How in sudoers verify specific input adding to the script

0

I have one script that is taking as an input IP address. My question is, can I specify in sudoers what input can be added to my script. Now I'm doing like that:

 user ALL = !ALL, /bin/sh, /home/user/scripts/addIP.sh *

but this is allowing any input, can I specify this? I try this: 

 ussshnode ALL = !ALL, /bin/sh, /home/ussshnode/node_2fa_prod/scripts/addIP.sh [0-9]+.[0-9]+.[0-9]+.[0-9]+

but it doesn't work properly. Some suggestions?

cyprian

Posted 2017-12-26T09:18:59.863

Reputation: 113

Answers

0

1) the command specification wildcards do not include the "+" sign, but the following syntax will achieve your expectations I guess :

addIP.sh [0-9]*.[0-9]*.[0-9]*.[0-9]*

2) it is preferable to put sudo'ed binaries/scripts in place writable by root only.

3) I think the initial "!ALL, " in your command spec is useless, and the inclusion of /bin/sh in sudoable commands will allow your user to execute anything as root once it is embedded in a script...

=> so I would write it this way (and put the script in given path):

user ALL = /usr/local/scripts/addIP.sh [0-9]*.[0-9]*.[0-9]*.[0-9]*

tonioc

Posted 2017-12-26T09:18:59.863

Reputation: 787

Asked: 2017-12-26T09:18:59.863

Viewed: 37 times

Active: 2017-12-26T15:16:16.880