I would like to allow to delete certain files in /tmp directory to sudo users. I have added the Allow_Cmnd /usr/sbin/userdel
for sudo users but this does not delete all /tmp files associated with the user.
So how shall I tweak the sudoers to allow them to delete certain files in /tmp directory only. I googled a bit but learned that regex may be be application at this. I tried couple of tweaks but its not working for me.
I would like the users to have ability to execute command such as
find /tmp -uid 10002 | grep joeuser | xargs rm -rf
Best Answer
The best thing to do is write a script that does what you want. You can do extensive sanity checking in there, check if the user is doing only what they are allowed, and so on. And then only allow that script to be ran from sudo.
Alternatively you can also allow them to run the command as you described it:
/bin/bash -c "find /tmp -uid 10002 | grep joeuser | xargs rm -rf"
, or even simplerfind /tmp -uid 10002 -path \*joeuser\* -delete
.As pointed out already, using
xargs
this way is not a good idea. You can either usefind -print0 | xargs -0
, or my personal recommendation is:find /tmp -uid 10002 -path \*joeuser\* -depth -exec rm -rf {} +
. If your version offind
does not support the+
, you may use\;
instead.