Linux – Securely use find with sudo

findlinuxsudo

On a Linux server, I need to remove root privileges from a group of users. But those users have legitimate reasons to be able to use the "find" utility to search for files based on file names, modification dates, and other metadata.

On the server, file names are not sensitive, but the file contents may be.

I would like use sudo to allow the users to search for files anywhere on the server. The "find" utility is great, but it allows for all kinds of side effects, such as using "-exec" to spawn arbitrary commands.

Can I get find to work with my restrictions?

Best Answer

What about locate?

locate reads one or more databases prepared by updatedb(8) and writes file names matching at least one of the PATTERNs to standard output, one per line. If --regex is not specified, PATTERNs can contain globbing characters. If any PATTERN contains no globbing characters, locate behaves as if the pattern were PATTERN.

By default, locate does not check whether files found in database still exist. locate can never report files created after the most recent update of the relevant database.

Or maybe even slocate:

Secure Locate provides a secure way to index and quickly search for files on your system. It uses incremental encoding just like GNU locate to compress its database to make searching faster, but it will also store file permissions and ownership so that users will not see files they do not have access to.

This manual page documents the GNU version of slocate. slocate Enables system users to search entire filesystems without displaying unauthorized files.

Related Solutions

Sudo or acl or setuid/setgid

Best practices: maintain the sudoers file and use sudo.

On my personal machine, I prefer setuid/gid, but I'm the only one on my computer; and I don't do it to anything blatantly dangerous like rm.

Linux – chown to a user I can sudo to

You could do this directly with sudo. When I first started thinking about how to do that, I quickly realized that the number of chowns you would have to specify for n users would be n^2 if you try to map them directly. But you can cut this down to 2n if you require the user to take ownership of each file before re-assigning it. So, your sudoers file might look like this:

User_Alias CHOWNADMIN1 = jane
Cmnd_Alias CHOWNUSR1 = /bin/chown --from widget-dev jane *, /bin/chown --from jane widget-dev *
Cmnd_Alias CHOWNUSR2 = /bin/chown --from releng jane *, /bin/chown --from releng amy *

CHOWNADMIN1     ALL= NOPASSWD: CHOWNUSR1, CHOWNUSR2

With this setup, Jane can now do a two-step process to change ownership:

chown --from widget-dev jane /tmp/foofile
chown --from jane releng /tmp/foofile

Notice that you must restrict this permission with --from, or you open up the possibility of granting the user "jane" the permission to take ownership of files like /etc/shadow or /root/.ssh/id_rsa (that could be bad).

Of course, you could now write a very simple script to automate the chowns. Perhaps something like the following, but with some error checking:

#!/bin/bash
FROM=$1
shift
TO=$1
shift

sudo chown --from $FROM $USER $*
sudo chown --from $USER $TO $*

And now Jane can run "rchown releng widget-dev /tmp/foofile" or similar.

Best Answer

Related Solutions

Sudo or acl or setuid/setgid

Linux – chown to a user I can sudo to

Related Topic