Feature changed by: Karl Cheng (qantas94heavy) Feature #310406, revision 24 Title: Make /sbin and /usr/sbin accessible by sudo out-of-the-box - openSUSE-11.4: Unconfirmed + openSUSE Distribution: Done Priority Requester: Desirable Requested by: Jan Matejek (matejcik) Partner organization: openSUSE.org Description: In current situation, /sbin and /usr/sbin are excluded from user path. If the user wants to use 'sudo' to run superuser tools located in sbin, the command fails. Example: matejcik@ws-pool1:~> yast2 Absolute path to 'yast2' is '/sbin/yast2', so running it may require superuser privileges (eg. root). matejcik@ws-pool1:~> sudo yast2 sudo: yast2: command not found Sudo should be configured out-of-the-box to be able to find commands located in /sbin and /usr/sbin - either by modifying secure_path in /etc/sudoers, or putting sbin's back into default user paths. Business case (Partner benefit): openSUSE.org: One of the common scenarios for administering a Linux system is never logging in as root and using sudo to execute all superuser commands. This approach fails miserably in openSUSE, making it less comfortable for some power users, and much less accessible for users coming from other distributions (most notably Ubuntu, where the sudo approach is the officially sanctioned way of doing things) Discussion: #1: Sławomir Lach (lachu) (2010-08-27 12:23:32) Why SUDO don't change search paths? I must mentoin, that current working direcotry isn't used to search program. Why don't changing PATH on sudo? If somebody have good reason: I think, that sudo should add PATH to ROOT_PATH:$PATH, where ROOT_PATH would been read from config file. This force us to add new config rules and allow to change PATH depending on destination UID. #2: Tim Edwards (tk83) (2010-08-31 11:39:26) I fully agree with this feature request. however: "Sudo should be configured out-of-the-box to be able to find commands located in /sbin and /usr/sbin - either by modifying secure_path in /etc/sudoers, or putting sbin's back into default user paths." Actually neither of these hacky solutions is necessary (or desirable) - if sudo is compiled with the --with-secure-path option it automatically and transparently adds /sbin and /usr/sbin to the path. I opened a bug on this before (https://bugzilla.novell.com/show_bug.cgi?id=574348) and they refused to fix it, saying they'd already discussed it and decided it was insecure for some reason. #5: Christian Boltz (cboltz) (2010-12-05 23:16:27) (reply to #2) https://bugzilla.novell.com/show_bug.cgi?id=145687#c20 (which is probably what Pavol referred to) says: - use --without-secure-path - change hardcoded secure_path to /usr/sbin:/bin:/usr/bin:/sbin * PATH will be kept if specified in env_keep for all users * PATH will be reset to secure_path if not in env_keep for all users However the sudo behaviour looks buggy to me. sudo env shows PATH=/usr/sbin:/bin:/usr/bin:/sbin <br /> but sudo ifconfig says sudo: ifconfig: command not found Looks like sudo searches for ifconfig with the user's path :-( #7: Diggory Hardy (d_hardy) (2012-04-15 22:43:11) (reply to #5) No change for 12 months? This is a _bug_ not present in other distros (at least debian), presumably in sudo as Christian says. #3: Pavol Rusnak (prusnak) (2010-09-07 12:09:00) Please, using "sudo" for launching GUI applications is a broken concept. (Unfortunately that's what Ubuntu is shoving down the throat its users). We have kdesu, gnomesu and other tools for this purpose. And if you want to use cmdline utilities from /usr/sbin and /sbin just add these paths to your path (~/.bashrc) or use "sudo -s" to launch root shell. -100 from me #4: Jan Matejek (matejcik) (2010-09-13 16:56:07) (reply to #3) nobody is talking about GUI and besides, that really doesn't have that much to do with this request. this feature is desirable for remote administration or terminal access as well. and if i choose to configure sudo to let me do everything without a password, it's doesn't matter at all whether i use sudo or gnomesu #6: Pieter De Decker (pdedecker) (2011-04-21 15:41:16) I hate having to add the directories to my path manually. It's a small fix, so let's do this! #8: Narayansamy S (vazhavandan) (2013-02-02 04:38:05) It works now. If you add sudo at the beginning directory completion works #9: Alexander Mityunin (xandry) (2013-03-13 19:50:29) (reply to #8) This is not exactly what should be. It should work without completion. If you type sudo yast then you get sudo: yast: command not found #10: Juergen Weigert (jnweiger) (2013-03-13 23:18:13) Two possible fixes: echo >> /etc/sudoers 'Defaults secure_path = "/bin:/usr/bin:/sbin: /usr/sbin"' alias sudo='sudo -i' #11: qXCCQeJQN2a5UKx uoABUEqi7wMgnsX (crabman) (2013-05-14 03:10:09) (reply to #10) How safe is it to include that? Can there be any problems if I do that? #12: Melvin Aguirre (aguirrem) (2013-08-04 16:10:20) What is the rationale behind the refusal to make the change? the user benefit field explains this really well why this should be done. #13: Dominique Leuenberger (dimstar) (2016-05-20 15:19:55) FWIW: This is working in Tumbleweed by now (not on Leap 42.1) #14: Mikhail Kasimov (k_mikhail) (2016-05-20 15:35:46) On 42.1: k_mikhail@linux-mk500:~> sudo yast <Tab><Tab> yast yast2 k_mikhail@linux-mk500:~> yast Absolute path to 'yast' is '/usr/sbin/yast', so running it may require superuser privileges (eg. root). ========= Is this schema going to be broken? o_O -- openSUSE Feature: https://features.opensuse.org/310406