[sudo-users] escaping in sudoers
Todd C. Miller
Todd.Miller at courtesan.com
Mon Oct 1 11:57:54 EDT 2012
On Sun, 30 Sep 2012 17:13:25 EDT, Jiri B wrote:
> I would like to run an X11 app under different user, so
> here is my line in sudoers.
>
> $ sudo grep xclock /etc/sudoers
> me ALL=(root) NOPASSWD: /usr/bin/su -s /bin/sh -l toruser -c 'env DISPLAY\=\:
> 0 xclock'
>
> If I am reading man page right, '=' and ':', should be escaped.
Correct.
> So, here's the test. Invalidating timestamp and running the command.
>
> $ sudo -k ;sudo -n /usr/bin/su -s /bin/sh -l toruser -c 'env DISPLAY=:0 xcloc
> k'
> sudo: sorry, a password is required to run sudo
The problem is that those single quotes are only interpreted by
your shell--they are not present by the time that sudo is run. If
you remove the quotes from your sudoers entry it should match as
you expect.
- todd
More information about the sudo-users
mailing list