From owner-freebsd-questions@FreeBSD.ORG Fri Jun 2 05:13:41 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30E8E16A5EF for ; Fri, 2 Jun 2006 05:13:41 +0000 (UTC) (envelope-from lordsporkton@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEA0843D46 for ; Fri, 2 Jun 2006 05:13:40 +0000 (GMT) (envelope-from lordsporkton@gmail.com) Received: by nz-out-0102.google.com with SMTP id 9so668304nzo for ; Thu, 01 Jun 2006 22:13:40 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=suTn11NU9jn7RYxbiY6kBIy7qJ6JsMtUW9WOiUP5dfXQ53R0Wh9NT9k0ok/aE2vumAwKy6Yf8V/CCIYDRlFoh4iECeq2AMnEn1dWvbCzcB/McFQrkBXlbThrpipZD847V3pK8Mry8dQUt5Ifiv6M05yDXZfjSOvsb2nA3YdVWYw= Received: by 10.65.250.16 with SMTP id c16mr1250844qbs; Thu, 01 Jun 2006 22:13:39 -0700 (PDT) Received: by 10.65.11.14 with HTTP; Thu, 1 Jun 2006 22:13:39 -0700 (PDT) Message-ID: Date: Thu, 1 Jun 2006 22:13:39 -0700 From: "Lawrence Horvath" To: freebsd-questions@freebsd.org In-Reply-To: <20060531223706.GA4607@ayvali.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060530212241.GK3413@ayvali.org> <200605301630.45755.kirk@daycos.com> <20060531223706.GA4607@ayvali.org> Subject: Re: sudoedit, restricting to particular folder X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jun 2006 05:13:41 -0000 well in that case what can uyou recommend for editing only zone files and being able to run rndc, that is my main goal, i need to lock a system so that only "rndc reload", "rndc reconfig" and editing zone files is possible by a group of users, any suggestins? and/or how do you do this? On 5/31/06, N.J. Thomas wrote: > * Kirk Strauser [2006-05-30 16:30:45 -0500]: > > > luser ALL = (root) sudoedit /home/luser/foo/* > > > > Why not give them root while you're at it: > > luser$ cd ~/foo; ln -s /etc/master.passwd; sudoedit ~/foo/master.passwd > > Yikes, he's right. Don't put that in your sudoers file. > > > I found some notes on the sudo mailing lists while Googling, that > > luser ALL = (root) sudoedit /home/luser/foo/ > > would work one day for all files in /home/luser/foo/, IIRC Todd Miller > said this would come out in version 1.7, but it looks like development > of sudo has stalled, so short of writing your own wrapper script (which > shouldn't be terribly hard) I don't know how to solve the original > problem of restricting sudoedit to a particular directly using sudo > alone. > > Thomas > > -- > N.J. Thomas > njt@ayvali.org > Etiamsi occiderit me, in ipso sperabo > -- -Lawrence