Sudoers REGEX
Stephen Partington
cryptworks at gmail.com
Fri Feb 19 18:11:10 MST 2016
I would second ldap...
On Feb 19, 2016 6:09 PM, "Phil Waclawski" <phil.waclawski at mesacc.edu> wrote:
> Well, you can use simplified regex. [A-z0-9]* and so on? (at least it
> works for me)
>
> But if you need that much fine grained control over such a large
> group...maybe time for ldap?
>
> Phil W
>
> On Fri, Feb 19, 2016 at 5:08 PM, Snyder, Alexander <
> alex at misteralexander.com> wrote:
>
>> Hello!
>>
>> I learned today, as I am crafting a request to the Unix Security
>> Operations team, that you can't use REGEX in a Sudoers file.
>>
>> Does anyone know why not?
>>
>> I'm not talking why not as in a policy question (
>> http://www.sudo.ws/man/1.8.15/sudoers.man.html)
>>
>> I'm talking why not as in a technical capabilities thing .... wouldn't be
>> using REGEX in a Sudoers file be great? Is there any practical reason that
>> anyone can think of as to why this hasn't been innovated yet?
>>
>> If no ... anyone want to get on that bandwagon with me and make
>> (specify?) "Sudoers 2.0!" ... where in we allow the use of REGEX.
>>
>> Since I can't use REGEX, I am relegated to specifying hundreds of lines
>> of possible use-case scenarios for commands+paths, for use in a 5
>> environment (+production) system. I briefly flirted with writing a
>> script+for-loop to do this work for me, but that would result in a sudoers
>> file request thousands of lines long .... my manager would shit himself ...
>> and then be upset that I even submitted a request like that.
>>
>> Outside of us forking sudo ... anyone have any comments?
>>
>> I know its Friday (fav and forget) ... but if anyone has any suggestions
>> on a middle ground between REGEX Sudo and a 3,000 line sudoers file ... I'm
>> all ears!
>>
>> --
>> Thanks,
>> --:: Alexander J. Snyder ::--
>> --:: ThisGuyShouldWorkFor.Us <http://thisguyshouldworkfor.us> ::--
>> --:: "Never trust a computer you can't throw out a window. --Steve
>> Wozniak" ::--
>> --
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20160219/cb427748/attachment.html>
More information about the PLUG-discuss
mailing list