[sudo-users] Adding support to sudo to open a file with elevated privileges
Daniele Palumbo
daniele at retaggio.net
Sun Sep 5 07:08:40 MDT 2021
I believe that the main side effect of cat is, in a least privilege model configuration, that you need to allow cat without argument.
Tee is using an argument as output file.
The common part of all this stuff IMHO is:
How to allow sudo to write only that file (or directory, eventually in a recursive way)?
If this option could be specified, then you can use tee, cat, or whatever.
This is something maybe now more feasible given the newly introduced intercept mode.
But here we would need Todd, very likely :-)
HTH,
Daniele
On September 5, 2021 2:03:31 AM GMT+02:00, "Matthew.Stier at fujitsu.com" <Matthew.Stier at fujitsu.com> wrote:
>If you don't like 'tee', try 'cat'.
>
>echo "something" | sudo bash -c "cat >> /etc/some_file"
>
>Of course, this means your invoking an entire shell, to implement the
>redirection, rather than a simple command. The 'tee' option would be
>more secure.
>
>-----Original Message-----
>From: sudo-users <sudo-users-bounces at sudo.ws> On Behalf Of Piotr
>Dobrogost
>Sent: Saturday, September 4, 2021 6:51 AM
>To: sudo-users at sudo.ws
>Subject: [sudo-users] Adding support to sudo to open a file with
>elevated privileges
>
>Hi!
>
>People often run into a problem trying to redirect output of a command
>being run with sudo to a file which is writable by the target user but
>is not writable by the user running sudo:
>
>sudo echo "something" > /etc/some_file
>
>The suggested workaround – https://superuser.com/q/136646/664 (How to
>append to a file as sudo?) – is to use tee:
>echo "something" | sudo tee /etc/config_file > /dev/null
>
>Would it make sense to add support to sudo for opening a file with
>elevated privileges? This would avoid having to use an external program
>for this basic functionality and would avoid having to redirect
>standard output to /dev/null which is the case when using tee?
>
>Something along the lines of
>echo "something" | sudo --out /etc/config_file
>
>
>Best regards,
>Piotr Dobrogost
>____________________________________________________________
>sudo-users mailing list <sudo-users at sudo.ws> For list information,
>options, or to unsubscribe, visit:
>https://www.sudo.ws/mailman/listinfo/sudo-users
>____________________________________________________________
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>https://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list