problem retaining username

Matthew Hannigan mlh at
Sun Sep 8 03:33:49 EDT 2002

Andrew Solomon wrote:

>   andrews machname=/bin/ !set_logname
> I get the message
>   Sorry, user andrews is not allowed to execute '/bin/' 
>   as root on

Maybe the problem is that you've specified the machine name
but sudo gets the fqdn.  Try the same thing as

	andrews ALL=/bin/ !set_logname

to check

> What am I doing wrong?
> 2) If I *were* able to execute /bin/ 
> as root but with $USER unchanged by sudo, I would worry that 
> the person executing 
>   sudo /bin/
> had tampered with their $USER variable. Is there any way of ensuring
> this had not been done?

Use SUDO_USER instead.  Or abort if USER != SUDO_USER.

Sanitise check $USER before checking it; you don't want
to trapped by someone setting USER to "`chmod a+w /etc/passwd`"

(Not sure how to do this in shell safely -- would have to
give it a bit of thought.)

PS. How's it going Andrew?

More information about the sudo-users mailing list