LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-28-2012, 03:18 PM   #1
lcwilson
LQ Newbie
 
Registered: Jun 2008
Posts: 1

Rep: Reputation: 0
Limit sudo to only one directory and it's subdirectories by sudoers file


Is there any way to limit the directories a specific user can execute commands upon after they have been added to the sudoers file?

For example, I have the following in my sudoers file:

user1 ALL=(root) /bin/chown,/bin/chmod,/bin/chgrp

I only want 'user1' to be able to change permissions on files in /mnt/apps1/ and its subdirectories.

I tried the following without any luck.

user1 ALL=(root) /bin/chown,/bin/chmod,/bin/chgrp /mnt/apps1/*
 
Old 03-28-2012, 04:30 PM   #2
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Hi lcwilson,

Welcome to LQ!!!

When you add a user to sudoers and provide the user access to certain commands then it means that it will run those commands with assigned privilege. So basically if you configure say user1 to run a command with root privilege in /etc/sudoers then that user is authorized to run those command on any directory / service (if configured).

Quote:
I only want 'user1' to be able to change permissions on files in /mnt/apps1/ and its subdirectories.
As you said that you want user1 to be able to change permissions on files in /mnt/apps1 and its subdirectories I would say an easier way would be to make user1 owner of that directory. Adding that user in /etc/sudoers will give him unecessary privileges.

You can run the following command to make user1 owner of /mnt/apps1 and its subdirectories:

Code:
chown -R user1 /mnt/apps1
In this way he will be able to change permission of that directory and its subdirectories.
 
Old 03-28-2012, 04:55 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by lcwilson
Is there any way to limit the directories a specific user can execute commands upon after they have been added to the sudoers file?
Not that I know of. But you can write a wrapper script (e.g. /usr/local/bin/foochmod), and make the user a sudoer for the wrapper. If your wrapper script accepts input data, validate it carefully.

T3RM1NVT0R's answer is probably the right approach, though.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora /etc/sudoers file and sudoers.d directory davejjj Linux - Newbie 2 10-21-2011 07:19 PM
LXer: sudo install, usage and sudoers config file basics LXer Syndicated Linux News 0 08-29-2010 01:30 PM
[SOLVED] Can't Execute Commands as sudo Nor Access Sudoers File in Mandriva 2010.1 gdawg Linux - Newbie 4 08-17-2010 02:32 PM
LXer: Quick how-to sudoers file (sudo command) LXer Syndicated Linux News 0 11-25-2007 02:50 AM
monitoring file added to a directory / subdirectories abhi_abhijith Programming 4 02-13-2006 08:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration