Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 01-02-2009, 03:03 AM   #1
LQ Newbie
Registered: Apr 2008
Posts: 13

Rep: Reputation: 0
Using sudo to restrict user to locate fixed directory

Hi folks,
I want to let a user (test)only login to special directory such as /var/www and have full control . And the user can only run "mysql" command .
Is it possible using sudo to accomplish it ?

Thanks .
Old 01-02-2009, 05:47 AM   #2
Senior Member
Registered: Jul 2003
Location: Wellington, NZ
Distribution: mainly slackware
Posts: 1,289

Rep: Reputation: 52
maybe using chroot is appropriate here?
Old 01-02-2009, 07:22 AM   #3
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 12,916
Blog Entries: 28

Rep: Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208

You should look at 'sudo';

excerpt from 'man sudo';
       sudo, sudoedit - execute a command as another user

       sudo -K | -L | -V | -h | -k | -l | -v

       sudo [-HPSb] [-a auth_type] [-c class|-] [-p prompt] [-u username|#uid]
       {-e file [...] | -i | -s | command}

       sudoedit [-S] [-a auth_type] [-p prompt] [-u username|#uid] file [...]

       sudo allows a permitted user to execute a command as the superuser or
       another user, as specified in the sudoers file.  The real and effective
       uid and gid are set to match those of the target user as specified in
       the passwd file and the group vector is initialized based on the group
       file (unless the -P option was specified).  If the invoking user is
       root or if the target user is the same as the invoking user, no pass-
       word is required.  Otherwise, sudo requires that users authenticate
       themselves with a password by default (NOTE: in the default configura-
       tion this is the user's password, not the root password).  Once a user
       has been authenticated, a timestamp is updated and the user may then
       use sudo without a password for a short period of time (5 minutes
       unless overridden in sudoers).

       When invoked as sudoedit, the -e option (described below), is implied.

       sudo determines who is an authorized user by consulting the file
       /etc/sudoers.  By giving sudo the -v flag a user can update the time
       stamp without running a command. The password prompt itself will also
       time out if the user's password is not entered within 5 minutes (unless
       overridden via sudoers).

       If a user who is not listed in the sudoers file tries to run a command
       via sudo, mail is sent to the proper authorities, as defined at config-
       ure time or in the sudoers file (defaults to root).  Note that the mail
       will not be sent if an unauthorized user tries to run sudo with the -l
       or -v flags.  This allows users to determine for themselves whether or
       not they are allowed to use sudo.
You should read the rest of the 'man sudo'.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to restrict user for just one directory? J0sep Linux - Security 5 12-02-2008 05:49 PM
How to restrict a user not to create regular files in a directory gjagadish Programming 7 11-05-2008 06:15 AM
Restrict the user working directory ust Linux - Newbie 3 10-31-2008 12:42 AM
vsftpd: restrict ftp user to designated directory Niceman2005 Linux - Software 3 06-19-2008 02:58 AM
restrict user to home directory at logon pragti Linux - Security 6 02-27-2004 09:00 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:51 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration