Wednesday, March 5, 2014

sudoers command with any parameter

my /etc/sudoers file was configured with
%users ALL=NOPASSWD: /usr/local/bin/puppet agent -t
but then I was not allowed to run
sudo puppet agent -tv
and I get a
Sorry, user soa is not allowed to execute '/usr/local/bin/puppet agent -tv' as root on
A good workaround is to use regexp:

%users ALL=NOPASSWD: /usr/local/bin/puppet agent -[a-z]*

No comments: