How to avoid specifying full path in sudoers file?

I am trying to add a NOPASSWD entry for sudotest.sh (or any script/binary that requires sudo) in my /etc/sudoers file (on Ubuntu 12.04 LTS server), but in order to make it work, I must specify the full path. The following entry works just fine:

%jenkins ALL=(ALL)NOPASSWD:/home/vts_share/test/sudotest.sh

The problem is that the script might move to a different directory. This seems like a great chance to use the * wildcard in the path (i.e. /*/sudotest.sh) so that my script could be in any directory but the manual states that wildcards will not match the / character when used in a path. I've confirmed that it doesn't work.

I know that I can use the word ALL in place of my script, but this means there is no password prompt for any commands which seems unsafe.

How do I solve this?


Placing ALL instead of your script won't allow it to be run unless it can be found in a suitably configured PATH.

To run your command without supplying a full path it needs to be in a directory specified by the PATH variable.

For sudo it depends on how the environment is configured as to which PATH is used.

If the secure_path variable is set in sudoers then commands must be located in directories within it.

You can add users to the exempt_group, then they can use their own PATH.