Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

5. Authorization Controls > 5.9. Prohibiting Command Arguments with sudo

5.9. Prohibiting Command Arguments with sudo

Problem

You want to permit a command to be run via sudo, but only without command-line arguments.

Solution

Follow the program name with the single argument “” in /etc/sudoers:

               /etc/sudoers:
smith  ALL = (root) /usr/local/bin/mycommand ""

smith$ sudo -u root mycommand a b c                         Rejected
smith$ sudo -u root mycommand                               Authorized

Discussion

If you specify no arguments to a command in /etc/sudoers, then by default any arguments are permitted.

               /etc/sudoers:
smith  ALL = (root) /usr/local/bin/mycommand

smith$ sudo -u root mycommand a b c                         Authorized

Use “” to prevent any runtime arguments from being authorized.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint