Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 02-28-2009, 03:26 AM   #1
LQ Newbie
Registered: Feb 2009
Posts: 1

Rep: Reputation: 0
system wide read only user?

Hi there,

Sorry, i'm not sure if this should be in the newbie forum or here..

Basically I'm running red hat linux and frequently access root via sudo. We have some external developers that need to be able to read system log files etc, but i dont want them to be able to change any system files.

Is there a way of writing up a sudoers file so that when they access sudo they can have read access to the entire filesystem but not be able to edit or execute anything?

I thought about using chmod for this, but thought it would mess up permissions for system programs.

If someone could help that would be great, thanks :-)
Old 02-28-2009, 06:11 AM   #2
Registered: Dec 2002
Location: In front of a computer
Distribution: UPS, DHL, FedEx
Posts: 466

Rep: Reputation: 38
Use setfacl/getfacl instead of normal permissions.

This would let the "developers" group read access to all files...
setfacl -R -m g:developers:r-x /

But not all distributions have acls enabled, you may have to remount your filesystem first with...
mount / -o acl,remount

Last edited by niknah; 02-28-2009 at 06:21 AM.
Old 02-28-2009, 07:23 AM   #3
Senior Member
Registered: Jul 2004
Distribution: Ubuntu 7.04
Posts: 1,991

Rep: Reputation: 76
sudo can't be used for filesystem access directly: it only tells you which commands a user is allowed to run.

What you could do is to write a set of scripts that will let your developers read your system files, and configure sudo to only run those scripts. They could even be fairly simple scripts, i.e
cat /var/log/messages
Another option would be to set up a read-only samba share containing the files, and give the developers password-protected access to that. That way, they don't even need shell access to the machine.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
kde system wide config bong.mau Linux - Software 8 06-09-2006 05:17 AM
System Wide Permission lmanwarren Linux - General 1 03-29-2005 08:15 PM
Changing system-wide buttons rossjman1 Debian 1 03-22-2005 08:57 PM
list of the world wide user of firewalls satishsalve Linux - Networking 1 09-13-2004 06:02 PM
Read this and realize how far away Linux is from being a truly user friendly system chem1 General 28 03-03-2004 05:44 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:31 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration