well in that case what can uyou recommend for editing only zone files and being able to run rndc, that is my main goal, i need to lock a system so that only "rndc reload", "rndc reconfig" and editing zone files is possible by a group of users, any suggestins? and/or how do you do this?
On 5/31/06, N.J. Thomas <[EMAIL PROTECTED]> wrote:
* Kirk Strauser <[EMAIL PROTECTED]> [2006-05-30 16:30:45 -0500]: > > luser ALL = (root) sudoedit /home/luser/foo/* > > Why not give them root while you're at it: > luser$ cd ~/foo; ln -s /etc/master.passwd; sudoedit ~/foo/master.passwd Yikes, he's right. Don't put that in your sudoers file. I found some notes on the sudo mailing lists while Googling, that luser ALL = (root) sudoedit /home/luser/foo/ would work one day for all files in /home/luser/foo/, IIRC Todd Miller said this would come out in version 1.7, but it looks like development of sudo has stalled, so short of writing your own wrapper script (which shouldn't be terribly hard) I don't know how to solve the original problem of restricting sudoedit to a particular directly using sudo alone. Thomas -- N.J. Thomas [EMAIL PROTECTED] Etiamsi occiderit me, in ipso sperabo
-- -Lawrence _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"