1 |
On Tue, Dec 20, 2011 at 11:51:11AM -0500, Tanstaafl wrote |
2 |
> On 2011-12-20 10:13 AM, Michael Mol <mikemol@×××××.com> wrote: |
3 |
> > So, incidentally, would 'sudo passwd root'... |
4 |
> |
5 |
> Ouch... any way to avoid that? |
6 |
> |
7 |
> I guess the best way would be to simply give them access to the commands |
8 |
> they need... |
9 |
> |
10 |
> I'll look into that... |
11 |
|
12 |
Howsabout in sudoers giving them the right to execute 2 commands... |
13 |
|
14 |
cat /etc/whatever > scratchfile (this one may not be necessary) |
15 |
cat scratchfile > /etc/whatever |
16 |
|
17 |
The first command copies the contents of the file to whatever |
18 |
directory the user is in. He can work on the copy using his regular |
19 |
privileges. Note that I'm assuming the user does not have read |
20 |
privileges on the file. If he does have read privileges, then the first |
21 |
command does not require sudoers. |
22 |
|
23 |
At the last step, he can send the finished copy back to the |
24 |
original file. The sequence the user will have to follow is, logged in |
25 |
as regular user... |
26 |
|
27 |
1a) If he does *NOT* have read prileges to /etc/whatever |
28 |
touch scratchfile |
29 |
sudo cat /etc/whatever > scratchfile |
30 |
|
31 |
1b) If he *DOES* have read prileges to /etc/whatever |
32 |
cp /etc/whatever scratchfile |
33 |
|
34 |
|
35 |
2) edit scratchfile *LOCALLY* with his favourite editor. No need to |
36 |
worry about restricting an editor. |
37 |
|
38 |
3) sudo cat scratchfile > /etc/whatever |
39 |
|
40 |
Note the use of "cat", rather than "cp", when using sudo. "cp" will |
41 |
copy the file attributes, including the fact that it's owned by the user |
42 |
doing the copying, e.g. sudo (as root) copies the file and it's owned by |
43 |
root (oops). Ditto for "cat" when redirected *TO A NEW FILE*. "touch" |
44 |
guarantees that the file will exist, and get overwritten by the content |
45 |
of /etc/whatever, but still retaining the fact that it's owned by the |
46 |
local user. |
47 |
|
48 |
If local user has read access to /etc/whatever, that makes things |
49 |
easier. When he does "cp" as local user, the resulting file is owned by |
50 |
hin. Edit at liesure, and send the result back with "cat". |
51 |
|
52 |
-- |
53 |
Walter Dnes <waltdnes@××××××××.org> |