VI wrapper for SUDO?

To: debian-security@lists.debian.org
Subject: VI wrapper for SUDO?
From: William R Ward <bill@wards.net>
Date: 29 Nov 2001 14:45:08 -0800
Message-id: <[🔎] m2d721gpsb.fsf@komodo.home.wards.net>

A lazy sysadmin, not thinking through the ramifications, might put
things like "/usr/bin/vi /etc/aliases" in the sudoers file, thinking
that it limits access.  But of course, vi has the ":e" command...

Is there any kind of wrapper that can be used to allow sudo to grant
editing access to only one file?  I am thinking of something similar
to vipw or visudo, but with security in mind; following this basic
algorithm:

1. Using user privileges, Copy the desired file to a temp file owned
   by the real user.
2. Using user privileges, Edit the temp file.
3. Using root privileges, copy the temp file to the final location.

Does such a beast exist?  If not, I think it should.  It should
probably obey the /etc/alternatives preferences for editors, too.

--Bill.

-- 
William R Ward            bill@wards.net          http://www.wards.net/~bill/
-----------------------------------------------------------------------------
     If you're not part of the solution, you're part of the precipitate.

Reply to:

Follow-Ups:
- Re: VI wrapper for SUDO?
  - From: Jeremy Puhlman <jpuhlman@mvista.com>
- Re: VI wrapper for SUDO?
  - From: Mike Renfro <renfro@tntech.edu>
- Re: VI wrapper for SUDO?
  - From: Ted Cabeen <ted@impulse.net>
- Re: VI wrapper for SUDO?
  - From: Ted Cabeen <ted@impulse.net>
- Re: VI wrapper for SUDO?
  - From: William R Ward <bill@wards.net>
- Re: VI wrapper for SUDO?
  - From: Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>

Prev by Date: Re: shutdown user and accountability
Next by Date: Re: VI wrapper for SUDO?
Previous by thread: Re: passwords and crypt?
Next by thread: Re: VI wrapper for SUDO?
Index(es):
- Date
- Thread