Re: scripting inherited commands user rights

To: debian-user@lists.debian.org
Subject: Re: scripting inherited commands user rights
From: Alex Mestiashvili <alex@biotec.tu-dresden.de>
Date: Thu, 07 Feb 2013 16:11:44 +0100
Message-id: <[🔎] 5113C430.2080904@biotec.tu-dresden.de>
In-reply-to: <[🔎] CAGWVfMn4K5m0mRxuC+EZvZD4ua2HY4NH5V7mB2+wc1CjeEk_Sw@mail.gmail.com>
References: <[🔎] CAGWVfM=BZk_o98UGcAiQefhLjHT60vjZ-D25_5SfPQKJZyZS7w@mail.gmail.com> <[🔎] 5113B21F.2070601@biotec.tu-dresden.de> <[🔎] CAGWVfMn4K5m0mRxuC+EZvZD4ua2HY4NH5V7mB2+wc1CjeEk_Sw@mail.gmail.com>

On 02/07/2013 03:54 PM, Muhammad Yousuf Khan wrote:
> Thanks for the hint i have been going through couple of howtos but it
> is still not working same error i put this line at the bottom of the
> VISUDO still no luck
>
> %ykhan ALL = NOPASSWD: /usr/bin/myscript
>
> when i run the script with user ykhan still give me the same error.
>
> would you please be kind enough and share a good howto or guide by
> example. that would be very helpful.
>
> Thanks
>
> On Thu, Feb 7, 2013 at 6:54 PM, Alex Mestiashvili
> <alex@biotec.tu-dresden.de> wrote:
>   
>> On 02/07/2013 02:10 PM, Muhammad Yousuf Khan wrote:
>>     
>>> i have got a /data folder where no one has rights accept user "root".
>>> and for some reasons or reducing my dependency i have created a script
>>> which include
>>> "mkdir" command
>>>
>>> like this
>>>
>>> mkdir /data/example
>>>
>>> the script own by the user and have got rights 700 on the script file
>>> so that only that specific user can run the script however when the
>>> script ran it gives us this error
>>> "mkdir: cannot create directory `/data/example ': Permission denied"
>>>
>>> i dont want to give any user  -w , -r and -x rights on the folder but
>>> what i want is that he can only create directory via that script only.
>>>
>>>
>>> Thanks,
>>>
>>>
>>>       
>> you can use sudo to run a command with elevated rights.
>>
>> Regards,
>> Alex
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>> Archive: [🔎] 5113B21F.2070601@biotec.tu-dresden.de">http://lists.debian.org/[🔎] 5113B21F.2070601@biotec.tu-dresden.de
>>
>>     
>
>   
Please do not top-post [0]

the example you gave me looks correct, nevertheless :

cat /home/admin/myscript.sh
#!/bin/bash
mkdir /root/test

chmod 755 /home/admin/myscript.sh

just to be sure:
chmod 700 /root
chown root /root

cat /etc/sudoers | grep admin
admin   ALL = NOPASSWD: /home/admin/myscript.sh

as user admin
ls -l /root    
ls: cannot open directory /root: Permission denied


 sudo ./myscript.sh && echo $?
0

one more time :

sudo ./myscript.sh          
mkdir: cannot create directory `/root/test': File exists

as root,
ls -l /root | grep test
drwxr-xr-x 2 root root    4096 Feb  7 16:07 test


[0]
http://wiki.debian.org/FAQsFromDebianUser#What_is_top-posting_.28and_why_shouldn.27t_I_do_it.29.3F


Regards,
Alex

Reply to:

References:
- scripting inherited commands user rights
  - From: Muhammad Yousuf Khan <sirtcp@gmail.com>
- Re: scripting inherited commands user rights
  - From: Alex Mestiashvili <alex@biotec.tu-dresden.de>
- Re: scripting inherited commands user rights
  - From: Muhammad Yousuf Khan <sirtcp@gmail.com>

Prev by Date: Re: scripting inherited commands user rights
Next by Date: Re: scripting inherited commands user rights
Previous by thread: Re: scripting inherited commands user rights
Next by thread: Re: scripting inherited commands user rights
Index(es):
- Date
- Thread