Re: [gentoo-user] rescrict command to certain dirs
On 8/2/07, Martin Gysel [EMAIL PROTECTED] wrote: it should do something like jail the user to /var/www/vhosts/DOMAIN/httpdocs/DIRtoFILES and let him perform some commands (rm, less, nano, etc) there as user WEBSERVER. AFAIK this isn't possible with sudo because I think it's not possible to restrict it to certain files or dirs. %% from /etc/sudoers # Users in group www are allowed to edit httpd.conf using sudoedit, or # sudo -e, without a password. # %www ALL=(ALL) NOPASSWD: sudoedit /etc/httpd.conf -- Vladimir Rusinov GreenMice Solutions: IT-решения на базе Linux http://greenmice.info/
Re: [gentoo-user] rescrict command to certain dirs
On Thursday 02 August 2007 08:54:21 am Martin Gysel wrote: I have a webserver running for multiple 'endusers'. No I want to give some costumers access to certain files as user WEBSERVER for easy editing configuration file owned by the webserver. it should do something like jail the user to /var/www/vhosts/DOMAIN/httpdocs/DIRtoFILES and let him perform some commands (rm, less, nano, etc) there as user WEBSERVER. As long as WEBSERVER isn't root, you should be able to use a combination of sudo/su and chroot. There are some ways to escape a chroot, but I *think* they all depend on being root inside the chroot, or exploiting other service running outside the chroot. (E.g. if connections from localhost are trusted.) -- Boyd Stephen Smith Jr. ,= ,-_-. =. [EMAIL PROTECTED] ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.org/ \_/ pgpOJywobtH7X.pgp Description: PGP signature
[gentoo-user] rescrict command to certain dirs
Hi I have a webserver running for multiple 'endusers'. No I want to give some costumers access to certain files as user WEBSERVER for easy editing configuration file owned by the webserver. it should do something like jail the user to /var/www/vhosts/DOMAIN/httpdocs/DIRtoFILES and let him perform some commands (rm, less, nano, etc) there as user WEBSERVER. AFAIK this isn't possible with sudo because I think it's not possible to restrict it to certain files or dirs. Is there an other utility which can do this? Or do I have to setup a chroot environment? thx martin -- [EMAIL PROTECTED] mailing list
