لطفا منتظر باشید ...
Recipe 5.11 Permitting Read-Only Access to a Shared File via sudo
5.11.1 Problem
Two or more users want to
share a file, some read/write and the others read-only.
5.11.2 Solution
Create two Linux groups, one for read/write and one for read-only
users:
/etc/group:
readers:x:300:r1,r2,r3,r4
writers:x:301:w1,w2,w3
Permit the writers group to write the file via
group permissions:
$ chmod 660 shared_file
$ chgrp writers shared_file
Permit the readers group to read the file via sudo:
/etc/sudoers:
%readers ALL = (w1) /bin/cat /path/to/shared_file
5.11.3 Discussion
This situation could arise in a university setting, for example, if a
file must be writable by a group of teaching assistants but read-only
to a group of students.If there were only two usersone reader and one
writeryou could dispense with groups and simply let the reader
access the file via sudo. If smith is the reader
and jones the writer, and we give smith the following capability:
/etc/sudoers:
smith ALL = (jones) NOPASSWD: /bin/cat /home/jones/private.stuff
then jones can protect her file:
jones$ chmod 600 $HOME/private.stuff
and smith can view it:
smith$ sudo -u jones cat /home/jones/private.stuff
5.11.4 See Also
sudo(8), sudoers(5), group(5), chmod(1), chgrp(1).
