Quote:
Originally Posted by splunk
I added this line to /etc/sudoers:
Code:
srvrbackup ALL= NOPASSWD: /bin/cp * /etc/
It keeps telling me that the user is not allowed to execute '/bin/cp ./permtest /etc/permtest' as root on localhost.
|
To run the command (if I understood you correctly)
Code:
sudo cp ./permtest /etc/permtest
I think you would need the rule
Code:
srvrbackup ALL= NOPASSWD: /bin/cp * /etc/*
Which seems incredibly dangerous (for an untrusted user) to me. Actually, allowing copying into the /etc directory is dangerous, but the above rule would also allow users to arbitrarily rename the file in the process! (It also allows them to supply arbitrary options to
cp.) If you don't need to rename a file while copying it a to different directory, you don't need to specify the file name in the second argument. I.e., the following two commands do the same thing:
Code:
cp ./permtest /etc/permtest
cp ./permtest /etc/
So if you want the most restrictive rule that doesn't allow options or file renaming, try:
Code:
srvrbackup ALL= NOPASSWD: /bin/cp /media/cdrom/* /etc/
and instruct the users not to repeat the filename in the command.