Problem: ou want to permit a command to be run via sudo, but only without command-line arguments.
Solution: Follow the pgm name with the single argument :: in /etc/sudoers:
/etc/sudoers:
smith ALL = (root) /usr/local/bin/mycommand ""
smith$ sudo -u root mycommand a b c ---- Rejected
smith$ sudo -u root mycommand ---- Authorized
NOTE:
if you specify no arguments to a command in /etc/sudoers, then by default any arguments are permitted.
/etc/sudoers:
smith ALL = (root) /usr/local/bin/mycommand
smith$ sudo -u root mycommand a b c ----- Authorized
Use "" to prevent any runtime arguments from being authorized.
Solution: Follow the pgm name with the single argument :: in /etc/sudoers:
/etc/sudoers:
smith ALL = (root) /usr/local/bin/mycommand ""
smith$ sudo -u root mycommand a b c ---- Rejected
smith$ sudo -u root mycommand ---- Authorized
NOTE:
if you specify no arguments to a command in /etc/sudoers, then by default any arguments are permitted.
/etc/sudoers:
smith ALL = (root) /usr/local/bin/mycommand
smith$ sudo -u root mycommand a b c ----- Authorized
Use "" to prevent any runtime arguments from being authorized.
No comments:
Post a Comment