[sudo-users] Re: restrict passwd command

Russell Van Tassell russell+sudo-users at loosenut.com
Tue Nov 22 14:19:21 EST 2005

On Tue, Nov 22, 2005 at 12:22:05PM -0600, Mark F wrote:
> Russell Van Tassell wrote:
> >>What about a wrapper script that uses $SUDO_USER ?
> >
> >
> >Then you have to contend with users that do stuff like:
> >
> >	setenv SUDO_USER mfaine
> >	sudo passwd mfaine
> >
> >...or similar.
> For some reason I thought sudo would ensure that whenever sudo was run 
> it was run with the correct SUDO_USER environment variable with env_reset.

Actually, I might have jumped a little early on that, looking more
in-theory than I maybe should have... my apologies.

BTW, your script also seems to rely on the user's path rather than using
absolute patching (though I understand this was an example); that, of
course, can result in other similar problems.  In-theory, the
environment reset should (hopefully) keep things like SUDO_USER in a
sane form... again, at least we hope.  ;-)

Russell M. Van Tassell
russell at loosenut.com

"I love deadlines.  I especially like the whooshing sound they make as
 they go flying by."

More information about the sudo-users mailing list