Mailinglist Archive: opensuse-features (542 mails)

< Previous Next >
[openFATE 310406] Make /sbin and /usr/sbin accessible by sudo out-of-the-box
  • From: fate_noreply@xxxxxxx
  • Date: Sun, 5 Dec 2010 23:17:19 +0100 (CET)
  • Message-id: <feature-310406-11@xxxxxxxxxxxxxx>
Feature changed by: Christian Boltz (cboltz)
Feature #310406, revision 11
Title: Make /sbin and /usr/sbin accessible by sudo out-of-the-box

openSUSE-11.4: Unconfirmed
Requester: Desirable

Requested by: Jan Matejek (matejcik)
Partner organization:

In current situation, /sbin and /usr/sbin are excluded from user path.
If the user wants to use 'sudo' to run superuser tools located in sbin,
the command fails. Example:
matejcik@ws-pool1:~> yast2
Absolute path to 'yast2' is '/sbin/yast2', so running it may require
superuser privileges (eg. root).
matejcik@ws-pool1:~> sudo yast2
sudo: yast2: command not found

Sudo should be configured out-of-the-box to be able to find commands
located in /sbin and /usr/sbin - either by modifying secure_path in
/etc/sudoers, or putting sbin's back into default user paths.

Business case (Partner benefit): One of the common scenarios for administering a Linux
system is never logging in as root and using sudo to execute all
superuser commands. This approach fails miserably in openSUSE, making
it less comfortable for some power users, and much less accessible for
users coming from other distributions (most notably Ubuntu, where the
sudo approach is the officially sanctioned way of doing things)

#1: Sławomir Lach (lachu) (2010-08-27 12:23:32)
Why SUDO don't change search paths?
I must mentoin, that current working direcotry isn't used to search
program. Why don't changing PATH on sudo?
If somebody have good reason: I think, that sudo should add PATH to
ROOT_PATH:$PATH, where ROOT_PATH would been read from config file. This
force us to add new config rules and allow to change PATH depending on
destination UID.

#2: Tim Edwards (tk83) (2010-08-31 11:39:26)
I fully agree with this feature request. however:
"Sudo should be configured out-of-the-box to be able to find commands
located in /sbin and /usr/sbin - either by modifying secure_path in
/etc/sudoers, or putting sbin's back into default user paths."
Actually neither of these hacky solutions is necessary (or desirable)
-  if sudo is compiled with the --with-secure-path option it
automatically and transparently adds /sbin and /usr/sbin to the path.
I opened a bug on this before
( and they refused
to fix it, saying they'd already discussed it and decided it was
insecure for some reason.

+ #5: Christian Boltz (cboltz) (2010-12-05 23:16:27) (reply to #2)
+ (which is
+ probably what Pavol referred to) says:
+ - use --without-secure-path
+ - change hardcoded secure_path to /usr/sbin:/bin:/usr/bin:/sbin
+ * PATH will be kept if specified in env_keep for all users
+ * PATH will be reset to secure_path if not in env_keep for all users

+ However the sudo behaviour looks buggy to me. sudo env shows
+ PATH=/usr/sbin:/bin:/usr/bin:/sbin <br /> but sudo ifconfig says sudo:
+ ifconfig: command not found
+ Looks like sudo searches for ifconfig with the user's path :-(

#3: Pavol Rusnak (prusnak) (2010-09-07 12:09:00)
Please, using "sudo" for launching GUI applications is a broken
concept. (Unfortunately that's what Ubuntu is shoving down the throat
its users). We have kdesu, gnomesu and other tools for this purpose.
And if you want to use cmdline utilities from /usr/sbin and /sbin just
add these paths to your path (~/.bashrc) or use "sudo -s" to launch
root shell. -100 from me

#4: Jan Matejek (matejcik) (2010-09-13 16:56:07) (reply to #3)
nobody is talking about GUI
and besides, that really doesn't have that much to do with this
request. this feature is desirable for remote administration or
terminal access as well.
and if i choose to configure sudo to let me do everything without a
password, it's doesn't matter at all whether i use sudo or gnomesu

openSUSE Feature:

< Previous Next >
This Thread
  • No further messages