to multiple users home directories, and have them owned by the respective users.
The way I'm doing it now is with sudo...I did something like this:
chris ALL=(root) NOPASSWD: ALL
then in my code I do something like:
sudo cp files /home/other_user/files
sudo chown -R other_user /home/other_user/files
sudo chgrp -R other_user /home/other_user/files
Unfortunately though...I had a bit of a bug in my code, and I ended up running:
sudo chown -R other_user /
Needless to say, this caused some serious problems.
How can I set this up so it's safer?...can I limit my access in the sudoers file?
Thanks,
Chris
|
|
|
10-10-2007, 05:41 AM
|
#2
|
Senior Member
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,039
Rep:
|
You can set limits on what you can do with sudo, however you have currently set it to ALL which means you can run anything.
You can modify what sudo allows users to do using `visudo`
Be very careful when modifying entries!
I normally suggest: - Dont run visudo using sudo
- Keep a running root session whilst you test (in case you need to fix any mistakes)
If you want to restrict use of vi, then you would have a sudoers file containing something like:
Code:
root ALL=(ALL) ALL
my_user ALL=(ALL) ALL, !/usr/bin/vi
|
|
|
10-10-2007, 08:15 AM
|
#3
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,419
|
BTW, you can change owner and group in one cmd:
chown [flags] other_user ther_grp file-list
Last edited by chrism01; 10-10-2007 at 08:17 AM.
|
|
|
10-10-2007, 09:02 AM
|
#4
|
Member
Registered: Mar 2007
Distribution: Debian
Posts: 547
Rep:
|
Quote:
Originally Posted by mohrct
The way I'm doing it now is with sudo...I did something like this:
chris ALL=(root) NOPASSWD: ALL
|
you can restrict the user chris to only execute your program as root with the following line instead of yours.
chris ALL=NOPASSWD: /path/to/your/program
you could also use the suid flag.
chown root /path/to/your/program && chmod u+s /path/to/your/program.
In both cases you should not need 'sudo' in your commands. With the setuid method, all users will be able to execute your program as root while the sudoers method restricts that to user chris.
|
|
|
10-10-2007, 04:13 PM
|
#5
|
LQ Newbie
Registered: Oct 2007
Posts: 2
Original Poster
Rep:
|
Further Clarification
Thanks for the feedback...but it still doesn't seem to be the solution I'm after.
Instead of limiting access to what programs can be run with sudo...is it possible to limit which files I can chown?
Or is there a better way of doing this?
My script will always be run as the same user by a webserver, and needs to create files in other users home directories. Then lastly, change the owner, and group to that other user.
What I am doing now works...but seems unsafe.
Essentially running cp and chown with root priveleges, which allows me to do things like 'chown -R user /'...
I'd like to limit it...so that I can only do chowing to folders in /home. And further...there are certain user folders in /home that I would like to exclude as well.
Thanks,
Chris
|
|
|
10-10-2007, 04:40 PM
|
#6
|
Senior Member
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,039
Rep:
|
The only way I know would be to perform checks on the variable you are using to store the home directory.
Example code:
Code:
###
### Example shell script to copy files to users home directories
### and change the permissions
###
##l_user= code for selecting the user here
l_home_dir=`grep '^$l_user:' /etc/passwd|cut -d':' -f6`
l_chk_home=`echo "$l_home_dir"|grep '^/home/'|wc -l`
if [ $l_chk_home -gt 0 ]
then
###
### users home dir is in /home
### safe to continue?
###
# code to copy files and change permissions here.
fi
Last edited by Disillusionist; 10-10-2007 at 04:42 PM.
|
|
|
All times are GMT -5. The time now is 11:32 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|