On Fri, 2003-09-05 at 21:56, Michael D Schleif wrote: > Consider this scenario, whereby sudo *cannot* seem to facilitate > necessary access:
> # ls -al /var/log/exim/rejectlog* > ls: /var/log/exim/rejectlog*: Permission denied Here the user does not have permission to read the contents of /var/log/exim > # sudo ls -al /var/log/exim/rejectlog* > ls: /var/log/exim/rejectlog*: No such file or directory This time, sudo would allow you to read /var/log/exim, but the wildcard in rejectlog* is interpreted by the shell _before_ sudo executes. The user does not have permission, so the shell finds no files to match the wildcard, so it passes it through unchanged. Now sudo is effectively running ls -al '/var/log/exim/rejectlog*' (no interpretation by the shell, because no shell is being run) and of course no such file exists. > # sudo -u mail ls -al /var/log/exim/rejectlog* > ls: /var/log/exim/rejectlog*: No such file or directory Same again here. > Occasionally, I run into similar glitches using sudo. I want to better > define, in my own head, what can and cannot be done under sudo; and, how > best to _always_ avoid su to root. > > What do you think? sudo sh -c "ls -al /var/log/exim/rejectlog*" so that you start a shell which can interpret the wildcard as root. The quotes protect the wildcard from being interpreted by the user's shell. -- Oliver Elphick [EMAIL PROTECTED] Isle of Wight, UK http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "He hath not dealt with us after our sins; nor rewarded us according to our iniquities. For as the heaven is high above the earth, so great is his mercy toward them that fear him. As far as the east is from the west, so far hath he removed our transgressions from us." Psalms 103:10-12 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
