This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
The community reviewed whether to reopen this question 2 years ago and left it closed:
Original close reason(s) were not resolved
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
接受
或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
发布评论
评论(18)
这是许多发行版上 sudo 的
一个烦人的功能一个功能。为了解决 ubuntu 上的这个“问题”,我做
我的 ~/.bashrc 中的以下内容
请注意,上述内容适用于不重置 $PATH 本身的命令。
然而 `su' 会重置它的 $PATH,所以你必须使用 -p 来告诉它不要这样做。 IE:
This is
an annoying functiona feature of sudo on many distributions.To work around this "problem" on ubuntu I do
the following in my ~/.bashrc
Note the above will work for commands that don't reset the $PATH themselves.
However `su' resets it's $PATH so you must use -p to tell it not to. I.E.:
万一其他人遇到此问题并希望禁用所有用户的所有路径变量更改。
使用以下命令访问 sudoers 文件:
visudo
。 您应该在某处看到以下行:您应该在下一行添加以下内容
secure_path 默认启用。 该选项指定 sudo 时 $PATH 的内容。 感叹号禁用该功能。
In case someone else runs accross this and wants to just disable all path variable changing for all users.
Access your sudoers file by using the command:
visudo
. You should see the following line somewhere:which you should add the following on the next line
secure_path is enabled by default. This option specifies what to make $PATH when sudoing. The exclamation mark disables the feature.
PATH
是一个环境变量,因此默认由 sudo 重置。您需要特殊权限才能执行此操作。
来自
man sudo
使用示例:
更新
所以可能需要检查它是否被编译。
默认情况下在 Gentoo 中
PATH
is an environment variable, and as such is by default reset by sudo.You need special permissions to be permitted to do this.
From
man sudo
An Example of usage:
update
So may need to check that this is/is not compiled in.
It is by default in Gentoo
看来这个bug已经存在很长一段时间了! 以下是一些您可能会发现有用的错误参考(并且可能想要订阅/投票,提示,提示...):
Debian bug #85123(“sudo: SECURE_PATH 仍然无法被覆盖”)(从 2001 年开始!)
他们提到将类似的内容放入您的 sudoers 文件中:
但是当我至少在 Ubuntu 8.10 中这样做时,它会给我这个错误:
Ubuntu bug #50797(“使用 --with-secure-path 构建的 sudo 有问题”)
Ubuntu bug #192651(“sudo 路径始终重置”)
Ubuntu bug #226595 ("不可能保留/指定路径”)
Looks like this bug has been around for quite a while! Here are some bug references you may find helpful (and may want to subscribe to / vote up, hint, hint...):
Debian bug #85123 ("sudo: SECURE_PATH still can't be overridden") (from 2001!)
They mention putting something like this in your sudoers file:
but when I do that in Ubuntu 8.10 at least, it gives me this error:
Ubuntu bug #50797 ("sudo built with --with-secure-path is problematic")
Ubuntu bug #192651 ("sudo path is always reset")
Ubuntu bug #226595 ("impossible to retain/specify PATH")
这似乎对我有用,
它采用非 sudo
PATH
This seemed to work for me
which takes on the non-sudo
PATH
我认为实际上让 sudo 重置 PATH 是可取的:否则,破坏您的用户帐户的攻击者可能会将各种工具的后门版本放在您的用户的 PATH 上,并且它们将在使用 sudo 时执行。
(当然,让 sudo 重置 PATH 并不是解决此类问题的完整解决方案,但它会有所帮助)
这确实是当您
在 /etc/sudoers 中使用而不使用
exempt_group
或时发生的情况env_keep。
这也很方便,因为您可以将仅对 root 有用的目录(例如
/sbin
和/usr/sbin
)添加到 sudo 路径,而无需将它们添加到您的用户' 路径。 指定 sudo 使用的路径:I think it is in fact desirable to have sudo reset the PATH: otherwise an attacker having compromised your user account could put backdoored versions of all kinds of tools on your users' PATH, and they would be executed when using sudo.
