well in that case what can uyou recommend for editing only zone files
and being able to run rndc, that is my main  goal, i need to lock a
system so that only "rndc reload", "rndc reconfig" and editing zone
files is possible by a group of users, any suggestins? and/or how do
you do this?

On 5/31/06, N.J. Thomas <[EMAIL PROTECTED]> wrote:
* Kirk Strauser <[EMAIL PROTECTED]> [2006-05-30 16:30:45 -0500]:
> > luser ALL = (root) sudoedit /home/luser/foo/*
> Why not give them root while you're at it:
> luser$ cd ~/foo; ln -s /etc/master.passwd; sudoedit ~/foo/master.passwd

Yikes, he's right. Don't put that in your sudoers file.

I found some notes on the sudo mailing lists while Googling, that

    luser ALL = (root) sudoedit /home/luser/foo/

would work one day for all files in /home/luser/foo/, IIRC Todd Miller
said this would come out in version 1.7, but it looks like development
of sudo has stalled, so short of writing your own wrapper script (which
shouldn't be terribly hard) I don't know how to solve the original
problem of restricting sudoedit to a particular directly using sudo


N.J. Thomas
Etiamsi occiderit me, in ipso sperabo

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to