[sudo-users] Allowing command through pipe only
Patrick Spinler
spinler.patrick at mayo.edu
Wed Jan 2 09:23:26 EST 2013
In general, for anything complicated with sudo, put it into a script
(/usr/local/sbin/wc_iptables ?) and grant sudo to that script, rather
than the individual commands.
-- Pat
On 01/02/2013 08:18 AM, Paul Cantle wrote:
> You could probably do it by allowing wc instead as the first command.
>
> Perhaps
>
> sudo wc -l /etc/sysconfig/iptables
>
> Might work.
>
> On 2 Jan 2013, at 14:58, "Aaron Lewis" <the.warl0ck.1989 at gmail.com> wrote:
>
>> Hi,
>>
>> Say I want to grant user only the permission to run (only count how
>> many lines in the output),
>>
>> iptables -L | wc -l
>>
>> But to accomplish that, I will have to grant the permission to run this command:
>>
>> iptables -L
>>
>> That's not secure enough, 'cause user can view the rules now, any thoughts?
>>
>> --
>> Best Regards,
>> Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
>> Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
>> ____________________________________________________________
>> sudo-users mailing list <sudo-users at sudo.ws>
>> For list information, options, or to unsubscribe, visit:
>> http://www.sudo.ws/mailman/listinfo/sudo-users
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list