Do I need to specify the pathname of a command added in `/etc/sudoers`, every time I run it with `sudo`?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
For a line that I added to /etc/sudoers, for example:
t ALL=(ALL) NOPASSWD: /path/to/myscript
/path/to is in PATH of the current user t, but not in PATH of root.
$ sudo /path/to/myscript
works without password, but do I need to specify the pathname of the script every time I run the script with sudo?
$ sudo myscript
[sudo] password for t:
sudo: changeCpuFreq.sh: command not found
doesn't work even with password, because myscript's path isn't in PATH of root.
$ sudo -E env "PATH=$PATH" myscript
[sudo] password for t:
works with password, because PATH of t is copied to that of root, but the problem is that it still needs password.
Thanks.
sudo
asked Apr 1 at 23:54
Tim
22.6k63224401
add a comment |Â
up vote
1
down vote
favorite
For a line that I added to /etc/sudoers, for example:
t ALL=(ALL) NOPASSWD: /path/to/myscript
/path/to is in PATH of the current user t, but not in PATH of root.
$ sudo /path/to/myscript
works without password, but do I need to specify the pathname of the script every time I run the script with sudo?
$ sudo myscript
[sudo] password for t:
sudo: changeCpuFreq.sh: command not found
doesn't work even with password, because myscript's path isn't in PATH of root.
$ sudo -E env "PATH=$PATH" myscript
[sudo] password for t:
works with password, because PATH of t is copied to that of root, but the problem is that it still needs password.
Thanks.
sudo
asked Apr 1 at 23:54
Tim
22.6k63224401
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
For a line that I added to /etc/sudoers, for example:
t ALL=(ALL) NOPASSWD: /path/to/myscript
/path/to is in PATH of the current user t, but not in PATH of root.
$ sudo /path/to/myscript
works without password, but do I need to specify the pathname of the script every time I run the script with sudo?
$ sudo myscript
[sudo] password for t:
sudo: changeCpuFreq.sh: command not found
doesn't work even with password, because myscript's path isn't in PATH of root.
$ sudo -E env "PATH=$PATH" myscript
[sudo] password for t:
works with password, because PATH of t is copied to that of root, but the problem is that it still needs password.
Thanks.
sudo
asked Apr 1 at 23:54
Tim
22.6k63224401
For a line that I added to /etc/sudoers, for example:
t ALL=(ALL) NOPASSWD: /path/to/myscript
/path/to is in PATH of the current user t, but not in PATH of root.
$ sudo /path/to/myscript
works without password, but do I need to specify the pathname of the script every time I run the script with sudo?
$ sudo myscript
[sudo] password for t:
sudo: changeCpuFreq.sh: command not found
doesn't work even with password, because myscript's path isn't in PATH of root.
$ sudo -E env "PATH=$PATH" myscript
[sudo] password for t:
works with password, because PATH of t is copied to that of root, but the problem is that it still needs password.
Thanks.
sudo
asked Apr 1 at 23:54
Tim
22.6k63224401
edited Apr 2 at 0:36
asked Apr 1 at 23:54
Tim
22.6k63224401
asked Apr 1 at 23:54
Tim
22.6k63224401
asked Apr 1 at 23:54
Tim
22.6k63224401
22.6k63224401
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
You do not need per se to define the full pathname in sudoers; however you should do it for security reasons.
Otherwise, it is fairly easy to gain root privileges; you just need to invoke another binary with the same name, and presto, instant root privileges.
answered Apr 2 at 0:32
Rui F Ribeiro
34.7k1269113
Thanks. How do you achieve "not need per se to define the full pathname" in/etc/sudoers? My post is whether I need to specify pathname when running it withsudo.
– Tim
Apr 2 at 0:33
You do not use the full pathname, and configure a restrictedDefaults secure_path; nonetheless defining the full path gives you an extra layer of security.
– Rui F Ribeiro
Apr 2 at 0:37
Do I need to specify pathname to the command, when I run it with sudo?
– Tim
Apr 2 at 0:40
If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
– Rui F Ribeiro
Apr 2 at 0:42
do you mean if pathname exists in/etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
– Tim
Apr 2 at 0:47
 |Â
show 3 more comments
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
You do not need per se to define the full pathname in sudoers; however you should do it for security reasons.
Otherwise, it is fairly easy to gain root privileges; you just need to invoke another binary with the same name, and presto, instant root privileges.
answered Apr 2 at 0:32
Rui F Ribeiro
34.7k1269113
Thanks. How do you achieve "not need per se to define the full pathname" in/etc/sudoers? My post is whether I need to specify pathname when running it withsudo.
– Tim
Apr 2 at 0:33
You do not use the full pathname, and configure a restrictedDefaults secure_path; nonetheless defining the full path gives you an extra layer of security.
