The problem is how the interpretation of your arguments in your shell. If I am in bash (most of the other shells work the same way) and I type the command
sudo /bin/bash -c "echo foo && echo bar"
sudo is called with everything after it as arguments. However, the shell processes each argument before passing it to sudo . One of the things she does is to exclude quotation marks around quoted arguments. Therefore, the arguments that sudo receives as the argv value are an array that looks like this (one argument per line):
/bin/bash -c echo foo && echo bar
sudo combines them with spaces and compares them with the commands in the sudoers file (this is actually a bit more complicated than that, since it replaces wildcards, etc.). So the command that he actually sees what you are doing is to check the permissions -
/bin/bash -c echo foo && echo bar
When I put this command in a sudoers file, I do not ask for a password when I type
sudo /bin/bash -c "echo foo && echo bar"
However, I also do not request a password when entering any of these commands or other similar ones.
sudo /bin/bash "-c echo foo && echo bar" sudo /bin/bash "-c echo" foo "&& echo" bar sudo /bin/bash -c echo "foo && echo" bar
In general, as far as I know, there is no way for sudo (or any program) to know exactly which command was entered, but only what it converts into a shell for execution purposes.
Austin
source share