On Thu, Jun 12, 2003 at 12:09:27PM -0500, Nate Carlson wrote: > On Thu, 12 Jun 2003, Shawn wrote: > > In a nutshell, I want to lock down some files owned by root so that a > > small amount of people can modify them. Permissions cannot change on > > the file, nor can uid/gid of ownership. > > If you could find a simple editor that doesn't support opening a file > within itself or saving a file as a different name (I think vim has a way > to lock itself down like this; not sure), you can specify the paths that > people are allowed to edit in the sudoers file. For example: rvi[m] will stop execution of the shell, but it still allows opening up other files. How about avoiding sudo althogether? Just makeup a new group for the files in question and keep them owned by root. Then allow writing the files by group members and add the right people to the new group. Then they can open the file in whatever editor they want, but they shouldn't be able to change the the permissions on the files. Or won't the program in question let you change the group on the files? -- Jim Crumley |Twin Cities Linux Users Group Mailing List (TCLUG) crumley at fields.space.umn.edu |Minneapolis/St. Paul, Minnesota Ruthless Debian Zealot |http://www.mn-linux.org/ Never laugh at live dragons |Dmitry's free,Jon's next? http://faircopyright.org _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list