[sudo-users] env_keep and LD_LIBRARY_PATH
a.primavera at quipo.it
Thu Dec 7 06:04:03 EST 2006
well , I need to define sudo profiles (for instance HELP_DESK) so that a user can run some commands as root, some others as db and some
others else as application user and I want that all commands executed by this user are logged (obviously for security reason the user does
not know root,db and application passwords !). Moreover system administrators does not want to modify what is already up.
I think SUDO is the solution: faster to apply and not intrusive.
The problem is that one of these commands is a database application console that unfortunately requires library located in a non standard path.
Another solution may be to create links for needed library on standard path.... and make administrator to put up with this solution.
----- Original Message -----
From: Michael Potter
To: Angelo Primavera
Cc: sudo-users at sudo.ws
Sent: Thursday, December 07, 2006 3:42 AM
Subject: Re: [sudo-users] env_keep and LD_LIBRARY_PATH
I suspect this is the correct one:
except, Linux is probably reseting LD_LIBRARY_PATH before it runs sudo or any other setuid program.
Tell us more about what you are trying to do:
Why are you trying to run a program as root with libraries in non-standard locations?
One patch to sudo that I think would be easy to do, safe, and useful, would be this:
Todd, can you comment?
As for wrapper scripts being too annoying, how about this:
if [[ $SUDO_USER == "" ]]
exec sudo $*
exit 1 # exit if exec fails.
# put commands here.
That way the wrapper script is also a short cut for running sudo.
That is just a thought; I have not done that. I would be interested in community commenting on security aspects of that.
On 12/6/06, Angelo Primavera <a.primavera at quipo.it> wrote:
I have read some posts about how to keep the LD_LIBRARY_PATH variable and the answer seams to be of two type:
use a command wrapper
use the Default setting for env_delete/env_keep.
I 'm using sudo 1.6.8p12 on Linux redhat 7.3 and I would like to avoid the wrapper ( system user are already annoyed using "sudo" command!) so I've tried each of next options :
Unfortunately none of them works.
My question is:
env_delete /env_keep options are applicable to LD_LIBRARY_PATH? If yes, what is wrong with my settings?
Thank you in advance
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
More information about the sudo-users