1833827 Members
2034 Online
110063 Solutions
New Discussion

Re: Sudo Access

 
PVR
Valued Contributor

Sudo Access

Hi !

I want to give a user; access to s/w manager and permission to write within two directories using sudo....

Directories are /usr/local and /usr/freeware..

I don't want to change the permission of /usr/local.

Can you please help m eon that ?
Don't give up. Try till success...
3 REPLIES 3
Victor Fridyev
Honored Contributor

Re: Sudo Access

Hi,

I'm afraid, you can't give permissions via sudo.
AFAIK, sudo can give root permissions to executables.
I see two possible ways to resolve the problem:
1. To connect the user[s] to the group sys or bin and to give write permissions in the directories for the group.
2. To write a script lim_cp, which works like cp, but only for these directories and insert the script into sudo.

HTH
Entities are not to be multiplied beyond necessity - RTFM
Gopi Sekar
Honored Contributor

Re: Sudo Access


sudo is only to allow normal users to run applications as root user. it can not handle file system permissions. best method would be to assign the user to a particular group which has group write access to these two folders.

or you can allow the user to sudo execute the applications which writes into these two directories alone. but remember the application will run as root and user can use them to write to any where in the system as they want.

Regards,
Gopi

Never Never Never Giveup
marko asplund
Frequent Advisor

Re: Sudo Access

if you just want to give a group of people write access to certain directories then a better solution might be to create a group for these people, assigning them to the group, changing the group id for the directories to the new group and finally giving the group write access to the directories.

if you don't want to create a group or don't want to make the group own the directories you could use ACL for this. here's how to give access to individual users:

setacl -m user:pvr:rwx /usr/freeware

it might still be a good idea to create a group e.g. swmanager and use ACL to give write access to the group like this:

setacl -m group:swmanagers:rwx /usr/freeware


br. aspa