sudo and secure-path
Matthew Miller
mattdm at mattdm.org
Wed Nov 19 01:54:36 UTC 2008
On Tue, Nov 18, 2008 at 04:26:17PM -0500, Karlos Smith wrote:
> (https://bugzilla.redhat.com/show_bug.cgi?id=471603), *adding* /sbin
> /usr/sbin and /usr/local/sbin to the path when sudoing root makes sense,
> but hardcoding the path has messed me up. I have scripts that I allow
> non-root users to execute through sudo without a password, I don't put
> those scripts in any of the *bin dirs, but the script dir is in the
> users $PATH.
[...]
> And while it was possible for people to add to their path to work around
> the previous issue, I'm SOL, because there's no way to work around
> "secure-path".
> Is this really the right thing to do?
Yes. The tab-completion thing working is a side-effect -- the more important
thing is no surprises. How about a compromise -- add /usr/local/sbin to the
secure path?
--
Matthew Miller <mattdm at mattdm.org>
Senior Systems Architect
Cyberinfrastructure Labs
Computing & Information Technology
Harvard School of Engineering & Applied Sciences
More information about the fedora-devel-list
mailing list