How to create a very small sudoers file ?

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
don stevo
Forum Newbie
Posts: 5
Joined: Wed Jan 21, 2004 7:04 am
Contact:

How to create a very small sudoers file ?

Post by don stevo »

Hi everyone,

Well, here's the catch...

We are building a Samba management system for work (iwe have to complete a certain project in 6 weeks time for school, but in a company environment).

We need to run several commands that are only accessible and runnable by root.
At this moment we use the sudoers file with this setup:

root ALL=(ALL) ALL
www-data ALL = NOPASSWD: /bin/cat, /bin/grep, /bin/chown, /bin/chgrp,\
/usr/sbin/useradd, /bin/chmod, /usr/bin/smbpasswd, \
/bin/mkdir, /usr/sbin/userdel, /usr/sbin/usermod, \
/bin/rm, /usr/bin/find, /usr/sbin/groupadd, /usr/sbin/groupmod, \
/usr/sbin/groupdel, /etc/init.d/samba reload, /bin/mv, /bin/ls, /usr/bin/du


According to our bosses, that's way too much. And indeed, it could pose a major security leak.

Our intnetion is, to write a script which handles all of these commands with their appropriate options used in our scripts. And they only want one command for www-data to run as root.
So all these commands must come in one script run by sudoers.

We wonder how we can write such a script...can we write it in PHP or does it have to be a shell script?
And what needs to be in the script?

We have no idea how to do this, and close this security leak.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

This might be helpfull: http://www.suphp.org/Home.html
Post Reply