[sudo-users] %u in command string
Benjamin Roberts
benjamin.roberts at anu.edu.au
Wed Oct 5 15:56:52 MDT 2016
Ah okay, that's what I figured thanks.
Do you think there'd be any appetite, beyond my particular usecase, for string expansion being implemented for command strings/how difficult this might be?
> On 6 Oct. 2016, at 5:37 am, Todd C. Miller <Todd.Miller at courtesan.com> wrote:
>
>> On Wed, 05 Oct 2016 20:06:21 +1100, Benjamin Roberts wrote:
>>
>> I just tried to enter a sudoers rule which used the calling username as
>> a parameter in the command string (using %u). As far as I can see this
>> isn't supported in the command string, but %u expansion is supported in
>> other places (like the prompt?).
>>
>> In particular, the rule was to be: `%group host=(www-data) NOPASSWD:
>> /usr/bin/htdigest /path/to/.htdigest Realm %u`.
>>
>> I've since written a wrapper utility to take care of this without sudo,
>> but is it possible to define a rule that accomplishes what I expect the
>> above to?
>
> The %u escape is only expanded in the prompt, it is not a general
> purpose thing. That is why it is documented in the passprompt
> option.
>
> I don't think there is a way to define a rule that expands the
> username in the command arguments.
>
> - todd
More information about the sudo-users
mailing list