0

in a case of a deployment script (https://github.com/EasyCorp/easy-deploy-bundle/blob/master/doc/default-deployer.md#security-options) I need to run setfacl from a distant machine that push code.

To do that in the sudoer file I've add for a specific user the right to run the command without password, but I would like do it for a full command:

username  ALL=(ALL:ALL) NOPASSWD: /usr/bin/setfacl setfacl -RL -m u:"www-data":rwX var/cache/ var/log/

At the moment I'm forced to remove arguments of the command, because the full command is rejected. I've tried to add a \ to escape :, the same for ". But it don't work.

username  ALL=(ALL:ALL) NOPASSWD: /usr/bin/setfacl setfacl

Thanks a lot

mpiot
  • 101

1 Answers1

0

setfacl is the same as /usr/bin/setfacl. Prefer the later. Don't write both though.

You're right, to escape : the prefix is \.

To specify multiple paths, you must repeat the command by using a comma as a separator. You could also duplicate the whole line. It's up to you.

The end result should looks like:

username ALL=(ALL:ALL) NOPASSWD: /usr/bin/setfacl -RL -m u\:www-data\:rwX var/cache, /usr/bin/setfacl -R -m u\:www-data\:rwX var/log

Honiix
  • 101
  • 2