I have a fairly complicated request. The short version is, I want to set up a system so that any user can change the ownership of a certain set of files at any time without root access. I think it's possible to set up sudoers to do that, but so far I have failed miserably.
I have tried setting up a wrapper script around chown, then putting that script into sudoers, but it didn't work. Here's the script and sudoers (paths changed to genericize them):
#this script moves a copy of the code
echo "usage: claim_copy.bash (db)copy_#"
#change this copy of mini to belong to the invoker of this script
chown --recursive $USER $mpth/$1
Ideally, I want it so that any user on the system can chown any files in one certain directory (/path/to/directory) - that should be the only extra permission they get by this script. Currently, the setup spits "chown: changing ownership of `(a file name): Operation not permitted" for every single file, recursively.
#sudoers is ubuntu default up to this point
ALL computer_name = (ALL) /path/to/directory/claim_copy.bash
The long version:
I want to set up a system so that a large software installation can be cloned off as needed to facilitate its development. Many of our tests (formal and otherwise) depend on comparing the behavior of unmodified code to modified code. I'm trying to set up a system so that there will be several unmodified copies of the code laying around, precompiled, with the testing data precomputed. (So far, so good, all this is handed by cron jobs). These copies can then be taken to either make changes to for new code branches, or use as references.
This is where I hit the problem. The copies "belong" to a certain user - me. But, I want them to be available for others to take as needed. Here are some of the obvious solutions, and why we don't want to do it that way:
A) cp operations to generate new directories, rather than mv operations moving them out of the cron-maintained set. This is bad because the copy operation is very slow, whereas move is instantaneous. The point of this system is making it super-fast to get clean copies, which is one of the chokepoints now for actually using our testing suites.
B) chmod the files to be world-editable. Then anyone can move them without difficulty. This is a problem because it a) leaves them "owned" by me, not their new owner, and b) leaves you with bizarre file permissions instead of default ones (-rw-r--r-- would be best...)
C) set the system up for each user individually - this is too expensive in terms of disk space to hold their spare copies, and computing time to keep recompiling them regularly to keep them fresh.
I am open to solutions other than the move script I've described, but our needs are fairly specific. Thanks for any advice...