SUMMARY: restricted vi for use with op/sudo

From: Francis Liu (
Date: Tue May 07 1996 - 20:52:08 CDT

I wrote:

> Fellow admins,
> I have a question about using editors with the sudo/op
> programs. I am looking for a vi based editor to give to users with
> restricted functionality. In particular, I want to be able to
> specify exactly which files are editable. For example, I want
> to be able to say vi <file>, and edit <file> and <file> only.
> I want the user to be unable to change the filename or read in
> another file or do anything else except edit the file specified
> on the command line.
> I was wondering if anybody has already modified an editor to do these
> things. I've got solaris 2.4, gcc + sunsoft C.

To summarise the answers,

The answer is no. If I want something like this, I'll have to either
1. hack the the source code for some editor myself; or
2. copy the file to edit to a safe place + owner, edit the file as
   te safe owner, then copy it back.

I received one other suggestion to use "rvi". I had already seen it,
and I think it's not useful for this. FYI, "rvi" is a setuid perl
wrapper that checks permissions and stops you changing your shell: but
it does not stop you reading in other files.

I think I will go with option 1, it seems easier.

Thanks to:

Brett Lymn <>
Fedor Gnuchev <>
Sanford Whitehouse <>
"H. Milton Johnson" <>

Thank you all, if I do find one that is publicly available, I will
let you all know.


--                        Talk: +61 2 330 2091
Systems Programmer                            Fax : +61 2 330 1999
University of Technology, Sydney - Information Technology Division
           PO BOX 123, Broadway, NSW 2007, Australia

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:59 CDT