Re: [blfs-support] Can't get OpenLDAP to talk to slapd daemon

Sun, 25 Jun 2017 14:25:28 -0700 

On 6/25/2017 12:05 PM, Bruce Dubbs wrote:

Alan Feuerbacher wrote:

In BLFS systemd version 8.0:

Until a few days ago, the commands "sudo -E" and "su root" did what I
expected: they preserved the environment of the original user. Now they
don't, so I've tried to debug what's going on.

For example, I would think that "sudo -E printenv" would return exactly
the same parameters as just "printenv". Isn't that correct?
Not completely. functions are not passed and PATHs are different according to the policy set in the sudoers config file, even with -E. Also, the EUID, USER, etc are different.
After some reading and experimenting, I've found that using -E has no effect, at least, with "sudo -E printenv". The output is exactly the same as with "sudo printenv". I don't understand why -E has no effect.
The command "sudo -V" lists all the environment variables that are always removed, and the ones you've specified to keep with "env_keep ..." in the sudoers file. No surprises there, except that PATH and PYTHONPATH are not kept, no matter what you specify. Why?
This also brings up the behavior of "su", as in "su root" or "su - root". Because by default the PATH is not carried along from the unprivileged user, occasionally compiling stuff in BLFS would get balled up because the lfs user has a certain PATH and root has a different one. The same goes for "sudo", where sometimes "sudo make install" would fail or otherwise do something unexpected.
I've found solutions for both problems by reading "man su", "man sudo" and various websearches: 

For "su root" and "su - root":
In /etc/login.defs, edit the variables ENV_SUPATH and ENV_PATH to whatever you want them to be after "su ..." The "man su" command tells you about this. In my case: 

ENV_PATH    PATH=/usr/local/bin:/bin:/usr/bin . . .
ENV_SUPATH  PATH=/usr/local/sbin:/usr/local/bin . . .

For "sudo":

In /etc/sudoers (I use visudo to edit it) insert the lines:

Defaults !env_reset
# As many of these lines as you want:
Defaults env_keep += "JAVA_HOME ..."
# Not sure if this one is completely legit, but it works:
Defaults secure_path = "/usr/local/sbin: . . ."
# I set this to the same path that "su - root" gives.

This is a lot more complicated than I ever knew!

Alan
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to