[sudo-users] Expansion of nested Cmnd_Alias commands
Todd C. Miller
Todd.Miller at courtesan.com
Sun May 4 17:13:42 EDT 2008
In message <BBA15439DC467648BBAB71E6BA4D990037753CF1FC at MERCMBX12.na.sas.com>
so spake Galen Johnson (Galen.Johnson):
> Would it be fair to assume that this would show their effective commands and
> not just a basic expansion? In other words, if one has the same command with
> different arguments in more than one alias, will it show what the true comma
> nd they can run will be and not just show you all commands as they expand out
> ?
>
> A (greatly) simplified example:
>
> Command_Alias LS1=/bin/ls -l, /bin/ls -r
> Command_Alias LS2=/bin/ls
>
> Obviously depending on the order these are given to a user, this would allow
> the user to either run /bin/ls or limit them to the -l and -r options. Would
> the command expansion indicate this or would it show '/bin/ls -l, /bin/ls -r
> , /bin/ls'?
For 1.7.0, "sudo -l" just does basic expansion. However, in 1.7.0
there is also "sudo -l command" which allows a user to check whether
a specific command is allowed without actually runnning it.
- todd
More information about the sudo-users
mailing list