restricting command line arguments in sudo

To: debian users <debian-user@lists.debian.org>
Subject: restricting command line arguments in sudo
From: martin f krafft <madduck@debian.org>
Date: Tue, 21 Jan 2003 12:25:35 +0100
Message-id: <[🔎] 20030121112535.GA16113@fishbowl.madduck.net>
Mail-followup-to: debian users <debian-user@lists.debian.org>

when I allow something like this in sudo:

  /usr/bin/tail /var/log/*

I allow read-access to all of /var/log. However, I also allow read
access to /etc/shadow:

  /usr/bin/tail /var/log/../../etc/shadow

does work. How can I best restrict that? I've tried

  /usr/bin/tail /var/log/[!\.]*

but that generates a syntax error, and kind of doesn't do what I want
anyway. The regexp to do what I want is:

  /usr/bin/tail /var/log/[^\.].*

How can I do that in sudo?

-- 
Please do not CC me! Mutt (www.mutt.org) can handle this automatically.
 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
NOTE: The pgp.net keyservers and their mirrors are broken!
Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc

Attachment: pgpHeucZJ17CL.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: restricting command line arguments in sudo
  - From: Stephen Rueger <stephen.rueger@rechnerpost.org>

Prev by Date: Re: slash: How to convince it to work...
Next by Date: Own kernel doesn't work
Previous by thread: vlock inside a screen session
Next by thread: Re: restricting command line arguments in sudo
Index(es):
- Date
- Thread