7

sudoers(5) manpage says that shell-style wildcards (aka meta or glob characters) could be used in command line arguments in the sudoers file. They are *, ?, [...] and [!...].

My idea is to use some stuff in regular expression style, like /path/to/command -a[v]*, to mean either command -a, command -av and command -avvv...v in one line (for such commands which changes their's verbosity depending on number of -v arguments, e.g. tcpdump). But it doesn't works.

Is there some way to do that, not adding /path/to/command -a -v several times into sudoers with different number of -v in each one?

Improve this question

1 Answer 1

Reset to default
5

Starting with version 1.9.10, the sudoers files support POSIX extended regular expressions. According to the manual, you can achieve what you want with:

/path/to/command ^-av*$

In versions prior to 1.9.10, the sudoers man page was fairly clear about not supporting this. Comments in the man page suggest that it uses the system's fnmatch() function to do the matching. On linux/glibc based systems fnmatch() can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.

Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument and #define _GNU_SOURCE to the top of the file that calls it.

Of course if you do this you will be running your own hand patched version of an suid binary so be careful.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .