Using redirection in commands

Todd C. Miller Todd.Miller at courtesan.com
Mon Apr 16 14:40:02 EDT 2001


In message <8244CEBC5EE3D745A9449DC0A01F24EF533055 at MCL4.DCMETRO.ADROOT.PRC.COM>
	so spake Britton Bob (Britton_Bob):

> I have a log file which I want owned by root and a script that can be run by
> any user.  I want to use sudo to allow the script (run by the user) to echo
> status messages to the log file (owned by root) without a password.  How do
> I set this up?  I tried putting the redirection (>>) on the command line but
> that's interpreted by the shell before it gets to sudo.  I tried putting the
> redirection in the sudoers file, but I either got a syntax error when I
> tried to exit visudo, or I was prompted for the password when the script ran
> sudo.

The problem here, as you noticed, is that redirection is done by
the shell, not by sudo.  The only way to do it is to wrap it
in a shell; e.g.

% sudo sh -c 'echo foo >> /var/log/bar'

With a sudoers entry like:

dude	somehost = /bin/sh -c /bin/echo foo >> /var/log/bar

But really, I think you are better off making the file group writable
by a group that contains the users who should be able to append to the
file.

 - todd



More information about the sudo-users mailing list