[sudo-users] %u in command string
Todd C. Miller
Todd.Miller at courtesan.com
Wed Oct 5 12:36:52 MDT 2016
On Wed, 05 Oct 2016 20:06:21 +1100, Benjamin Roberts wrote:
> I just tried to enter a sudoers rule which used the calling username as
> a parameter in the command string (using %u). As far as I can see this
> isn't supported in the command string, but %u expansion is supported in
> other places (like the prompt?).
>
> In particular, the rule was to be: `%group host=(www-data) NOPASSWD:
> /usr/bin/htdigest /path/to/.htdigest Realm %u`.
>
> I've since written a wrapper utility to take care of this without sudo,
> but is it possible to define a rule that accomplishes what I expect the
> above to?
The %u escape is only expanded in the prompt, it is not a general
purpose thing. That is why it is documented in the passprompt
option.
I don't think there is a way to define a rule that expands the
username in the command arguments.
- todd
More information about the sudo-users
mailing list