Do I need to specify the pathname of a command added in `/etc/sudoers`, every time I run it with `sudo`?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












For a line that I added to /etc/sudoers, for example:



t ALL=(ALL) NOPASSWD: /path/to/myscript


/path/to is in PATH of the current user t, but not in PATH of root.



$ sudo /path/to/myscript


works without password, but do I need to specify the pathname of the script every time I run the script with sudo?



$ sudo myscript
[sudo] password for t:
sudo: changeCpuFreq.sh: command not found


doesn't work even with password, because myscript's path isn't in PATH of root.



$ sudo -E env "PATH=$PATH" myscript
[sudo] password for t:


works with password, because PATH of t is copied to that of root, but the problem is that it still needs password.



Thanks.







share|improve this question


























    up vote
    1
    down vote

    favorite












    For a line that I added to /etc/sudoers, for example:



    t ALL=(ALL) NOPASSWD: /path/to/myscript


    /path/to is in PATH of the current user t, but not in PATH of root.



    $ sudo /path/to/myscript


    works without password, but do I need to specify the pathname of the script every time I run the script with sudo?



    $ sudo myscript
    [sudo] password for t:
    sudo: changeCpuFreq.sh: command not found


    doesn't work even with password, because myscript's path isn't in PATH of root.



    $ sudo -E env "PATH=$PATH" myscript
    [sudo] password for t:


    works with password, because PATH of t is copied to that of root, but the problem is that it still needs password.



    Thanks.







    share|improve this question
























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      For a line that I added to /etc/sudoers, for example:



      t ALL=(ALL) NOPASSWD: /path/to/myscript


      /path/to is in PATH of the current user t, but not in PATH of root.



      $ sudo /path/to/myscript


      works without password, but do I need to specify the pathname of the script every time I run the script with sudo?



      $ sudo myscript
      [sudo] password for t:
      sudo: changeCpuFreq.sh: command not found


      doesn't work even with password, because myscript's path isn't in PATH of root.



      $ sudo -E env "PATH=$PATH" myscript
      [sudo] password for t:


      works with password, because PATH of t is copied to that of root, but the problem is that it still needs password.



      Thanks.







      share|improve this question














      For a line that I added to /etc/sudoers, for example:



      t ALL=(ALL) NOPASSWD: /path/to/myscript


      /path/to is in PATH of the current user t, but not in PATH of root.



      $ sudo /path/to/myscript


      works without password, but do I need to specify the pathname of the script every time I run the script with sudo?



      $ sudo myscript
      [sudo] password for t:
      sudo: changeCpuFreq.sh: command not found


      doesn't work even with password, because myscript's path isn't in PATH of root.



      $ sudo -E env "PATH=$PATH" myscript
      [sudo] password for t:


      works with password, because PATH of t is copied to that of root, but the problem is that it still needs password.



      Thanks.









      share|improve this question













      share|improve this question




      share|improve this question








      edited Apr 2 at 0:36

























      asked Apr 1 at 23:54









      Tim

      22.6k63224401




      22.6k63224401




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote













          You do not need per se to define the full pathname in sudoers; however you should do it for security reasons.



          Otherwise, it is fairly easy to gain root privileges; you just need to invoke another binary with the same name, and presto, instant root privileges.






          share|improve this answer




















          • Thanks. How do you achieve "not need per se to define the full pathname" in /etc/sudoers? My post is whether I need to specify pathname when running it with sudo.
            – Tim
            Apr 2 at 0:33











          • You do not use the full pathname, and configure a restricted Defaults secure_path; nonetheless defining the full path gives you an extra layer of security.
            – Rui F Ribeiro
            Apr 2 at 0:37










          • Do I need to specify pathname to the command, when I run it with sudo?
            – Tim
            Apr 2 at 0:40










          • If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
            – Rui F Ribeiro
            Apr 2 at 0:42











          • do you mean if pathname exists in /etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
            – Tim
            Apr 2 at 0:47










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f434933%2fdo-i-need-to-specify-the-pathname-of-a-command-added-in-etc-sudoers-every-ti%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote













          You do not need per se to define the full pathname in sudoers; however you should do it for security reasons.



          Otherwise, it is fairly easy to gain root privileges; you just need to invoke another binary with the same name, and presto, instant root privileges.






          share|improve this answer




















          • Thanks. How do you achieve "not need per se to define the full pathname" in /etc/sudoers? My post is whether I need to specify pathname when running it with sudo.
            – Tim
            Apr 2 at 0:33











          • You do not use the full pathname, and configure a restricted Defaults secure_path; nonetheless defining the full path gives you an extra layer of security.
            – Rui F Ribeiro
            Apr 2 at 0:37










          • Do I need to specify pathname to the command, when I run it with sudo?
            – Tim
            Apr 2 at 0:40










          • If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
            – Rui F Ribeiro
            Apr 2 at 0:42











          • do you mean if pathname exists in /etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
            – Tim
            Apr 2 at 0:47














          up vote
          1
          down vote













          You do not need per se to define the full pathname in sudoers; however you should do it for security reasons.



