fine-grained sudoers configuration (allowed commandline arguments)

security linux permissions sudo console

For your case try something like this:

Cmnd_Alias PACMAN = /usr/bin/pacman -S -u, ! /usr/bin/pacman -S -u some_package
user ALL=(root) NOPASSWD: PACMAN

You can use shell glob patterns like [a-z],[0-9],* etc. in your sudoers file to exclude packages that match a certain pattern.


Write a script that does what you want and give sudo access to it.

Also make sure that whatever environment this is run in does not have access to the networking at all, or they can just use their own dns to spoof the mirror and then run arbitrary code as root when it gets installed by pacman.

Related

Does Chrome's Download Manager resume downloads if the connection is lost or closed?
What steps do I need to take to completely uninstall MySQL?
PDF viewer that can invert all colors (not only text) [closed]
Why does VM software need to know which OS will be running inside the VM?
How change the default desktop manager in debian?
How many instances of FFmpeg commands can I run in parallel?
How to disable smooth/fluid scrolling in office 2013 (Excel/Word)?
How to turn on WIFI via cmd?
ssh-agent / ssh-add error: could not open a connection to your authentication agent
keytool commands to replace existing SSL certificate?
Is there a way to close the lid on a MacBook without putting it sleep?
What is 'IMAP+'?