Thanks for your explanation about shell builtin. I changed directory
permissions and now it works!
On Tue, Jun 28, 2016 at 4:17 PM, Christian Heimes <chei...@redhat.com>
> On 2016-06-28 09:08, Mitra Dehghan wrote:
> > Hello,
> > I want to know how can I give directory permissions on a client to a
> > domain user in FreeIPA.
> > I'm using "runasuser" feature in sudo policy to give my domain users
> > permission to run local services on client.
> > Here is an example:
> > I have a service on my client called "/abc/" located at "/home/abc/" and
> > locally run by local user called "/abc/"
> > I have used runasuser feature in sudo policy rules to let domain users
> > (say: /u...@mydomain.dc/) run the service. /usr/ can run scripts, read
> > and edit files and stop/start services, using /abc/'s permissions and
> > without any problem.
> > But the problem I have faced is, when I want "/usr/" to traverse
> > subdirectories under "//home/abc//" it doesn't work.
> > I have defined sudocmd for cd command and added it as allow-command to
> > appropriate sudorule. my sudocmd definitions are like this:
> > /ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/n/'
> > /
> > /ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/m/'
> > /
> > /ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/n/q/'/
> cd is a builtin command of your shell. It has to be because it changes
> the current working directory the shell's process. sudo doesn't work for
> shell builtins. You have to find another way to accomplish your task.
> By the way are you familiar how r,w,x work for directories? 'r' is used
> for listing the content of a directory, 'w' for creating/removing files
> (except for +t directories) and 'x' is used to check if a user is
> allowed to enter a directory. You can allow users to enter a directory
> w/o actually seeing its content.
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project