LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-27-2009, 11:55 AM   #1
Himilhil
Member
 
Registered: Jun 2009
Posts: 52

Rep: Reputation: 15
How to get root's environment with sudo?


When i work as a plain user sometimes i need to call some programms with superuser rights (e.g. installpkg). I use sudo for it. A lot of this programms are located in /sbin, /usr/sbin, etc. This directories is included to PATH environment variable in root's environment and isn't included in plain user's environment. But when i use sudo PATH is the same as this one in plain user's environment. I've set "Defaults env_reset" in sudoers. I've also tried to use env_keep option. The problem doesn't disappear. I've not found another settings in man sudo, man visudo and man sudoers that could help me to solve this problem. Is it possible to have the same PATH (or another elements of environment) as in root's environment when i use sudo?

Last edited by Himilhil; 07-27-2009 at 12:00 PM.
 
Old 07-27-2009, 11:59 AM   #2
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
I'm not sure precisely how sudo works, because I don't use it; however, you can use 'su' instead. su stands for 'substitute user' if I recall correctly, and basically turns you into 'root' or whatever user you 'su' as.

You can either do just plain:

# su

and enter root password to get root permissions, or you can do:

# su -

with the dash after, to get a root login shell (which will have the root path and everything else root-esque).

Is this what you are after?
 
Old 07-27-2009, 12:04 PM   #3
rworkman
Slackware Contributor
 
Registered: Oct 2004
Location: Tuscaloosa, Alabama (USA)
Distribution: Slackware
Posts: 1,913

Rep: Reputation: Disabled
Easiest way to accomplish that is to add /usr/sbin and /sbin to your user's PATH. You can drop a "local.sh" or some such in /etc/profile.d/ to check the value of $USER and append to PATH accordingly.

Alternatively, you might find that invoking "sudo -i" is enough for you, as that gets you a login shell.
 
Old 07-27-2009, 12:09 PM   #4
Himilhil
Member
 
Registered: Jun 2009
Posts: 52

Original Poster
Rep: Reputation: 15
Is it possible to customize su for it don't require password?
 
Old 07-27-2009, 12:11 PM   #5
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Quote:
Originally Posted by Himilhil View Post
Is it possible to customize su for it don't require password?
Humm.. Something tells me that this is why 'sudo' was invented but I'm not opposed to being corrected.

Sasha
 
Old 07-27-2009, 12:17 PM   #6
Himilhil
Member
 
Registered: Jun 2009
Posts: 52

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by rworkman View Post
Easiest way to accomplish that is to add /usr/sbin and /sbin to your user's PATH. You can drop a "local.sh" or some such in /etc/profile.d/ to check the value of $USER and append to PATH accordingly.
It seems like not quite safe solution.
 
Old 07-27-2009, 12:32 PM   #7
rworkman
Slackware Contributor
 
Registered: Oct 2004
Location: Tuscaloosa, Alabama (USA)
Distribution: Slackware
Posts: 1,913

Rep: Reputation: Disabled
Please tell me you didn't go there...

You ask if su(1) can be configured to not require a password, and then you tell me that adding /usr/sbin and /sbin to a user's PATH "seems like not quite safe" -- what??? Yes, that makes *PERFECT* sense - because a user can't just use the full path to the executable...

I guess I'm done with this discussion.
 
Old 07-27-2009, 12:34 PM   #8
rworkman
Slackware Contributor
 
Registered: Oct 2004
Location: Tuscaloosa, Alabama (USA)
Distribution: Slackware
Posts: 1,913

Rep: Reputation: Disabled
Quote:
Originally Posted by GrapefruiTgirl View Post
Humm.. Something tells me that this is why 'sudo' was invented but I'm not opposed to being corrected.
More or less, yes.
 
Old 07-27-2009, 12:59 PM   #9
niels.horn
Senior Member
 
Registered: Mar 2007
Location: Rio de Janeiro - Brazil
Distribution: Slackware64-current
Posts: 1,004

Rep: Reputation: 89
Let me start with saying that I am not a fan of sudo, as it has been used by some distributions in a way it was not designed to be used - in *my* opinion.

But, sudo can be useful in some occasions, like shell scripts that need to execute commands normally only allowed by root. And for these very specific cases, you can use very specific configurations in your sudoers file, so that you do not need to type a password.

