0

I am on centos 6.5.

I have a limited user. I gave the user some specific rights via sudoers.

Lets say its user1. I want user1 to create a file in a directory where he has ownership.

Therefore I run

sudo touch test.txt

Now test.txt is created with ownership root:root.

Is there a way that I can force text.txt to be created with ownership user1:user1?

Note that user1 cannot run chown. I do not want user1 to be able to chown either. User1 is an exposed user.

Note 2:

Also note that I am running these command via php (phpseclib) and authenticating via public/private key.

Thanks

Yash
  • 143
  • 6
  • 1
    And `sudo -u user1 touch test.txt` is out of the question? – MadHatter Aug 27 '14 at 07:48
  • `touch test.txt`, without sudo? – Florin Asăvoaie Aug 27 '14 at 08:24
  • I presume from the question that the original `sudo` is run as some user *other* than `user1`. You're dead right that is simplest **IFO** (s)he's running it as `user1`, but then the restriction on `chown` makes little sense, as `user1` seems to have arbitrary `sudo` privileges. – MadHatter Aug 27 '14 at 08:30

1 Answers1

1

Normally you would run touch as the user without sudo, I guess...

Assuming that you made a typo and your third line actually reads

Lets say its user1. I want user1 to create a file in a directory where he does not have ownership.

Then you are out of luck, that is not possible. However, there are 2 ways of still achieving what you want:

  1. Use ACLs to give user1 permissions on that folder.
  2. Create a group called "folderperm" or whatever, chgrp "folderperm" that folder and then assign the sticky bit to that folders permissions (chmod g+s foldername). Now, assuming that one way or another you get to create a file in that folder, it will always have the foldername group as owner and if you can deal with only this (not the user as owner) then you have a solution.
Florin Asăvoaie
  • 7,057
  • 23
  • 35