[sudo-users] Allow user to run command with specific arguments
bernard.fay at gmail.com
Tue Aug 7 05:15:33 MDT 2018
I do not know what I did wrong on the first try but it works today....
Looks like a RC=18
On Fri, Aug 3, 2018 at 12:04 PM Todd C. Miller <Todd.Miller at sudo.ws> wrote:
> On Thu, 02 Aug 2018 13:26:12 -0400, Bernard Fay wrote:
> > I try to configure sudoers to allow a user to execute "/sbin/multipath
> > and only the -l argument, none of the other arguments available to
> > multipath.
> What are you trying to achieve? Do you want users to be able to
> only run "multipath -l" or do you need the user to be able to specify
> a device argument after the "-l"?
> If you want the user to be able to specify a device you'll probably
> need to write a wrapper script and give the user sudo access to
> that. You can't securely do command line argument filters in sudoers
> since Linux will let you mix options and arguments.
> If you just want the user to be able to run "multipath -l" then
> your first attempt should work, e.g.
> Cmnd_Alias MPATHL = /sbin/multipath -l
> - todd
More information about the sudo-users