|
|
|
|
|
|
by ilyt
1321 days ago
|
|
|
You can just allow those smaller scope commands and nothing else in sudo. That's a part of a reason for its complexity it does allow you to do anything between "make user be another user with all priviledges" to "just allow to run this particular command and nothing more". Having one that had option for more limits would be interesting (say use cgroups to change running user but disallow command from modifying anything aside from this one single directory you specified) but, well, that's way more code that also needs to be secure... |
|
|