[sudo-users] Running scripts under sudo (secure_path)

[Brent Fortman]

Later versions of rdist support an ssh transport.  We use this to
distribute sudoers (and many other files) throughout our environment.

Brent Fortman

-----Original Message-----
From: Gohil, Arun [mailto:Arun.Gohil at capitalone.com] 
Sent: Thursday, August 26, 2004 9:14 AM
To: 'aaron at spangler.ods.org'; - -
Cc: sudo-users at sudo.ws
Subject: RE: [sudo-users] Running scripts under sudo (secure_path)



Hi,

Help !

Whats the best way to distribute a centrally located sudoers file to
about a
100 servers
when using ssh.

I have tried to use scp with myself having super user permissions - this
doesn't seem to work.

Any help appreciated.

Thanks
Arun


--Original Message-----
From: Aaron Spangler [mailto:aaron at spangler.ods.org] 
Sent: 24 August 2004 17:03
To: - -
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] Running scripts under sudo (secure_path)


You can make a slight modification to most shell scripts to make them
behave
a lot better.  Change the first line from:

#!/bin/sh

to

#!/usr/bin/env - PATH=/bin:/usr/bin /bin/sh

The hyphen (-) is important since it clears out all environment
variables in
case there were some unknown ones that could interfere with the script.

You should also set some options in your sudoers file to further
authment
environment variables.

I hope this info helps.

 -Aaron



> Shell scripts tend to contain many invokations of
> programs which are located via the user's PATH.
>
> If sudo is used to run shell scripts, the user could
> create a script called (let's say) "ls" in their home directory and 
> add the home directory to the start of their PATH. Then if the sudo-ed

> script contained an "ls" command, the user's script would get executed
> instead of /usr/bin/ls
>

____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
 
************************************************************************
**
The information transmitted herewith is sensitive information intended
only
for use by the individual or entity to which it is addressed. If the
reader
of this message is not the intended recipient, you are hereby notified
that
any review, retransmission, dissemination, distribution, copying or
other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.
____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users