– Rui F Ribeiro
Apr 2 at 0:37
Do I need to specify pathname to the command, when I run it with sudo?
– Tim
Apr 2 at 0:40
If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
– Rui F Ribeiro
Apr 2 at 0:42
do you mean if pathname exists in/etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
– Tim
Apr 2 at 0:47
 |Â
show 3 more comments
up vote
1
down vote
You do not need per se to define the full pathname in sudoers; however you should do it for security reasons.
Otherwise, it is fairly easy to gain root privileges; you just need to invoke another binary with the same name, and presto, instant root privileges.
answered Apr 2 at 0:32
Rui F Ribeiro
34.7k1269113
Thanks. How do you achieve "not need per se to define the full pathname" in/etc/sudoers? My post is whether I need to specify pathname when running it withsudo.
– Tim
Apr 2 at 0:33
You do not use the full pathname, and configure a restrictedDefaults secure_path; nonetheless defining the full path gives you an extra layer of security.
– Rui F Ribeiro
Apr 2 at 0:37
Do I need to specify pathname to the command, when I run it with sudo?
– Tim
Apr 2 at 0:40
If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
– Rui F Ribeiro
Apr 2 at 0:42
do you mean if pathname exists in/etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
– Tim
Apr 2 at 0:47
 |Â
show 3 more comments
up vote
1
down vote
up vote
1
down vote
You do not need per se to define the full pathname in sudoers; however you should do it for security reasons.
Otherwise, it is fairly easy to gain root privileges; you just need to invoke another binary with the same name, and presto, instant root privileges.
answered Apr 2 at 0:32
Rui F Ribeiro
34.7k1269113
You do not need per se to define the full pathname in sudoers; however you should do it for security reasons.
Otherwise, it is fairly easy to gain root privileges; you just need to invoke another binary with the same name, and presto, instant root privileges.
answered Apr 2 at 0:32
Rui F Ribeiro
34.7k1269113
answered Apr 2 at 0:32
Rui F Ribeiro
34.7k1269113
answered Apr 2 at 0:32
Rui F Ribeiro
34.7k1269113
answered Apr 2 at 0:32
Rui F Ribeiro
34.7k1269113
34.7k1269113
Thanks. How do you achieve "not need per se to define the full pathname" in/etc/sudoers? My post is whether I need to specify pathname when running it withsudo.
– Tim
Apr 2 at 0:33
You do not use the full pathname, and configure a restrictedDefaults secure_path; nonetheless defining the full path gives you an extra layer of security.
– Rui F Ribeiro
Apr 2 at 0:37
Do I need to specify pathname to the command, when I run it with sudo?
– Tim
Apr 2 at 0:40
If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
– Rui F Ribeiro
Apr 2 at 0:42
do you mean if pathname exists in/etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
– Tim
Apr 2 at 0:47
 |Â
show 3 more comments
Thanks. How do you achieve "not need per se to define the full pathname" in/etc/sudoers? My post is whether I need to specify pathname when running it withsudo.
– Tim
Apr 2 at 0:33
You do not use the full pathname, and configure a restrictedDefaults secure_path; nonetheless defining the full path gives you an extra layer of security.
– Rui F Ribeiro
Apr 2 at 0:37
Do I need to specify pathname to the command, when I run it with sudo?
– Tim
Apr 2 at 0:40
If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
– Rui F Ribeiro
Apr 2 at 0:42
do you mean if pathname exists in/etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
– Tim
Apr 2 at 0:47
Thanks. How do you achieve "not need per se to define the full pathname" in
/etc/sudoers? My post is whether I need to specify pathname when running it with sudo.– Tim
Apr 2 at 0:33
Thanks. How do you achieve "not need per se to define the full pathname" in
/etc/sudoers? My post is whether I need to specify pathname when running it with sudo.– Tim
Apr 2 at 0:33
You do not use the full pathname, and configure a restricted
Defaults secure_path; nonetheless defining the full path gives you an extra layer of security.– Rui F Ribeiro
Apr 2 at 0:37
You do not use the full pathname, and configure a restricted
Defaults secure_path; nonetheless defining the full path gives you an extra layer of security.– Rui F Ribeiro
Apr 2 at 0:37
Do I need to specify pathname to the command, when I run it with sudo?
– Tim
Apr 2 at 0:40
Do I need to specify pathname to the command, when I run it with sudo?
– Tim
Apr 2 at 0:40
If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
– Rui F Ribeiro
Apr 2 at 0:42
If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
– Rui F Ribeiro
Apr 2 at 0:42
do you mean if pathname exists in
/etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?– Tim
Apr 2 at 0:47
do you mean if pathname exists in
/etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?– Tim
Apr 2 at 0:47
 |Â
show 3 more comments
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f434933%2fdo-i-need-to-specify-the-pathname-of-a-command-added-in-etc-sudoers-every-ti%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
