I have a Windows user on my network who has Samba access to our linux development server. Occasionally permissions or ownership will become confused for reasons unknown and he will no longer be able to edit files.
To get round this I have given him access through PuTTY and in the sudoers file (sudo visudo
) I have added a line like this:
username ALL = /bin/chmod, /bin/chown
Now obviously he could now just chown everything to himself and delete the entire drive. He is trustworthy, but I worry if someone were to compromise his account or he accidentally got out of his depth and did it.
Is there a way I can restrict his account so it can only chmod
or chown
in /home/username
and /specified/directory
?
I am running Ubuntu 10.10 on the server.
Best Answer
You could write a script
/usr/local/bin/permchange
and allow him to run only this with sudo after making sure he can't edit it.