I would second ldap... On Feb 19, 2016 6:09 PM, "Phil Waclawski" wrote: > Well, you can use simplified regex. [A-z0-9]* and so on? (at least it > works for me) > > But if you need that much fine grained control over such a large > group...maybe time for ldap? > > Phil W > > On Fri, Feb 19, 2016 at 5:08 PM, Snyder, Alexander < > alex@misteralexander.com> wrote: > >> Hello! >> >> I learned today, as I am crafting a request to the Unix Security >> Operations team, that you can't use REGEX in a Sudoers file. >> >> Does anyone know why not? >> >> I'm not talking why not as in a policy question ( >> http://www.sudo.ws/man/1.8.15/sudoers.man.html) >> >> I'm talking why not as in a technical capabilities thing .... wouldn't be >> using REGEX in a Sudoers file be great? Is there any practical reason that >> anyone can think of as to why this hasn't been innovated yet? >> >> If no ... anyone want to get on that bandwagon with me and make >> (specify?) "Sudoers 2.0!" ... where in we allow the use of REGEX. >> >> Since I can't use REGEX, I am relegated to specifying hundreds of lines >> of possible use-case scenarios for commands+paths, for use in a 5 >> environment (+production) system. I briefly flirted with writing a >> script+for-loop to do this work for me, but that would result in a sudoers >> file request thousands of lines long .... my manager would shit himself ... >> and then be upset that I even submitted a request like that. >> >> Outside of us forking sudo ... anyone have any comments? >> >> I know its Friday (fav and forget) ... but if anyone has any suggestions >> on a middle ground between REGEX Sudo and a 3,000 line sudoers file ... I'm >> all ears! >> >> -- >> Thanks, >> --:: Alexander J. Snyder ::-- >> --:: ThisGuyShouldWorkFor.Us ::-- >> --:: "Never trust a computer you can't throw out a window. --Steve >> Wozniak" ::-- >> -- >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >