[TriLUG] Help with setuid C wrapper script

Jonathan Woodbury jpwoodbu at mybox.org
Tue Oct 12 20:23:46 EDT 2010


Based on what I can see in your first few emails on this, I believe this
will give you precisely what you asked for:

someuser ALL=(root) NOPASSWD: /usr/bin/tail -100 /var/log/messages,
/usr/bin/tail -50 /var/log/secure

This will allow someuser to execute tail with those exact arguments as root
without prompting the user for a password.  Some other folks have nicely
pointed out that you could use syntax described in the Wildcards section of
the sudoers man page to loosen the restrictions on what arguments could be
passed to tail.  But it didn't look like you were heading in that direction
from what I saw in your source code example.  Explicit and simple has its

I hope this helps,

More information about the TriLUG mailing list