Create a rule as such:
ALL ALL=(ALL:ALL) NOPASSWD: /bin/mkdir www ""
This reads something like: "Allow any user on any domain to act as any user:group without asking for a password to execute the exact command "mkdir www" (using only /bin/mkdir
, and not some other mkdir
). The ending set of quotes tells sudo
not to allow any further arguments.
(Rules are determined in order with the last matching rule taking effect. If you have another rule after this one that would cover the same command (such as ALL) it would take effect instead. I had a problem in my own config where I was specifying %sudo ALL=(ALL:ALL) ALL
afterwards. Since this rule matches the situation, but requires a password, a password was being asked.)
Really this isn't the way to do something like this. Parts of your description imply that you have things setup in a bizarre way. I won't get into that as it's out of scope but, to accomplish what you want and more flexibility, there may be a better way. It seems you want to let users create sub-directories with a specific name owned by the owner of the parent directory. Instead, create a script that does what you want (looks up current directory, determines its owner and group, creates a directory www
here, chmod
the new directory to the determined user and group.), and have the script allowed as run-able by root without password in the sudo
config. Doing it this way means that the user only has to navigate to the directory then sudo create-www
or whatever. You'll also be able to configure other rules in the script such as ones only allowing www
to be created in certain directories.
Isn't this the opposite? Sudo FROM any user? I can see why you recognize that as a problem :) The problem is here that the password is required when "sudo -u anyuser" is used to perform a mkdir on that user to retain permissions for the specific user in that directory (as given, a /home example in a shared webhosting) – dezza – 2016-01-02T00:37:11.843
@dezza I misunderstood the question. I'll see about updating or deleting my answer. – Ouroborus – 2016-01-02T00:56:56.023
If you have any thoughts on the security and why the design discourages this apparently just leave your thoughts :) – dezza – 2016-01-02T00:58:23.180
@dezza Updated. – Ouroborus – 2016-01-02T02:59:10.570