Re: PATH di sudo
On Thu, Sep 4, 2008 at 7:11 PM, Alberto <fi3rizi0@gmail.com> wrote:
> On Thu, Sep 4, 2008 at 6:53 PM, Alberto <fi3rizi0@gmail.com> wrote:
>> Ricapitolo un po tutto:
>>
>> i PATH sono questi
>>
>> $ echo $PATH
>> /usr/local/bin:/usr/bin:/bin:/usr/games:/opt/schily/bin
>>
>> $ su
>> # echo $PATH
>> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/schily/bin
>>
>> $ su -
>> # echo $PATH
>> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>>
>> $ su -l
>> # echo $PATH
>> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>>
>>
>> Adesso incominciamo con sudo
>>
>> $ sudo echo $PATH
>> /usr/local/bin:/usr/bin:/bin:/usr/games:/opt/schily/bin
>>
>> $ sudo env | grep PATH
>> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
>>
>> $ sudo su -
>> root@uriel:~# clogout (premo un qualsiasi tasto è mi fa logout)
>>
>>
>>
>> On Thu, Sep 4, 2008 at 2:51 PM, Micky Del Favero <micky@mesina.net> wrote:
>>> [ Rispondo in lista, mi pare più corretto nei confronti di chi legge la
>>> discussione ]
>>>
>>> Alberto <fi3rizi0@gmail.com> writes:
>>>
>>>>> $ sudo su -
>>>>> # env | grep PATH
>>>>>
>>>>> e vedi il path corretto.
>>>>
>>>> # env | grep PATH
>>>> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>>>
>>> allora devi indagare su come vengono assegnati i path a PATH per root,
>>
>> Questo credo di averlo capito:
>>
>> $ cat /etc/profile
>> # /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
>> # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
>>
>> if [ "`id -u`" -eq 0 ]; then
>> PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
>> else
>> PATH="/usr/local/bin:/usr/bin:/bin:/usr/games"
>> fi
>>
>> if [ "$PS1" ]; then
>> if [ "$BASH" ]; then
>> PS1='\u@\h:\w\$ '
>> else
>> if [ "`id -u`" -eq 0 ]; then
>> PS1='# '
>> else
>> PS1='$ '
>> fi
>> fi
>> fi
>>
>> export PATH
>>
>> umask 022
>>
>>
>>> AFAIK su - significa carica l'enviromente come si facesse login, ma da
>>> man su leggo che:
>>>
>>> -, -l, --login
>>> Provide an environment similar to what the user would expect had
>>> the user logged in directly.
>>>
>>> When - is used, it must be specified as the last su option. The
>>> other forms (-l and --login) do not have this restriction.
>>>
>>> potrebbe essere quel similar l'inghippo.
>>
>> Personalmente credo che sia colpa del PATH che sudo si assegna.
>> Di default la mia debian partiva con
>>
>> Default env_reset
>>
>> e il manuale di sudoers mi dice che con questa impostazione resetta
>> l'enviroment in modo da contenere solo HOME, LOGNAME, PATH, SHELL,
>> TERM, USER (oltre a SUDO_* )
>>
>> Inoltre mi dice che di default, anche se non chiamati esplicitamente,
>> env_keep tiene delle variabili che è possibile sapere con
>>
>> #sudo -V
>>
>> # sudo -V
>> Sudo version 1.6.9p17
>>
>> Sudoers path: /etc/sudoers
>> Authentication methods: 'pam'
>> Syslog facility if syslog is being used for logging: authpriv
>> Syslog priority to use when user authenticates successfully: notice
>> Syslog priority to use when user authenticates unsuccessfully: alert
>> Send mail if the user is not in sudoers
>> Lecture user the first time they run sudo
>> Require users to authenticate by default
>> Root may run sudo
>> Allow some information gathering to give useful error messages
>> Require fully-qualified hostnames in the sudoers file
>> Visudo will honor the EDITOR environment variable
>> Set the LOGNAME and USER environment variables
>> Length at which to wrap log file lines (0 for no wrap): 80
>> Authentication timestamp timeout: 15 minutes
>> Password prompt timeout: 0 minutes
>> Number of tries to enter a password: 3
>> Umask to use or 0777 to use user's: 022
>> Path to mail program: /usr/sbin/sendmail
>> Flags for mail program: -t
>> Address to send mail to: root
>> Subject line for mail messages: *** SECURITY information for %h ***
>> Incorrect password message: Sorry, try again.
