On 22 December 2011 15:41, Tanstaafl <tansta...@libertytrek.org> wrote: > On 2011-12-20 11:00 AM, Florian Philipp <li...@binarywings.net> wrote: >> >> You should probably also restrict which files can be edited (not >> /etc/passwd, /etc/shadow or /etc/sudoers, for sure!). You can do this >> with globs. For example: >> %sudoroot sudoedit/var/www/* > > > Ok, just found out that subdirectories are not included when doing it this > way, and haven't found a way to include them... > > Please tell me there is a way, and I won't have to explicitly define every > subdirectory under /var/www that they will need to be able to work in...
Perhaps I missed it, but my approach to this would be to create a 'webadmin' group, and change the group of the directory (and applicable subdirs).