[sudo-users] Can change PATH when sudo -g?

Todd C. Miller Todd.Miller at courtesan.com
Tue Feb 21 14:25:35 MST 2017

That won't do what you expect.  Given:

    user1 ALL = (:group2) NOPASSED: ALL
    Defaults>%group2 secure_path=/specialPATH/bin

it will apply "secure_path" to commands run as a user that is a
*member* of group "group2".  There is no way to set an option
purely based on the group.  Yes, I realize this is confusing.

A workaround is to use:

    Defaults>user1 secure_path=/specialPATH/bin

which should work since the command is really being run as "user1",
just with an group of "group2".

 - todd

More information about the sudo-users mailing list