Well, you can use simplified regex. [A-z0-9]* and so on? (at least it works for me) But if you need that much fine grained control over such a large group...maybe time for ldap? Phil W On Fri, Feb 19, 2016 at 5:08 PM, Snyder, Alexander wrote: > Hello! > > I learned today, as I am crafting a request to the Unix Security > Operations team, that you can't use REGEX in a Sudoers file. > > Does anyone know why not? > > I'm not talking why not as in a policy question ( > http://www.sudo.ws/man/1.8.15/sudoers.man.html) > > I'm talking why not as in a technical capabilities thing .... wouldn't be > using REGEX in a Sudoers file be great? Is there any practical reason that > anyone can think of as to why this hasn't been innovated yet? > > If no ... anyone want to get on that bandwagon with me and make (specify?) > "Sudoers 2.0!" ... where in we allow the use of REGEX. > > Since I can't use REGEX, I am relegated to specifying hundreds of lines of > possible use-case scenarios for commands+paths, for use in a 5 environment > (+production) system. I briefly flirted with writing a script+for-loop to > do this work for me, but that would result in a sudoers file request > thousands of lines long .... my manager would shit himself ... and then be > upset that I even submitted a request like that. > > Outside of us forking sudo ... anyone have any comments? > > I know its Friday (fav and forget) ... but if anyone has any suggestions > on a middle ground between REGEX Sudo and a 3,000 line sudoers file ... I'm > all ears! > > -- > Thanks, > --:: Alexander J. Snyder ::-- > --:: ThisGuyShouldWorkFor.Us ::-- > --:: "Never trust a computer you can't throw out a window. --Steve > Wozniak" ::-- > -- > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >