Forum Stats

  • 3,825,281 Users
  • 2,260,497 Discussions
  • 7,896,476 Comments

Discussions

sudo rule to allow group to edit all files (using * in the path)

wreneau
wreneau Member Posts: 1 Green Ribbon

Have a situation wherein a group needs to edit all files in an applications path. I have the following to allow the edit to occur.

%GROUPNAME ALL=NOPASSWD: NOEXEC: /bin/vi /path/to/files/*

Other than a file ACL is there a better way to allow the edits to happen. If memory serves I think the "*" posed a security risk, but cant find a supporting article.

The NOEXEC prevents the shell escape and I considered sudoedit but that's retraining endusers who aren't necessarily versed in routine cli.

Input appreciated.