behavior of sudo -E
I must be miss-understanding the usage of sudo's option `-E' (preserve users env). One would think that tools found along user path would then be available to `sudo' Here is what puzzles me: Note: --- --- ---=--- --- --- ls -l /merb/dv/home/harry/scripts/enw = custom script on $PATH -rwxr-xr-x 1 harry nfsu 194 Jul 8 10:24 /merb/dv/home/harry/scripts/enw harry $ echo $PATH (filtered) . . . . . . . . . . [...] /merb/dv/home/harry/scripts: [...] . . harry $ which enw: /merb/dv/home/harry/scripts/enw --- --- ---=--- --- --- And now testing sudo -E --- --- ---=--- --- --- harry $ sudo -E echo $PATH (filtered) . . . . . . . . . [...] /merb/dv/home/harry/scripts: [...] . . . . . OK, so far sudo -E has retained the $PATH env of user `harry' that leads to the script in question. However, in that case I do not understand this behavior below: sudo -E which enw {no output} sudo -E enw sudo: enw: command not found --- --- ---=--- --- --- It seems sudo -E has the right $PATH env, but cannot find a tool along that path. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87a98j9aj1@reader.local.lan
Re: behavior of sudo -E
On 07/08/2014 04:42 PM, Harry Putnam wrote: I must be miss-understanding the usage of sudo's option `-E' (preserve users env). One would think that tools found along user path would then be available to `sudo' Here is what puzzles me: [...] --- --- ---=--- --- --- And now testing sudo -E --- --- ---=--- --- --- harry $ sudo -E echo $PATH (filtered) . . . . . . . . . [...] /merb/dv/home/harry/scripts: [...] . . . . . OK, so far sudo -E has retained the $PATH env of user `harry' that leads to the script in question. As far as I can tell, sudo has _not_ retainet the $PATH, $PATH has been replaced by it's contents in your shell and therefore the real invocation looks like that: $ sudo -E echo ...:/merb/dv/home/harry/scripts:... In other words: The variable is not resolved inside the shell started by sudo but in your own instead. However, in that case I do not understand this behavior below: sudo -E which enw {no output} sudo -E enw sudo: enw: command not found I do not understand it either. I just tried it and the ``problem'' is reproducible: I believe it is related to some sudo policy or such. (The manpage says ``Environment: PATH May be overriden by the security policy.'') Also, this seems to be special to the $PATH variable. Others work fine. Try, for example (I have not copied this from a shell, but that is the gist of what happens if one tests it): $ export TEST=x $ sudo -Es # echo $TEST x # exit $ export PATH=$PATH:test $ echo $PATH [...]:test $ sudo -Es # echo $PATH [...] -- test is missing # exit $ echo $PATH [...]:test HTH Linux-Fan signature.asc Description: OpenPGP digital signature
Re: behavior of sudo -E
On 2014-07-08 16:53 +0200, Linux-Fan wrote: On 07/08/2014 04:42 PM, Harry Putnam wrote: However, in that case I do not understand this behavior below: sudo -E which enw {no output} sudo -E enw sudo: enw: command not found I do not understand it either. I just tried it and the ``problem'' is reproducible: I believe it is related to some sudo policy or such. (The manpage says ``Environment: PATH May be overriden by the security policy.'') Also, this seems to be special to the $PATH variable. Others work fine. The secure_path setting in /etc/sudoers is responsible for that, it seems. Cheers, Sven -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87lhs3275q@turtle.gmx.de
Re: behavior of sudo -E
On 08/07/14 15:42, Harry Putnam wrote: I must be miss-understanding the usage of sudo's option `-E' (preserve users env). One would think that tools found along user path would then be available to `sudo' Here is what puzzles me: Note: --- --- ---=--- --- --- ls -l /merb/dv/home/harry/scripts/enw = custom script on $PATH -rwxr-xr-x 1 harry nfsu 194 Jul 8 10:24 /merb/dv/home/harry/scripts/enw harry $ echo $PATH (filtered) . . . . . . . . . . [...] /merb/dv/home/harry/scripts: [...] . . harry $ which enw: /merb/dv/home/harry/scripts/enw --- --- ---=--- --- --- And now testing sudo -E --- --- ---=--- --- --- harry $ sudo -E echo $PATH (filtered) . . . . . . . . . [...] /merb/dv/home/harry/scripts: [...] . . . . . OK, so far sudo -E has retained the $PATH env of user `harry' that leads to the script in question. However, in that case I do not understand this behavior below: sudo -E which enw {no output} sudo -E enw sudo: enw: command not found --- --- ---=--- --- --- It seems sudo -E has the right $PATH env, but cannot find a tool along that path. I believe it's to do with the secure_path setting in /etc/sudoers. This forces the user to have a sane PATH variable when using sudo. There's nothing to stop you running your program using a full or relative filename though. -- Dom -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53bc135a.1050...@rpdom.net