Need to allow a user to chown files under a particular directory using sudo.
This does the trick:
user1 ALL= NOPASSWD: /bin/chown -[RPfchv] user2\:user2 /opt/some/path/[a-zA-Z0-9]*
But, does not prevent the user from being sneaky and doing something like:
[user1@rhel ~] sudo /bin/chown -v user2:user2 /opt/some/path/../../../etc/shadow
Any way to protect from this?
Machine is running Linux (Red Hat)
Best Answer
sudo introduces inherent security risks and it is generally ill advised to give to users that don't have high levels of trust.
Why not limit simply to recursive chown for the parent directory?
sudoers primarily uses globbing. According to the manpage, it doesn't match / on wildcards. More details in the manpage.
As far as a more advanced solution, a script should do the trick.
Oh, right. sudo package:
CentOS5.