I have a script that require to change the owner recursively in a folder
there is my specific sudoers file: /etc/sudoers.d/jenkins
jenkins ALL=(ALL) NOPASSWD: /bin/chmod, /bin/chownand this is the command that jenkins need to execute:
chown -R apache:apache /var/www/vhosts/${HOST}/${PROJECT}for security reasons, i need to restrict the sudo permissions only for chown with argument /var/www/vhosts/***
there are some regex in sudoers file to do this?
1 Answer
Yes, you can use wildcards:
jenkins ALL=(ALL) NOPASSWD: /bin/chown -R apache:apache /var/www/vhosts/*Though it's probably safer from a security perspective to write your own script so that you can validate arguments and ensure that only exactly the paths you want to affect are affected:
jenkins ALL=(ALL) NOPASSWD: /usr/local/bin/my-custom-chown-script