Allow complex sudo command on Debian Linux
I disagree with lain.
Although it will work, You do not need awk
to run as root.
I would not be comfortable with this because you might be able to attack awk
in some way. It is a full programming language interpreter after all.
When one runs sudo /usr/bin/apt-get --print-uris -qq -y upgrade 2>/dev/null |awk '{print $2}' | wc | awk '{print $1}'
, They are actually running sudo /usr/bin/apt-get --print-uris -qq -y upgrade
and then piping/redirecting as the calling user.
Try this: zabbix ALL=NOPASSWD: /usr/bin/apt-get --print-uris -qq -y upgrade
By the way, there is nothing wrong with putting this in a script as lain does and you could still do that. I would just avoid running awk as root if possible.
You are probably falling foul of the way that redirection interacts with sudo. The redirection is performed at the calling user not the privileged user. It would probably be easier for you to wrap you command in a script and to then allow the zabbix user to run that script e.g.
#!/bin/bash
/usr/bin/apt-get --print-uris -qq -y upgrade 2>/dev/null |awk '{print $2}' | wc | awk '{print $1}'
the set sudoers as
zabbix ALL=NOPASSWD: /path/to/script
Now the whole script will be run as the privileged user and not just the particular apt-get command. Do though ensure that the zabbix user cannot write to the script.