这是不带sudo的PATH变量:
$ echo 'echo $PATH' | sh
/opt/local/ruby/bin:/usr/bin:/bin
这是sudo的PATH变量:
$ echo 'echo $PATH' | sudo sh
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
据我所知,sudo应该不影响PATH。这是怎么呢我该如何改变呢?(这是在Ubuntu 8.04上)。
更新:据我所知,没有一个脚本以任何方式以根更改PATH开始。
来自man sudo:
为了防止命令欺骗,sudo 检查“。和“”(都表示 当前目录)最后搜索 在用户的PATH(如果 一个或两个都在PATH中)。请注意, 然而,实际的路径 未修改环境变量 并原封不动地传递给程序 sudo执行。
当前回答
# cat .bash_profile | grep PATH
PATH=$HOME/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
export PATH
# cat /etc/sudoers | grep Defaults
Defaults requiretty
Defaults env_reset
Defaults env_keep = "SOME_PARAM1 SOME_PARAM2 ... PATH"
其他回答
我认为实际上让sudo重置PATH是可取的:否则,攻击者已经破坏了你的用户帐户,可以在你的用户的PATH上放置各种工具的后门版本,并且在使用sudo时它们将被执行。
(当然,让sudo重置PATH并不能完全解决这类问题,但它有帮助)
这确实是当你使用
Defaults env_reset
在/etc/sudoers中,不使用豁免组或env_keep。
这也很方便,因为您可以将只对根目录有用的目录(例如/sbin和/usr/sbin)添加到sudo路径,而不必将它们添加到用户的路径中。使用实例指定sudo使用的路径。
Defaults secure_path="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin"
你也可以移动你的文件到sudoers used目录:
sudo mv $HOME/bash/script.sh /usr/sbin/
只需注释掉/etc/sudoers中的“Defaults env_reset”即可
只需在/etc/sudoers中编辑env_keep即可
它看起来是这样的:
默认值env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASURE LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL L language LINGUAS XDG_SESSION_COOKIE"
只需要在最后附加PATH,所以在更改之后,它看起来就像这样:
默认值env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASURE LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL L language LINGUAS XDG_SESSION_COOKIE路径"
关闭终端,然后再次打开。
看起来这个bug已经存在很长一段时间了!以下是一些你可能会觉得有用的bug参考(可能会想订阅/投票,提示,提示…)
Debian bug #85123(“sudo: SECURE_PATH仍然不能被覆盖”)(2001年!)
这个版本的sudo中似乎仍然存在Bug#20996。的 changelog说它可以在运行时被覆盖,但我还没有 如何发现的。
他们提到在你的sudoers文件中放置这样的东西:
Defaults secure_path="/bin:/usr/bin:/usr/local/bin"
但是当我至少在Ubuntu 8.10中这样做时,它给了我这个错误:
visudo: unknown defaults entry `secure_path' referenced near line 10
Ubuntu bug #50797(“使用——with-secure-path构建的sudo有问题”)
Worse still, as far as I can tell, it is impossible to respecify secure_path in the sudoers file. So if, for example, you want to offer your users easy access to something under /opt, you must recompile sudo. Yes. There needs to be a way to override this "feature" without having to recompile. Nothing worse then security bigots telling you what's best for your environment and then not giving you a way to turn it off. This is really annoying. It might be wise to keep current behavior by default for security reasons, but there should be a way of overriding it other than recompiling from source code! Many people ARE in need of PATH inheritance. I wonder why no maintainers look into it, which seems easy to come up with an acceptable solution. I worked around it like this: mv /usr/bin/sudo /usr/bin/sudo.orig then create a file /usr/bin/sudo containing the following: #!/bin/bash /usr/bin/sudo.orig env PATH=$PATH "$@" then your regular sudo works just like the non secure-path sudo
Ubuntu bug #192651(“sudo路径总是重置”)
假设这个bug的副本是 最初是在2006年7月提交的,我不是 清楚一个无效的env_keep多长时间 一直在运作。无论 强迫用户使用的优点 如上所列的技巧, 当然是sudo的手册页 Sudoers应该反映这一事实 修改路径的选项为 有效的冗余。 修改文档以反映 实际执行不会破坏稳定 而且很有帮助。
Ubuntu bug #226595(“无法保留/指定PATH”)
I need to be able to run sudo with additional non-std binary folders in the PATH. Having already added my requirements to /etc/environment I was surprised when I got errors about missing commands when running them under sudo..... I tried the following to fix this without sucess: Using the "sudo -E" option - did not work. My existing PATH was still reset by sudo Changing "Defaults env_reset" to "Defaults !env_reset" in /etc/sudoers -- also did not work (even when combined with sudo -E) Uncommenting env_reset (e.g. "#Defaults env_reset") in /etc/sudoers -- also did not work. Adding 'Defaults env_keep += "PATH"' to /etc/sudoers -- also did not work. Clearly - despite the man documentation - sudo is completely hardcoded regarding PATH and does not allow any flexibility regarding retaining the users PATH. Very annoying as I can't run non-default software under root permissions using sudo.
