So I would like to limit Apache to only change permissions in a certain folder and all of it's sub-directories, so this is what I have in my sudoers file
apache ALL= (ALL) NOPASSWD: /bin/chmod -R [g+ws] /var/www/sites/[a-z]+
But that does not appear to work. I sure I could get it to work by removing the restriction on the subfolder, but that seems dangerous as it would give a potential hacker unlimited access.
So is there a way to limit apache to only change files and folders within the "sites" folder or am I stuck giving unlimited access with chmod / chown?
Are there any big security holes using this approach?
Best Answer
It's probably better to make the chmod command a shell script to be only run by root and then allow that command to be run in sudo.