[sudo-users] Sudo with directory allows .. to be added. How do I avoid this.

Art A arthur.2007 at yahoo.com
Fri Nov 19 12:52:52 EST 2010

In sudoers:
%mygrp ALL=sudoedit /var/opt/perf/* 

this works
sudo -e /var/opt/perf/perfd.ini 

This also works: (app-defaults is a subdirectory)

sudo -e /var/opt/perf/app-defaults/../../../../etc/passwd

So my question is how can I allow someone to edit any file in a directory without putting every file in the sudoers. I have read the documentation and tried [!.] but it didn't work for me.  What I would settle on is a why to say any pattern without a '..' in it is valid.

Thanks in advance for any help.



More information about the sudo-users mailing list