[whatever84]

Hello everybody,

I am writing a small script to build java project for me. I need to copy the classes
from home directory (public), to /opt/apache/webapps

How to let the script do this without using "sudo"? Is there any way to make the process
goes smoothly without permission errors?

[eggi]

Hey There,

If you're dealing with permissions issues, perhaps you could have your admin make both directories owned by a group and then include you in that (giving the group write access to both directories along with read and execute as necessary).

Otherwise, setting extended file access controls (facls) would solve your problem also, as your admin could include your account with the proper access to each of the directories and not have to create a new group, which might cause something else to quit working or pose a security risk.

Sudo's probably the easiest route to go for both you and your admin.

Best wishes,

Mike

[whatever84]

eggi, on Mar 6 2009, 06:55 AM, said:

Hey There,

If you're dealing with permissions issues, perhaps you could have your admin make both directories owned by a group and then include you in that (giving the group write access to both directories along with read and execute as necessary).

Otherwise, setting extended file access controls (facls) would solve your problem also, as your admin could include your account with the proper access to each of the directories and not have to create a new group, which might cause something else to quit working or pose a security risk.

Sudo's probably the easiest route to go for both you and your admin.

Best wishes,

Mike

I don't know if this what I really want. Let me say it in another way. When I want to download a software
package to install it in linux, and when start building the package using makefile, the package might
require accessing some root files. What is the optimal way when building makefile:

1. Do we need to mediate each command that requires access to root files with "sudo" so that let
the user input his password when needed;
2. Or, is it better to not add a sudo before the commands, which might at the end results in permissions
error in the console, and the user need to figure the need of using sudo command"
3. Or, is there any alternative way?

Hope this clear.

[eggi]

Hey again,

Yeah, in that situation, sudo could be a burden. Aside from the fact that, if you mediate sudo to the basic command level and you ever have to pipe one command to another and both require sudo, things can get a little goofy.

One other suggestion, off the top of my head, would be for your admin to write you a secure setuid wrapper for your base command (in this case "make"). That way, you could execute make setuid root and all of the subprocesses and subshells, etc, spawned by your initial make would carry the privilege and you wouldn't have to worry about looking high and low for that one place you forgot to write "sudo" in your script.

Here's a link to a very basic setuid wrapper, written in C, that your admin could use (with slight modification). Of course, if he's familiar with how to do this already, don't point him to this post or, who knows, he might get offended. I don't know him/her, so I'm assuming the worst

http://linuxshellaccount.blogspot.com/2007...g-simple-c.html

Let me know what you think. If I'm still off-base, give me another gut check and I'll see if I can't think of some other way for you to make your situation tolerable. There is always a way

Best wishes,

Mike