[sudo-users] Extended globs
Djerk Geurts
djerkg at gmail.com
Thu Mar 24 09:20:47 MDT 2022
Thank you! This is the ticket and there are precompiled packages available to download which makes this an even easier fix. Like you say sudo 1.9.10 supports regex, I’ve tested the following rules successfully:
/usr/bin/journalctl ^-(u|-unit)( bla@[a-zA-Z0-9_-]+)+( -f)?$
/usr/bin/systemctl ^(start|stop|reload|restart|status) bla@[a-zA-Z0-9_-]+)+$
The above grants access to service logs and permits control of the service. Multiple matching services can be specified in each command and for journalctl the follow flag is optional.
More examples here: https://www.sudo.ws/posts/2022/03/sudo-1.9.10-using-regular-expressions-in-the-sudoers-file/ <https://www.sudo.ws/posts/2022/03/sudo-1.9.10-using-regular-expressions-in-the-sudoers-file/>
Thanks,
Djerk
> On 22 Mar 2022, at 22:20, Todd C. Miller <Todd.Miller at sudo.ws> wrote:
>
> As you found, sudo does not support bash-style extended globs.
> However, beginning with version 1.9.10, sudo supports POSIX regular
> expressions which should allow you to do what you want.
>
> - todd
More information about the sudo-users
mailing list