[Gllug] sudo and more interesting commands
Bruce Richardson
itsbruce at uklinux.net
Fri Jul 2 13:15:49 UTC 2004
On Fri, Jul 02, 2004 at 12:33:01PM +0100, Tom wrote:
> scenario is I want to run a command like ...
>
> $ echo foo > bar
>
> as a normal user where bar is a file writable only by root. Using sudo
> I would try ...
>
> $ sudo echo foo > bar
>
> but that wouldn't work as only echo is being run as root, nor can I use
> a sub shell ... what can I do to sudo a command that is more complicated
> that <command> [args]??
Sudo is explictly designed *not* to allow you to do that. If it were
not, you could do
sudo permittedcommand > /etc/shadow
Obviously, this would be a bad thing. If you want a user to be able to
perform that kind of arbitrary task, you'll have to give them su rather
than sudo access. If you have a specific need for a user to perform a
priveleged task and send the output to a priveleged location, write a
script that does it and then give them sudo access to that.
--
Bruce
Hierophant: someone who remembers, when you are on the way down,
everything you did to them on the way up.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20040702/db3c5d0b/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list