这是不带sudo的PATH变量:
$ echo 'echo $PATH' | sh
/opt/local/ruby/bin:/usr/bin:/bin
这是sudo的PATH变量:
$ echo 'echo $PATH' | sudo sh
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
据我所知,sudo应该不影响PATH。这是怎么呢我该如何改变呢?(这是在Ubuntu 8.04上)。
更新:据我所知,没有一个脚本以任何方式以根更改PATH开始。
来自man sudo:
为了防止命令欺骗,sudo 检查“。和“”(都表示 当前目录)最后搜索 在用户的PATH(如果 一个或两个都在PATH中)。请注意, 然而,实际的路径 未修改环境变量 并原封不动地传递给程序 sudo执行。
当前回答
看起来这个bug已经存在很长一段时间了!以下是一些你可能会觉得有用的bug参考(可能会想订阅/投票,提示,提示…)
Debian bug #85123(“sudo: SECURE_PATH仍然不能被覆盖”)(2001年!)
这个版本的sudo中似乎仍然存在Bug#20996。的 changelog说它可以在运行时被覆盖,但我还没有 如何发现的。
他们提到在你的sudoers文件中放置这样的东西:
Defaults secure_path="/bin:/usr/bin:/usr/local/bin"
但是当我至少在Ubuntu 8.10中这样做时,它给了我这个错误:
visudo: unknown defaults entry `secure_path' referenced near line 10
Ubuntu bug #50797(“使用——with-secure-path构建的sudo有问题”)
Worse still, as far as I can tell, it is impossible to respecify secure_path in the sudoers file. So if, for example, you want to offer your users easy access to something under /opt, you must recompile sudo. Yes. There needs to be a way to override this "feature" without having to recompile. Nothing worse then security bigots telling you what's best for your environment and then not giving you a way to turn it off. This is really annoying. It might be wise to keep current behavior by default for security reasons, but there should be a way of overriding it other than recompiling from source code! Many people ARE in need of PATH inheritance. I wonder why no maintainers look into it, which seems easy to come up with an acceptable solution. I worked around it like this: mv /usr/bin/sudo /usr/bin/sudo.orig then create a file /usr/bin/sudo containing the following: #!/bin/bash /usr/bin/sudo.orig env PATH=$PATH "$@" then your regular sudo works just like the non secure-path sudo
Ubuntu bug #192651(“sudo路径总是重置”)
假设这个bug的副本是 最初是在2006年7月提交的,我不是 清楚一个无效的env_keep多长时间 一直在运作。无论 强迫用户使用的优点 如上所列的技巧, 当然是sudo的手册页 Sudoers应该反映这一事实 修改路径的选项为 有效的冗余。 修改文档以反映 实际执行不会破坏稳定 而且很有帮助。
Ubuntu bug #226595(“无法保留/指定PATH”)
I need to be able to run sudo with additional non-std binary folders in the PATH. Having already added my requirements to /etc/environment I was surprised when I got errors about missing commands when running them under sudo..... I tried the following to fix this without sucess: Using the "sudo -E" option - did not work. My existing PATH was still reset by sudo Changing "Defaults env_reset" to "Defaults !env_reset" in /etc/sudoers -- also did not work (even when combined with sudo -E) Uncommenting env_reset (e.g. "#Defaults env_reset") in /etc/sudoers -- also did not work. Adding 'Defaults env_keep += "PATH"' to /etc/sudoers -- also did not work. Clearly - despite the man documentation - sudo is completely hardcoded regarding PATH and does not allow any flexibility regarding retaining the users PATH. Very annoying as I can't run non-default software under root permissions using sudo.
其他回答
只需注释掉/etc/sudoers中的“Defaults env_reset”即可
这是一个讨厌的函数,是sudo在许多发行版中的特性。
为了在ubuntu上解决这个“问题”,我做了 下面在我的~/.bashrc
alias sudo='sudo env PATH=$PATH'
注意,上述方法适用于不重置$PATH本身的命令。 然而,' su'重置它的$PATH,所以你必须使用-p告诉它不要这样做。例如:
sudo su -p
这似乎对我很管用
sudo -i
它采取非sudo路径
你也可以移动你的文件到sudoers used目录:
sudo mv $HOME/bash/script.sh /usr/sbin/
以防其他人碰到这个,想要禁用所有用户的所有路径变量更改。 使用命令:visudo访问sudoers文件。你应该在某处看到下面这行:
违约env_reset
你应该在下一行加上哪一个
违约! secure_path
缺省情况下,开启Secure_path。该选项指定sudo时要使什么为$PATH。感叹号禁用该功能。
