[sudo-users] Keep Path FC9

Steve T stevetucknott at yahoo.co.uk
Wed Mar 3 08:25:58 EST 2010 

On Wed, 2010-03-03 at 20:05 +0800, Aaron Lewis wrote:

> Steve T wrote:
> >
> > On Wed, 2010-03-03 at 19:33 +0800, Aaron Lewis wrote:
> >> Steve T wrote:
> >> > I used sudo under FC6 and could simply do 'sudo command' knowing that
> >> > the path for the command would be cloned from the current users (my)
> >> > path.
> >> > This does not appear to work in the same way under FC9 - is there a way
> >> > to still achieve the same thing?
> >> >
> >> >
> >> > Thanks
> >> > ____________________________________________________________ 
> >> > sudo-users mailing list <sudo-users at sudo.ws <mailto:sudo-users at sudo.ws>>
> >> > For list information, options, or to unsubscribe, visit:
> >> > http://www.sudo.ws/mailman/listinfo/sudo-users
> >> >   
> >> Are you looking for secure_path ?
> >>
> >> man sudoers
> >>
> >> secure_path Path used for every command run from sudo. If you don’t 
> >> trust the people running sudo
> >> to have a sane PATH environment variable you may want to use this. 
> >> Another use is if
> >> you want to have the "root path" be separate from the "user path." Users 
> >> in the group
> >> specified by the exempt_group option are not affected by secure_path. 
> >> This option is
> >> set to /bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc by default.
> >>
> >> Hope it helps.
> >>
> >>     
> > Aaron,
> > Thanks for the reply.
> >
> > I'm not sure as most of the options are compile time and the sudo 
> > command was pre-compiled under FC9. I've tried the 'keep' options in 
> > the sudoers file to no avail.
> >
> > I had the same issue a year+ back and never resolved it - I'll have to 
> > try getting the source and compiling that. 
> ./configure --help  shows
> 
>   --with-secure-path      override the user's path with a built-in one
> 
> ./configure --with-secure-path=no
> 
> But i don't recommand you to do so , it's not secure ;-)
> 

Aaron,
I have just recompiled from source (after copying away the original sudo
commands) and specified nothing (apart from where the bin and sbin dirs
were)  and that now seems to work as it did under FC6 - so I can only
assume that FC9 was compiled with the option that you pointed out above
(ie --with-secure-path) as that is the symptom I'm currently getting (ie
the path is fixed for sudo).

It doesn't pose a security risk - as its just an option that I use on my
laptop, where I tend to use sudo rather than su'ing to root.


Thanks for taking the time to help.

More information about the sudo-users mailing list