4

I have a Windows user on my network who has Samba access to our linux development server. Occasionally permissions or ownership will become confused for reasons unknown and he will no longer be able to edit files.

To get round this I have given him access through PuTTY and in the sudoers file (sudo visudo) I have added a line like this:

username ALL = /bin/chmod, /bin/chown

Now obviously he could now just chown everything to himself and delete the entire drive. He is trustworthy, but I worry if someone were to compromise his account or he accidentally got out of his depth and did it.

Is there a way I can restrict his account so it can only chmod or chown in /home/username and /specified/directory?

I am running Ubuntu 10.10 on the server.

Treffynnon
  • 249
  • 4
  • 12

1 Answers1

5

You could write a script /usr/local/bin/permchange

#!/bin/bash

chown -R youruser:yourgroup /home/username 
chmod -R u+rw /home/username
...
... etc

and allow him to run only this with sudo after making sure he can't edit it.

Sven
  • 97,248
  • 13
  • 177
  • 225
  • sudo will also restrict arguments, so the sudoers file could have the specific arguments listed in this script, and all would be well. – beans Feb 02 '11 at 18:55
  • This was my next course of action, but I thought I might have missed a simple trick in a config somewhere and didn't want to reinvent the wheel if I could avoid it! :) But thinking about it now this would make it easier for him as well because he doesn't have to learn any linux commands. – Treffynnon Feb 02 '11 at 18:59