          Otherwise, it is fairly easy to gain root privileges; you just need to invoke another binary with the same name, and presto, instant root privileges.






          share|improve this answer




















          • Thanks. How do you achieve "not need per se to define the full pathname" in /etc/sudoers? My post is whether I need to specify pathname when running it with sudo.
            – Tim
            Apr 2 at 0:33











          • You do not use the full pathname, and configure a restricted Defaults secure_path; nonetheless defining the full path gives you an extra layer of security.
            – Rui F Ribeiro
            Apr 2 at 0:37










          • Do I need to specify pathname to the command, when I run it with sudo?
            – Tim
            Apr 2 at 0:40










          • If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
            – Rui F Ribeiro
            Apr 2 at 0:42











          • do you mean if pathname exists in /etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
            – Tim
            Apr 2 at 0:47












          up vote
          1
          down vote










          up vote
          1
          down vote









          You do not need per se to define the full pathname in sudoers; however you should do it for security reasons.



          Otherwise, it is fairly easy to gain root privileges; you just need to invoke another binary with the same name, and presto, instant root privileges.






          share|improve this answer












          You do not need per se to define the full pathname in sudoers; however you should do it for security reasons.



          Otherwise, it is fairly easy to gain root privileges; you just need to invoke another binary with the same name, and presto, instant root privileges.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Apr 2 at 0:32









          Rui F Ribeiro

          34.7k1269113




          34.7k1269113











          • Thanks. How do you achieve "not need per se to define the full pathname" in /etc/sudoers? My post is whether I need to specify pathname when running it with sudo.
            – Tim
            Apr 2 at 0:33











          • You do not use the full pathname, and configure a restricted Defaults secure_path; nonetheless defining the full path gives you an extra layer of security.
            – Rui F Ribeiro
            Apr 2 at 0:37










          • Do I need to specify pathname to the command, when I run it with sudo?
            – Tim
            Apr 2 at 0:40










          • If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
            – Rui F Ribeiro
            Apr 2 at 0:42











          • do you mean if pathname exists in /etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
            – Tim
            Apr 2 at 0:47
















          • Thanks. How do you achieve "not need per se to define the full pathname" in /etc/sudoers? My post is whether I need to specify pathname when running it with sudo.
            – Tim
            Apr 2 at 0:33











          • You do not use the full pathname, and configure a restricted Defaults secure_path; nonetheless defining the full path gives you an extra layer of security.
            – Rui F Ribeiro
            Apr 2 at 0:37










          • Do I need to specify pathname to the command, when I run it with sudo?
            – Tim
            Apr 2 at 0:40










          • If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
            – Rui F Ribeiro
            Apr 2 at 0:42











          • do you mean if pathname exists in /etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
            – Tim
            Apr 2 at 0:47















          Thanks. How do you achieve "not need per se to define the full pathname" in /etc/sudoers? My post is whether I need to specify pathname when running it with sudo.
          – Tim
          Apr 2 at 0:33





          Thanks. How do you achieve "not need per se to define the full pathname" in /etc/sudoers? My post is whether I need to specify pathname when running it with sudo.
          – Tim
          Apr 2 at 0:33













          You do not use the full pathname, and configure a restricted Defaults secure_path; nonetheless defining the full path gives you an extra layer of security.
          – Rui F Ribeiro
          Apr 2 at 0:37




          You do not use the full pathname, and configure a restricted Defaults secure_path; nonetheless defining the full path gives you an extra layer of security.
          – Rui F Ribeiro
          Apr 2 at 0:37












          Do I need to specify pathname to the command, when I run it with sudo?
          – Tim
          Apr 2 at 0:40




          Do I need to specify pathname to the command, when I run it with sudo?
          – Tim
          Apr 2 at 0:40












          If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
          – Rui F Ribeiro
          Apr 2 at 0:42





          If the pathname is there as in your first example, you need to do it, unless you create an alias. See this for other security considerations: openwall.com/lists/owl-users/2004/10/20/6
          – Rui F Ribeiro
          Apr 2 at 0:42













          do you mean if pathname exists in /etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
          – Tim
          Apr 2 at 0:47




          do you mean if pathname exists in /etc/sudoers, then it must also be specified when running the command? How do you "not use the full pathname, and configure a restricted Defaults secure_path"?
          – Tim
          Apr 2 at 0:47












           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f434933%2fdo-i-need-to-specify-the-pathname-of-a-command-added-in-etc-sudoers-every-ti%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?