0

I need to let unpriviledged user change ownership of files or create node files on Ubuntu system.

I have looked into fakeroot but that did not work. Maybe need to use a jail chroot ?

Looking for anything like customizing user permissions, a script that could give temporary the right permissions to do that (without giving full root / sudo access)

Matthieu
  • 145
  • 1
  • 1
  • 6
  • what are you building? Can you elaborate more on why fakeroot didn't work? – Zoredache Nov 10 '10 at 00:36
  • sorry, I did not think that was relevant... building Android root filesystem. Fakeroot does not actually changed file ownership... – Matthieu Nov 10 '10 at 22:40

4 Answers4

3

You can allow the user to run just the build script with sudo:

Cmnd_Alias     BUILD = /path/to/script
joe            localhost = (root) BUILD

More details here

Drew Stephens
  • 662
  • 7
  • 12
  • 3
    In doing this it is very important that the end user doesn't have the ability to modify your script in any way. Or they could just use it to modify their access. – Zoredache Nov 10 '10 at 00:35
  • Definitely—file permissions on things that are allowed sudo access are paramount. – Drew Stephens Nov 10 '10 at 18:39
2

Give the user sudo permission to run the build script only. That way they can't run the individual commands as root.

user9517
  • 115,471
  • 20
  • 215
  • 297
0

My suggest if you really need it be this way is..

Chroot Environment or a Virtual machine..

There is not an in between.. Sudo is nice, because you can control what binaries/commands are used.. but this type of thing needs too much administration to be secure..

Make a jail and be done with it :D

Hope this helps

Arenstar
  • 3,602
  • 2
  • 25
  • 34
-1

Easy: give that user root access. If you can't trust him/her with that, how can you let the user change file ownerships?

steabert
  • 101
  • 1
  • So the whole point is to do it without giving full root access... I need the user to do that as part of a build script, so it can be restricted to what files are changed or things like that. – Matthieu Nov 09 '10 at 22:42
  • steabert, please see this page on the Principle of Least Privilege. This concept is exactly why `sudo` has so many options. http://en.wikipedia.org/wiki/Principle_of_least_privilege – zerolagtime Nov 10 '10 at 00:59
  • Well, the author of the question stated: "without giving full root/sudo access". With my answer I just meant to point out this is exactly how you should do it. Apparently, he didn't know about tuning sudo? – steabert Nov 10 '10 at 09:40