1

I want to allow sudo this way:

myuser ALL=NOPASSWD:/usr/bin/pkill -fx "/usr/sbin/nethogs -v 3 -s" || /usr/sbin/nethogs -v 3 -s

so I get only a single running instance of nethogs.

visudo accepts it, but I am unable to run these commands without a password...

Failed attempts: 

sudo '/usr/bin/pkill -fx "/usr/sbin/nethogs -v 3 -s" || /usr/sbin/nethogs -v 3 -s'
sudo /usr/bin/pkill -fx "/usr/sbin/nethogs -v 3 -s" || sudo /usr/sbin/nethogs -v 3 -s

PS.: this version of nethogs is compiled from its cvs on sf.net

Aquarius Power
  • 4,289

1 Answers1

3

You can only use the names or paths of programs or script (and optionally arguments for them) in the sudoers file — shell constructs like || won't work.
Quoting man sudoers:

command name ::= file name |
                 file name args |
                 file name '""'

The easiest way to work around this will be to create a script that executes your set of commands, make it writeable only by root and grant to permission to execute it via sudo.

The manpage for sudo actually gives an example that executes commands in a subshell, but I haven't found a way to allow that in the sudoers configuration (and neither has the sudo-users mailing list).

n.st
  • 8,128
  • 1
    oh.. btw I think the parent folders of such script must also be owned by root for safety; I will try it but I think it will surely work, brb, thx! – Aquarius Power Jun 16 '14 at 21:27
  • 1
    @AquariusPower "only-writeable by root" is not the same thing as "owned by root" and it is the former that matters. – jw013 Jun 16 '14 at 21:55
  • lets say that to the unadvised it may be tricky, I had a file owned by root at my home folder, and could do nothing to it; but after some tests I found that I could remove it, even if I could not set its ownership again to root, at the execution point of view that ownership was initially useless; we could have some system warning/check concerning this; I mean, not here on your answer, it is just a thought :> – Aquarius Power Jun 17 '14 at 02:50