[sudo-users] Limiting arguments on a command

Ian Goldstein IGoldstein at Jefferies.com
Wed Feb 24 15:09:46 EST 2010


I am trying to implement sudo so that a user can maintain directories and 
permission's.  I want to limit what can be on the command line to an 
argument. without necessarily creating a script wrapper

Can somebody please help me figure out what I am missing?

As an illustration, I have the following in my sudoers:

User_Alias      TEST_ADMIN=usera,userb

Cmnd_Alias      TEST_ADMIN_CMDS =      \
                /bin/mkdir /apps/[[\:alpha\:]]*    ,\
                /bin/rmdir /apps/[[\:alpha\:]]*    ,\
                /bin/chown * /apps/[[\:alpha\:]]*  ,\
                /bin/chmod * /apps/[[\:alpha\:]]* 


What this allows me to do as a user is

sudo /bin/mkdir /apps/test1

But it also allows me to run this which is not desirable

sudo /bin/mkdir /apps/test1 /etc/foobar   ( creates a directory in /etc 
called foobar.)


Jefferies archives and monitors outgoing and incoming e-mail. The contents of this email, including any attachments, are confidential to the ordinary user of the email address to which it was addressed. If you are not the addressee of this email you may not copy, forward, disclose or otherwise use it or any part of it in any form whatsoever. This email may be produced at the request of regulators or in connection with civil litigation. Jefferies accepts no liability for any errors or omissions arising as a result of transmission. Use by other than intended recipients is prohibited.  In the United Kingdom, Jefferies operates as Jefferies International Limited; registered in England: no. 1978621; registered office: Vintners Place, 68 Upper Thames Street, London EC4V 3BJ.  Jefferies International Limited is authorised and regulated by the Financial Services Authority.

More information about the sudo-users mailing list