[lug] sudoers limitations?

David Owen Kritzberg david.kritzberg at colorado.edu
Sun Jul 3 00:45:35 MDT 2005


Hello BLUG people,

Can someone enlighten me here?  I have been using sudo to execute root
commands without logging in as root.  I have a web server (apache) and
I have a couple wikis and a blog going there on the LAMP stack.  

Now I am trying to share this platform with a colleague, allowing him
to have a wiki for his consulting business, running on my machine.
The web home on this machine is /var/www/html/.  

Maybe this is not a good way to do things. Because from my reading of
sudoers configuration, there is no way to give him rights to edit
files in /var/www/html/ without granting his user account (user name
"dude") full sudoers privileges, as in: 

dude all=(all) all

Which gives him the full run of my system, which seems unnecessary,
and potentially hazardous, as he is not familiar with linux.

Is there any other way to do this besides having him host his wiki in
/home/dude/www/?  I have never looked into configuring apache to
look in user www directories, although I have heard that this is
preferable to the /var/www route.  

To reiterate, I want to give a user on the system the ability to edit
files using emacs, but only files in /var/www/html/wiki/.  Sudo seems
to be user- and command-based, rather than location-based in the way
it selects to grant root privileges.  

It would be great if I only need to chown and chgrp through this
situation, but my current understanding is this is not the way to go
with web files and web applications.

Thanks for any help you can offer me!

Dave


--------------------------------
Dave Kritzberg
University of Colorado Economics
david.kritzberg at colorado.edu
http://dijon.colorado.edu/



More information about the LUG mailing list