On Tue, Dec 20, 2011 at 11:51:11AM -0500, Tanstaafl wrote > On 2011-12-20 10:13 AM, Michael Mol <mike...@gmail.com> wrote: > > So, incidentally, would 'sudo passwd root'... > > Ouch... any way to avoid that? > > I guess the best way would be to simply give them access to the commands > they need... > > I'll look into that...
Howsabout in sudoers giving them the right to execute 2 commands... cat /etc/whatever > scratchfile (this one may not be necessary) cat scratchfile > /etc/whatever The first command copies the contents of the file to whatever directory the user is in. He can work on the copy using his regular privileges. Note that I'm assuming the user does not have read privileges on the file. If he does have read privileges, then the first command does not require sudoers. At the last step, he can send the finished copy back to the original file. The sequence the user will have to follow is, logged in as regular user... 1a) If he does *NOT* have read prileges to /etc/whatever touch scratchfile sudo cat /etc/whatever > scratchfile 1b) If he *DOES* have read prileges to /etc/whatever cp /etc/whatever scratchfile 2) edit scratchfile *LOCALLY* with his favourite editor. No need to worry about restricting an editor. 3) sudo cat scratchfile > /etc/whatever Note the use of "cat", rather than "cp", when using sudo. "cp" will copy the file attributes, including the fact that it's owned by the user doing the copying, e.g. sudo (as root) copies the file and it's owned by root (oops). Ditto for "cat" when redirected *TO A NEW FILE*. "touch" guarantees that the file will exist, and get overwritten by the content of /etc/whatever, but still retaining the fact that it's owned by the local user. If local user has read access to /etc/whatever, that makes things easier. When he does "cp" as local user, the resulting file is owned by hin. Edit at liesure, and send the result back with "cat". -- Walter Dnes <waltd...@waltdnes.org>