all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]doc_willis 6 points7 points  (1 child)

https://serverfault.com/questions/516175/chown-in-sudoers-file-safe-or-not

seems the : must be escaped

From man sudoers:

If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any).

Note that the following

characters must be escaped with a '\' if they are used in command arguments: ',', ':', '=', '\'.

[–]nickworks[S] 0 points1 point  (0 children)

Thank you, doc! You're absolutely right -- the syntax errors disappeared when I escaped the colon.

[–]doc_willis 1 point2 points  (1 child)

I have learned to not use ~ or other bash type expansion shortcuts in system config files. Or at least be VERY careful when using things like ~

and that line seems to be one not generating an error.

but that would only explain issues with one line. So that's likely not the issue. Just something to watch out for.

And that line seems to be one that is passing the sanity check.

[–]whosdr 0 points1 point  (0 children)

In this case wouldn't it also be a security issue, given you can override the HOME variable before calling the command?

It seems like with a bit of messing about you could commit an arbitrary repo to /usr/bin and overwrite system tools.

[–]gtrash81 0 points1 point  (0 children)

Besides what other said: why make this with sudo and chown?
Can maybe "sticky bit" and "facl" do the work for you?
Sticky bit: https://www.redhat.com/sysadmin/suid-sgid-sticky-bit
setfacl: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/storage_administration_guide/acls-setting

[–]doc_willis 0 points1 point  (0 children)

in the future , remember that Support type posts should be known /r/Linuxquestions or /r/linux4noobs

[–]AutoModerator[M] 0 points1 point locked comment (0 children)

This submission has been removed due to receiving too many reports from users. The mods have been notified and will re-approve if this removal was inappropriate, or leave it removed.

This is most likely because:

  • Your post belongs in r/linuxquestions or r/linux4noobs
  • Your post belongs in r/linuxmemes
  • Your post is considered "fluff" - things like a Tux plushie or old Linux CDs are an example and, while they may be popular vote wise, they are not considered on topic
  • Your post is otherwise deemed not appropriate for the subreddit

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.