I would like to allow a command to be run under sudo with or without arguements. For example, both of these should work:
rm -f /etc/stuff
rm /etc/stuff/item.txt
To get this to work, I need this in sudoers:
Cmnd_Alias ITEM_RM = /bin/rm * /etc/*, /bin/rm /etc/*
Which I then assign to a group. This works. But it makes me double-up on every command. I would like a way to have only one entry that does both:
Cmnd_Alias ITEM_RM = /bin/rm {something goes here that does both} /etc/*
I know that one approach is to wrap this in a script. I don't want to do that. I have dozens of these entries and I need all of them to work with and without knowing the arguements in advance.
I also accept that I'm asking for something that is a bit of a security risk. No value in reminding me of that. I'm going for some security, not tight security. I need to keep peole from causing too much harm to the server, but we have a killer firewall and this server is not accessible from it, so the tight security is at the corporate level.
Thoughts welcome!