[sudo-users] Feature request - chdir option

Michael Hill michael at mhill.net
Thu Oct 13 12:24:52 EDT 2005

I understand the obvious reason "sudo cd /usr/local/protected" doesn't
work.  What I'd like to suggest is a command line option that would let
you specify the directory in which to execute the command.  E.g.

	$ sudo -C /usr/local/protected ls -l

We run a large environment (over 300 servers under my department alone)
and we are trying to wean users off of "sudo sh", preferring "sudo ALL"
with some "dangerous" commands excluded.  The workaround suggested in
the man page, "sudo sh -c 'cd /usr/local/protected; ls -l'", still
requires granting "sudo sh" capability.  This is about the only
remaining barrier to eliminating "sudo sh", since there are some
commands that need to be run from a directory for which the user doesn't
have execute permission.

Even though this just occurred to me this morning, it seems so obvious
that I can't believe nobody has thought of it before.  Is there some
reason it won't work as I've conceived?  If not, please consider
seriously implementing such an option.

Thank you.


Michael Hill   <><  Isaiah 9:6 |
msh AT qadas DOT com           | http://federalistpatriot.us/news/sorry.asp
Aerospace/Software Engineer    | 
http://www.qadas.com/~msh/     |
---In a marketplace (like the one of ideas), not everything has equal value!---
Did you ever notice that everybody in favor of abortion has already been born?!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: </pipermail/sudo-users/attachments/20051013/bbdbefc0/attachment.bin>

More information about the sudo-users mailing list