symlink and sudo executable

Posted on

Problem :

If I have the below sudoers entry

usera ALL=(userb) NOPASSWD: /home/userc/bin/executable-file
usera ALL=(userb) NOPASSWD: /home/userc/bin/link-to-another-executable-file

When I log-on as usera and try running the below commands, it works

sudo -u userb /home/userc/bin/executable-file

but NOT the one below.

sudo -u userb /home/userc/bin/link-to-another-executable-file

Sorry, user usera is not allowed to execute '/home/userc/bin/link-to-another-executable-file' as userb on hostname.

Any ideas?

Solution :

When you say link-to-another-executable-file I presume you mean a symbolic link (otherwise it would just be an executable file).

I suspect that sudo is applying permissions to the destination of the symlink and failing but reporting it as the symlink. It reports the symlink because that’s what you tried to execute and therefore the message is not mysterious.

If this is the case, sudo is doing exactly the right thing: protecting you from who-knows-what is at the other end of the symlink. You might try listing the symlink destination (that is, the real executable) in sudoers.

Leave a Reply

Your email address will not be published. Required fields are marked *