[sudo-users] Request for feedback: regular expressions in sudoers

Leigh Brown leigh at solinno.co.uk
Fri Dec 14 09:36:25 EST 2012

Hi Todd,

On 2012-12-11 18:18, Todd C. Miller wrote:
> I'm planning to include support for regular expression matching of
> commands in the next sudo release.  This is something I've wanted
> to do for over ten years.  Most likely this would use the pcre
> library to support perl-compatible regular expressions.
> One of the main stumbling blocks has been the matter of how to
> specify the regex in the sudoers file.  There are two options I've
> been thinking about, but perhaps you all come up with better ones.

This might be worth considering, the only problem is parsing might be
a bit tricky.  The idea is to use the TAG: syntax, like so:

  	millert ALL=ALL REGEX:^/usr/bin/passwd [A-Za-z][A-Za-z0-9]*$,
  	    !/usr/bin/passwd root

The regular expression is terminated by end of line or a comma (so 
would need to be quoted).



More information about the sudo-users mailing list