View previous topic :: View next topic |
Author |
Message |
nordic bro Guru
Joined: 25 Oct 2003 Posts: 585
|
Posted: Tue Aug 26, 2014 3:32 am Post subject: sudo, protected dir and wildcard |
|
|
created a dir as root (/misc/tmp), copied some files into it and did chmod 700 on the dir:
ls -la /misc:
drwx------ 2 root root 4096 Aug 25 23:07 tmp
user in /etc/sudoers can do this and see dir contents:
sudo ls /misc/tmp/
but this says "sudo: No match.":
sudo ls /misc/tmp/*
is there something I can do to make it work with *? I thought maybe it had something to do with "." or ".." in there but user can do this:
sudo ls /misc/tmp/.
although not this:
sudo ls /misc/tmp/.*
sudo: No match. |
|
Back to top |
|
|
lagalopex Guru
Joined: 16 Oct 2004 Posts: 562
|
Posted: Tue Aug 26, 2014 8:31 am Post subject: |
|
|
The * is evaluated in your current shell. (So, with your persmissions, not the root ones.)
As it is not finding anything (no persmissions), it will pass the * just as is. And a file with this name does not exist.
You need the * to be interpreted with the root privileges.
Perhaps something like "sudo bash -c 'ls /misc/tmp/*'" would work, though not very nice.
Why do you need this functionallity at all? |
|
Back to top |
|
|
nordic bro Guru
Joined: 25 Oct 2003 Posts: 585
|
Posted: Wed Aug 27, 2014 4:10 am Post subject: |
|
|
thanks, your workaround does the trick. I'm a little fuzzy on the subtleties of "*" but will read up on that.
I need it to use stat on a pgsql pg_log dir (parent is 700, postgres:postgres) to grab the newest few with a single cmd string:
stat -c "%Y\t%n" .../pg_log/* | sort -n | tail -3 | cut -d\t -f 2- | xargs cp -t /tmp
if I don't use "*" stat returns data on the dir itself and not its contents.
I couldn't figure out how to get the pathname included for each file using ls (where I wouldn't need *) - maybe there's a way to tell xargs or cp what to use but I got locked into the above once I saw how close it was to working |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21431
|
Posted: Wed Aug 27, 2014 10:38 pm Post subject: |
|
|
Perhaps find dir -printf specifiers could print the information you need instead of using stat with a glob. This would work in large directories where the glob fails, and would delegate file discovery into find, so that you could sudo the find instead of sudo'ing the pipeline. |
|
Back to top |
|
|
|