On Tue, 15 Jan 2013 22:19:37 +0200 Maxim Kammerer <m...@dee.su> wrote:
> This is a major problem, there are other questionable choices that > raise the question whether developers are familiar with how things are > done on Unix: > https://bugs.freedesktop.org/show_bug.cgi?id=58787 > I have to confess that despite this being a serious matter that really made me chuckle. > > Sudo even supports regex! > > Only glob patterns, and it's not too good at that. > http://www.sudo.ws/bugs/show_bug.cgi?id=500 /etc/sudoers: anon liberte = NOPASSWD: /sbin/shutdown -[hr] now sudo shutdown -h now -> allowed sudo shutdown "-h now" -> allowed (probably shouldn't be) It may not be perfect and is why I would love to see distros grow some balls or perhaps more rightly packagers and embrace sudoers again but it is far clearer what is allowed than polkit and I believe. /sbin/shutdown -[h][r] Would do what you want. You may need to test but I have never found a command I couldn't add to sudoers. After all it can only make the likes of Ubuntu and perhaps all in fact more secure ;-)
