sudo ignoring PATH env var

skyhunter · August 26, 2014, 8:19am

I assume there is a thread dealing with this problem, however I am unable to locate it. Apologies in advance. The same problem can be found in the following link although no real explanation is given. https://features.opensuse.org/310406
Problem:
I have noticed while using sudo that the subshell is unable to locate /sbin programs even though running “sudo env” seems to indicate that the PATH variable used contains /sbin. What is the reason for this behavior? Any coherent explanation would be greatly appreciated.

Here is the “sudo env” output for reference:

TERM=xterm
LANG=en_US.UTF-8
LC_CTYPE=en_US.UTF-8
COLORTERM=xfce4-terminal
SHELL=/bin/bash
MAIL=/var/mail/root
LOGNAME=root
USER=root
USERNAME=root
HOME=/root
PATH=/usr/bin:/bin:/usr/sbin:/sbin
SUDO_COMMAND=/usr/bin/env
SUDO_USER=sinisha
SUDO_UID=1000
SUDO_GID=100

wolfi323 · August 26, 2014, 8:59am

sudo uses the user’s path by default I think, not root’s, and /sbin and /usr/sbin are not in a user’s path by default. Add them to your user’s path, and sudo should find programs there.
(“sudo env” will list root’s environment of course… )

But in fact /sbin and /usr/sbin have been added to sudo’s path in Factory recently now.
See also:
https://bugzilla.novell.com/show_bug.cgi?id=864115

hcvv · August 26, 2014, 9:29am

Better use

su -

wolfi323 · August 26, 2014, 9:35am

Why?

This might be inconvinient depending on the use-case.
E.g. sudo remembers the root password for 5 minutes, and it can be configured to not need a password at all (even for only certain commands if wanted).

hcvv · August 26, 2014, 10:36am

My interpretation, reading his posst, was that the OP did not (want) to configure sudo. And as the default sudo configuration is the same as

su -

why bother to use sudo?

And when you think that remembering the password is important, as long as you are loged in as root using

su -

you do not need to re-type the root password either.

As KDE user, you can also use System > Terminal > Konsole (as root) from Kmenu. It offers you an su - session. And you can give it e.g. a different background colour from the “normal” Konsole sessions, so that you are warned using it.

wolfi323 · August 26, 2014, 10:54am

We do not know that.

And as the default sudo configuration is the same as

su -

why bother to use sudo?

But why bother to use “su -”, if you rather want to use “sudo”?

And it is not true that the default sudo configuration is the same as “su -”.
Yes, both give you root rights after entering the root password (on openSUSE that is).
But in addition to the above, e.g. the resulting environment in which programs are run is (completely) different.

And when you think that remembering the password is important, as long as you are loged in as root using

su -

you do not need to re-type the root password either.

But what about using it in scripts, especially more than once?
For “su - -c xxx” you would have to type in the password each time, or run the complete script as root which might not be wanted either.

As KDE user, you can also use System > Terminal > Konsole (as root) from Kmenu. It offers you an su - session. And you can give it e.g. a different background colour from the “normal” Konsole sessions, so that you are warned using it.

That’s true of course.

Please note that I do not want to say that one shouldn’t use “su -” instead, but it is not exactly the same.
And IMHO your reply also suggested that one should not use “sudo” at all but rather “su -”, which is not true really.

hcvv · August 26, 2014, 11:36am

I only “advised” the OP to use su -. Then he gets what he wants (and IMHO needs for the majority of cases) a root process with root’s environment.

My advice was based on the assessment of the OP’s field of knowledge.

wolfi323 · August 26, 2014, 11:54am

Right.
But it was you that critizised me for advising to use “zypper up” once, because it is not the same as using “zypper patch” or YaST->Online Update.
This case is similar…

And the OP specifically asked about sudo. The question was not only (or not at all) what to do about it, but rather why it is this way.

Anyway, you’re right that “su -” should probably work as well (the OP shall decide whether he wants that or not).
And in 13.2 sudo will have /sbin and /usr/sbin in the path.

Adding /sbin/ and /usr/sbin to the user’s path should fix the “problem” in 13.1 though, or adding this to /etc/sudoers as the factory submit does:

Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"

skyhunter · August 26, 2014, 5:25pm

wolfi323:

Right.
But it was you that critizised me for advising to use “zypper up” once, because it is not the same as using “zypper patch” or YaST->Online Update.
This case is similar…

And the OP specifically asked about sudo. The question was not only (or not at all) what to do about it, but rather why it is this way.

Anyway, you’re right that “su -” should probably work as well (the OP shall decide whether he wants that or not).
And in 13.2 sudo will have /sbin and /usr/sbin in the path.

Adding /sbin/ and /usr/sbin to the user’s path should fix the “problem” in 13.1 though, or adding this to /etc/sudoers as the factory submit does:
Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"

Thank you for the answer. You were extremely helpful. I now realize that sudo resets the environment variables only to provide a clean environment for running the program. It still uses the users PATH to look up programs. This can however be modified by using the secure_path option as stated above.

gogalthorp · August 26, 2014, 7:48pm

I never use sudo I always use su - but then I never have ran Ubuntu either. Be default openSUSE’s sudo does not operate like Ubuntu’s sudo though it can be made to. In openSUSE sudo is like using su (without the dash). That gives you root credentials but user environment (for the most part) With su or sudo you can still run the commands you just have to give the full path to them.