[sudo-users] Any way to avoid using full path name in sudoedit?

User JODY jody at filbert.sgt-inc.com
Thu Jun 28 09:14:24 EDT 2007


Todd,

Thanks for the reply.  I solved the problem by creating the following
script to be a wrapper around the sudo command.

#!/bin/sh
#This script uses sudo to edit the majordomo mail lists
#mledit - Jody B. Caldwell 6/27/2007
sudoedit /usr/local/majordomo/lists/$1

So, my user admins can now do "mledit filename".

Thanks again for your help,

Jody B. Caldwell


In message <200706271648.l5RGmA7l086710 at filbert.sgt-inc.com>
	so spake User Jody (jody):

> I was hoping that my useradmins would not have to enter the full path
> name to  the file every time they needed to update one.
>
> Is there any way to get around having to use the full path name and
> still be able to restrict access to a certain directory?

The problem here is that sudo does not try to interpret command line
arguments, it just does simple glob style matching.  There's no foolproof
way to determine what is a path in the arguments that should be
interpreted.

Now, for sudoedit specifically, this should be possible since the
arguments *must* be paths, but since sudoedit uses the same matching code
as sudo (it is just sudo by another name) that doesn't currently happen.

If you'd like to see this changed please file an enhancement request at
http://sudo.ws/bugs and it will be considered for sudo 1.7.  It may be
possible to add some kind of syntactic sugar to indicate that an argument
in sudoers is to be interpreted as a path, and to have this turned on
implicitly for sudoedit entries.

 - todd
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws> For list information,
options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users





More information about the sudo-users mailing list