Comments on How to let users securely edit files using sudoedit on Linux

Suppose you are a system administrator in a company where teams mostly work on Linux with limited privileges. Now imagine a situation where members of one of the teams - as part of some new work - need to frequently edit a file that requires superuser privileges. What would you do?

5 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Tal
Reply  

Nice hint.

What prevents someone from simply using linux file permissions to accomplish the same thing?

 

$ chown root:managers somefile.txt

$ chmod g+rw somefile.txt

 

And add users to the managers group. Now users can change the file with whatever editor they want by interacting with the file as they would with any other file (vim somefile.txt, nano somefile.txt, or even gedit somefile.txt) instead of you having to explain to them that they should always use "sudoedit managers.txt".

Using linux file permissions is simpler for admins to setup, easier for users to use, and less likely to have security issues because of bugs.

By: gc1241
Reply  

chmod or chown will say "Operation not permitted" when used without permissions (e.g. sudo or root)

By: eniorm
Reply  

Nice tips! 

I have this: !sudoedit /etc/*

But if I try: sudo sudoedit /etc/somefile, its works!

Can you tell me how to disable it?

thanks

By: eniorm
Reply  

Be careful with sudo bash or sudo sh too

By: sakthi
Reply  

Hello. I have sudo 1.6.7p3 installed in our linux machine. But when i execue "sudoedit -s /" , its showing "command not found". Please help.