[sudo-users] Using shell variables in Command Alias Definitions

Ladner, Eric (Eric.Ladner) Eric.Ladner at chevron.com
Tue Nov 17 08:11:31 MST 2015

I don't think variables are expanded inside the sudoers file.

Your best option is probably to write a wrapper script.  Inside the script, you can use the $SUDO_USER variable that sudo injects into the environment to get the calling username.

Something like "php-fpm-manager.sh", put it somewhere handy, make sure it's not writable by  non-admins.

# you might want to do argument checking here..  

# SUDO_USER is set to the calling user's userid.
/bin/systemctl $arg php5-fpm@${SUDO_USER}.service

Then your command aliases would look like:

Cmnd_Alias PHPFPMRESTART = /whatever/php-fpm-manager.sh restart 
Cmnd_Alias PHPFPMSTART = /whatever/php-fpm-manager.sh start
... etc..

-----Original Message-----
From: sudo-users [mailto:sudo-users-bounces at sudo.ws] On Behalf Of Ryan Chewning
Sent: Tuesday, November 17, 2015 8:33 AM
To: sudo-users at sudo.ws
Subject: [**EXTERNAL**] [sudo-users] Using shell variables in Command Alias Definitions

Hi all,

I've spent several hours looking online for a way to use a shell variable
in a command alias. I'm using Debian 8 which ships with Sudo version
1.8.10p3 / Sudoers file grammar version 43.

I'm attempting to do something like this:

User_Alias PHPFPM_USERS = user1, user2, user3

Cmnd_Alias PHPFPMRESTART = /bin/systemctl restart php5-fpm@'$USER'.service
Cmnd_Alias PHPFPMSTART = /bin/systemctl start php5-fpm@$USER.service
Cmnd_Alias PHPFPMRELOAD = /bin/systemctl reload php5-fpm@$USER.service
Cmnd_Alias PHPFPMSTOP = /bin/systemctl stop php5-fpm@$USER.service
Cmnd_Alias PHPFPMSTATUS = /bin/systemctl status php5-fpm@$USER.service

I was hoping that $USER would be replaced at runtime with the user that's
executing the command to save the need to tens or hundreds of definitions.

Thanks for any help or guidance of a better way to do this!


sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list