behavior of sudo -E

2014-07-08 Thread Harry Putnam 
I must be miss-understanding the usage of sudo's option `-E' (preserve users
env).

One would think that tools found along user path would then be
available to `sudo'

Here is what puzzles me:

Note:
---   ---   ---=---   ---   --- 
  ls -l /merb/dv/home/harry/scripts/enw  = custom script on $PATH

  -rwxr-xr-x 1 harry nfsu 194 Jul  8 10:24 /merb/dv/home/harry/scripts/enw


   harry $ echo $PATH (filtered)

   . . . . . . . . . . [...] /merb/dv/home/harry/scripts: [...]   . . 

   harry $ which enw:
   /merb/dv/home/harry/scripts/enw

---   ---   ---=---   ---   --- 
And now testing sudo -E
---   ---   ---=---   ---   --- 

   harry $ sudo -E echo $PATH (filtered)

   . . . . . . . . . [...] /merb/dv/home/harry/scripts: [...] . . . . . 


OK, so far sudo -E has retained the $PATH env of user `harry' that
leads to the script in question.

However, in that case I do not understand this behavior below:

  sudo -E which enw

  {no output}

  sudo -E enw

  sudo: enw: command not found

---   ---   ---=---   ---   --- 

It seems sudo -E has the right $PATH env, but cannot find a tool along
that path.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87a98j9aj1@reader.local.lan

Re: behavior of sudo -E

2014-07-08 Thread Linux-Fan 
On 07/08/2014 04:42 PM, Harry Putnam wrote:
 I must be miss-understanding the usage of sudo's option `-E' (preserve users
 env).
 
 One would think that tools found along user path would then be
 available to `sudo'
 
 Here is what puzzles me:

[...]

 ---   ---   ---=---   ---   --- 
 And now testing sudo -E
 ---   ---   ---=---   ---   --- 
 
harry $ sudo -E echo $PATH (filtered)
 
. . . . . . . . . [...] /merb/dv/home/harry/scripts: [...] . . . . . 
 
 
 OK, so far sudo -E has retained the $PATH env of user `harry' that
 leads to the script in question.

As far as I can tell, sudo has _not_ retainet the $PATH, $PATH has been
replaced by it's contents in your shell and therefore the real
invocation looks like that:

$ sudo -E echo ...:/merb/dv/home/harry/scripts:...

In other words: The variable is not resolved inside the shell started by
sudo but in your own instead.

 However, in that case I do not understand this behavior below:
 
   sudo -E which enw
 
   {no output}
 
   sudo -E enw
 
   sudo: enw: command not found

I do not understand it either. I just tried it and the ``problem'' is
reproducible: I believe it is related to some sudo policy or such. (The
manpage says ``Environment: PATH May be overriden by the security
policy.'') Also, this seems to be special to the $PATH variable. Others
work fine.

Try, for example (I have not copied this from a shell, but that is the
gist of what happens if one tests it):

$ export TEST=x
$ sudo -Es
# echo $TEST
x
# exit
$ export PATH=$PATH:test
$ echo $PATH
[...]:test
$ sudo -Es
# echo $PATH
[...] -- test is missing
# exit
$ echo $PATH
[...]:test

HTH
Linux-Fan



signature.asc
Description: OpenPGP digital signature

Re: behavior of sudo -E

2014-07-08 Thread Sven Joachim 
On 2014-07-08 16:53 +0200, Linux-Fan wrote:

 On 07/08/2014 04:42 PM, Harry Putnam wrote:
 However, in that case I do not understand this behavior below:
 
   sudo -E which enw
 
   {no output}
 
   sudo -E enw
 
   sudo: enw: command not found

 I do not understand it either. I just tried it and the ``problem'' is
 reproducible: I believe it is related to some sudo policy or such. (The
 manpage says ``Environment: PATH May be overriden by the security
 policy.'') Also, this seems to be special to the $PATH variable. Others
 work fine.

The secure_path setting in /etc/sudoers is responsible for that, it
seems.

Cheers,
   Sven


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87lhs3275q@turtle.gmx.de

Re: behavior of sudo -E

2014-07-08 Thread Dom 

On 08/07/14 15:42, Harry Putnam wrote:

I must be miss-understanding the usage of sudo's option `-E' (preserve users
env).

One would think that tools found along user path would then be
available to `sudo'

Here is what puzzles me:

Note:
---   ---   ---=---   ---   ---
   ls -l /merb/dv/home/harry/scripts/enw  = custom script on $PATH

   -rwxr-xr-x 1 harry nfsu 194 Jul  8 10:24 /merb/dv/home/harry/scripts/enw


harry $ echo $PATH (filtered)

. . . . . . . . . . [...] /merb/dv/home/harry/scripts: [...]   . .

harry $ which enw:
/merb/dv/home/harry/scripts/enw

---   ---   ---=---   ---   ---
And now testing sudo -E
---   ---   ---=---   ---   ---

harry $ sudo -E echo $PATH (filtered)

. . . . . . . . . [...] /merb/dv/home/harry/scripts: [...] . . . . .


OK, so far sudo -E has retained the $PATH env of user `harry' that
leads to the script in question.

However, in that case I do not understand this behavior below:

   sudo -E which enw

   {no output}

   sudo -E enw

   sudo: enw: command not found

---   ---   ---=---   ---   ---

It seems sudo -E has the right $PATH env, but cannot find a tool along
that path.


I believe it's to do with the secure_path setting in /etc/sudoers. 
This forces the user to have a sane PATH variable when using sudo.


There's nothing to stop you running your program using a full or 
relative filename though.



--
Dom


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/53bc135a.1050...@rpdom.net