[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PATH di sudo

On Thu, Sep 4, 2008 at 7:11 PM, Alberto <fi3rizi0@gmail.com> wrote:
> On Thu, Sep 4, 2008 at 6:53 PM, Alberto <fi3rizi0@gmail.com> wrote:
>> Ricapitolo un po tutto:
>>
>> i PATH sono questi
>>
>> $ echo $PATH
>> /usr/local/bin:/usr/bin:/bin:/usr/games:/opt/schily/bin
>>
>> $ su
>> # echo $PATH
>> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/schily/bin
>>
>> $ su -
>> # echo $PATH
>> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>>
>> $ su -l
>> # echo $PATH
>> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>>
>>
>> Adesso incominciamo con sudo
>>
>> $ sudo echo $PATH
>> /usr/local/bin:/usr/bin:/bin:/usr/games:/opt/schily/bin
>>
>> $ sudo env | grep PATH
>> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
>>
>> $ sudo su -
>> root@uriel:~# clogout  (premo un qualsiasi tasto è mi fa logout)
>>
>>
>>
>> On Thu, Sep 4, 2008 at 2:51 PM, Micky Del Favero <micky@mesina.net> wrote:
>>> [ Rispondo in lista, mi pare più corretto nei confronti di chi legge la
>>>  discussione ]
>>>
>>> Alberto <fi3rizi0@gmail.com> writes:
>>>
>>>>> $ sudo su -
>>>>> # env | grep PATH
>>>>>
>>>>> e vedi il path corretto.
>>>>
>>>> # env | grep PATH
>>>> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>>>
>>> allora devi indagare su come vengono assegnati i path a PATH per root,
>>
>> Questo credo di averlo capito:
>>
>> $ cat /etc/profile
>> # /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
>> # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
>>
>> if [ "`id -u`" -eq 0 ]; then
>>  PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
>> else
>>  PATH="/usr/local/bin:/usr/bin:/bin:/usr/games"
>> fi
>>
>> if [ "$PS1" ]; then
>>  if [ "$BASH" ]; then
>>    PS1='\u@\h:\w\$ '
>>  else
>>    if [ "`id -u`" -eq 0 ]; then
>>      PS1='# '
>>    else
>>      PS1='$ '
>>    fi
>>  fi
>> fi
>>
>> export PATH
>>
>> umask 022
>>
>>
>>> AFAIK su - significa carica l'enviromente come si facesse login, ma da
>>> man su leggo che:
>>>
>>>       -, -l, --login
>>>           Provide an environment similar to what the user would expect had
>>>           the user logged in directly.
>>>
>>>           When - is used, it must be specified as the last su option. The
>>>           other forms (-l and --login) do not have this restriction.
>>>
>>> potrebbe essere quel similar l'inghippo.
>>
>> Personalmente credo che sia colpa del PATH che sudo si assegna.
>> Di default la mia debian partiva con
>>
>> Default env_reset
>>
>> e il manuale di sudoers mi dice che con questa impostazione resetta
>> l'enviroment in modo da contenere solo HOME, LOGNAME, PATH, SHELL,
>> TERM, USER (oltre a SUDO_* )
>>
>> Inoltre mi dice che di default, anche se non chiamati esplicitamente,
>> env_keep tiene delle variabili che è possibile sapere con
>>
>> #sudo -V
>>
>> # sudo -V
>> Sudo version 1.6.9p17
>>
>> Sudoers path: /etc/sudoers
>> Authentication methods: 'pam'
>> Syslog facility if syslog is being used for logging: authpriv
>> Syslog priority to use when user authenticates successfully: notice
>> Syslog priority to use when user authenticates unsuccessfully: alert
>> Send mail if the user is not in sudoers
>> Lecture user the first time they run sudo
>> Require users to authenticate by default
>> Root may run sudo
>> Allow some information gathering to give useful error messages
>> Require fully-qualified hostnames in the sudoers file
>> Visudo will honor the EDITOR environment variable
>> Set the LOGNAME and USER environment variables
>> Length at which to wrap log file lines (0 for no wrap): 80
