partition info in perl without root access
John Macdonald
john-Z7w/En0MP3xWk0Htik3J/w at public.gmane.org
Tue Nov 30 22:23:12 UTC 2004
On Tue, Nov 30, 2004 at 12:49:32PM -0500, Lennart Sorensen wrote:
> On Tue, Nov 30, 2004 at 02:36:18PM -0500, John Macdonald wrote:
> > In cases where there isn't such a simple answer, you can write
> > a front-end script to the program you want to make available
> > in limited fashion. So, instead of allowing fdisk from sudo,
> > you allow a fdpart script that calls fdisk with the right args
> > and filters the result into a nice format, but the script
> > is very careful about limiting its use and transmission of
> > user-provided arguments, so the use has no direct control over
> > the set of flags and arguments used in the fdisk invokation
> > that actually does the underlying work.
>
> Except all sane unix systems do not permit suid scripts. You would have
> to write a wrapper program that isn't just a script.
sudo makes a fine wrapper for this purpose.
I was addressing an answer to the theme "I want to provide
users with root access to program FOO but only for a specific
purpose, and FOO has powerful options that could be misused."
that was inherent in Madison's original question.
Instead of allowing sudo acces to FOO, you allow sudo access
to FOOfront, where FOOfront is a script that only provides a
limited access to the capabilities of FOO.
--
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list