[sudo-users] Command with argument not working as expected

Gabriel Menini GMenini at ose.com.uy
Wed Feb 3 12:33:05 EST 2010

Hello, list.

Since I want users to chmod files only under certain directory, I have the 
following in my /etc/sudoers file:

# User alias specification
User_Alias ADMINS = myname,yourname

# Cmnd alias specification
Cmnd_Alias CHMOD   = /usr/bin/chmod /dir/where/chmod/is/allowed/*

# Runas alias specification

# User privilege specification
root    ALL=(ALL) ALL

ADMINS     myhostname=(root) CHMOD,sudoedit /dir/where/chmod/is/allowed/*

[..file continues here; omitted for simplicity...]

The sudoers file listed above doesn't allow to chmod on that dir.

My target is: ADMINS are able to create scripts in `
/dir/where/chmod/is/allowed/' and then make them executables. 

However, until now I've just been able to set ADMINS to issue chmod on a 
system wide basis but this behaviour is not as expected --not to mention 
it's an enormous security flaw!

Sudo version 1.7.0

Gabriel Menini

More information about the sudo-users mailing list