On 2011-12-22 1:00 PM, Nikos Chantziaras <rea...@arcor.de> wrote:
On 12/22/2011 05:44 PM, Tanstaafl wrote:
On 2011-12-20 12:19 PM, Nikos Chantziaras <rea...@arcor.de> wrote:
If you allow someone to edit root owned files, you're practically giving
him root access.
Well, yeah, but only on those defined files...
root access is global. You can't limit it. root is root, the all
powerful Unix being. Period :-)
Ummm... then what is the purpose of sudo??
If I add the following line to sudoers:
%sudoroot ALL=(root)NOPASSWD:/bin/chmod /var/www/localhost/htdocs/*
Are you saying that this does NOT limit anyone in the sudoroot group to
*only* be able to run the chmod command, and only on files located in
/var/www/localhost/htdocs?
Then you put the files in a special group and make them g+w, and add the
affected users to that group. Then they will able to write to those
files. If you want to give them write access to a whole directory, you
put the directory in the group and make it g+w. This is how it's
traditionally been done in Unix for ages, and it's extremely easy to set
up.
Yeah, I think I got a little tunnel vision trying to do this with sudo.
