[sudo-users] Using shell variables in Command Alias Definitions

Ladner, Eric (Eric.Ladner) Eric.Ladner at chevron.com
Tue Nov 17 09:02:41 MST 2015

Unknown..  I follow the users list a lot more than the dev list.

I know there is regex support for command aliases, though.

Eric Ladner
Systems Analyst
eric.ladner at chevron.com<mailto:Eric.Ladner at chevron.com>

From: Ryan Chewning [mailto:ryan at chewning.us]
Sent: Tuesday, November 17, 2015 9:52 AM
To: Ladner, Eric (Eric.Ladner)
Cc: sudo-users at sudo.ws
Subject: [**EXTERNAL**] Re: [sudo-users] Using shell variables in Command Alias Definitions

Thanks for the quick reply Eric. I was hoping to avoid writing a wrapper script with the security issues that can be introduced.

In the course of my searching I saw mention of possibly adding regex support to Sudo. Is that something which is still in the works or did that die because of the complications involved with validating and writing regex?

On Tue, Nov 17, 2015 at 10:11 AM, Ladner, Eric (Eric.Ladner) <Eric.Ladner at chevron.com<mailto:Eric.Ladner at chevron.com>> wrote:
I don't think variables are expanded inside the sudoers file.

Your best option is probably to write a wrapper script.  Inside the script, you can use the $SUDO_USER variable that sudo injects into the environment to get the calling username.

Something like "php-fpm-manager.sh", put it somewhere handy, make sure it's not writable by  non-admins.

# you might want to do argument checking here..

# SUDO_USER is set to the calling user's userid.
/bin/systemctl $arg php5-fpm@${SUDO_USER}.service<mailto:php5-fpm@$%7bSUDO_USER%7d.service>

Then your command aliases would look like:

Cmnd_Alias PHPFPMRESTART = /whatever/php-fpm-manager.sh restart
Cmnd_Alias PHPFPMSTART = /whatever/php-fpm-manager.sh start
... etc..

-----Original Message-----
From: sudo-users [mailto:sudo-users-bounces at sudo.ws<mailto:sudo-users-bounces at sudo.ws>] On Behalf Of Ryan Chewning
Sent: Tuesday, November 17, 2015 8:33 AM
To: sudo-users at sudo.ws<mailto:sudo-users at sudo.ws>
Subject: [**EXTERNAL**] [sudo-users] Using shell variables in Command Alias Definitions

Hi all,

I've spent several hours looking online for a way to use a shell variable
in a command alias. I'm using Debian 8 which ships with Sudo version
1.8.10p3 / Sudoers file grammar version 43.

I'm attempting to do something like this:

User_Alias PHPFPM_USERS = user1, user2, user3

Cmnd_Alias PHPFPMRESTART = /bin/systemctl restart php5-fpm@'$USER'.service<mailto:php5-fpm@'$USER'.service>
Cmnd_Alias PHPFPMSTART = /bin/systemctl start php5-fpm@$USER.service<mailto:php5-fpm@$USER.service>
Cmnd_Alias PHPFPMRELOAD = /bin/systemctl reload php5-fpm@$USER.service<mailto:php5-fpm@$USER.service>
Cmnd_Alias PHPFPMSTOP = /bin/systemctl stop php5-fpm@$USER.service<mailto:php5-fpm@$USER.service>
Cmnd_Alias PHPFPMSTATUS = /bin/systemctl status php5-fpm@$USER.service<mailto:php5-fpm@$USER.service>

I was hoping that $USER would be replaced at runtime with the user that's
executing the command to save the need to tens or hundreds of definitions.

Thanks for any help or guidance of a better way to do this!


sudo-users mailing list <sudo-users at sudo.ws<mailto:sudo-users at sudo.ws>>
For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list