[sudo-users] is command substitution possible using sudo ?

Mel Burslan melburslan at gmail.com
Fri Mar 14 17:06:18 EDT 2008

I have this dilemma. I am on an hpux system which is configured as trusted.
The security people has a scanner product which wants to see the contents of
the user record for root. I am okay with this request if they can not see
the actual hashed password entry. They want to be able to run this command :

sudo cat /tcb/files/auth/r/root

what I want to do is, when sudo sees this command, I want it to run a
different command which will jumble the characters of the hashed password,
so that even if this hashed password falls into the wrong hands, it will
mean nothing.

I tried to change command 'cat' to an alias to the script but then since it
is used for other auth files and other configuration files, it becomes a
burden to keep track of what this aliased script can or can not do. I just
want to single out this command and replace it with something of my
creation. Is this possible in the scope of sudo ?

Thanks in advance for all the replies.


More information about the sudo-users mailing list