Anton, et al -- ...and then Anton Aylward said... % % On 04/12/2019 16:58, Carlos E. R. wrote: % > % > find /data/storage_b/cer/Pictures /data/storage_b/cer/Pictures.tmp ... % > -exec sudo setfacl -m g:users:r '{}' \; % > % > With corresponding sudoers file entries: % % OUCH OUCH OUCH! % % You've max-imalized when you could have minimized. % % Sudo at the 'find' level and you can get rid of the individual sudo. % or just sudo the whole script. True ... kinda. Recall that he wants to list commands explicitly, which would mean a really interesting sudoers line. Meanwhile, putting on my Security Freak hat, I wonder if it's more secure to escalate for specific commands as Carlos has or to go ahead and run a single find as root and perhaps go where we shouldn't.... :-D -- David T-G See http://justpickone.org/davidtg/email/ See http://justpickone.org/davidtg/tofu.txt -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org