I need to allow a set of users to run, as a different user, a command with the following structure:
command [args] subcommand [subargs]
both args and subargs should be optional. I this tries whitelisting the following in sudoers:
/path/to/command * subcommand *
However, this only works if both args and subargs are specified.
The documentation says:
" * " Matches any set of zero or more characters (including white space).
I hope this is clear. Any help is much appreciated.
(P.S. I am aware of the security risk that is that users could run a different subcommand if they have the name of subcommand somewhere else in the arguments. This is an accepted risk, but mitigation is still welcome.)
The way to achieve this is to eliminate the spaces between the wildcards and the subcommand:
/path/to/command *subcommand*