[sudo-users] documentation clarification
Todd C. Miller
Todd.Miller at courtesan.com
Tue Sep 15 07:29:01 MDT 2015
To be clear, you don't need to provide full access to the shell,
just "shell -c command". You can look in the sudo logs to see
what you need to allow. E.g. for
$ sudo -i id
if root's shell is /bin/ksh the sudoers rule would be:
username ALL = /bin/ksh -c id
Things get a bit complicated when there are command line arguments
since you need to escape the spaces with a backslash. E.g.
$ sudo -i id -u
Needs:
username ALL = /bin/ksh -c id\ -u
- todd
More information about the sudo-users
mailing list