[sudo-users] Can change PATH when sudo -g?
Todd C. Miller
Todd.Miller at courtesan.com
Tue Feb 21 14:25:35 MST 2017
That won't do what you expect. Given:
user1 ALL = (:group2) NOPASSED: ALL
Defaults>%group2 secure_path=/specialPATH/bin
it will apply "secure_path" to commands run as a user that is a
*member* of group "group2". There is no way to set an option
purely based on the group. Yes, I realize this is confusing.
A workaround is to use:
Defaults>user1 secure_path=/specialPATH/bin
which should work since the command is really being run as "user1",
just with an group of "group2".
- todd
More information about the sudo-users
mailing list