On 05/05/2015 03:37 AM, Megan . wrote:
As far as I know, sudo does not support regular expressions in sudo
rules. It supports wildcards however, but that's not the same thing,
even though syntax is similiar. The matching is done using the glob(3)
and fnmatch(3) functions. See man sudoers, section wildcards.
I'm running 3.0.0-42 on Centos 6.6.
I setup a number of sudo commands today with regular expressions and
now users seem to be having issues running any sudo command. Are
there any known issues with having regex in sudo commands within the
Here is an example of a sudo rule I have setup. When my user runs
sudo -ll he only sees the below command, and he should have a large
number of commands available (like /sbin/service httpd restart)
SSSD Role: deploy for UAT
-l [a-zA-Z0-9\-_/]* -e EPSG[0-9][0-9][0-9][0-9] -t [a-z]*
Also, I don't think the sudo -ll expands the sudo commands with
wildcards. I just tried it with simple '/sbin/m*', and I see
Things work as expected, with me being able to execute executables in
sbin starting with the letter m.
I also purged /var/lib/sss/db and restated sssd thinking it might be
related to caching but it didn't help.
Thanks in advance!
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project