From 7a37318089c68e3051752cf7a6eac176a3eb774b Mon Sep 17 00:00:00 2001
From: Gerald Pinder <4626052+gmpinder@users.noreply.github.com>
Date: Sun, 18 May 2025 23:10:19 -0400
Subject: [PATCH] Reduce allowed commands to run

---
 files/rke-common/etc/sudoers.d/99_rke2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/rke-common/etc/sudoers.d/99_rke2 b/files/rke-common/etc/sudoers.d/99_rke2
index d4cd544..7ecdc51 100644
--- a/files/rke-common/etc/sudoers.d/99_rke2
+++ b/files/rke-common/etc/sudoers.d/99_rke2
@@ -1,3 +1,3 @@
-Cmnd_Alias RKE_CMDS = /usr/bin/chown, /usr/bin/chmod, /usr/bin/mkdir, /usr/bin/systemctl, /usr/bin/cp, /usr/bin/find, /usr/bin/ls, /usr/bin/reboot, /usr/bin/install, /usr/bin/rke2, /usr/bin/firewall-cmd, /usr/bin/rm, /usr/bin/bootc, /usr/bin/rke2-killall.sh
+Cmnd_Alias RKE_CMDS = /usr/bin/systemctl, /usr/bin/reboot, /usr/bin/rke2, /usr/bin/bootc, /usr/bin/rke2-killall.sh, /home/rke/install.sh, /home/rke/configure.sh, /home/rke/start.sh
 
 rke ALL=(root) NOPASSWD: RKE_CMDS