0

I need to allow an user to execute "repquota -g /" from a script without superuser permissions on debian Wheezy. I would not allow all superuser permissions to the user (in my case it is the www-data user). The user cannot access to the file //aquota.group so I tried to create a group "quotarep" but the root cannot chown the file:

chown root:quotarep //aquota.group
chown: changing ownership of `//aquota.group': Operation not permitted

I am thinking to deploy a cron job to export the result of "repquota -g/" on a file but I don't think it is a good way. Do you know how I can solve this? Thank you

Appost
  • 103
  • 1

1 Answers1

1

From the manual:

Only the super-user may view quotas which are not their own.

The typical solution is than to set up a password free sudo policy for www-data :

 # /etc/sudoers
 www-data ALL = NOPASSWD: /usr/sbin/repquota -g

And in your script you can than call sudo /usr/sbin/repquota -g

HBruijn
  • 77,029
  • 24
  • 135
  • 201