[sudo-users] Grant permission by "digest" only?

A. James Lewis james at fsck.co.uk
Fri Feb 28 13:05:10 MST 2020


Hi,

I would like to allow "sudo" to grant access to /any/ binary that 
matches the specified digest/checksum, or at least a given filename in 
any path location.... Reading the manual for sudo it appears to suggest 
that "*" matches 0 or more character, so I would hope I could match /* 
and specify a digest.

The problem is that * seems to match any character except "/", so I can 
only specify "any binary" at a specific depth in the filesystem.  Is 
there some way to achieve this, or some security reason I shouldn't want 
to that I might have missed?

How would I achieve this?

-- 
ค. ﻝค๓єร ɭєฬเร (james at fsck.co.uk)
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."



More information about the sudo-users mailing list