[Fedora-packaging] commands under privileged users' path

Ville Skyttä ville.skytta at iki.fi
Thu Aug 23 19:10:19 UTC 2007

On Thursday 23 August 2007, Mamoru Tasaka wrote:
> Then I noticed :
> %pre servers
> # Following the Wiki instructions ...
> getent group iceuser > /dev/null || groupadd -r iceuser
> <snip>
> Here "groupadd" (which is in Fedora under /usr/sbin)
> is used by only basename, not by full path.

That's intentional.  People wanted to have a dependency on shadow-utils 
instead of the actual executables used, so it was changed, and thus we are 
now already making some assumptions about things and full hardcoded paths no 
longer add any real value, they just clutter specfiles.

> IMO this will cause 
> a problem when "yum update" or "rpm -ivh" is done by normal
> users using "su -c" or "sudo" because normal users usually
> don't have /usr/sbin in their path.

rpm ensures that it is there.  More specifically, it sets this for all 
scriptlets (based on rpm hg sources, lib/psm.c):

static char * SCRIPT_PATH 
= "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin";

Have you actually tested and found that the problem you describe exists in 
some scenarios?  I do rpm/smart/yum operations from a "sudo -s" shell all the 
time (no /usr/sbin in PATH there), and have not encountered any problems like 

More information about the Fedora-packaging mailing list