[Fedora-packaging] commands under privileged users' path
Ville Skyttä
ville.skytta at iki.fi
Thu Aug 23 19:10:19 UTC 2007
On Thursday 23 August 2007, Mamoru Tasaka wrote:
>
> Then I noticed :
> %pre servers
> # Following the Wiki instructions ...
> getent group iceuser > /dev/null || groupadd -r iceuser
> <snip>
>
> Here "groupadd" (which is in Fedora under /usr/sbin)
> is used by only basename, not by full path.
That's intentional. People wanted to have a dependency on shadow-utils
instead of the actual executables used, so it was changed, and thus we are
now already making some assumptions about things and full hardcoded paths no
longer add any real value, they just clutter specfiles.
> IMO this will cause
> a problem when "yum update" or "rpm -ivh" is done by normal
> users using "su -c" or "sudo" because normal users usually
> don't have /usr/sbin in their path.
rpm ensures that it is there. More specifically, it sets this for all
scriptlets (based on rpm hg sources, lib/psm.c):
static char * SCRIPT_PATH
= "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin";
Have you actually tested and found that the problem you describe exists in
some scenarios? I do rpm/smart/yum operations from a "sudo -s" shell all the
time (no /usr/sbin in PATH there), and have not encountered any problems like
this.
More information about the Fedora-packaging
mailing list