Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   sudo wildcards problem: for every argument a *-wildcard? Better solution? (http://www.linux-archive.org/centos/577934-sudo-wildcards-problem-every-argument-wildcard-better-solution.html)

John Doe 09-20-2011 11:48 AM

sudo wildcards problem: for every argument a *-wildcard? Better solution?
 
From: Sven Aluoor <aluoor@gmail.com>

*I allow the user tommy to run this command as root
> sudoCommand: /app/appname/connectors/*/*/current/bin/*
> $ sudo /app/appname/connectors/zur/namename/current/bin/othername
> agentsvc --i --u root --sn 1m7command
> Sorry, user tommy is not allowed to execute
> '/app/appname/connectors/zur/namename/current/bin/othername agentsvc
> --i --u root --sn 1m7command' as root on testcentbox07.
> I guess because of wildcard arguments. Does every argument needs a
> *-wildcard? How to do when I don't know the number of arguments?

Tried with -- ?
Maybe replace the last * with [! ]*

JD
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

John Doe 09-21-2011 04:03 PM

sudo wildcards problem: for every argument a *-wildcard? Better solution?
 
From: Sven Aluoor <aluoor@gmail.com>

> On Tue, Sep 20, 2011 at 1:48 PM, John Doe <jdmls@yahoo.com> wrote:
>> Tried with -- ?
>> Maybe replace the last * with [! ]*
> doesn't work. Any other idea?

I tried the following in /etc/sudoers:
* myuser ** ALL=/o*/te*

And cat /opt/test
* #!/bin/bash
* echo "$*"
* touch /root/test

Then:
* $ sudo /opt/test agentsvc --i --u root --sn 1m7command
* agentsvc --i --u root --sn 1m7command
With a /root/test file appearing.
Seems to work fine...

JD
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 07:56 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.