[sudo-users] escaping in sudoers

Todd C. Miller Todd.Miller at courtesan.com
Mon Oct 1 11:57:54 EDT 2012

On Sun, 30 Sep 2012 17:13:25 EDT, Jiri B wrote:

> I would like to run an X11 app under different user, so
> here is my line in sudoers.
> $ sudo grep xclock /etc/sudoers
> me ALL=(root) NOPASSWD: /usr/bin/su -s /bin/sh -l toruser -c 'env DISPLAY\=\:
> 0 xclock'
> If I am reading man page right, '=' and ':', should be escaped.


> So, here's the test. Invalidating timestamp and running the command.
> $ sudo -k ;sudo -n /usr/bin/su -s /bin/sh -l toruser -c 'env DISPLAY=:0 xcloc
> k' 
> sudo: sorry, a password is required to run sudo

The problem is that those single quotes are only interpreted by
your shell--they are not present by the time that sudo is run.  If
you remove the quotes from your sudoers entry it should match as
you expect.

 - todd

More information about the sudo-users mailing list