Re: root path change



On 08/30/2011 11:16 AM, Bob Proulx wrote:
Camaleón wrote:
Paul Scott wrote:
About a week ago 'sudo aptitude' stopped working because /sbin and
/usr/sbin are no longer on the path. Is this possible a recent security
improvement? Aptitude works fine if I use "su -" instead of sudo.
But surely aptitude is in /usr/bin/aptitude and not /usr/sbin/aptitude?

Sorry I didn't supply enough info. sudo aptitude runs aptitude but aptitude dies at trying to update anything and gives:

dpkg: warning: 'ldconfig' not found in PATH or not executable.
dpkg: warning: 'start-stop-daemon' not found in PATH or not executable.
dpkg: error: 2 expected programs not found in PATH or not executable.
Note: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin.

Of course, see Cameleon's reply.

I tested this a moment ago on an up to date Sid machine and sudo
worked okay to find aptitude in /usr/bin/aptitude for me.

Hummm... the change seems to be listed here:
http://packages.debian.org/changelogs/pool/main/s/sudo/sudo_1.8.2-1/changelog
* move secure_path from configure to default sudoers, closes: #85123, 85917
But default secure_path is
secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
and so should definitely find aptitude in the path in /usr/bin.

What is your path after the sudo? This is easy to tell with:

sudo printenv PATH

I see this on my Sid machine:

$ sudo printenv PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
I get:

sudo printenv PATH

/usr/local/bin:/usr/bin:/bin:/usr/games

I have libselinux1 installed which a wild guess on my part says could be related.


And then you should look at 'sudo -l' to see what it says. There
should be clues there.

sudo -l
Matching Defaults entries for paul on this host:
env_reset

User paul may run the following commands on this host:
(ALL) ALL

I see no clues.

Thanks,

Paul




--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/4E5D2C6D.9040806@xxxxxxxxxxx