From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RdmxN-0000er-WD for garchives@archives.gentoo.org; Thu, 22 Dec 2011 18:01:30 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3C3BF21C222; Thu, 22 Dec 2011 18:01:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 32DD221C1D6 for ; Thu, 22 Dec 2011 18:00:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 7202B1B4004 for ; Thu, 22 Dec 2011 18:00:10 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -5.133 X-Spam-Level: X-Spam-Status: No, score=-5.133 tagged_above=-999 required=5.5 tests=[AWL=1.668, BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_BLXq-60ip7 for ; Thu, 22 Dec 2011 18:00:01 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id A2BBF1B4029 for ; Thu, 22 Dec 2011 17:59:59 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1Rdmvt-00087c-F9 for gentoo-user@gentoo.org; Thu, 22 Dec 2011 18:59:57 +0100 Received: from athedsl-377772.home.otenet.gr ([79.131.27.170]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 22 Dec 2011 18:59:57 +0100 Received: from realnc by athedsl-377772.home.otenet.gr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 22 Dec 2011 18:59:57 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Nikos Chantziaras Subject: [gentoo-user] Re: Allow non root users to edit files owned by root? Date: Thu, 22 Dec 2011 20:00:00 +0200 Organization: Lucas Barks Message-ID: References: <4EF0A415.8020007@libertytrek.org> <4EF3506B.5020802@libertytrek.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: athedsl-377772.home.otenet.gr User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111117 Thunderbird/8.0 In-Reply-To: <4EF3506B.5020802@libertytrek.org> X-Archives-Salt: 11d469e8-a9cb-4c42-912a-346a2c358e77 X-Archives-Hash: 616151fce47a2b422b063579ea59c98d On 12/22/2011 05:44 PM, Tanstaafl wrote: > On 2011-12-20 12:19 PM, Nikos Chantziaras wrote: >> If you allow someone to edit root owned files, you're practically giving >> him root access. > > Well, yeah, but only on those defined files... root access is global. You can't limit it. root is root, the all powerful Unix being. Period :-) >> So the fact that he doesn't know the root password is totally >> irrelevant; he doesn't even need the password anymore to gain root >> access since he already has that access. > > But he only has root access in explicitly defined, non-system, non > critical directories... Again, root can have no limits. >> So you might want to rethink the way you want to allow him to edit those >> files. > > I *want* him to be able to do whatever he wants in /var/www (and a few > other non critical directories)... Then you put the files in a special group and make them g+w, and add the affected users to that group. Then they will able to write to those files. If you want to give them write access to a whole directory, you put the directory in the group and make it g+w. This is how it's traditionally been done in Unix for ages, and it's extremely easy to set up.