Re: PATH di sudo
On Thu, Sep 4, 2008 at 6:53 PM, Alberto <fi3rizi0@gmail.com> wrote:
> Ricapitolo un po tutto:
>
> i PATH sono questi
>
> $ echo $PATH
> /usr/local/bin:/usr/bin:/bin:/usr/games:/opt/schily/bin
>
> $ su
> # echo $PATH
> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/schily/bin
>
> $ su -
> # echo $PATH
> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>
> $ su -l
> # echo $PATH
> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>
>
> Adesso incominciamo con sudo
>
> $ sudo echo $PATH
> /usr/local/bin:/usr/bin:/bin:/usr/games:/opt/schily/bin
>
> $ sudo env | grep PATH
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
>
> $ sudo su -
> root@uriel:~# clogout (premo un qualsiasi tasto è mi fa logout)
>
>
>
> On Thu, Sep 4, 2008 at 2:51 PM, Micky Del Favero <micky@mesina.net> wrote:
>> [ Rispondo in lista, mi pare più corretto nei confronti di chi legge la
>> discussione ]
>>
>> Alberto <fi3rizi0@gmail.com> writes:
>>
>>>> $ sudo su -
>>>> # env | grep PATH
>>>>
>>>> e vedi il path corretto.
>>>
>>> # env | grep PATH
>>> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>>
>> allora devi indagare su come vengono assegnati i path a PATH per root,
>
> Questo credo di averlo capito:
>
> $ cat /etc/profile
> # /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
> # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
>
> if [ "`id -u`" -eq 0 ]; then
> PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
> else
> PATH="/usr/local/bin:/usr/bin:/bin:/usr/games"
> fi
>
> if [ "$PS1" ]; then
> if [ "$BASH" ]; then
> PS1='\u@\h:\w\$ '
> else
> if [ "`id -u`" -eq 0 ]; then
> PS1='# '
> else
> PS1='$ '
> fi
> fi
> fi
>
> export PATH
>
> umask 022
>
>
>> AFAIK su - significa carica l'enviromente come si facesse login, ma da
>> man su leggo che:
>>
>> -, -l, --login
>> Provide an environment similar to what the user would expect had
>> the user logged in directly.
>>
>> When - is used, it must be specified as the last su option. The
>> other forms (-l and --login) do not have this restriction.
>>
>> potrebbe essere quel similar l'inghippo.
>
> Personalmente credo che sia colpa del PATH che sudo si assegna.
> Di default la mia debian partiva con
>
> Default env_reset
>
> e il manuale di sudoers mi dice che con questa impostazione resetta
> l'enviroment in modo da contenere solo HOME, LOGNAME, PATH, SHELL,
> TERM, USER (oltre a SUDO_* )
>
> Inoltre mi dice che di default, anche se non chiamati esplicitamente,
> env_keep tiene delle variabili che è possibile sapere con
>
> #sudo -V
>
> # sudo -V
> Sudo version 1.6.9p17
>
> Sudoers path: /etc/sudoers
> Authentication methods: 'pam'
> Syslog facility if syslog is being used for logging: authpriv
> Syslog priority to use when user authenticates successfully: notice
> Syslog priority to use when user authenticates unsuccessfully: alert
> Send mail if the user is not in sudoers
> Lecture user the first time they run sudo
> Require users to authenticate by default
> Root may run sudo
> Allow some information gathering to give useful error messages
> Require fully-qualified hostnames in the sudoers file
> Visudo will honor the EDITOR environment variable
> Set the LOGNAME and USER environment variables
> Length at which to wrap log file lines (0 for no wrap): 80
> Authentication timestamp timeout: 15 minutes
> Password prompt timeout: 0 minutes
> Number of tries to enter a password: 3
> Umask to use or 0777 to use user's: 022
> Path to mail program: /usr/sbin/sendmail
> Flags for mail program: -t
> Address to send mail to: root
> Subject line for mail messages: *** SECURITY information for %h ***
> Incorrect password message: Sorry, try again.
> Path to authentication timestamp dir: /var/run/sudo
> Default password prompt: [sudo] password for %p:
> Default user to run commands as: root
> Path to the editor for use by visudo: /usr/bin/editor
> When to require a password for 'list' pseudocommand: any
> When to require a password for 'verify' pseudocommand: all
> File containing dummy exec functions: /usr/lib/sudo/sudo_noexec.so
> Reset the environment to a default set of variables
> Environment variables to check for sanity:
> TERM
> LINGUAS
> LC_*
> LANGUAGE
> LANG
> COLORTERM
> Environment variables to remove:
> RUBYOPT
> RUBYLIB
> PYTHONINSPECT
> PYTHONPATH
> PYTHONHOME
> TMPPREFIX
> ZDOTDIR
> READNULLCMD
> NULLCMD
> FPATH
> PERL5DB
> PERL5OPT
> PERL5LIB
> PERLLIB
> PERLIO_DEBUG
> JAVA_TOOL_OPTIONS
> SHELLOPTS
> GLOBIGNORE
> PS4
> BASH_ENV
> ENV
> TERMCAP
> TERMPATH
> TERMINFO_DIRS
> TERMINFO
> _RLD*
> LD_*
> PATH_LOCALE
> NLSPATH
> HOSTALIASES
> RES_OPTIONS
> LOCALDOMAIN
> PS4
> SHELLOPTS
> CDPATH
> IFS
> Environment variables to preserve:
> XAUTHORIZATION
> XAUTHORITY
> TZ
> PS2
> PS1
> PATH
> MAIL
> LS_COLORS
> KRB5CCNAME
> HOSTNAME
> HOME
> DISPLAY
> COLORS
> Local IP address and netmask pairs:
> 192.168.1.100 / 255.255.255.0
> fe80::215:f2ff:feb1:3464 / ffff:ffff:ffff:ffff::
>
>
> E PATH è mantenuto di default, quindi aggiungere
> Default env_kepp += "PATH"
> è inutile
>
> Allora perché cambia?
>
> Credo che la colpa sia di:
>
> If sudo was compiled with the SECURE_PATH option, its value will be
> used for the PATH environment variable. This flag is on by default.
>
> Ma non ne sono sicuro, qualcuno è in grado di chiarirmi il punto
Forse la risposta è in
man sudo
Note, however, that the PATH environment variable is further modified
in Debian because of the use of the SECURE_PATH build option.
Sapete come risolvere?
> grazie
> AG
>
>>>> Provato con
>>>>
>>>> Defaults env_reset
>>>> Defaults env_keep += "PATH"
>>>>
>>>> potrebbe essere che il path venga cancellato visto che env_reset:
>>>
>>> provato ed ecco i risultati:
>>> $ sudo env | grep PATH
>>> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
>>>
>>> $ sudo su -
>>> #
>>
>> bo, a sto punto non saprei aiutarti.
>>
>> Ciao, Micky
>> --
>> UNIX is basically a simple operating system, but you have to
>> be a genius to understand the simplicity. -- Dennis Ritchie
>>
>
Reply to: