sudoedit, restricting to particular folder
Lawrence Horvath
lordsporkton at gmail.com
Thu Jun 1 22:13:41 PDT 2006
well in that case what can uyou recommend for editing only zone files
and being able to run rndc, that is my main goal, i need to lock a
system so that only "rndc reload", "rndc reconfig" and editing zone
files is possible by a group of users, any suggestins? and/or how do
you do this?
On 5/31/06, N.J. Thomas <njt at ayvali.org> wrote:
> * Kirk Strauser <kirk at daycos.com> [2006-05-30 16:30:45 -0500]:
> > > luser ALL = (root) sudoedit /home/luser/foo/*
> >
> > Why not give them root while you're at it:
> > luser$ cd ~/foo; ln -s /etc/master.passwd; sudoedit ~/foo/master.passwd
>
> Yikes, he's right. Don't put that in your sudoers file.
>
>
> I found some notes on the sudo mailing lists while Googling, that
>
> luser ALL = (root) sudoedit /home/luser/foo/
>
> would work one day for all files in /home/luser/foo/, IIRC Todd Miller
> said this would come out in version 1.7, but it looks like development
> of sudo has stalled, so short of writing your own wrapper script (which
> shouldn't be terribly hard) I don't know how to solve the original
> problem of restricting sudoedit to a particular directly using sudo
> alone.
>
> Thomas
>
> --
> N.J. Thomas
> njt at ayvali.org
> Etiamsi occiderit me, in ipso sperabo
>
--
-Lawrence
More information about the freebsd-questions
mailing list