0
1
I have the following in my sudoers file :
User_Alias DU=%domain\ users
DU ALL = NOPASSWD:NOEXEC: /sbin/mount.cifs \\\\* /home/* -o sec=krb5\,* ,/bin/umount -t cifs /home/*
This works, users who are in the right group, and have a Kerberos ticket can mount their shares somewhere in their home.
But right now, any user can mount cifs shares in any directory under /home (because of the /home/*
), and thus annoy their fellow users.
It would be a lot better if I would be able to change that to e.g. /home/$username
, where $username
is the name of calling user.
Is there a way to do this within the sudoers file ?
Otherwise I will have to create wrappers to limit the locations people can mount and unmount.