[sudo-users] Allowing command through pipe only
spinler.patrick at mayo.edu
Wed Jan 2 09:23:26 EST 2013
In general, for anything complicated with sudo, put it into a script
(/usr/local/sbin/wc_iptables ?) and grant sudo to that script, rather
than the individual commands.
On 01/02/2013 08:18 AM, Paul Cantle wrote:
> You could probably do it by allowing wc instead as the first command.
> sudo wc -l /etc/sysconfig/iptables
> Might work.
> On 2 Jan 2013, at 14:58, "Aaron Lewis" <the.warl0ck.1989 at gmail.com> wrote:
>> Say I want to grant user only the permission to run (only count how
>> many lines in the output),
>> iptables -L | wc -l
>> But to accomplish that, I will have to grant the permission to run this command:
>> iptables -L
>> That's not secure enough, 'cause user can view the rules now, any thoughts?
>> Best Regards,
>> Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
>> Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
>> sudo-users mailing list <sudo-users at sudo.ws>
>> For list information, options, or to unsubscribe, visit:
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
More information about the sudo-users