Sudo access


Can I add files in visudo. i.e can I provide permission for other user to access the files of another user through sudo permission


math     ALL=(svar)         /bin/vi, /home/math/news.txt, /home/math/jaish.php

According to SUDO Home Page,
“Sudo is a program designed to allow a sysadmin to give limited root privileges
to users and log root activity. The basic philosophy is to give as few
privileges as possible but still allow people to get their work done.”

That looks like a YES to me.

Hm, not really. The way divinequran proposed to set it up it’s possible to edit anything as root using vi, which obviously is a bad idea.

What you could do instead is write a wrapper script for vi that will only allow certain files. So something like

if [ "$1" = "" ];
    echo "Usage: myscript /home/math/news.txt OR myscript /home/math/jaish.php"
if [ "$1" = "/home/math/news.txt" -o "$1" = "/home/math/jaish.php" ];
    vi $1
    echo "No permission to edit $1"

(where you need to replace “myscript” with the name you’ll give the script)

Then just give the users sudo permissions for that script and they will only be able to edit those two files as root, nothing else :slight_smile:

Thanks, for your update, I always had a doubt while writing shell script
what does the first line of the script for and what does it mean?
# ! /bin/sh

#! is known as the shebang (or hash-bang) and tells the OS how it should interpret the script.


This is might be better accomplished using either group permissions (and multiple group membership) and/or ACLs, possibly coupled with SGID (set group ID) on the directory.