[sudo-users] documentation clarification

Todd C. Miller Todd.Miller at courtesan.com
Tue Sep 15 07:29:01 MDT 2015

To be clear, you don't need to provide full access to the shell,
just "shell -c command".  You can look in the sudo logs to see
what you need to allow.  E.g.  for

    $ sudo -i id

if root's shell is /bin/ksh the sudoers rule would be:

    username ALL = /bin/ksh -c id

Things get a bit complicated when there are command line arguments
since you need to escape the spaces with a backslash.  E.g.

    $ sudo -i id -u


    username ALL = /bin/ksh -c id\ -u

 - todd

More information about the sudo-users mailing list