Hi,
hopefully this will be my last email for today :-)
On Wed, Nov 19, 2008 at 01:39:00PM +0100, Patrick Schoenfeld wrote:
> I'm asking because I just figured that the problem seems to be related
> to the sudo group. If the user is not a member of the sudo group (which
> seems to have some special not documented meaning...) but lets say the
> adm group and the entry in sudoers is
>
> %adm ALL=(ALL) ALL
Well, that seems to be fact. I just found out that sudo is compiled
with the --with-exempt-group option set to sudo. This enables members of
the group sudo to use sudo without entering a password. Not that I see a
sense in this, because NOPASSWD exists, but it has a not so nice
side-effect: The secure_path is not set on users in this group. This
seems to be wanted behaviour, given that the CHANGES file states:
393) Users in the 'exempt' group shouldn't get their $PATH overridden
by 'secure-path'. Patch from [EMAIL PROTECTED]
What I still do not understand is that this wasn't changed (at least
according to the CHANGES file) since then, but the side-effect does not
exist in the Lenny version. However, I did not diff the old and the new
code to verify that this code path hasn't changed since then, so it is
possible that upstream decided to change this without documenting it.
So to fix the problem for you:
- Move users which are in the group sudo to the group adm (or another
group of your choice)
- Change your sudoers configuration to use %adm instead of %sudo
- If you don't want that users need to enter their password add the
NOPASSWD flag to the configuration
Or wait until Lenny is released ;-)
Best Regards,
Patrick
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
