[sudo-users] SETENV
Eric Freeman
eric.freeman at tbwachiat.com
Fri Mar 27 12:36:51 EDT 2009
I added removed the SETENV line since it didn't appear to be working and
added the Defaults !env_reset line
Everything is working now.
Is there a better way to accomplish this without weakening the sudo
security?
Thanks
sudo -l
Matching Defaults entries for root on this host:
log_year, logfile=/var/adm/syslog/sudo.log, !env_reset,
logfile=/var/adm/syslog/sudo.log, log_year
Runas and Command-specific defaults for root:
User root may run the following commands on this host:
(ALL) ALL
(root) NOPASSWD: /usr/sbin/mount, (root) /usr/sbin/umount, (root)
/usr/sbin/pfs_mount, (root) /usr/sbin/pfs_umount, (root) /usr/sbin/pfsd
(root) (ALL) ALL
On 3/27/09 12:01 PM, "Todd C. Miller" <Todd.Miller at courtesan.com> wrote:
> In message <C5F26E19.3442A%eric.freeman at tbwachiat.com>
> so spake Eric Freeman (eric.freeman):
>
>> Since upgrading to sudo-1.7.0 and turning on LDAP ( I don¹t think this point
>> is relevant since it is a local user) it appears the users environment
>> variables are not being honored.
>>
>> I was reading the man pages and using google but I need some help. I am
>> running sudo-1.7.0 on HPUX 11.11
>>
>> I modified the /etc/sudoers to look like:
>>
>> ALL ALL=(ALL) SETENV: ALL
>>
>> However, this is not working.
>>
>> When I run sudo -E I receive the following error:
>>
>> sudo: sorry, you are not allowed to preserve the environment
>>
>> I believe I need to change something in the above line in /etc/sudoers.
>
> That line looks correct, perhaps there is another sudoers line
> that is overriding it. What does the output of "sudo -l" show?
>
> Note that you can change the environment handling to be more like
> versions of sudo prior to 1.6.9 with a line like:
>
> Defaults !env_reset
>
> in sudoers, though there are security consequences. The "SECURITY
> NOTES" section of the manual talks a little bit about this.
>
> - todd
This e-mail is intended only for the named person or entity to which it is addressed and contains valuable
business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure.
If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail
is strictly prohibited. Please notify us immediately of the error via e-mail to disclaimer at tbwachiat.com and
please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation.
More information about the sudo-users
mailing list