Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Nicolas Richard <theonewiththeevillook@×××××.fr>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: Where does sudo get the PATH ?
Date: Tue, 23 Oct 2012 09:28:06
Message-Id: 873915ilou.fsf@yahoo.fr
In Reply to: [gentoo-user] Where does sudo get the PATH ? by Nicolas Richard
1 "Nicolas Richard" <theonewiththeevillook@×××××.fr> writes:
2
3 > I don't understand where sudo finds the value for the PATH env
4 > variable.
5
6 Finally, I found where the problem lied. Recall that my problem was the
7 following : I had a path in `sudo env | grep ^PATH' which did not seem
8 to originate from any config file in /etc or /root (the path pointing to
9 texlive/2011). And indeed, it was set at compile time, using
10 --with-secure-path :
11
12 $ sudo sudo -V | head -2
13 Sudo version 1.8.5p2
14 Configure options: --prefix=/usr --build=i686-pc-linux-gnu
15 --host=i686-pc-linux-gnu --mandir=/usr/share/man
16 --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
17 --localstatedir=/var/lib --enable-zlib=system
18 --with-secure-path=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin:/usr/local/texlive/2011/bin/i386-linux
19 --with-editor=/usr/libexec/editor --with-env-editor --without-insults
20 --without-all-insults --with-ldap_conf_file=/etc/ldap.conf.sudo
21 --with-ldap --enable-nls --with-pam --without-skey --without-selinux
22 --without-opie --without-linux-audit --with-timedir=/var/db/sudo
23 --with-plugindir=/usr/lib/sudo --docdir=/usr/share/doc/sudo-1.8.5_p2
24
25 In the ebuild, I find the following comment :
26
27 # FIXME: secure_path is a compile time setting. using ROOTPATH
28 # is not perfect, env-update may invalidate this, but until it
29 # is available as a sudoers setting this will have to do.
30
31 I'm not sure I understand this comment because adding the following line
32 in /etc/sudoers :
33
34 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
35
36 does what I expect it to do : override the PATH variable. Maybe the
37 comment is simply outdated ?
38
39 Thanks to those who tried to help me here and also to Nicolas George who
40 pointed me in the direction of `secure_path' which I had somehow
41 overlooked in the manpages.
42
43 --
44 Nicolas.
Report Message
Find on MARC Find on Google Groups