[ Team LiB ] Previous Section Next Section

Recipe 5.8 Running Any Program in a Directory via sudo

5.8.1 Problem

Authorize a user to run all programs in a given directory, but only those programs, as another user.

5.8.2 Solution

Specify a fully-qualified directory name instead of a command, ending it with a slash:

/etc/sudoers:
smith  ALL = (root) /usr/local/bin/

smith$ sudo -u root /usr/local/bin/mycommand       Authorized
smith$ sudo -u root /usr/bin/emacs                 Rejected

This authorization does not descend into subdirectories.

smith$ sudo -u root /usr/local/bin/gnu/emacs       Rejected

5.8.3 See Also

sudo(8), sudoers(5).
    [ Team LiB ] Previous Section Next Section