escaping * in sudoers
aaron at spangler.ods.org
Tue Mar 9 17:39:57 EST 2004
If you feel like you are giving them too much access, you can have them run an
intelligent script that helps protect them. Then you can give them access to
that script instead of rm itself.
In sudo its really easy to add command lines (even with parameters). But it
seems almost impossible to give (all but) a specific command or option
because of the way that the options can be orderd.
I wish I could think of more ideas.
On Tuesday 09 March 2004 04:35 am, barbara.ruess at allianz.de wrote:
> Hi Aaron,
> thanks, I got that :-)
> But this raises two more questions:
> 1) What does this part of the sudo documentation mean:
> For any character ``x'', evaluates to ``x''. This is used to escape
> special characters such as: ``*'', ``?'', ``['', and ``}''.
> 2) My original problem is: someone needs root access to something like rm
> */mydirectory or rm /mydirectory/*/myfile
> If I do enter this in the sudoers file this also matches commands like rm
> file1 file2 /mydirectory or rm /mydirectory/file1 importanttfile
> /myfile, which means
> the user is able to remove everything.... Is there a solution for this?
> Regards, Barbara
> When one runs: sudo ls *, the * character is interpreted by the current
> you are using. It replaces the * character with a list of files in your
> directory before passing it to sudo. For example, if your directory
> contained three files (called one, two, three respectively), and you did a
> 'sudo ls *', sudo gets passed the options 'ls one three two'. Next sudo
> tries to match it against '/usr/bin/ls *'. Since sudo never receives the
> the comparison fails and the command is denied.
> However if you were to type 'sudo ls \*', then sudo actually gets passed
> *. However you have to train your users to put the back slash in. (The
> backslash does not need to go into /etc/sudoers.)
> I hope this is helpfull.
More information about the sudo-users