sudo and PATH?
Martin Marcher
martin.marcher at openforce.com
Mon Jan 8 18:13:55 UTC 2007
Hello,
Am 08.01.2007 um 15:08 schrieb Derek Broughton:
> Martin Marcher wrote:
>
>> Hello,
>>
>> Am 05.01.2007 um 20:01 schrieb Matt Price:
>>
>>> but this of course doesn't extend over to sudo Is there a way to
>>> change
>>> sudo's path, preferably permanently and for every user?
>>
>> have a look a man sudoers(5) and search for "env_reset" and
>> "env_keep" and also the "env_" options in general.
Quote:
env_reset If set, sudo will reset the environment to only
contain the
following variables: HOME, LOGNAME, PATH, SHELL,
TERM, and
USER (in addition to the SUDO_* variables). Of
these, only
TERM is copied unaltered from the old
environment. The
other variables are set to default values
(possibly modi-
fied by the value of the set_logname option). If
sudo was
compiled with the SECURE_PATH option, its value
will be
used for the PATH environment variable. Other
variables
may be preserved with the env_keep option.
Which in essence means
env_sudo = 1
env_keep = PATH
it will erase all environment variables but keep PATH (NOTE: this is
just a quick write down so it may be the wrong syntax)
another option would be to use Defaults
Quote:
# Run X applications through sudo; HOME is used to
find .Xauthority file
# Note that some programs may use HOME for other purposes
too and
# this may lead to privilege escalation!
Defaults env_keep = "DISPLAY HOME"
Defaults env_keep = "PATH" # keeps $PATH for all users
Defaults:YourUserName env_keep = "HOME USER PATH" # keeps HOME USER
PATH for YourUserName
or whatever you like (the sudoers file is quite powerfull once you
managed to climb the learning curve
>
> I'm not sure that's made it any clearer to me.
>>
>> And please do use "visudo" to edit the file...
>
> One of those really stupid legacy unixisms. For years I _didn't_
> use visudo
> (without problems) because I refuse to use vi. Then I realized it
> doesn't
> really use vi (unless that's your default editor).
hehe, I wasn't refering to using vi vim emacs or any editor but more
to that if you break your sudoers file without using visudo you won't
be able to use any sudo command because parsing the file will
generate an error and sudo will refuse to work, whereas by using
visudo it will (at least) give you the opportunity to correct the
syntax - but still doesn't keep you from locking yourself out by
removing the right to use sudo
hth
martin
More information about the ubuntu-users
mailing list