[sudo-users] Setting flags on a per command basis?

Michael Potter pottmi at gmail.com
Thu Sep 7 11:31:23 EDT 2006


Piete,

Here is a question that i asked with the same goal in mind, I have also
included Todd Miller's response:

> Mike Potter Wrote:
> The specification for Defaults is like this:
>
>    Default_Type ::= 'Defaults' |
>                         'Defaults' '@' Host |
>                         'Defaults' ':' User |
>                         'Defaults' '>' RunasUser
>
> Cmnd is absent.
> Why?
>
> The reason I am asking is that I would like to turn off logging for
specific
> commands.
>
> This seems like I should be able to do something like this:
> Defaults&Cmnd !syslog

I would be interested in trying to change sudo to support my proposed
syntax, but I would first like to hear from from someone with more
experience with the sudo source code as to why this feature is
missing.

It seems like an obvious feature so I suspect that there is some
non-trival problem with implementing it.

One solution would be for you to run that command as a different user
so you could use some thing like this:
defaults>newuser !logging,!syslog,!mailto

I would appreciate hearing your solution if you come up with one.
-- 
potter.


>Here is Todd's response:
>
> It is not possible with the parser in sudo 1.6.x.  This feature is
> present already in the sudo cvs sources and will be part of sudo
> 1.7 once the code base is cleaned up a bit.




On 9/7/06, Piete Brooks <piete.brooks--sudo-users at cl.cam.ac.uk> wrote:
>
> So far I have only been able to set flags such as:
>
>         Defaults preserve_groups
>         Defaults targetpw
>         Defaults env_keep += "XAUTHORITY"
>
> globally. I would expect to be able to set these on a per command basis,
> but
> I've not discovered the correct syntax. Can it be done, and if so
> how?  Thanks.
>
>
>



More information about the sudo-users mailing list