Re: sudo: howto ls directories, &c ???
On Fri, 2003-09-05 at 21:56, Michael D Schleif wrote:
> Consider this scenario, whereby sudo *cannot* seem to facilitate
> necessary access:
> # ls -al /var/log/exim/rejectlog*
> ls: /var/log/exim/rejectlog*: Permission denied
Here the user does not have permission to read the contents of
/var/log/exim
> # sudo ls -al /var/log/exim/rejectlog*
> ls: /var/log/exim/rejectlog*: No such file or directory
This time, sudo would allow you to read /var/log/exim, but the wildcard
in rejectlog* is interpreted by the shell _before_ sudo executes. The
user does not have permission, so the shell finds no files to match the
wildcard, so it passes it through unchanged. Now sudo is effectively
running ls -al '/var/log/exim/rejectlog*' (no interpretation by the
shell, because no shell is being run) and of course no such file exists.
> # sudo -u mail ls -al /var/log/exim/rejectlog*
> ls: /var/log/exim/rejectlog*: No such file or directory
Same again here.
> Occasionally, I run into similar glitches using sudo. I want to better
> define, in my own head, what can and cannot be done under sudo; and, how
> best to _always_ avoid su to root.
>
> What do you think?
sudo sh -c "ls -al /var/log/exim/rejectlog*"
so that you start a shell which can interpret the wildcard as root. The
quotes protect the wildcard from being interpreted by the user's shell.
--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight, UK http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"He hath not dealt with us after our sins; nor rewarded
us according to our iniquities. For as the heaven is
high above the earth, so great is his mercy toward
them that fear him. As far as the east is from the
west, so far hath he removed our transgressions from
us." Psalms 103:10-12
Reply to: