Hello everyone,
I'm new to the community so please bear with me if my terminology is not correct...
I'm trying to configure /etc/sudoers so a specific user can run a script as root.
My problem is I want to lock down what parameters the user can run the script against. The script in question accepts another file as its parameter
e.g. /scripts/myscript.ksh /root/config-files/fileA.cfg
I want userA to be able to run the above script as root but only run it using a specific file/parameter.
e.g. $ sudo '/scripts/myscript.ksh <parameter_1>'
Is this possible? Everything i've tried thus far I get syntax errors in the sudoers file.
I've managed to find a workaround which is using a wrapper script that specifies the scirpt and parameter in question.
This is not ideal though as I will need to create a wrapper script for every possible parameter.
Infact i'd like to go one step further. Ideally, i'd like sudoers to only allow userA to run this script with files/parameters that are located within /root/config-files/*
Just allowing the user to run the script and use any config file would be a security hole. i.e. user could create config file in /tmp then execute script with that file to cause damage.
Any help/advice would be much appreciated.
thanks