[sudo-users] Running scripts under sudo (secure_path)

Aaron Spangler aaron at spangler.ods.org
Tue Aug 24 12:03:27 EDT 2004

You can make a slight modification to most shell scripts to make them
behave a lot better.  Change the first line from:



#!/usr/bin/env - PATH=/bin:/usr/bin /bin/sh

The hyphen (-) is important since it clears out all environment variables
in case there were some unknown ones that could interfere with the script.

You should also set some options in your sudoers file to further authment
environment variables.

I hope this info helps.


> Shell scripts tend to contain many invokations of
> programs which are located via the user's PATH.
> If sudo is used to run shell scripts, the user could
> create a script called (let's say) "ls" in their home
> directory and add the home directory to the start of
> their PATH. Then if the sudo-ed script contained an
> "ls" command, the user's script would get executed
> instead of /usr/bin/ls

More information about the sudo-users mailing list