For instance, I have a script that connects over a VPN to a remote server and the user needs to change the routing table after connecting.
The specific "route add ..." command - with the IP address, netmask, etc. - is in the sudoers file so that a normal user can *only* add that specific route.

The example from the O.P. of using installpkg is (again, in *my* opinion) not a case for sudo, as it is too generic. If you put installpkg in the sudoers files, you put a security hole in your system. Then that user (or maybe all users, depending on how you configured it) can install any package without bothering about security.
Installpkg should be run as root, using su or logging in directly as root, and only after entering its password.

<edit>
Disclaimer:
Of course, it is *your* system, and you can make it as insecure as *you* like.
</edit>

Last edited by niels.horn; 07-27-2009 at 01:02 PM. Reason: added disclaimer :)
 
Old 07-27-2009, 02:13 PM   #10
pcunix
Member
 
Registered: Dec 2004
Location: MA
Distribution: Various
Posts: 149

Rep: Reputation: 23
sudo su -

Simple as that.
 
Old 07-27-2009, 02:21 PM   #11
niels.horn
Senior Member
 
Registered: Mar 2007
Location: Rio de Janeiro - Brazil
Distribution: Slackware64-current
Posts: 1,004

Rep: Reputation: 89
Quote:
Originally Posted by pcunix View Post
Simple as that.
Yes, simple as that, but it won't work on a standard Slackware system, unless you configured your sudoers file to allow it and thus removed all security from your system.
 
Old 07-27-2009, 02:38 PM   #12
pcunix
Member
 
Registered: Dec 2004
Location: MA
Distribution: Various
Posts: 149

Rep: Reputation: 23
Quote:
Originally Posted by niels.horn View Post
Yes, simple as that, but it won't work on a standard Slackware system, unless you configured your sudoers file to allow it and thus removed all security from your system.
Oh, boy, one of those...

For many small systems, the convenience of working as root is useful. Yes, obviously the people given "su" in sudoers can subvert the intention of controlling the root password while allowing them this logged access.

So, sure. you've "removed all security". If you have an environment where that is a problem, obviously you don't do that. In this case, he apparently already HAS "su" so apparently that bridge is far behind.

But, please: feel free to get all worked up about this if you must.
 
Old 07-27-2009, 02:46 PM   #13
niels.horn
Senior Member
 
Registered: Mar 2007
Location: Rio de Janeiro - Brazil
Distribution: Slackware64-current
Posts: 1,004

Rep: Reputation: 89
Quote:
Originally Posted by pcunix View Post
Oh, boy, one of those...
...

But, please: feel free to get all worked up about this if you must.
Please do not worry, I do not get "all worked up" about these things. Neither about remarks like "Oh, boy, one of those..."

Like I said a few posts back: "It is *your* system".
Linux is all about freedom, each administrator has the choice to configure his / her system as he / she sees fit.

There are "best practices" though.
 
Old 07-27-2009, 02:47 PM   #14
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,194

Rep: Reputation: Disabled
Quote:
Originally Posted by pcunix View Post
Oh, boy, one of those...

For many small systems, the convenience of working as root is useful. Yes, obviously the people given "su" in sudoers can subvert the intention of controlling the root password while allowing them this logged access.

So, sure. you've "removed all security". If you have an environment where that is a problem, obviously you don't do that. In this case, he apparently already HAS "su" so apparently that bridge is far behind.

But, please: feel free to get all worked up about this if you must.
You must be using Ubuntu.

Eric
 
Old 07-27-2009, 02:50 PM   #15
pcunix
Member
 
Registered: Dec 2004
Location: MA
Distribution: Various
Posts: 149

Rep: Reputation: 23
Quote:
Originally Posted by niels.horn View Post
Please do not worry, I do not get "all worked up" about these things. Neither about remarks like "Oh, boy, one of those..."

Like I said a few posts back: "It is *your* system".
Linux is all about freedom, each administrator has the choice to configure his / her system as he / she sees fit.

There are "best practices" though.
I agree. But many, many systems favor convenience :-)
 
  


Reply

Tags
environment, path, sudo


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 01:36 AM
Sudo and passing environment variables lapthorn Linux - Security 1 06-23-2009 05:40 AM
sudo perl script with environment variables powah Programming 1 04-22-2009 11:22 AM
Problem with SUDO : sudo: pam_authenticate: Module is unknown cristoph_ Linux - Software 2 03-02-2009 07:12 PM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 03:20 PM


All times are GMT -5. The time now is 07:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration