[sudo-users] /etc/sudoers: allowing a subshell command within quotes

Martin.Gerdes at directbox.com Martin.Gerdes at directbox.com
Fri Jul 3 16:35:58 EDT 2009


One of the examples in the sudo manpage is this one:
  sudo sh -c "cd /home ; du -s * │ sort -rn > USAGE"

How would I modify /etc/sudoers to allow precisely that one command?
I experimented with something simpler:
  sudo sh -c ls /root
If I add a line 'admin ALL= NOPASSWD: /bin/sh -c ls /root' to /etc/sudoers, then the above example works.
However, I find no way to get quotes to work, i.e.
 sudo sh -c "ls /root"
(which is needed for stuff like pipes, backticks and redirection)
I tried the lines 'admin ALL= NOPASSWD: /bin/sh -c "ls /root"' and
 'admin ALL= NOPASSWD: /bin/sh -c \"ls /root\"', neither of which works.

So, can anyone tell me what I would have to write into /etc/sudoers to allow running the example from the sudo manpage, only that command and no other?








More information about the sudo-users mailing list