escaping * in sudoers
barbara.ruess at allianz.de
barbara.ruess at allianz.de
Tue Mar 9 06:31:58 EST 2004
Hi Aaron,
thanks, I got that :-)
But this raises two more questions:
1) What does this part of the sudo documentation mean:
\x
For any character ``x'', evaluates to ``x''. This is used to escape
special characters such as: ``*'', ``?'', ``['', and ``}''.
2) My original problem is: someone needs root access to something like rm
*/mydirectory or rm /mydirectory/*/myfile
If I do enter this in the sudoers file this also matches commands like rm
file1 file2 /mydirectory or rm /mydirectory/file1 importanttfile
/myfile, which means
the user is able to remove everything.... Is there a solution for this?
Regards, Barbara
Barbara,
When one runs: sudo ls *, the * character is interpreted by the current
shell
you are using. It replaces the * character with a list of files in your
own
directory before passing it to sudo. For example, if your directory
contained three files (called one, two, three respectively), and you did a
'sudo ls *', sudo gets passed the options 'ls one three two'. Next sudo
tries to match it against '/usr/bin/ls *'. Since sudo never receives the
*,
the comparison fails and the command is denied.
However if you were to type 'sudo ls \*', then sudo actually gets passed
the
*. However you have to train your users to put the back slash in. (The
backslash does not need to go into /etc/sudoers.)
I hope this is helpfull.
-Aaron
More information about the sudo-users
mailing list