Re: sudo: howto ls directories, &c ???

[Jason Chambers]

On Fri, Sep 05, 2003 at 03:56:30PM -0500, Michael D Schleif wrote:
> Consider this scenario, whereby sudo *cannot* seem to facilitate
> necessary access:
> 
>    # id
>    uid=1000(mds) gid=1000(mds)
>    groups=1000(mds),6(disk),29(audio),50(staff),1001(sambamount),1002(mysql)
> 
>    # ls -ld /var/log/exim/
>    drwxr-s---    2 mail     adm          4096 Sep  5 06:46 /var/log/exim/
> 
>    # ls -al /var/log/exim/
>    ls: /var/log/exim/: Permission denied
> 
>    [EMAIL PROTECTED]:~/dLoad
>    # sudo ls -al /var/log/exim/
>    total 1584
>    drwxr-s---    2 mail     adm          4096 Sep  5 06:46 .
>    drwxr-xr-x   21 root     root         8192 Sep  5 06:46 ..
>    -rw-r-----    1 mail     adm        283999 Sep  5 15:46 mainlog
>    -rw-r-----    1 mail     adm        587225 Sep  5 06:45 mainlog.0
>    -rw-r-----    1 mail     adm         91516 Sep  4 06:45 mainlog.1.gz
>    -rw-r-----    1 mail     mail            0 Jul  7 06:27 paniclog
>    -rw-r-----    1 mail     mail          695 Jul  5 22:26 paniclog.0
>    -rw-r-----    1 mail     mail          130 Feb 15  2003 paniclog.1.gz
>    -rw-r-----    1 mail     adm          2232 Sep  5 08:27 rejectlog
>    -rw-r-----    1 mail     adm          3147 Sep  5 00:54 rejectlog.0
>    -rw-r-----    1 mail     adm          1303 Sep  3 15:16 rejectlog.1.gz
> 
>    # ls -al /var/log/exim/rejectlog*
>    ls: /var/log/exim/rejectlog*: Permission denied
> 
>    # sudo ls -al /var/log/exim/rejectlog*
>    ls: /var/log/exim/rejectlog*: No such file or directory
> 
>    # sudo -u mail ls -al /var/log/exim/rejectlog*
>    ls: /var/log/exim/rejectlog*: No such file or directory
> 

Problem is that the shell is expanding the glob "rejectlog*" _BEFORE_
sudo runs, and as user mds you have no access to the /var/log/exim
directory. Therefore the shell finds no matches for rejectlog* so it
passes the asterisk onto the command.

So the command sudo runs is ls -al '/var/log/exim/rejectlog*'. ls
doesn't expand the glob itself so it's trying to list any files in
/var/log/exim/ that are named rejectlog* - that is exactly "rejectlog" 
with an asterisk on the end _NOT_ any files beginning with rejectlog.

Try running ls '/var/log/exim/rejectlog*' with quotes, as root not via
sudo and you get the same 'No such file or directory' message.

-- 
 .''`.  Jason Chambers <[EMAIL PROTECTED]> 
: :'  : Registered linux user #271693 
`. `'`  
  `-    http://www.debian.org/ - The Universal Operating System

pgp00000.pgp
Description: PGP signature