[sudo-users] Restricting characters in sudo commands
Matthew Hannigan
mlh at zip.com.au
Thu Jun 15 03:10:21 EDT 2006
On Thu, Jun 15, 2006 at 04:03:46PM +1000, Paul Stepowski wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi list,
>
> I'm trying to restrict access to the 'mkdir' command so a user can only create a
> directory in the specified subdirectory. e.g
>
> testuser testhost.example.com = (root) /bin/mkdir /tmp/[A-z0-9]*
>
> This works but it still allows a user to specify additional directories after
> the first /tmp directory.
>
> e.g. sudo mkdir /tmp/testA testB
>
> will allow the user to create other directories, owned as root, anywhere on the
> file system. How can I configure sudo so mkdir can only be fed one directory
> name to create? Is this even possible with sudo?
I don't think it is; write a wrapper.
Matt
More information about the sudo-users
mailing list