| 1 |
On Tue, Dec 20, 2011 at 11:51:11AM -0500, Tanstaafl wrote |
| 2 |
> On 2011-12-20 10:13 AM, Michael Mol <mikemol@×××××.com> wrote: |
| 3 |
> > So, incidentally, would 'sudo passwd root'... |
| 4 |
> |
| 5 |
> Ouch... any way to avoid that? |
| 6 |
> |
| 7 |
> I guess the best way would be to simply give them access to the commands |
| 8 |
> they need... |
| 9 |
> |
| 10 |
> I'll look into that... |
| 11 |
|
| 12 |
Howsabout in sudoers giving them the right to execute 2 commands... |
| 13 |
|
| 14 |
cat /etc/whatever > scratchfile (this one may not be necessary) |
| 15 |
cat scratchfile > /etc/whatever |
| 16 |
|
| 17 |
The first command copies the contents of the file to whatever |
| 18 |
directory the user is in. He can work on the copy using his regular |
| 19 |
privileges. Note that I'm assuming the user does not have read |
| 20 |
privileges on the file. If he does have read privileges, then the first |
| 21 |
command does not require sudoers. |
| 22 |
|
| 23 |
At the last step, he can send the finished copy back to the |
| 24 |
original file. The sequence the user will have to follow is, logged in |
| 25 |
as regular user... |
| 26 |
|
| 27 |
1a) If he does *NOT* have read prileges to /etc/whatever |
| 28 |
touch scratchfile |
| 29 |
sudo cat /etc/whatever > scratchfile |
| 30 |
|
| 31 |
1b) If he *DOES* have read prileges to /etc/whatever |
| 32 |
cp /etc/whatever scratchfile |
| 33 |
|
| 34 |
|
| 35 |
2) edit scratchfile *LOCALLY* with his favourite editor. No need to |
| 36 |
worry about restricting an editor. |
| 37 |
|
| 38 |
3) sudo cat scratchfile > /etc/whatever |
| 39 |
|
| 40 |
Note the use of "cat", rather than "cp", when using sudo. "cp" will |
| 41 |
copy the file attributes, including the fact that it's owned by the user |
| 42 |
doing the copying, e.g. sudo (as root) copies the file and it's owned by |
| 43 |
root (oops). Ditto for "cat" when redirected *TO A NEW FILE*. "touch" |
| 44 |
guarantees that the file will exist, and get overwritten by the content |
| 45 |
of /etc/whatever, but still retaining the fact that it's owned by the |
| 46 |
local user. |
| 47 |
|
| 48 |
If local user has read access to /etc/whatever, that makes things |
| 49 |
easier. When he does "cp" as local user, the resulting file is owned by |
| 50 |
hin. Edit at liesure, and send the result back with "cat". |
| 51 |
|
| 52 |
-- |
| 53 |
Walter Dnes <waltdnes@××××××××.org> |
Archives