On Mon, Jul 11, 2016 at 5:27 PM, Joe Zeff <j...@zeff.us> wrote: > On 07/11/2016 02:15 PM, Robert Nichols wrote: > >> On 07/11/2016 12:13 PM, bruce wrote: >> >>> the change I made >>> cat ALL=(ALL) NOPASSWD: /cat/*.* >>> >> >> That is granting cat the right to run commands as cat, i.e., it's pretty >> much a no-op. Try >> >> dog ALL=(ALL) NOPASSWD: /cat/*.* >> > > Wouldn't it be easier to create a group that both cat and dog belong to, > have the files owned by cat (and that group) and give the files execute > access by everybody in the group? That gives dog access to the specific > commands it needs but nothing else in cat's home folder. > > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org >
I concur. Creating a common group seems the least complicated. Then chmod the files in /cat/ to cat:commongroup and you are done. Expandable if Rat joined the system and you could just add Rat to the commongroup. Also I think Dog is invoking the sudo command, albeit as cat to run a file, so the system needs Dogs password to execute... I think.
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
