-   Red Hat (
-   -   Limiting Sudo Access (

carlosinfl 02-08-2011 10:02 AM

Limiting Sudo Access
I have some developers who need to be granted sudo access but I want to limit the access from 'ALL' to just being able to manage items in /opt/rational/ directory but nothing above that hierarchy directory (hope that makes sense)

How would I so something like this?

Reuti 02-08-2011 10:12 AM

sudo is about giving permissions to run certain processes as another account. You are looking for some access control for directories. Do the developers need plain root access, or would it be sufficient to limit it to certain commands which could be granted to them, or not granting root but another account?

Being root they could otherwise adjust anything to change other files as well.

tarik007 02-11-2011 09:02 AM

limiting sudo Access
You can give to your developers team a permission to run a script, command or job of root or another user such as in the following lines by editing the /etc/sudoers file:
Cmnd_Alias CMD_SUDO_Developers = /usr/bin/su - devel, /usr/bin/su - devel -c *
Cmnd_Alias CMD_SUDO_run = /root/commands/to/run
Cmnd_Alias SUDO = /usr/bin/sudo, /usr/local/bin/sudo, /bin/sudo, \

# group privilege specification
%developers ALL = (ALL) CMD_SUDO_Developers, SUDO

All times are GMT -5. The time now is 06:44 AM.