Re: [OFF] Sudo

To: debian-user@lists.debian.org
Subject: Re: [OFF] Sudo
From: Ansgar Burchardt <ansgar@2007.43-1.org>
Date: Thu, 29 May 2008 07:58:47 +0200
Message-id: <[🔎] gnus-86fxs18xd4.fsf@blight.43-1.org>
References: <[🔎] 483E00D7.4090505@auroraalimentos.com.br> <[🔎] 483E0ACE.4040605@gmail.com>

Hi,

Raj Kiran Grandhi <grajkiran@gmail.com> writes:

> Márcio Luciano Donada wrote:
>> I wonder if it is possible using the sudo leave with only the user can
>> edit the files that are in /etc/squid.
>
> A better option would be to chmod g+w the files in /etc/squid and then
> add the relevant users to that group.
>
> If you really want to do it using sudo, I think you should specify the
> complete command like '/usr/bin/vim /etc/squid/file' in the sudoers
> file. See the Cmnd_Alias section of sudoers(5) for more details.

This is a bad idea since most text editors allow the execution of
arbitrary commands.  You should give
  sudoedit /etc/squid/file
as the command.  This allows users to edit the file with
  sudo -e /etc/squid/file
with their favorite editor.  A temporary copy is created for editing,
the text editor started as the user, and the edited file is copied
back.

Regards,
Ansgar

-- 
PGP: 1024D/595FAD19  739E 2D09 0969 BEA9 9797  B055 DDB0 2FF7 595F AD19

Reply to:

References:
- [OFF] Sudo
  - From: Márcio Luciano Donada <mdonada@auroraalimentos.com.br>
- Re: [OFF] Sudo
  - From: Raj Kiran Grandhi <grajkiran@gmail.com>

Prev by Date: Save/Restore Symlinks
Next by Date: boot dom0 hang at xen is relinquishing vga console
Previous by thread: Re: [OFF] Sudo
Next by thread: Re: [OFF] Sudo
Index(es):
- Date
- Thread