5.8.1 ProblemAuthorize a user to run all programs in a given directory, but only those programs, as another user. 5.8.2 SolutionSpecify a fully-qualified directory name instead of a command, ending it with a slash: /etc/sudoers: smith ALL = (root) /usr/local/bin/ smith$ sudo -u root /usr/local/bin/mycommand Authorized smith$ sudo -u root /usr/bin/emacs Rejected This authorization does not descend into subdirectories. smith$ sudo -u root /usr/local/bin/gnu/emacs Rejected 5.8.3 See Alsosudo(8), sudoers(5). |