LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-27-2007, 03:15 AM   #1
kingsizeprawn
LQ Newbie
 
Registered: Nov 2007
Posts: 5

Rep: Reputation: 0
Force the first argument, but allow more, on a sudoed script


Hi all,

I want to allow to user A the execution of a script from user B, but fixing the first argument (i.e., user A can execute the script ONLY if its first argument is X), and allowing to add 0 or more arguments. I've tried with:

Cmnd_Alias ALIAS1 = /path/to/script X *
A ALL=NOPASSWD: ALIAS1


, but it doesn't work if I pass just the first parameter, and it does work if I pass two or more (it seems like the * means "one or more parameters", instead of "zero or more"). Any hint?

Thanks
 
Old 12-03-2007, 08:12 AM   #2
krock923
Member
 
Registered: Jul 2004
Posts: 171

Rep: Reputation: 30
* definitely means zero or more. (It's called a Kleene star)

Could you possibly post the actual relevant lines from sudoers?
 
Old 12-11-2007, 03:43 AM   #3
kingsizeprawn
LQ Newbie
 
Registered: Nov 2007
Posts: 5

Original Poster
Rep: Reputation: 0
sudoers

This is the contents of the sudoers file. scripts 1 to 4 must be executed by USRAPP with the 1st parameter with a fixed value, plus other optional parameters.

Thanks

User_Alias USRAPP = usrapp
User_Alias WAS60 = was60

# Cmnd alias specification
Cmnd_Alias WAS60_CMD = /usr/bin/chown, /usr/bin/chgrp, /usr/bin/mkdir
Cmnd_Alias USRAPP_CMD = \
/path/to/scripts/script1.ksh par1 *,\
/path/to/scripts/script2.ksh par1 *,\
/path/to/scripts/script3.ksh par1 *,\
/path/to/scripts/script4.ksh par2 *

# Runas alias specification
Runas_Alias WAS60 = was60
Runas_Alias ROOT = root

# User privilege specification
root ALL=(ALL) SETENV: ALL

WAS60 ALL=NOPASSWD: WAS60_CMD
USRAPP ALL=(WAS60) NOPASSWD: USRAPP_CMD
 
  


Reply

Tags
sudo


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
a script to give me the last argument !!! rameshvl Linux - General 18 12-29-2008 02:02 PM
Know original credentials (id:group) from a sudoed script kingsizeprawn Linux - Security 5 11-29-2007 10:04 AM
Bash script: how do I select second-to-last argument in a list Robert S Linux - Software 2 11-23-2007 04:06 PM
output of one script to another as argument sefaklc Programming 9 09-03-2007 04:06 AM
BASH: rename an argument of the script sylvaticus Programming 2 05-21-2007 09:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration