Home

CmndAlias

CmndAlias is a type of alias used in sudoers configuration to group and reference a set of allowed commands. It is defined with the Cmnd_Alias directive and helps administrators manage granular command permissions by name rather than by listing each command repeatedly.

In a sudoers file, a command alias is declared as Cmnd_Alias NAME = command1, command2, ... Each entry

Usage involves referencing the defined alias in a rule, allowing the specified users on specified hosts to

Cmnd_Alias WEB = /usr/bin/curl, /usr/bin/wget

Cmnd_Alias BACKUP = /bin/tar, /bin/cp

user ALL=(root) NOPASSWD: WEB

admin ALL=(root) NOPASSWD: BACKUP

CmndAlias enhances readability and maintainability of sudoers files, especially in environments with many commands or hosts.

specifies
an
absolute
path
to
a
executable
and
may
include
optional
arguments.
Aliases
can
be
combined
with
other
aliases
and
used
in
the
same
way
as
individual
command
specifications
in
subsequent
sudo
rules.
Common
practice
is
to
place
command
aliases
near
the
other
alias
definitions,
along
with
User_Alias,
Runas_Alias,
and
Host_Alias.
run
the
listed
commands
(optionally
with
specific
run-as
users
or
tags).
For
example:
It
should
be
used
in
conjunction
with
visudo
to
validate
syntax
and
with
Host_Alias
to
restrict
aliases
to
particular
machines.
As
with
any
sudo
configuration,
care
should
be
taken
to
avoid
broad
command
lists
or
overly
permissive
rules,
since
errors
or
misuse
can
lead
to
elevated
privileges.