Date: Thu, 1 Jun 2006 22:13:39 -0700 From: "Lawrence Horvath" <lordsporkton@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: sudoedit, restricting to particular folder Message-ID: <a1bf75ae0606012213x1f008b85mcceec8d8fc76413a@mail.gmail.com> In-Reply-To: <20060531223706.GA4607@ayvali.org> References: <a1bf75ae0605301346h1b5f8b35g27e8a8391d8974cb@mail.gmail.com> <20060530212241.GK3413@ayvali.org> <200605301630.45755.kirk@daycos.com> <20060531223706.GA4607@ayvali.org>
next in thread | previous in thread | raw e-mail | index | archive | help
well in that case what can uyou recommend for editing only zone files and being able to run rndc, that is my main goal, i need to lock a system so that only "rndc reload", "rndc reconfig" and editing zone files is possible by a group of users, any suggestins? and/or how do you do this? On 5/31/06, N.J. Thomas <njt@ayvali.org> wrote: > * Kirk Strauser <kirk@daycos.com> [2006-05-30 16:30:45 -0500]: > > > luser ALL = (root) sudoedit /home/luser/foo/* > > > > Why not give them root while you're at it: > > luser$ cd ~/foo; ln -s /etc/master.passwd; sudoedit ~/foo/master.passwd > > Yikes, he's right. Don't put that in your sudoers file. > > > I found some notes on the sudo mailing lists while Googling, that > > luser ALL = (root) sudoedit /home/luser/foo/ > > would work one day for all files in /home/luser/foo/, IIRC Todd Miller > said this would come out in version 1.7, but it looks like development > of sudo has stalled, so short of writing your own wrapper script (which > shouldn't be terribly hard) I don't know how to solve the original > problem of restricting sudoedit to a particular directly using sudo > alone. > > Thomas > > -- > N.J. Thomas > njt@ayvali.org > Etiamsi occiderit me, in ipso sperabo > -- -Lawrence
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a1bf75ae0606012213x1f008b85mcceec8d8fc76413a>