Sudoers REGEX

Snyder, Alexander alex at
Fri Feb 19 17:08:42 MST 2016


I learned today, as I am crafting a request to the Unix Security Operations
team, that you can't use REGEX in a Sudoers file.

Does anyone know why not?

I'm not talking why not as in a policy question (

I'm talking why not as in a technical capabilities thing .... wouldn't be
using REGEX in a Sudoers file be great?  Is there any practical reason that
anyone can think of as to why this hasn't been innovated yet?

If no ... anyone want to get on that bandwagon with me and make (specify?)
"Sudoers 2.0!" ... where in we allow the use of REGEX.

Since I can't use REGEX, I am relegated to specifying hundreds of lines of
possible use-case scenarios for commands+paths, for use in a 5 environment
(+production) system.  I briefly flirted with writing a script+for-loop to
do this work for me, but that would result in a sudoers file request
thousands of lines long .... my manager would shit himself ... and then be
upset that I even submitted a request like that.

Outside of us forking sudo ... anyone have any comments?

I know its Friday (fav and forget) ... but if anyone has any suggestions on
a middle ground between REGEX Sudo and a 3,000 line sudoers file ... I'm
all ears!

--:: Alexander J. Snyder ::--
--:: ThisGuyShouldWorkFor.Us <> ::--
--:: "Never trust a computer you can't throw out a window. --Steve Wozniak"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the PLUG-discuss mailing list