Marco Fretz wrote:
hello
i've got a little problem. i have to remove some files in a shell script
that or not owned or writable by the user the shell script runs.
is there a way to give this user write access only to the files needed
to remove by the shell script (with sudo nopasswd)?
With sudo, you can spell out very explicit command lines which can be
stuck in scripts, but variations of the commands are not. For example:
dvd ALL= NOPASSWD: /sbin/mount /drv0,/sbin/mount /drv1, /sbin/umount
/drv0,/sbin/umount /drv1
So, yes, I suspect you can use sudo to accomplish your desired deletion,
without granting write access to those files to the user in question.
HOWEVER, be careful of "undesired side effects" -- holes you leave that
a malicious user could use to their advantage. And don't assume my line
above is very correct, I'm not a sudo expert and I can't recall how
carefully I tested that. :)
Nick.
