Page 1 of 1

How to create a very small sudoers file ?

Posted: Mon Feb 09, 2004 2:29 am
by don stevo
Hi everyone,

Well, here's the catch...

We are building a Samba management system for work (iwe have to complete a certain project in 6 weeks time for school, but in a company environment).

We need to run several commands that are only accessible and runnable by root.
At this moment we use the sudoers file with this setup:

root ALL=(ALL) ALL
www-data ALL = NOPASSWD: /bin/cat, /bin/grep, /bin/chown, /bin/chgrp,\
/usr/sbin/useradd, /bin/chmod, /usr/bin/smbpasswd, \
/bin/mkdir, /usr/sbin/userdel, /usr/sbin/usermod, \
/bin/rm, /usr/bin/find, /usr/sbin/groupadd, /usr/sbin/groupmod, \
/usr/sbin/groupdel, /etc/init.d/samba reload, /bin/mv, /bin/ls, /usr/bin/du


According to our bosses, that's way too much. And indeed, it could pose a major security leak.

Our intnetion is, to write a script which handles all of these commands with their appropriate options used in our scripts. And they only want one command for www-data to run as root.
So all these commands must come in one script run by sudoers.

We wonder how we can write such a script...can we write it in PHP or does it have to be a shell script?
And what needs to be in the script?

We have no idea how to do this, and close this security leak.

Posted: Tue Feb 24, 2004 5:56 pm
by timvw
This might be helpfull: http://www.suphp.org/Home.html