- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Wildcards in sudoers
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-30-2004 11:44 PM
тАО08-30-2004 11:44 PM
I want to allow the informix user to issue the VxVM command "vxdisk list" in CGI context.
I know that I could rather choose the vxprint command which is executable by any user and has a among dozens of standard outputs freely formatable ones by the -F option.
However the reason I want to use the vxdisk command instead is that it has the nice feature of even displaying VxVM aware disks whose disk groups are currently not imported to the node (n.b. as you can guess this is because of usage in a VCS cluster context) by squeezing in the "-o alldgs" option.
To query each disks specs as well I wanted to use one single wildcard expression for designation of optional switches.
According to "man sudoers" this should be matched by "*" which means zero or any number of occurances.
However with this command alias
Cmnd_Alias VXVM = /usr/sbin/vxdisk * list
I can do this as informix
$ sudo /usr/sbin/vxdisk -o alldgs list|head -3
DEVICE TYPE DISK GROUP STATUS
c0t0d0s2 sliced rootdsk0 rootdg online
c0t1d0s2 sliced rootdsk1 rootdg online
Whereas this fails
$ sudo /usr/sbin/vxdisk list
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password:
OK, I could as well put every command verbatim in sudoers (which would have been the quicker solution), but I'm curious why my use of sudo wildcards isn't working.
Solved! Go to Solution.
- Tags:
- sudo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-31-2004 12:22 AM
тАО08-31-2004 12:22 AM
Re: Wildcards in sudoers
just a curiosity: try to issue a
sudo -l
as the informix user.
HTH,
Massimo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-31-2004 01:35 AM
тАО08-31-2004 01:35 AM
SolutionCmnd_Alias VXVM = /usr/sbin/vxdisk *list
instead of
Cmnd_Alias VXVM = /usr/sbin/vxdisk * list
Jeff Traigle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-31-2004 01:56 AM
тАО08-31-2004 01:56 AM
Re: Wildcards in sudoers
sudo is very literal and sequential in the way it interprets the Cmnd_Alias value. Here's how the vxdisk command lines up without any options supplied:
Cmnd_Alias def: /usr/sbin/vxdisk * list
sudo interpret: /usr/sbin/vxdisk list
Instead of * expanding to a null string, it's expanded/matched to "list". However, this means there is no option available to match with the list option sudo expects at the end of the vxdisk command to allow the user to run it.
Jeff Traigle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-31-2004 01:57 AM
тАО08-31-2004 01:57 AM
Re: Wildcards in sudoers
To continue on Jeff's remark I would add but cannot test at the moment :
Cmnd_Alias VXVM = /usr/sbin/vxdis* list
shoul work also...
I remember 2 years ago going through something of the sort and found out the syntax you give is interpreted in "strict" form, so with
Cmnd_Alias VXVM = /usr/sbin/vxdisk * list
$ sudo /usr/sbin/vxdisk list
should work (2 spaces)
All this to say when I was asked to tighten the syntaxes of some commands but coulnd guess how many args and spaces (and so woulnd work..) I gave up and put su - -c /.../*
All the best
Victor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-31-2004 08:01 PM
тАО08-31-2004 08:01 PM
Re: Wildcards in sudoers
sorry for my belated feedback, but as usual something unexpected needed my attention yesterday.
Jeff, you were dead right.
sudo indeed is very picky, as compared to shell type globbing or command line interpreting of wildcards.
I was lured into shell syntax because sudoers manpage stresses this comparison.
Finally this wildcarding worked for me:
$ id && sudo -l|tail -1
uid=204(informix) gid=200(informix)
(root) NOPASSWD: /usr/sbin/vxdisk *list*