VI wrapper for SUDO?
A lazy sysadmin, not thinking through the ramifications, might put
things like "/usr/bin/vi /etc/aliases" in the sudoers file, thinking
that it limits access. But of course, vi has the ":e" command...
Is there any kind of wrapper that can be used to allow sudo to grant
editing access to only one file? I am thinking of something similar
to vipw or visudo, but with security in mind; following this basic
algorithm:
1. Using user privileges, Copy the desired file to a temp file owned
by the real user.
2. Using user privileges, Edit the temp file.
3. Using root privileges, copy the temp file to the final location.
Does such a beast exist? If not, I think it should. It should
probably obey the /etc/alternatives preferences for editors, too.
--Bill.
--
William R Ward bill@wards.net http://www.wards.net/~bill/
-----------------------------------------------------------------------------
If you're not part of the solution, you're part of the precipitate.
Reply to: