[sudo-users] Cmnd_Alias mystery

Matt Marchione mmarchio at coat.com
Tue Jul 15 17:31:55 EDT 2008

I've been trying to solve an unusual problem with a Cmnd alias that
we've been having and I've figured out what was causing it, but don't
understand why.

Cmnd_Alias	SH=/usr/bin/*sh


To allow "user_x" to run any command except commands in /usr/bin that
end with 'sh'. However this result occurs when executing:

 > sudo /bin/ls
Sorry, user user_x is not allowed to execute '/bin/ls' as root on host.

However, if the sudoers is setup as follows the command works:

user_x		ALL=(ALL) NOPASSWD:ALL,!/usr/bin/*sh

The culprit in this case turned out to be /usr/bin/sh was not present;
link, binary or otherwise. Once /usr/bin/sh was put in place, the alias
form worked correctly. I would have thought that sudo wouldn't care if
it exists or not with the wild card alias. Can anyone shed some light on

The platform this was occurring on is SuSE-SLES 10. The sudo version is
1.6.9p13 and compiled from source, not a pre-built RPM. Any help would
be appreciated.


More information about the sudo-users mailing list