Sudo Help

[hfaix]

Does anyone use sudo? I am trying to restrict a user to have sudo-root access to a specific directory (only) and it's sub directories? Can this be done? If so, how?

Thanks,

 

[roylec]

The sudo command is only really intended to enable a user to run a specific command as the superuser or another user.

The correct method is to create a group which the root user and your 'other' user both belong to, then create the directory, and ensure that whenever either root or the user needs to read/write to that directory, they have changed their effective group.

There is a possible method that involves allowing a user to execute a shell call, such as bash or csh etc, but I would strongly advise against this. If you do investigate this area, you still need to use a specific group to lock down the directory and scope.

Not a good approach

C

 

[hfaix]

Thanks for your reply. I found some similar comments to yours online and I've decided against this. I'm going to work on group lock down instead. Thanks again!

 

[Salem]

Here are a couple of commands which you may find useful.

1. Restricted shell
A restricted shell limits the number of things you can do (see manual for details).
You get a restricted shell by using the [tt]-r[/tt] command line option.

2. chroot (may be Linux specific)
This runs a command such that it sees the directory you specify as / (ie the root directory)
You can then create a mini environment inside that directory which your user can see and manipulate without letting them have access to the wider file system.

--