I have a command that I run via sudo. This command needs to have its working directory set to the directory where the command is installed. The user that calls sudo has no permissions in this directory so I can not cd
beforehand.
So basically what I like to be able to inlude in /etc/sudoers is something like :
appuser localhost = (appowner) NOPASSWD: cd /opt/app/bin \; ./binary
I know I can use a wrapper script around binary
but I would rather not... Any suggestions?
You will have to use a wrapper script. The parameters following the Runas Tag_Spec is interpreted as a Cmnd_List which is a list of commands that can be run by the specified user etc.
The solution is, as you note to use a wrapper script
Make sure that the wrapper script has suitable permissions and especially that it's not writeable.