How to specify regular expression for command arguments in sudoers
Clash Royale CLAN TAG#URR8PPP
up vote
5
down vote
favorite
sudoers(5) manpage says that shell-style wildcards (aka meta or glob characters)
could be used in command line arguments in the sudoers file. They are *, ?, [...] and [!...].
My idea is to use some stuff in regular expression style, like /path/to/command -a[v]*, to mean either command -a, command -av and command -avvv...v in one line (for such commands which changes their's verbosity depending on number of -v arguments, e.g. tcpdump). But it doesn't works.
Is there some way to do that, not adding /path/to/command -a -v several times into sudoers with different number of -v in each one?
sudo
asked Mar 18 '15 at 13:59
AntonioK
5472726
add a comment |Â
up vote
5
down vote
favorite
sudoers(5) manpage says that shell-style wildcards (aka meta or glob characters)
could be used in command line arguments in the sudoers file. They are *, ?, [...] and [!...].
My idea is to use some stuff in regular expression style, like /path/to/command -a[v]*, to mean either command -a, command -av and command -avvv...v in one line (for such commands which changes their's verbosity depending on number of -v arguments, e.g. tcpdump). But it doesn't works.
Is there some way to do that, not adding /path/to/command -a -v several times into sudoers with different number of -v in each one?
sudo
asked Mar 18 '15 at 13:59
AntonioK
5472726
add a comment |Â
up vote
5
down vote
favorite
up vote
5
down vote
favorite
sudoers(5) manpage says that shell-style wildcards (aka meta or glob characters)
could be used in command line arguments in the sudoers file. They are *, ?, [...] and [!...].
My idea is to use some stuff in regular expression style, like /path/to/command -a[v]*, to mean either command -a, command -av and command -avvv...v in one line (for such commands which changes their's verbosity depending on number of -v arguments, e.g. tcpdump). But it doesn't works.
Is there some way to do that, not adding /path/to/command -a -v several times into sudoers with different number of -v in each one?
sudo
asked Mar 18 '15 at 13:59
AntonioK
5472726
sudoers(5) manpage says that shell-style wildcards (aka meta or glob characters)
could be used in command line arguments in the sudoers file. They are *, ?, [...] and [!...].
My idea is to use some stuff in regular expression style, like /path/to/command -a[v]*, to mean either command -a, command -av and command -avvv...v in one line (for such commands which changes their's verbosity depending on number of -v arguments, e.g. tcpdump). But it doesn't works.
Is there some way to do that, not adding /path/to/command -a -v several times into sudoers with different number of -v in each one?
sudo
sudo
asked Mar 18 '15 at 13:59
AntonioK
5472726
asked Mar 18 '15 at 13:59
AntonioK
5472726
asked Mar 18 '15 at 13:59
AntonioK
5472726
asked Mar 18 '15 at 13:59
AntonioK
5472726
asked Mar 18 '15 at 13:59
AntonioK
5472726
5472726
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
The sudoers man page is fairly clear about not supporting this. Comments in the man page suggest that it uses the system fnmatch function to do the matching. On linux/glibc based systems fnmatch can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.
Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument.
and #define _GNU_SOURCE to the top of the file that calls it.
Of course if you do this you will be running your own hand patched version of an suid binary so be careful.
answered Sep 7 at 19:05
William Hay
21317
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
The sudoers man page is fairly clear about not supporting this. Comments in the man page suggest that it uses the system fnmatch function to do the matching. On linux/glibc based systems fnmatch can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.
Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument.
and #define _GNU_SOURCE to the top of the file that calls it.
Of course if you do this you will be running your own hand patched version of an suid binary so be careful.
answered Sep 7 at 19:05
William Hay
21317
add a comment |Â
up vote
0
down vote
The sudoers man page is fairly clear about not supporting this. Comments in the man page suggest that it uses the system fnmatch function to do the matching. On linux/glibc based systems fnmatch can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.
Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument.
and #define _GNU_SOURCE to the top of the file that calls it.
Of course if you do this you will be running your own hand patched version of an suid binary so be careful.
answered Sep 7 at 19:05
William Hay
21317
add a comment |Â
up vote
0
down vote
up vote
0
down vote
The sudoers man page is fairly clear about not supporting this. Comments in the man page suggest that it uses the system fnmatch function to do the matching. On linux/glibc based systems fnmatch can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.
Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument.
and #define _GNU_SOURCE to the top of the file that calls it.
Of course if you do this you will be running your own hand patched version of an suid binary so be careful.
answered Sep 7 at 19:05
William Hay
21317
The sudoers man page is fairly clear about not supporting this. Comments in the man page suggest that it uses the system fnmatch function to do the matching. On linux/glibc based systems fnmatch can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.
Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument.
and #define _GNU_SOURCE to the top of the file that calls it.
Of course if you do this you will be running your own hand patched version of an suid binary so be careful.
answered Sep 7 at 19:05
William Hay
21317
answered Sep 7 at 19:05
William Hay
21317
answered Sep 7 at 19:05
William Hay
21317
answered Sep 7 at 19:05
William Hay
21317
21317
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f190981%2fhow-to-specify-regular-expression-for-command-arguments-in-sudoers%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
