Alvin Oga writes: >if that sh script is called sucpaliases... >you cannot(should not) put "sudo sucpaliases" inside of it > - infinite recursion...
Of course not. The script I wrote is "editaliases" and inside that script, your "sucpaliases" is called. >-- another simpler way is to make /etc/aliases group writable > and newaliases for sudo by certain users > -- good and bad idea.. > >-- and you can put /etc/aliases into cvs control tooo These ideas are OK for some things, not for others. Sendmail is picky about the ownership and permissions on certain files. >-- c code is subject to buffer overflow problems... >-- scripts are susceptable to environment variables changing... Right - but I think the former is easier to thwart. Don't most Linux systems prohibit setuid shell scripts, for example? >-- in either case... you have to trust your users that run the > scripts/apps to replace /etc/aliases w/o giving um root access Of course, the idea is to give certain permissions to certain users without giving away the farm. That's what sudo's all about. --Bill. -- William R Ward [EMAIL PROTECTED] http://www.wards.net/~bill/ ----------------------------------------------------------------------------- If you're not part of the solution, you're part of the precipitate.
