[sudo-users] sudoers config

christian.peper at kpn.com christian.peper at kpn.com
Tue Aug 12 06:46:55 EDT 2008

> -----Original Message-----
> From: sudo-users-bounces at courtesan.com 
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of 
> dave.parson at daimler.com
> Sent: Thursday, August 07, 2008 9:23 PM
> The intent is to allow a group of users to run (2) specific 
> commands, and only within a directory structure (but all sub 
> directories).
> They can run "Installer.sh" and "uninstaller.sh"  - but only in any 
> subdirectory in /pai.
> Will this work ?.
> Cmd_Alias PAICMDS=/pai/* Installer.sh, /pai/* uninstaller.sh  
>  ## Note 
> there is a space between /pai/*  and the command they are 
> allowed to run


I don't think the space will work. Sudo needs absolute paths, as far as
I know.
You can try inserting the * in it, but I would use /pai/*/Installer.sh
in any case.

You can debug sudo and see which commands are or are not allowed, using
sudo -l (l as in "list"). That way you can see what the effect is of
different paths inside PAICMDS. But I am fairly sure sudo will get
confused with the * in the path.

As an alternative, can you create symbolic links in every subdirectory
and only list /pai/Installer.sh in sudoers?

Hope this helps,

More information about the sudo-users mailing list