Wednesday, 3 July 2013

How to run any program in a directory via sudo

Problem: Authorize a user to run all programs in a given directory, but only those programs, as another user.

Solution: Specify a fully-qualified directory name instead of a command, ending it with a slash

/etc/sudoers:
smith ALL = (root) /usr/local/bin/

smith$ sudo -u root /usr/local/bin/mycommand   Authorized
smith$ sudo -u root /usr/bin/emacs             Rejected

This authorization does not descend into subdirectories
smith$ sudo -u root /usr/local/bin/gnu/emacs    Rejected



No comments:

Post a Comment