June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
5.9. Prohibiting Command Arguments with sudo
Problem
You want to permit a command to be run via sudo, but only without command-line arguments.
Solution
Follow the program name with the single argument “” in /etc/sudoers:
/etc/sudoers: smith ALL = (root) /usr/local/bin/mycommand "" smith$ sudo -u root mycommand a b c Rejected smith$ sudo -u root mycommand Authorized
Discussion
If you specify no arguments to a command in /etc/sudoers, then by default any arguments are permitted.
/etc/sudoers: smith ALL = (root) /usr/local/bin/mycommand smith$ sudo -u root mycommand a b c Authorized
Use “” to prevent any runtime arguments from being authorized.
See Also
sudo(8), sudoers(5).