A number of specialized tools for tape and library management are installed into /usr/sbin by default. When a normal user with admin rights tries to use them, they are greeted with the “Absolute path to ‘XXXX’ is ‘/usr/sbin/XXXX’, so running it may require superuser privileges (eg. root).” In fact, these tools do not need to be executed by root, but only that the user is in the wheel and tape groups (which he is).
How can we disable that warning and let the command run, or is there a whitelist for commands that should not be prevented from running?
There is but one user that is special and that is root. And you should always see that you change to t=root in a way
that switches to root’s environment, which will include the correct PATH. E.g. by
Nope to both answers and neither provides guidance or an answer my question. It has nothing to do with the permissions on the sbin locations and running as root is not proper since we’re not looking to expose the entire system, just allow the commands that need to be executed in a situation like this as they should be.
It turns out that this is one of the non-standard changes made to the sudoers file. By setting the “secure_path” Default entry, it causes this warning and prevents the command from running.
As I mentioned in my sudoers thread, I believe that these customizations to the sudoers file should be exposed in YaST to allow a user to better control these settings.
Thanks for that pointer - I thought that my team had located it in the sudoers file in the “secure_path” entry. This indicates a deeper look into the bashrc realm is needed.
I still believe that such a setting should be administratively defined and controllable via YaST.
It turns out that it is the sudoers “secure_path” entry. By eliminating that setting, the system works as expected.
However, digging into this further, maybe the issue is that many tool authors are placing their tools into /usr/sbin wen they should simply be placed into /usr/bin.
The Wikipeadia article about the Filesystem Hierarchy Standard gives for /usr/bin
Non-essential command binaries (not needed in single user mode); for all users.
and for /usr/sbin
Non-essential system binaries, e.g., daemons for various network-services.
But of course interpratation of this by individual tool designers might be arbitrary. I assume only bug reporting upstreams (up to the developers?) might help some of them rethinking their policy in this respect.
In any case grumbling about the place where tools should be in this openSUSE users forums will not help much.
Just add suitable symbolic links so that those command are on a more convenient path. I would suggest the $HOME/bin directories of the users who need those commands.