[sudo-users] Any way to avoid using full path name in sudoedit?

Todd C. Miller Todd.Miller at courtesan.com
Thu Jun 28 09:59:55 EDT 2007


In message <200706271648.l5RGmA7l086710 at filbert.sgt-inc.com>
	so spake User Jody (jody):

> I was hoping that my useradmins would not have to enter the full
> path name to  the file every time they needed to update one.
> 
> Is there any way to get around having to use the full path name
> and still be able to restrict access to a certain directory?
 
The problem here is that sudo does not try to interpret command
line arguments, it just does simple glob style matching.  There's
no foolproof way to determine what is a path in the arguments that
should be interpreted.

Now, for sudoedit specifically, this should be possible since the
arguments *must* be paths, but since sudoedit uses the same matching
code as sudo (it is just sudo by another name) that doesn't currently
happen.

If you'd like to see this changed please file an enhancement request
at http://sudo.ws/bugs and it will be considered for sudo 1.7.  It
may be possible to add some kind of syntactic sugar to indicate
that an argument in sudoers is to be interpreted as a path, and to
have this turned on implicitly for sudoedit entries.

 - todd



More information about the sudo-users mailing list