[sudo-users] Request for feedback: regular expressions in sudoers
Leigh Brown
leigh at solinno.co.uk
Fri Dec 14 09:36:25 EST 2012
Hi Todd,
On 2012-12-11 18:18, Todd C. Miller wrote:
> I'm planning to include support for regular expression matching of
> commands in the next sudo release. This is something I've wanted
> to do for over ten years. Most likely this would use the pcre
> library to support perl-compatible regular expressions.
>
> One of the main stumbling blocks has been the matter of how to
> specify the regex in the sudoers file. There are two options I've
> been thinking about, but perhaps you all come up with better ones.
[...]
This might be worth considering, the only problem is parsing might be
a bit tricky. The idea is to use the TAG: syntax, like so:
millert ALL=ALL REGEX:^/usr/bin/passwd [A-Za-z][A-Za-z0-9]*$,
!/usr/bin/passwd root
The regular expression is terminated by end of line or a comma (so
commas
would need to be quoted).
Regards,
Leigh.
More information about the sudo-users
mailing list