[sudo-users] Allow user to run command with specific arguments
Todd C. Miller
Todd.Miller at sudo.ws
Fri Aug 3 10:04:34 MDT 2018
On Thu, 02 Aug 2018 13:26:12 -0400, Bernard Fay wrote:
> I try to configure sudoers to allow a user to execute "/sbin/multipath -l"
> and only the -l argument, none of the other arguments available to
> multipath.
What are you trying to achieve? Do you want users to be able to
only run "multipath -l" or do you need the user to be able to specify
a device argument after the "-l"?
If you want the user to be able to specify a device you'll probably
need to write a wrapper script and give the user sudo access to
that. You can't securely do command line argument filters in sudoers
since Linux will let you mix options and arguments.
If you just want the user to be able to run "multipath -l" then
your first attempt should work, e.g.
Cmnd_Alias MPATHL = /sbin/multipath -l
- todd
More information about the sudo-users
mailing list