[sudo-users] Re: restrict passwd command
Russell Van Tassell
russell+sudo-users at loosenut.com
Tue Nov 22 14:19:21 EST 2005
On Tue, Nov 22, 2005 at 12:22:05PM -0600, Mark F wrote:
> Russell Van Tassell wrote:
> >>What about a wrapper script that uses $SUDO_USER ?
> >
> >
> >Then you have to contend with users that do stuff like:
> >
> > setenv SUDO_USER mfaine
> > sudo passwd mfaine
> >
> >...or similar.
>
> For some reason I thought sudo would ensure that whenever sudo was run
> it was run with the correct SUDO_USER environment variable with env_reset.
Actually, I might have jumped a little early on that, looking more
in-theory than I maybe should have... my apologies.
BTW, your script also seems to rely on the user's path rather than using
absolute patching (though I understand this was an example); that, of
course, can result in other similar problems. In-theory, the
environment reset should (hopefully) keep things like SUDO_USER in a
sane form... again, at least we hope. ;-)
--
Russell M. Van Tassell
russell at loosenut.com
"I love deadlines. I especially like the whooshing sound they make as
they go flying by."
More information about the sudo-users
mailing list