Re: PATH di sudo

To: debian-italian@lists.debian.org
Cc: debian-italian@lists.debian.org
Subject: Re: PATH di sudo
From: Alberto <fi3rizi0@gmail.com>
Date: Thu, 4 Sep 2008 19:11:02 +0200
Message-id: <[🔎] 75ee7ceb0809041011s7aa2cb42jb435543571407343@mail.gmail.com>
In-reply-to: <[🔎] 75ee7ceb0809040953r15b8256eu788450d36273aeae@mail.gmail.com>
References: <[🔎] 75ee7ceb0809040013xa9b2911y550e05d5980f1e60@mail.gmail.com> <[🔎] A93FA51D-A344-42AE-90B4-F5611FB86738@yahoo.it> <[🔎] 75ee7ceb0809040047md1dd8dboae5abaefe6ab825@mail.gmail.com> <[🔎] 867i9sgq3a.fsf@pupa.mesina.net> <75ee7ceb0809040544t28997ad6rb83a27d1d84b619b@mail.gmail.com> <[🔎] 86r680f504.fsf@pupa.mesina.net> <[🔎] 75ee7ceb0809040953r15b8256eu788450d36273aeae@mail.gmail.com>

On Thu, Sep 4, 2008 at 6:53 PM, Alberto <fi3rizi0@gmail.com> wrote:
> Ricapitolo un po tutto:
>
> i PATH sono questi
>
> $ echo $PATH
> /usr/local/bin:/usr/bin:/bin:/usr/games:/opt/schily/bin
>
> $ su
> # echo $PATH
> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/schily/bin
>
> $ su -
> # echo $PATH
> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>
> $ su -l
> # echo $PATH
> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>
>
> Adesso incominciamo con sudo
>
> $ sudo echo $PATH
> /usr/local/bin:/usr/bin:/bin:/usr/games:/opt/schily/bin
>
> $ sudo env | grep PATH
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
>
> $ sudo su -
> root@uriel:~# clogout  (premo un qualsiasi tasto è mi fa logout)
>
>
>
> On Thu, Sep 4, 2008 at 2:51 PM, Micky Del Favero <micky@mesina.net> wrote:
>> [ Rispondo in lista, mi pare più corretto nei confronti di chi legge la
>>  discussione ]
>>
>> Alberto <fi3rizi0@gmail.com> writes:
>>
>>>> $ sudo su -
>>>> # env | grep PATH
>>>>
>>>> e vedi il path corretto.
>>>
>>> # env | grep PATH
>>> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>>
>> allora devi indagare su come vengono assegnati i path a PATH per root,
>
> Questo credo di averlo capito:
>
> $ cat /etc/profile
> # /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
> # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
>
> if [ "`id -u`" -eq 0 ]; then
>  PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
> else
>  PATH="/usr/local/bin:/usr/bin:/bin:/usr/games"
> fi
>
> if [ "$PS1" ]; then
>  if [ "$BASH" ]; then
>    PS1='\u@\h:\w\$ '
>  else
>    if [ "`id -u`" -eq 0 ]; then
>      PS1='# '
>    else
>      PS1='$ '
>    fi
>  fi
> fi
>
> export PATH
>
> umask 022
>
>
>> AFAIK su - significa carica l'enviromente come si facesse login, ma da
>> man su leggo che:
>>
>>       -, -l, --login
>>           Provide an environment similar to what the user would expect had
>>           the user logged in directly.
>>
>>           When - is used, it must be specified as the last su option. The
>>           other forms (-l and --login) do not have this restriction.
>>
>> potrebbe essere quel similar l'inghippo.
>
> Personalmente credo che sia colpa del PATH che sudo si assegna.
> Di default la mia debian partiva con
>
> Default env_reset
>
> e il manuale di sudoers mi dice che con questa impostazione resetta
> l'enviroment in modo da contenere solo HOME, LOGNAME, PATH, SHELL,
> TERM, USER (oltre a SUDO_* )
>
> Inoltre mi dice che di default, anche se non chiamati esplicitamente,
> env_keep tiene delle variabili che è possibile sapere con
>
> #sudo -V
>
> # sudo -V
> Sudo version 1.6.9p17
>
> Sudoers path: /etc/sudoers
> Authentication methods: 'pam'
> Syslog facility if syslog is being used for logging: authpriv
> Syslog priority to use when user authenticates successfully: notice
> Syslog priority to use when user authenticates unsuccessfully: alert
> Send mail if the user is not in sudoers
> Lecture user the first time they run sudo
> Require users to authenticate by default
> Root may run sudo
> Allow some information gathering to give useful error messages
> Require fully-qualified hostnames in the sudoers file
> Visudo will honor the EDITOR environment variable
> Set the LOGNAME and USER environment variables
> Length at which to wrap log file lines (0 for no wrap): 80
> Authentication timestamp timeout: 15 minutes
> Password prompt timeout: 0 minutes
> Number of tries to enter a password: 3
> Umask to use or 0777 to use user's: 022
> Path to mail program: /usr/sbin/sendmail
> Flags for mail program: -t
> Address to send mail to: root
> Subject line for mail messages: *** SECURITY information for %h ***
> Incorrect password message: Sorry, try again.
> Path to authentication timestamp dir: /var/run/sudo
> Default password prompt: [sudo] password for %p:
> Default user to run commands as: root
> Path to the editor for use by visudo: /usr/bin/editor
> When to require a password for 'list' pseudocommand: any
> When to require a password for 'verify' pseudocommand: all
> File containing dummy exec functions: /usr/lib/sudo/sudo_noexec.so
> Reset the environment to a default set of variables
> Environment variables to check for sanity:
>        TERM
>        LINGUAS
>        LC_*
>        LANGUAGE
>        LANG
>        COLORTERM
> Environment variables to remove:
>        RUBYOPT
>        RUBYLIB
>        PYTHONINSPECT
>        PYTHONPATH
>        PYTHONHOME
>        TMPPREFIX
>        ZDOTDIR
>        READNULLCMD
>        NULLCMD
>        FPATH
>        PERL5DB
>        PERL5OPT
>        PERL5LIB
>        PERLLIB
>        PERLIO_DEBUG
>        JAVA_TOOL_OPTIONS
>        SHELLOPTS
>        GLOBIGNORE
>        PS4
>        BASH_ENV
>        ENV
>        TERMCAP
>        TERMPATH
>        TERMINFO_DIRS
>        TERMINFO
>        _RLD*
>        LD_*
>        PATH_LOCALE
>        NLSPATH
>        HOSTALIASES
>        RES_OPTIONS
>        LOCALDOMAIN
>        PS4
>        SHELLOPTS
>        CDPATH
>        IFS
> Environment variables to preserve:
>        XAUTHORIZATION
>        XAUTHORITY
>        TZ
>        PS2
>        PS1
>        PATH
>        MAIL
>        LS_COLORS
>        KRB5CCNAME
>        HOSTNAME
>        HOME
>        DISPLAY
>        COLORS
> Local IP address and netmask pairs:
>        192.168.1.100 / 255.255.255.0
>        fe80::215:f2ff:feb1:3464 / ffff:ffff:ffff:ffff::
>
>
> E PATH è mantenuto di default, quindi aggiungere
> Default env_kepp += "PATH"
> è inutile
>
> Allora perché cambia?
>
> Credo che la colpa sia di:
>
>  If sudo was compiled with the SECURE_PATH option, its value will be
> used for the PATH environment variable.  This flag is on by default.
>
> Ma non ne sono sicuro, qualcuno è in grado di chiarirmi il punto

