[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo not respecting /etc/sudoers

On Sun, May 03, 2015 at 03:20:05PM +0200, Nicolas George wrote:
> Le quartidi 14 floréal, an CCXXIII, Jonathan Dowland a écrit :
> > There's nothing wrong with the file permissions. By default, root's
> > shell reads /etc/environment, but users do not. To be honest I'm not
> > sure why that is the case.
> I believe you are wrong.

I tested my hypothesis before I wrote to the list. May I ask that do
the same before you share your opinion?

> > You can configure your user(s) to source /etc/environment by adding '.
> > /etc/environment' to their ~/.bashrc files (assuming they still use bash).
> This is bugware. /etc/environment is read by PAM. If it is not, then the PAM
> configuration is faulty. As far as I can see, pam_env.so is invoked by each
> specific PAM configuration; IMHO, it should be in common-session.

Aha! By default, indeed it is. So *Login* shells will get it sourced, but
others will not. My testing was limited to sub-shells of my tmux session, which
are not login shells. Indeed I rarely launch a new login shell on this
particular box, and so, without modifications such as I have suggested, I or
anyone operating in a similar fashion to me would not pick up changes to
/etc/environment very often.

> > (IMHO that's preferable to whitelisting the http_proxy env variable).
> It may be the case if sudo was used to grant LIMITED access to the user.
> When granting UNLIMITED access, whitelisting the environment variable is
> preferable.

I addressed this in my other reply.


Jonathan Dowland

Reply to: