[sudo-users] Running scripts under sudo (secure_path)

Gohil, Arun Arun.Gohil at capitalone.com
Thu Aug 26 10:14:13 EDT 2004


Help !

Whats the best way to distribute a centrally located sudoers file to about a
100 servers
when using ssh.

I have tried to use scp with myself having super user permissions - this
doesn't seem to work.

Any help appreciated.


--Original Message-----
From: Aaron Spangler [mailto:aaron at spangler.ods.org] 
Sent: 24 August 2004 17:03
To: - -
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] Running scripts under sudo (secure_path)

You can make a slight modification to most shell scripts to make them behave
a lot better.  Change the first line from:



#!/usr/bin/env - PATH=/bin:/usr/bin /bin/sh

The hyphen (-) is important since it clears out all environment variables in
case there were some unknown ones that could interfere with the script.

You should also set some options in your sudoers file to further authment
environment variables.

I hope this info helps.


> Shell scripts tend to contain many invokations of
> programs which are located via the user's PATH.
> If sudo is used to run shell scripts, the user could
> create a script called (let's say) "ls" in their home directory and 
> add the home directory to the start of their PATH. Then if the sudo-ed 
> script contained an "ls" command, the user's script would get executed
> instead of /usr/bin/ls

sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
The information transmitted herewith is sensitive information intended only
for use by the individual or entity to which it is addressed. If the reader
of this message is not the intended recipient, you are hereby notified that
any review, retransmission, dissemination, distribution, copying or other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.

More information about the sudo-users mailing list