sudo and secure-path
Karlos Smith
kazen at redhat.com
Tue Nov 18 21:26:17 UTC 2008
I'm not usually one to reopen cans of worms, but I must say that I'm not
happy about the way that secure-path is working in the new sudo build.
As I mention in the BZ I filed
(https://bugzilla.redhat.com/show_bug.cgi?id=471603), *adding* /sbin
/usr/sbin and /usr/local/sbin to the path when sudoing root makes sense,
but hardcoding the path has messed me up. I have scripts that I allow
non-root users to execute through sudo without a password, I don't put
those scripts in any of the *bin dirs, but the script dir is in the
users $PATH.
So in order to prevent people from having to type the occasional
"/sbin/", my users (and I, for I use these scripts as well) now have to
frequently type much longer paths to execute these scripts.
And while it was possible for people to add to their path to work around
the previous issue, I'm SOL, because there's no way to work around
"secure-path".
Is this really the right thing to do?
--
Karlos Smith
Red Hat Global Services
kasmith at redhat.com
+1 361 649-6255 c.
More information about the fedora-devel-list
mailing list