Salum, Felipe felipe.salum at
Wed Jun 5 08:52:56 EDT 2002


If I have in my sudoers file the line

Cmnd_Alias	TOOLS = /usr/local/*

Does it means that all directories below /usr/local will be included ?

Example: I need an user to execute commands in /usr/local/bin and
/usr/local/sbin but I DO NOT want to add both directories to sudoers, I
would like to add only /usr/local/*. Will it work ?

Thanks in advance,

-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at]
Sent: Friday, December 14, 2001 4:19 PM
To: bill at
Cc: Salum, Felipe; 'sudo-users at'
Subject: Re: Different log files in sudo? 

In message <15386.16524.954292.319522 at>
	so spake  (bill):

> I suppose sudo could tee stdin/out/err to a file.  Can that be
> defeated?

Probably.  You can do the equivalen of dup(2) in the shell.
The real way to do this is to intercept execve(2) and do the
sudo checks there but that requires using ptrace(2) which
a) I've never used and b) which seems OS-specific.

It's something I'd like to look into some day but not right now...

 - todd

More information about the sudo-users mailing list