How to specify regular expression for command arguments in sudoers












5















sudoers(5) manpage says that shell-style wildcards (aka meta or glob characters)
could be used in command line arguments in the sudoers file. They are *, ?, [...] and [!...].



My idea is to use some stuff in regular expression style, like /path/to/command -a[v]*, to mean either command -a, command -av and command -avvv...v in one line (for such commands which changes their's verbosity depending on number of -v arguments, e.g. tcpdump). But it doesn't works.



Is there some way to do that, not adding /path/to/command -a -v several times into sudoers with different number of -v in each one?






sudo







share|improve this question














bumped to the homepage by Community 51 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.




















    5















    sudoers(5) manpage says that shell-style wildcards (aka meta or glob characters)
    could be used in command line arguments in the sudoers file. They are *, ?, [...] and [!...].



    My idea is to use some stuff in regular expression style, like /path/to/command -a[v]*, to mean either command -a, command -av and command -avvv...v in one line (for such commands which changes their's verbosity depending on number of -v arguments, e.g. tcpdump). But it doesn't works.



    Is there some way to do that, not adding /path/to/command -a -v several times into sudoers with different number of -v in each one?






    sudo







    share|improve this question














    bumped to the homepage by Community 51 mins ago


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.


















      5












      5








      5


      1






      sudoers(5) manpage says that shell-style wildcards (aka meta or glob characters)
      could be used in command line arguments in the sudoers file. They are *, ?, [...] and [!...].



      My idea is to use some stuff in regular expression style, like /path/to/command -a[v]*, to mean either command -a, command -av and command -avvv...v in one line (for such commands which changes their's verbosity depending on number of -v arguments, e.g. tcpdump). But it doesn't works.



      Is there some way to do that, not adding /path/to/command -a -v several times into sudoers with different number of -v in each one?






      sudo







      share|improve this question














      sudoers(5) manpage says that shell-style wildcards (aka meta or glob characters)
      could be used in command line arguments in the sudoers file. They are *, ?, [...] and [!...].



      My idea is to use some stuff in regular expression style, like /path/to/command -a[v]*, to mean either command -a, command -av and command -avvv...v in one line (for such commands which changes their's verbosity depending on number of -v arguments, e.g. tcpdump). But it doesn't works.



      Is there some way to do that, not adding /path/to/command -a -v several times into sudoers with different number of -v in each one?






      sudo




      sudo






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Mar 18 '15 at 13:59









      AntonioKAntonioK

      5922727




      5922727





      bumped to the homepage by Community 51 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community 51 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
























          1 Answer
          1






          active

          oldest

          votes


















          0














          The sudoers man page is fairly clear about not supporting this. Comments in the man page suggest that it uses the system fnmatch function to do the matching. On linux/glibc based systems fnmatch can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.



          Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument.
          and #define _GNU_SOURCE to the top of the file that calls it.



          Of course if you do this you will be running your own hand patched version of an suid binary so be careful.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "106"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f190981%2fhow-to-specify-regular-expression-for-command-arguments-in-sudoers%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            The sudoers man page is fairly clear about not supporting this. Comments in the man page suggest that it uses the system fnmatch function to do the matching. On linux/glibc based systems fnmatch can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.



            Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument.
            and #define _GNU_SOURCE to the top of the file that calls it.



            Of course if you do this you will be running your own hand patched version of an suid binary so be careful.






            share|improve this answer




























              0














              The sudoers man page is fairly clear about not supporting this. Comments in the man page suggest that it uses the system fnmatch function to do the matching. On linux/glibc based systems fnmatch can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.



              Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument.
              and #define _GNU_SOURCE to the top of the file that calls it.



              Of course if you do this you will be running your own hand patched version of an suid binary so be careful.






              share|improve this answer


























                0












                0








                0







                The sudoers man page is fairly clear about not supporting this. Comments in the man page suggest that it uses the system fnmatch function to do the matching. On linux/glibc based systems fnmatch can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.



                Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument.
                and #define _GNU_SOURCE to the top of the file that calls it.



                Of course if you do this you will be running your own hand patched version of an suid binary so be careful.






                share|improve this answer













                The sudoers man page is fairly clear about not supporting this. Comments in the man page suggest that it uses the system fnmatch function to do the matching. On linux/glibc based systems fnmatch can use an extended globbing format with similar expressiveness to regular expressions but a different syntax.



                Therefore if you should be able to rebuild sudo to support the extended syntax by finding the place where sudo calls fnmatch adding FNM_EXTMATCH to the flags argument.
                and #define _GNU_SOURCE to the top of the file that calls it.



                Of course if you do this you will be running your own hand patched version of an suid binary so be careful.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Sep 7 '18 at 19:05









                William HayWilliam Hay

                21317




                21317






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f190981%2fhow-to-specify-regular-expression-for-command-arguments-in-sudoers%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Loup dans la culture

                    Image
                    Loups sur une enluminure du Bestiaire d'Aberdeen Le loup est l'animal le plus emblématique de l'histoire de l'Eurasie, il était à l'honneur durant l'Antiquité chez la totalité des anciens peuples européens [ 1 ] . Sommaire 1 Le loup dans la mythologie 2 Les loups dans le folklore 2.1 L'évolution des mentalités 2.2 Le loup dans la psychanalyse 3 Le loup dans les œuvres culturelles 3.1 Le loup dans la littérature 3.1.1 Fables 3.1.2 Poésie 3.1.3 Romans 3.1.4 Littérature jeunesse 3.1.4.1 Quelques titres d'albums contemporains 3.1.5 Bande dessinée 3.2 Le loup à l'écran 3.2.1 Le cinéma et la télévision 3.2.2 Documentaires 3.2.3 Dessins animés 3.2.4 Jeux vidéo 3.3 Le loup en peinture et en sculpture 3.4 Le loup dans les œuvres musicales 4 Le loup et les noms propres 5 Bibliographie 6 Notes et références 7 Voir aussi 7.1 Articles connexes
                    Read more

                    How to solve the problem of ntp “Unable to contact time server” from KDE?

                    Image
                    1 0 I want to set date and time automatically but this error appears when I try to .. I'm using openSUSE, I tried different servers but it didn't work either, help please! It doesn't seem to be a network problem: $ ping pool.ntp.org 64 bytes from 41.78.128.17: icmp_seq=1 ttl=41 time=260 ms To the question of whether ntpd is installed and running: $ ps -C ntpd PID TTY TIME CMD i.e. there's no ntpd process running. $ rpm -qa | grep ntp yast2-ntp-client-3.1.12-1.7.noarch ntp-4.2.6p5-25.2.1.i586 Further information from the comments: $ sudo ntpdate pool.ntp.org 25 Sep 19:41:51 ntpdate[3162]: no server suitable for synchronization found networking kde opensuse ntp ntpd sh
                    Read more

                    ASUS Zenbook UX433/UX333 — Configure Touchpad-embedded numpad on Linux

                    Image
                    0 1 I have an ASUS Zenbook UX433,on which ASUS decided to innovate by embedding a Numpad inside the touchpad (see picture 1). Toggling between classic touchpad mode and numpad (also turns the touchpad LEDs on) can be done through the golden button in the top-right corner of the touchpad. However, on my Manjaro arch Linux config, this behavior does not work by default and I can only use the touchpad, no numpad. Has anyone been able to configure the numpad to work on Linux, or have any idea how this could be achieved? EDIT1: I have had a look at the official Windows drivers for the UX433FA TouchPad, but was not able to make anything of it. I tried installing them on Linux using tools like NDISWrapper, but they do not detect the TouchPad/Numpad hardware, and my understanding of drivers is too limited.
                    Read more