* Jason Healy (jhealy@logn.net) [010712 17:23]: > > chmod/chown are extremely dangerous binaries to give root privs on, as > they essentially give you the ability to setuid anything to root. > That said, most binaries can be dangerous when given root privs (bash, > cat, echo, rm, cp, mv, tar). > > Be very, very careful. > Agreed. Given that this is the case, your best bet may be to VERY CAREFULLY construct a wrapper that validates input (i.e. requires absolute paths under a given directory (i.e. /home) w/o symlinks, matches argument against a list of valid files, etc.) and then executes the chown itself, and give the user sudo permission to run the wrapper. You'll find that pretty often, this is the way to go with sudo. Even by restricting arguments, you'll find that most any command can be used in some way to get a lot of root with a little sudo. It's best to only give anything sudo to users you trust very, very well. Vineet
Attachment:
pgpvv1Y242VyV.pgp
Description: PGP signature