A lazy sysadmin, not thinking through the ramifications, might put things like "/usr/bin/vi /etc/aliases" in the sudoers file, thinking that it limits access. But of course, vi has the ":e" command...
Is there any kind of wrapper that can be used to allow sudo to grant editing access to only one file? I am thinking of something similar to vipw or visudo, but with security in mind; following this basic algorithm: 1. Using user privileges, Copy the desired file to a temp file owned by the real user. 2. Using user privileges, Edit the temp file. 3. Using root privileges, copy the temp file to the final location. Does such a beast exist? If not, I think it should. It should probably obey the /etc/alternatives preferences for editors, too. --Bill. -- William R Ward [EMAIL PROTECTED] http://www.wards.net/~bill/ ----------------------------------------------------------------------------- If you're not part of the solution, you're part of the precipitate. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
