[sudo-users] Limiting arguments on a command
Ian Goldstein
IGoldstein at Jefferies.com
Wed Feb 24 15:09:46 EST 2010
Hello,
I am trying to implement sudo so that a user can maintain directories and
permission's. I want to limit what can be on the command line to an
argument. without necessarily creating a script wrapper
Can somebody please help me figure out what I am missing?
As an illustration, I have the following in my sudoers:
User_Alias TEST_ADMIN=usera,userb
Cmnd_Alias TEST_ADMIN_CMDS = \
/bin/mkdir /apps/[[\:alpha\:]]* ,\
/bin/rmdir /apps/[[\:alpha\:]]* ,\
/bin/chown * /apps/[[\:alpha\:]]* ,\
/bin/chmod * /apps/[[\:alpha\:]]*
TEST_ADMIN ALL = (root) NOPASSWD:TEST_ADMIN_CMDS
What this allows me to do as a user is
sudo /bin/mkdir /apps/test1
But it also allows me to run this which is not desirable
sudo /bin/mkdir /apps/test1 /etc/foobar ( creates a directory in /etc
called foobar.)
Thanks
Jefferies archives and monitors outgoing and incoming e-mail. The contents of this email, including any attachments, are confidential to the ordinary user of the email address to which it was addressed. If you are not the addressee of this email you may not copy, forward, disclose or otherwise use it or any part of it in any form whatsoever. This email may be produced at the request of regulators or in connection with civil litigation. Jefferies accepts no liability for any errors or omissions arising as a result of transmission. Use by other than intended recipients is prohibited. In the United Kingdom, Jefferies operates as Jefferies International Limited; registered in England: no. 1978621; registered office: Vintners Place, 68 Upper Thames Street, London EC4V 3BJ. Jefferies International Limited is authorised and regulated by the Financial Services Authority.
More information about the sudo-users
mailing list