>> Path to authentication timestamp dir: /var/run/sudo
>> Default password prompt: [sudo] password for %p:
>> Default user to run commands as: root
>> Path to the editor for use by visudo: /usr/bin/editor
>> When to require a password for 'list' pseudocommand: any
>> When to require a password for 'verify' pseudocommand: all
>> File containing dummy exec functions: /usr/lib/sudo/sudo_noexec.so
>> Reset the environment to a default set of variables
>> Environment variables to check for sanity:
>> TERM
>> LINGUAS
>> LC_*
>> LANGUAGE
>> LANG
>> COLORTERM
>> Environment variables to remove:
>> RUBYOPT
>> RUBYLIB
>> PYTHONINSPECT
>> PYTHONPATH
>> PYTHONHOME
>> TMPPREFIX
>> ZDOTDIR
>> READNULLCMD
>> NULLCMD
>> FPATH
>> PERL5DB
>> PERL5OPT
>> PERL5LIB
>> PERLLIB
>> PERLIO_DEBUG
>> JAVA_TOOL_OPTIONS
>> SHELLOPTS
>> GLOBIGNORE
>> PS4
>> BASH_ENV
>> ENV
>> TERMCAP
>> TERMPATH
>> TERMINFO_DIRS
>> TERMINFO
>> _RLD*
>> LD_*
>> PATH_LOCALE
>> NLSPATH
>> HOSTALIASES
>> RES_OPTIONS
>> LOCALDOMAIN
>> PS4
>> SHELLOPTS
>> CDPATH
>> IFS
>> Environment variables to preserve:
>> XAUTHORIZATION
>> XAUTHORITY
>> TZ
>> PS2
>> PS1
>> PATH
>> MAIL
>> LS_COLORS
>> KRB5CCNAME
>> HOSTNAME
>> HOME
>> DISPLAY
>> COLORS
>> Local IP address and netmask pairs:
>> 192.168.1.100 / 255.255.255.0
>> fe80::215:f2ff:feb1:3464 / ffff:ffff:ffff:ffff::
>>
>>
>> E PATH è mantenuto di default, quindi aggiungere
>> Default env_kepp += "PATH"
>> è inutile
>>
>> Allora perché cambia?
>>
>> Credo che la colpa sia di:
>>
>> If sudo was compiled with the SECURE_PATH option, its value will be
>> used for the PATH environment variable. This flag is on by default.
>>
>> Ma non ne sono sicuro, qualcuno è in grado di chiarirmi il punto
>
> Forse la risposta è in
> man sudo
>
> Note, however, that the PATH environment variable is further modified
> in Debian because of the use of the SECURE_PATH build option.
>
> Sapete come risolvere?
Ho trovato una notizia datata 2006 che fa riferimoento ad un bug del 2001
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/50797
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=85123
come soluzione qualcuno ha proposto
alias sudo="sudo env PATH=$PATH"
>> grazie
>> AG
>>
>>>>> Provato con
>>>>>
>>>>> Defaults env_reset
>>>>> Defaults env_keep += "PATH"
>>>>>
>>>>> potrebbe essere che il path venga cancellato visto che env_reset:
>>>>
>>>> provato ed ecco i risultati:
>>>> $ sudo env | grep PATH
>>>> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
>>>>
>>>> $ sudo su -
>>>> #
>>>
>>> bo, a sto punto non saprei aiutarti.
>>>
>>> Ciao, Micky
>>> --
>>> UNIX is basically a simple operating system, but you have to
>>> be a genius to understand the simplicity. -- Dennis Ritchie
>>>
>>
>
Reply to: