Date: Wed, 31 May 2006 18:37:06 -0400 From: "N.J. Thomas" <njt@ayvali.org> To: Lawrence Horvath <lordsporkton@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: sudoedit, restricting to particular folder Message-ID: <20060531223706.GA4607@ayvali.org> In-Reply-To: <200605301630.45755.kirk@daycos.com> References: <a1bf75ae0605301346h1b5f8b35g27e8a8391d8974cb@mail.gmail.com> <20060530212241.GK3413@ayvali.org> <200605301630.45755.kirk@daycos.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Kirk Strauser <kirk@daycos.com> [2006-05-30 16:30:45 -0500]:
> > luser ALL = (root) sudoedit /home/luser/foo/*
>
> Why not give them root while you're at it:
> luser$ cd ~/foo; ln -s /etc/master.passwd; sudoedit ~/foo/master.passwd
Yikes, he's right. Don't put that in your sudoers file.
I found some notes on the sudo mailing lists while Googling, that
luser ALL = (root) sudoedit /home/luser/foo/
would work one day for all files in /home/luser/foo/, IIRC Todd Miller
said this would come out in version 1.7, but it looks like development
of sudo has stalled, so short of writing your own wrapper script (which
shouldn't be terribly hard) I don't know how to solve the original
problem of restricting sudoedit to a particular directly using sudo
alone.
Thomas
--
N.J. Thomas
njt@ayvali.org
Etiamsi occiderit me, in ipso sperabo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060531223706.GA4607>