[sudo-users] Problem with shell wildcard

Paul Stepowski p.stepowski at qut.edu.au
Tue Mar 6 20:57:18 EST 2007

Hi list,

I'm seeing some unexpected behaviour when running sudo.

$ sudo -V
Sudo version 1.6.8p12

My test sudoers config allows me to run any command as any user.

stepowski ALL = \
        (ALL) ALL

When attempting to run the following command:

$ sudo ls -l /var/log/httpd/*

I get the following error:

ls: /var/log/httpd/*: No such file or directory

The files certainly exist.

# ls -l /var/log/httpd/*
-rw-r--r-- 1 root root     0 Feb 14 04:18 /var/log/httpd/access_log
-rw-r--r-- 1 root root 54293 Feb  7 16:48 /var/log/httpd/access_log.1
-rw-r--r-- 1 root root     0 Mar  6 04:18 /var/log/httpd/error_log
-rw-r--r-- 1 root root   427 Mar  2 17:54 /var/log/httpd/error_log.1
-rw-r--r-- 1 root root   526 Mar  1 04:18 /var/log/httpd/error_log.2
-rw-r--r-- 1 root root  8552 Feb  8 13:42 /var/log/httpd/error_log.3
-rw-r--r-- 1 root root     0 Feb  7 15:37 /var/log/httpd/ssl_access_log
-rw-r--r-- 1 root root     0 Mar  6 04:18 /var/log/httpd/ssl_error_log
-rw-r--r-- 1 root root   237 Mar  1 04:18 /var/log/httpd/ssl_error_log.1
-rw-r--r-- 1 root root   474 Feb 28 16:24 /var/log/httpd/ssl_error_log.2
-rw-r--r-- 1 root root  1422 Feb  7 15:51 /var/log/httpd/ssl_error_log.3
-rw-r--r-- 1 root root     0 Feb  7 15:37 /var/log/httpd/ssl_request_log

The /var/log/httpd directory is readable/writable/executable only by root (as it
should be).

# ls -l /var/log/ | grep httpd
drwx------ 2 root  root     4096 Mar  6 04:18 httpd

But sudo should get around that, because I'm running the command as root, right?

The sudo syslogs seem to indicate that sudo is receiving the command exactly as
passed from the shell.

Mar  7 11:40:17 css-ps sudo: stepowski : TTY=pts/2 ; PWD=/home/stepowski ;
USER=root ; COMMAND=/bin/ls -l /var/log/httpd/*

It seems that sudo is getting confused by the shell wildcard character "*" for
some reason and it can't find the files.

This is quite annoying.  I can get around this for the "ls" command by using

sudo ls -l /var/log/httpd/

But, if I want to do a grep, I'm stuck.

$ sudo grep GET /var/log/httpd/*
grep: /var/log/httpd/*: No such file or directory

Can someone please explain this.  This is starting to annoy my system
administrators.  Is this a bug or a feature?



More information about the sudo-users mailing list