[sudo-users] Problem with shell wildcard

Matthew Hannigan mlh at zip.com.au
Tue Mar 6 23:55:11 EST 2007


On Wed, Mar 07, 2007 at 11:57:18AM +1000, Paul Stepowski wrote:
> But sudo should get around that, because I'm running the command as root, right?

yes, but the shell, running as you, tries to expand * before running the command.
> 
> The sudo syslogs seem to indicate that sudo is receiving the command exactly as
> passed from the shell.
> 
> ---snip---
> Mar  7 11:40:17 css-ps sudo: stepowski : TTY=pts/2 ; PWD=/home/stepowski ;
> USER=root ; COMMAND=/bin/ls -l /var/log/httpd/*
> ---snip---
> 
> It seems that sudo is getting confused by the shell wildcard character "*" for
> some reason and it can't find the files.

THat's because the command is run directly, not via the shell.  So * doesn't
get expanded.  It looks for a literal *.

> This is quite annoying.  I can get around this for the "ls" command by using
> 
> sudo ls -l /var/log/httpd/
> 
> But, if I want to do a grep, I'm stuck.
> 
> ---snip---
> $ sudo grep GET /var/log/httpd/*
> grep: /var/log/httpd/*: No such file or directory
> ---snip---
> 
> Can someone please explain this.  This is starting to annoy my system
> administrators.  Is this a bug or a feature?

It's a bug AND a feature! :-)

I'd relax the perms to allow admins to read the logs without sudo.

Matt



More information about the sudo-users mailing list