From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-132748-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Rdksk-0001Xr-04
	for garchives@archives.gentoo.org; Thu, 22 Dec 2011 15:48:34 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B068D21C1DF;
	Thu, 22 Dec 2011 15:48:15 +0000 (UTC)
Received: from mail-iy0-f181.google.com (mail-iy0-f181.google.com [209.85.210.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id BA9A821C156
	for <gentoo-user@lists.gentoo.org>; Thu, 22 Dec 2011 15:46:38 +0000 (UTC)
Received: by iakk12 with SMTP id k12so13991035iak.40
        for <gentoo-user@lists.gentoo.org>; Thu, 22 Dec 2011 07:46:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type:content-transfer-encoding;
        bh=/Qe/o1zf3vuLw4pjNSxdVg4oJEsU9zUOca4Vw9DRKC0=;
        b=sYqnL/s4z9wpaS8KGWPSJ3PnO+LsyBSmR+QwyKTtfj+OktGsSQk1Tm1KXkckA67pNY
         7HqdHNRNXNofGUnKL76VEg3DncmyznM9uzR/VOF0teRU/rb1ieuU2ImCzWFaT8rmbqhw
         jxmkhhShYVxVOUm9A9GvhyD5PWvlZCeBovXcQ=
Received: by 10.50.188.166 with SMTP id gb6mr9331472igc.18.1324568798157; Thu,
 22 Dec 2011 07:46:38 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.43.45.9 with HTTP; Thu, 22 Dec 2011 07:46:17 -0800 (PST)
In-Reply-To: <4EF34FC5.5050602@libertytrek.org>
References: <4EF0A415.8020007@libertytrek.org> <CA+czFiBbUJdk5W-fCGNecektdA+mn_jzb46eXnUk=5gjUD=NmQ@mail.gmail.com>
 <4EF0B101.3060709@binarywings.net> <4EF34FC5.5050602@libertytrek.org>
From: James Broadhead <jamesbroadhead@gmail.com>
Date: Thu, 22 Dec 2011 15:46:17 +0000
Message-ID: <CA+hid6EiT09YSWW85rzeeqKVeDmp0u5-KQd=Q-Buwc5SERP2vQ@mail.gmail.com>
Subject: Re: [gentoo-user] Allow non root users to edit files owned by root?
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: ba3b9668-4daa-4bc8-b6c8-d3bbd2d845e3
X-Archives-Hash: eed404906b1b071fc8a94b406beadda1

On 22 December 2011 15:41, Tanstaafl <tanstaafl@libertytrek.org> wrote:
> On 2011-12-20 11:00 AM, Florian Philipp <lists@binarywings.net> wrote:
>>
>> You should probably also restrict which files can be edited (not
>> /etc/passwd, /etc/shadow or /etc/sudoers, for sure!). You can do this
>> with globs. For example:
>> %sudoroot =C2=A0 =C2=A0 =C2=A0 sudoedit/var/www/*
>
>
> Ok, just found out that subdirectories are not included when doing it thi=
s
> way, and haven't found a way to include them...
>
> Please tell me there is a way, and I won't have to explicitly define ever=
y
> subdirectory under /var/www that they will need to be able to work in...

Perhaps I missed it, but my approach to this would be to create a
'webadmin' group, and change the group of the directory (and
applicable subdirs).