On Thu, 12 Jun 2003 12:25:07 -0500
Jim Crumley <crumley at belka.space.umn.edu> wrote:

> rvi[m] will stop execution of the shell, but it still allows
> opening up other files.
> 
> How about avoiding sudo althogether?  Just makeup a new group for
> the files in question and keep them owned by root.  Then allow
> writing the files by group members and add the right people to
> the new group.  Then they can open the file in whatever editor
> they want, but they shouldn't be able to change the the
> permissions on the files.  Or won't the program in question let
> you change the group on the files?
> 

More like application development reasons.  They (developers) need sudo permissions to modify files owned by root.  These are non system files, only ones used by the applications.  As to how many, I'm not sure of the exact count, I'd say literally could be up to or over 1000 per system and over 100 servers.

Why are they developing apps that require root priviledges/file ownership I don't know.  I've tried explaining numerous times to various people, and I keep getting the "because it needs it" explanation.  Something about the way it ties into the system IIRC.  It runs as a non root user, so why does it require this?  

They also need sudo to run builds and do compiles supposedly.  I've looked at the sudo log, and can't really see a validity to these claims.  

Oracle installs and runs as oracle, except for a finishing script which requires root....    Well, I was hoping to avoid this debate if possible.


-- 
Shawn

The difficult we do today; the impossible take a little longer.

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list