One of our users who has sudo privileges to multiple non-root users (role accounts for use with particular projects) would like to be able to change ownership of files among those users: e.g., if sudoers looks like
jane ALL=(widget-dev,releng) ALL
jane ALL=(root) rchown
then the user "jane" could use the hypothetical "rchown" (for "restricted chown") utility on files owned by any of jane, widget-dev, and releng to give them to any of those users.
I haven't been able to find an existing utility that does this. One of our users is asking for it and it seems like a reasonable thing to want, but I figured I would ask here and solicit war stories and dire warnings of security nightmares before I dive into writing (two bad ideas)
- yet another config file parser
- to be run as root.
Edited to add another worry about the logic: we only really want to do this for cases where the user can run ALL commands as the target user... right? Maybe it's never been implemented because it gets bogged down in such thoroughly site-specific questions.