>> Authentication timestamp timeout: 15 minutes
>> Password prompt timeout: 0 minutes
>> Number of tries to enter a password: 3
>> Umask to use or 0777 to use user's: 022
>> Path to mail program: /usr/sbin/sendmail
>> Flags for mail program: -t
>> Address to send mail to: root
>> Subject line for mail messages: *** SECURITY information for %h ***
>> Incorrect password message: Sorry, try again.
>> Path to authentication timestamp dir: /var/run/sudo
>> Default password prompt: [sudo] password for %p:
>> Default user to run commands as: root
>> Path to the editor for use by visudo: /usr/bin/editor
>> When to require a password for 'list' pseudocommand: any
>> When to require a password for 'verify' pseudocommand: all
>> File containing dummy exec functions: /usr/lib/sudo/sudo_noexec.so
>> Reset the environment to a default set of variables
>> Environment variables to check for sanity:
>>        TERM
>>        LINGUAS
>>        LC_*
>>        LANGUAGE
>>        LANG
>>        COLORTERM
>> Environment variables to remove:
>>        RUBYOPT
>>        RUBYLIB
>>        PYTHONINSPECT
>>        PYTHONPATH
>>        PYTHONHOME
>>        TMPPREFIX
>>        ZDOTDIR
>>        READNULLCMD
>>        NULLCMD
>>        FPATH
>>        PERL5DB
>>        PERL5OPT
>>        PERL5LIB
>>        PERLLIB
>>        PERLIO_DEBUG
>>        JAVA_TOOL_OPTIONS
>>        SHELLOPTS
>>        GLOBIGNORE
>>        PS4
>>        BASH_ENV
>>        ENV
>>        TERMCAP
>>        TERMPATH
>>        TERMINFO_DIRS
>>        TERMINFO
>>        _RLD*
>>        LD_*
>>        PATH_LOCALE
>>        NLSPATH
>>        HOSTALIASES
>>        RES_OPTIONS
>>        LOCALDOMAIN
>>        PS4
>>        SHELLOPTS
>>        CDPATH
>>        IFS
>> Environment variables to preserve:
>>        XAUTHORIZATION
>>        XAUTHORITY
>>        TZ
>>        PS2
>>        PS1
>>        PATH
>>        MAIL
>>        LS_COLORS
>>        KRB5CCNAME
>>        HOSTNAME
>>        HOME
>>        DISPLAY
>>        COLORS
>> Local IP address and netmask pairs:
>>        192.168.1.100 / 255.255.255.0
>>        fe80::215:f2ff:feb1:3464 / ffff:ffff:ffff:ffff::
>>
>>
>> E PATH è mantenuto di default, quindi aggiungere
>> Default env_kepp += "PATH"
>> è inutile
>>
>> Allora perché cambia?
>>
>> Credo che la colpa sia di:
>>
>>  If sudo was compiled with the SECURE_PATH option, its value will be
>> used for the PATH environment variable.  This flag is on by default.
>>
>> Ma non ne sono sicuro, qualcuno è in grado di chiarirmi il punto
>
> Forse la risposta è in
> man sudo
>
> Note, however, that the PATH environment variable is further modified
> in Debian because of the use of the SECURE_PATH build option.
>
> Sapete come risolvere?

Ho trovato una notizia datata 2006 che fa riferimoento ad un bug del 2001
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/50797
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=85123


come soluzione qualcuno ha proposto

alias sudo="sudo env PATH=$PATH"


>> grazie
>> AG
>>
>>>>> Provato con
>>>>>
>>>>> Defaults        env_reset
>>>>> Defaults        env_keep += "PATH"
>>>>>
>>>>> potrebbe essere che il path venga cancellato visto che env_reset:
>>>>
>>>> provato ed ecco i risultati:
>>>> $ sudo env | grep PATH
>>>> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
>>>>
>>>> $ sudo su -
>>>> #
>>>
>>> bo, a sto punto non saprei aiutarti.
>>>
>>> Ciao, Micky
>>> --
>>> UNIX is basically a simple operating system, but you have to
>>> be a genius to understand the simplicity.  -- Dennis Ritchie
>>>
>>
>
Reply to: