2 of 2 people found this helpful
In general, we would encourage you enable privileged execution of commands as widely as you can, because there are many useful pieces of information like this that you can only obtain as root.
That said, if you want to carefully and slowly enable the use of PRIV_RUNCMD, you can easily set the definition of the shell function with some logic to only use sudo in selected circumstances. For example, to be really restrictive and only enable sudo for /usr/sbin/xm, you can define the function like this:
if [ $1 = "/usr/sbin/xm" ]; then
Thanks for your comment. I understand that sudo for as many commands as possible is recommended, but operations and security want it as minimal as possible. So far we have been happy to only add /usr/bin/sudo to a selected few PRIV commands in the platform scripts.
You are absolutely right, this is straightforward shell scripting! One tend to forget the obvious when seeing familiar stuff in a different view! Perhaps I should have downloaded the linux.sh script on a linux box! Your solution is exactly what I am going to use, no impact on other commands. Great!