Sudo and umask
Herta Van den Eynde
herta.vandeneynde at gmail.com
Mon May 4 21:58:22 UTC 2009
2009/4/24 Thierry Leurent <thierry.leurent at asgardian.be>
> Hello,
>
> I'm working on a project where a all member (Group1) of a group can write
> in files owned by the others members.
>
> I have change the umask to 002
>
> Members of an other group (Group2) can run scriptes that erase some of
> this files.
> I have make a technical user batchuser member of Group1, I have add a rule
> in sudoers to permit the members of Group2 to run the script as batchuser.
>
> As member of Group2, I make sudo -u batchuser -E thescript
> I see that the file created by thescript have right as rw_r__r__ if I add
> a umask command I see 22.
>
> I cannot change all scripts to add an umask command.
>
> Do you have an idea.
> I try to add a line Defaults:%Group1 umask=0002 in my sudoers file but
> that don't work.
>
>
> --
> Thierry Leurent
>
>
> --
> redhat-sysadmin-list mailing list
> redhat-sysadmin-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
>
Hi Thierry,
ACLs (access control lists) were designed to handled this type of issue
without having to resort to punching holes in security with sudo. ACLs are
a lot less complicated than they look. Here's a first pointer:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/ch-acls.html
Kind regards,
Herta
--
"Life on Earth may be expensive,
but it comes with a free ride around the Sun."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-sysadmin-list/attachments/20090504/5845c061/attachment.htm>
More information about the redhat-sysadmin-list
mailing list