Question about sudoers file and host specific command aliases.
Matthew Hannigan
mlh at zip.com.au
Tue Oct 9 15:20:43 EDT 2001
You can always try write a wrapper and put that in sudo instead.
I dashed this off (below) but I am not absolutely sure that a user
could not trick the first 'case' statement into evaluating $1 in case it
had
backticks ...
#!/bin/sh
#
# do netscape admin stuff
#
# usage: program host.domain [restart|rotate|stop|start]
# DON'T USE THIS -- BUGGY?
case "$1" in
[a-z][a-z.]*) # i.e. any combo of dots and letters -- prevents
# things like backquoting and $( ) blah blah
case "$2" in
restart)
/opt/product/netscape/server4/$1/restart;;
rotate)
/opt/product/netscape/server4/$1/rotate;;
#.
#.
#etc..
esac
;;
*)
echo strange host.domain >&2
exit 1
;;
esac
> "Clark, Michael" wrote:
>
> I am trying to figure out how the best way would be to accomplish the
> following. I would appreciate your input on it.
>
> There are commands for netscape that are on each system that need to
> be run as root via sudo but the problem is that they do not have a
> common pathname.
>
> Cmnd_Alias
> NETSCAPE=/opt/product/netscape/server4/bin/admin/admconfig,
> /opt/product/netscape/server4/https-myhost.domain.com/restart,\
> /opt/product/netscape/server4/https-myhost.domain.com/rotate,\
> /opt/product/netscape/server4/https-myhost.domain.com/start,\
> /opt/product/netscape/server4/https-myhost.domain.com/stop
>
> Is there a way to replace myhost in these command with a program
> `hostname` or someway to have the hostname dynamic without using
> wildcards?
>
> Thanks.
>
> ----
> Michael E. Clark
> 602-617-6768
More information about the sudo-users
mailing list