Hello, On Sat, 14 Apr 2018, Anton Aylward wrote:
I can see why tumbleweed or 15.x should change that without announcement of same. Check your man pages.
Also, check your /etc/sudoers! Here, PATH is always reset: ==== Defaults targetpw Defaults always_set_home Defaults env_reset Defaults env_keep = "DISPLAY TERM LANG" Defaults env_check = "DISPLAY TERM LANG" Defaults passwd_timeout=1 Defaults timestamp_timeout=0 Defaults insults root ALL=(ALL) ALL dh localhost=(target_user) NOPASSWD:/usr/local/bin/foo "" [and more along that line, where needed, foo is a wrapper, so I have complete control over parameters allowed] ==== And yes, _that_ what a user (or a group) may do, they can do without a password. Anything else requires the target- i.e. usually root-password. The "usual" "sudo anything" only works with entering the root-pw. And while I'm doing that, why not get rid of it in a controlled fashion so that NOPASSWD can be used, eh? BTW: there's _tons_ of stuff out there using 'sudo whatever', when all that's required is using a path, i.e. /sbin/whatever. Latest offender: an article used 'sudo ls /dev/tty*'... Since when is /dev/ without o+rX? Or 'sudo modinfo bla' or 'sudo lsmod'. Could be stuff under /lib/$(uname -r) is not readable, but even on bleeding edge distros it's still: # ls -l /sbin/modinfo /sbin/lsmod /bin/kmod /lib/modules/ -rwxr-xr-x 1 root root 186024 Jan 14 08:07 /bin/kmod* lrwxrwxrwx 1 root root 11 Jan 14 08:07 /sbin/lsmod -> ../bin/kmod* lrwxrwxrwx 1 root root 11 Jan 14 08:07 /sbin/modinfo -> ../bin/kmod* /lib/modules/: total 44 drwxr-xr-x 9 root root 4096 Apr 9 05:11 ./ drwxr-xr-x 16 root root 12288 Apr 14 02:16 ../ drwxr-xr-x 6 root root 4096 Apr 9 05:32 4.16.1-dnh1/ [..] ^^^!!! And on my old install: # ls -l /bin/lsmod /sbin/modinfo -rwxr-xr-x 1 root root 6432 Sep 26 2012 /bin/lsmod -rwxr-xr-x 1 root root 31312 Sep 26 2012 /sbin/modinfo So, /sbin/modinfo, /sbin/lsmod, or just using kmod works just fine. Oh, unless you ran depmod as root with a umask of "xx7" or so, so that user's can't access that file anymore. Anyway: most stuff about sudo "out there" is just plain [elided]... And if I have to fiddle on such a system, first thing is open an xterm and type 'sudo su -'. Bloody [elided]. Was it *buntu or Debian that started this? SuSE had some pretty good sudoers-defaults back when. -dnh -- It's 106 ms latency to Chicago, we've got a fullscale rant about NetSol and half a pack of work annoyances, it's dark, and we're typing with sunglasses.'' -- Hit it.'' -- Anthony de Boer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org