escaping * in sudoers

barbara.ruess at barbara.ruess at
Tue Mar 9 04:35:59 EST 2004

Hi Aaron,
thanks, I got that :-)
But this raises two more questions:
1) What does this part of the sudo documentation mean:
       For any character ``x'', evaluates to ``x''. This is used to escape  
       special characters such as: ``*'', ``?'', ``['', and ``}''.          

2) My original problem is:  someone needs root access to something like  rm
*/mydirectory   or    rm /mydirectory/*/myfile
If I do enter this in the sudoers file this also matches commands like rm
file1 file2 /mydirectory   or  rm /mydirectory/file1  importanttfile
/myfile, which means
the user is able to remove everything.... Is there a solution for this?
Regards, Barbara


When one runs: sudo ls *, the * character is interpreted by the current
you are using.  It replaces the * character with a list of files in your
directory before passing it to sudo.  For example, if your directory
contained three files (called one, two, three respectively), and you did a
'sudo ls *', sudo gets passed the options 'ls one three two'.  Next sudo
tries to match it against '/usr/bin/ls *'.  Since sudo never receives the
the comparison fails and the command is denied.

However if you were to type 'sudo ls \*', then sudo actually gets passed
*.  However you have to train your users to put the back slash in.  (The
backslash does not need to go into /etc/sudoers.)

I hope this is helpfull.


More information about the sudo-users mailing list