[sudo-users] %u in command string

Todd C. Miller Todd.Miller at courtesan.com
Wed Oct 5 12:36:52 MDT 2016

On Wed, 05 Oct 2016 20:06:21 +1100, Benjamin Roberts wrote:

> I just tried to enter a sudoers rule which used the calling username as
> a parameter in the command string (using %u). As far as I can see this
> isn't supported in the command string, but %u expansion is supported in
> other places (like the prompt?).
> In particular, the rule was to be: `%group host=(www-data) NOPASSWD:
> /usr/bin/htdigest /path/to/.htdigest Realm %u`.
> I've since written a wrapper utility to take care of this without sudo,
> but is it possible to define a rule that accomplishes what I expect the
> above to?

The %u escape is only expanded in the prompt, it is not a general
purpose thing.  That is why it is documented in the passprompt

I don't think there is a way to define a rule that expands the
username in the command arguments.

 - todd

More information about the sudo-users mailing list