[sudo-users] Problem with shell wildcard
Paul Stepowski
p.stepowski at qut.edu.au
Tue Mar 6 20:57:18 EST 2007
Hi list,
I'm seeing some unexpected behaviour when running sudo.
---snip---
$ sudo -V
Sudo version 1.6.8p12
---snip---
My test sudoers config allows me to run any command as any user.
/etc/sudoers:
---snip---
stepowski ALL = \
(ALL) ALL
---snip---
When attempting to run the following command:
$ sudo ls -l /var/log/httpd/*
I get the following error:
ls: /var/log/httpd/*: No such file or directory
The files certainly exist.
---snip---
# ls -l /var/log/httpd/*
-rw-r--r-- 1 root root 0 Feb 14 04:18 /var/log/httpd/access_log
-rw-r--r-- 1 root root 54293 Feb 7 16:48 /var/log/httpd/access_log.1
-rw-r--r-- 1 root root 0 Mar 6 04:18 /var/log/httpd/error_log
-rw-r--r-- 1 root root 427 Mar 2 17:54 /var/log/httpd/error_log.1
-rw-r--r-- 1 root root 526 Mar 1 04:18 /var/log/httpd/error_log.2
-rw-r--r-- 1 root root 8552 Feb 8 13:42 /var/log/httpd/error_log.3
-rw-r--r-- 1 root root 0 Feb 7 15:37 /var/log/httpd/ssl_access_log
-rw-r--r-- 1 root root 0 Mar 6 04:18 /var/log/httpd/ssl_error_log
-rw-r--r-- 1 root root 237 Mar 1 04:18 /var/log/httpd/ssl_error_log.1
-rw-r--r-- 1 root root 474 Feb 28 16:24 /var/log/httpd/ssl_error_log.2
-rw-r--r-- 1 root root 1422 Feb 7 15:51 /var/log/httpd/ssl_error_log.3
-rw-r--r-- 1 root root 0 Feb 7 15:37 /var/log/httpd/ssl_request_log
---snip---
The /var/log/httpd directory is readable/writable/executable only by root (as it
should be).
---snip--
# ls -l /var/log/ | grep httpd
drwx------ 2 root root 4096 Mar 6 04:18 httpd
---snip--
But sudo should get around that, because I'm running the command as root, right?
The sudo syslogs seem to indicate that sudo is receiving the command exactly as
passed from the shell.
---snip---
Mar 7 11:40:17 css-ps sudo: stepowski : TTY=pts/2 ; PWD=/home/stepowski ;
USER=root ; COMMAND=/bin/ls -l /var/log/httpd/*
---snip---
It seems that sudo is getting confused by the shell wildcard character "*" for
some reason and it can't find the files.
This is quite annoying. I can get around this for the "ls" command by using
sudo ls -l /var/log/httpd/
But, if I want to do a grep, I'm stuck.
---snip---
$ sudo grep GET /var/log/httpd/*
grep: /var/log/httpd/*: No such file or directory
---snip---
Can someone please explain this. This is starting to annoy my system
administrators. Is this a bug or a feature?
Thanks,
Paul
More information about the sudo-users
mailing list