Forse la risposta è in
man sudo

Note, however, that the PATH environment variable is further modified
in Debian because of the use of the SECURE_PATH build option.

Sapete come risolvere?

> grazie
> AG
>
>>>> Provato con
>>>>
>>>> Defaults        env_reset
>>>> Defaults        env_keep += "PATH"
>>>>
>>>> potrebbe essere che il path venga cancellato visto che env_reset:
>>>
>>> provato ed ecco i risultati:
>>> $ sudo env | grep PATH
>>> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
>>>
>>> $ sudo su -
>>> #
>>
>> bo, a sto punto non saprei aiutarti.
>>
>> Ciao, Micky
>> --
>> UNIX is basically a simple operating system, but you have to
>> be a genius to understand the simplicity.  -- Dennis Ritchie
>>
>

Reply to:

Follow-Ups:
- Re: PATH di sudo
  - From: Alberto <fi3rizi0@gmail.com>

References:
- PATH di sudo
  - From: Alberto <fi3rizi0@gmail.com>
- Re: PATH di sudo
  - From: Enrico La Cava <enrico.lacava@yahoo.it>
- Re: PATH di sudo
  - From: Alberto <fi3rizi0@gmail.com>
- Re: PATH di sudo
  - From: Micky Del Favero <micky@mesina.net>
- Re: PATH di sudo
  - From: Micky Del Favero <micky@mesina.net>
- Re: PATH di sudo
  - From: Alberto <fi3rizi0@gmail.com>

Prev by Date: Re: cups 1.3.8-1 crash
Next by Date: Re: PATH di sudo
Previous by thread: Re: PATH di sudo
Next by thread: Re: PATH di sudo
Index(es):
- Date
- Thread