Hi, hopefully this will be my last email for today :-)
On Wed, Nov 19, 2008 at 01:39:00PM +0100, Patrick Schoenfeld wrote: > I'm asking because I just figured that the problem seems to be related > to the sudo group. If the user is not a member of the sudo group (which > seems to have some special not documented meaning...) but lets say the > adm group and the entry in sudoers is > > %adm ALL=(ALL) ALL Well, that seems to be fact. I just found out that sudo is compiled with the --with-exempt-group option set to sudo. This enables members of the group sudo to use sudo without entering a password. Not that I see a sense in this, because NOPASSWD exists, but it has a not so nice side-effect: The secure_path is not set on users in this group. This seems to be wanted behaviour, given that the CHANGES file states: 393) Users in the 'exempt' group shouldn't get their $PATH overridden by 'secure-path'. Patch from [EMAIL PROTECTED] What I still do not understand is that this wasn't changed (at least according to the CHANGES file) since then, but the side-effect does not exist in the Lenny version. However, I did not diff the old and the new code to verify that this code path hasn't changed since then, so it is possible that upstream decided to change this without documenting it. So to fix the problem for you: - Move users which are in the group sudo to the group adm (or another group of your choice) - Change your sudoers configuration to use %adm instead of %sudo - If you don't want that users need to enter their password add the NOPASSWD flag to the configuration Or wait until Lenny is released ;-) Best Regards, Patrick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]