X-Debbugs-CC: serfyo...@yandex.ru
On Wed, Jun 30, 2021 at 05:27:45PM +0300, Сергей Фёдоров wrote:
> Sorry for the late response - I just went to the mail and did not
> expect a letter from you.
>
> I wanted to use sudo to delete the list of root owner files whose
> names are placed in the file.
Your first example is probably wrong because using '<' in sudoers
files is a syntax error, and the shell would interpret it anyway, so
sudo would never see it.
In your second and third examples the same rule applies. Also, your
executed command differs from that in sudoers ('-0t' vs. '-t'), so
sudo asks for a password.
Remember: sudo is not a shell, and it does no processing of shell meta
characters. To work with a defined sudoers entry, the beginning of
the command (after evaluation of meta characters by the shell) must
match /exactly/ what is specified in sudoers (absolute paths,
parameter order etc.). Additional parameters can be added, but what
is specified in sudoers must not be omitted nor rearranged.
I find the easiest way to inspect what the ultimately executed command
will look like after meta character evaluation is by processing the
output of strace, e.g. like so:
printf '/dev/null\n/dev/zero\n' > /tmp/files
strace -o '|grep execve' -e trace=execve \
-s 4096 -f sh -c "/usr/bin/xargs \
-a /tmp/files -n 1 -d '\n' /usr/bin/stat"
Notice that strace does some escaping of special characters like '\n'
in its output itself, so you have to be mindful of that.
Regards,
Dennis.
