So in the /usr/local/sudo/ are you copying over whatever is in /bin or /sbin ? Or are you symlinking?
Actually, I do neither. I just have scripts in /usr/local/sudo.The scripts
can call normal system command from /bin or /sbin, no copying or linking required. In fact, you would not want a copy or symlink of, e.g., rm to sit in /usr/local/sudo because then the users could rm anything anywhere.
I would like the users coming in to be able to sudovi a specific file, so I guess my question is more: how would you pass parameters in that case? I'm thinking it would just be in a shell script, and then put that into /usr/local/sudo/ . How does that sound?
By sudovi, I take it that you mean you want them to be able to edit a specific file that they do not otherwise have access to, right?
I would not give them access to use vi (or emacs or any other real editor) as root. That's a HUGE security hole. Here's a thought:
Create a (normal, non-suid) script. Put it somewhere in their path, e.g., /usr/local/bin. You can even call it sudovi if you like. That script does:
- Call a script in /usr/local/sudo to make a copy of the file you want them to edit. (You can allow some parameter here, but if you do, check it carefully to make sure they are not editing something critical like /etc/passwd. :-) )
- Let them edit the file as themselves with a simple call to their editor of choice. (I'd prefer to user a line like "$EDITOR $FILE" rather than "vi $FILE" if for no other reason than that I prefer alternate editors myself.)
- Copy the edited file back to where it belongs.
Or, instead of copying, I'd probably rename the original to something like
original.<timestamp> and then mv the edited file to original. That way you have a record of all the changes. I might even make the backups in the form
original.<timestamp>.<user> so you even have a record of who made which changes.
As usual, YMMV. A lot depends on who your users are and why you are doing what you are doing. What works for me may be very different from what works for you.
Best Regards,
Paul