(of course having sudo reset the PATH is not a complete solution to these kinds of problems, but it helps)
This is indeed what happens when you use
in /etc/sudoers without using
exempt_group
orenv_keep
.This is also convenient because you can add directories that are only useful for root (such as
/sbin
and/usr/sbin
) to the sudo path without adding them to your users' paths. To specify the path to be used by sudo:现在可以使用 karmic 存储库中的 sudo 进行工作。 我的配置的详细信息:
很高兴终于在不使用黑客的情况下解决了这个问题。
Works now using sudo from the karmic repositories. Details from my configuration:
It's wonderful to finally have this solved without using a hack.
只需在 /etc/sudoers 中注释掉“Defaults env_reset”即可
Just comment out "Defaults env_reset" in /etc/sudoers
Just edit
env_keep
in/etc/sudoers
It looks something like this:
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASURE MENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL L ANGUAGE LINGUAS XDG_SESSION_COOKIE"
只需在末尾附加 PATH,更改后将如下所示:
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASURE MENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE PATH"
关闭终端,然后再次打开。
Just edit
env_keep
in/etc/sudoers
It looks something like this:
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASURE MENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL L ANGUAGE LINGUAS XDG_SESSION_COOKIE"
Just append PATH at the end, so after the change it would look like this:
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASURE MENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL L ANGUAGE LINGUAS XDG_SESSION_COOKIE PATH"
Close the terminal and then open again.
secure_path 是你的朋友,但如果你想从 secure_path 中免除自己,只需执行
并附加
如果你想免除一堆用户,请创建一个组,将所有用户添加到其中,并将其用作你的免除组。 man 5 sudoers 以获得更多。
Secure_path is your friend, but if you want to exempt yourself from secure_path just do
And append
If you want to exempt a bunch of users create a group, add all the users to it, and use that as your exempt_group. man 5 sudoers for more.
OpenSUSE 发行版评论中推荐的解决方案建议将:更改
为:,
然后可能注释掉以下不需要的行:
the recommended solution in the comments on the OpenSUSE distro suggests to change:
to:
and then presumably to comment out the following line which isn't needed:
注释掉 /etc/sudores 文件中的“Default env_reset”和“Default secure_path ...”对我有用
comment out both "Default env_reset" and "Default secure_path ..." in /etc/sudores file works for me
您还可以将文件移动到 sudoers 使用的目录中:
You can also move your file in a sudoers used directory :
呃,如果你不添加一些东西到你的路径中,这并不是一个真正的测试:
Er, it's not really a test if you don't add something to your path:
当使用 su 或 sudo 时,将通过 ENV_SUPATH 的定义重置 PATH,以及 /etc/login.defs 中定义的 ENV_PATH
The PATH will be reset when using su or sudo by the definition of ENV_SUPATH, and ENV_PATH defined in /etc/login.defs
$PATH 是一个环境变量,这意味着 $PATH 的值对于其他用户来说可能不同。
当您登录系统时,您的配置文件设置决定 $PATH 的值。
现在,让我们看一下:-
假设这些是不同用户的 $PATH 值。 现在,当您使用 sudo 执行任何命令时,实际上是 root 用户执行该命令。
您可以通过在终端上执行这些命令来确认:-
这就是原因。 我想你很清楚。
$PATH is an environment variable and it means that value of $PATH can differ for another users.
When you are doing login into your system then your profile setting decide the value of the $PATH.
Now, lets take a look:-
Suppose that these are the values of $PATH for different user. Now when you are executing any command with sudo then in actual meaning root user executes that command .
You can confirm by executing these commands on terminal :-
This is the reason. I think its clear to you.
这可能是违反直觉的,但第一次发生在我身上时,我知道发生了什么。 相信我,你不希望 root 运行别人的 PATH
“嘿 root?你能帮我吗,出了点问题”,他过来了,sudo 来自我的 shell,我写了一个“${HOME}/bin/ls”shell首先给我超级用户权限的脚本,然后调用真正的/bin/ls。
当 root 用户从我的 shell 中执行“sudo ls”时,他就完成了,并且这个盒子对我敞开了。
It may be counter-intuitive but the first time it happened to me, I knew what was going on. Believe me, you don't want root running someone else's PATH
"Hey root? Can you help me, something is wrong" and he comes over and sudo's from my shell and I wrote a "${HOME}/bin/ls" shell script that first gives me superuser privileges, and then calls the real /bin/ls.
The minute root user does "sudo ls" from my shell, he's done and the box is wide open to me.