I am also seeing "secure_path" having no effect:
LDAP Role: dug_it
RunAsUsers: ALL
RunAsGroups: ALL
Options: !authenticate, !requiretty, always_set_home, env_reset,
!visiblepw, env_keep="COLORS DISPLAY
HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1
PS2 QTDIR USERNAME LANG LC_ADDRESS
LC_CTYPE", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
LC_TELEPHONE", env_keep+="LC_TIME LC_ALL
LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
env_keep+="SINGULARITY_CACHEDIR SINGULARITY_TMPDIR
SINGULARITY_DOCKER_LOGIN SINGULARITY_DOCKER_USERNAME
SINGULARITY_DOCKER_PASSWORD SINGULARITY_NOHTTPS
SINGULARITY_LIBRARY SINGULARITY_REMOTE", env_keep+="PIP_CACHE_DIR
TMPDIR",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin\:/some/mount/bin
Commands:
ALL
Let's say I have a command under "/some/mount/bin" that is called
"metrics". When I attempt to "sudo metrics" I end up with "sudo: metrics:
command not found"
On Mon, Jan 11, 2021 at 9:25 AM Mark Potter <ma...@dug.com> wrote:
> I am trying to create a default sudo environment that is applied to all
> users in addition to anything from other groups. This would include things
> like "secure_path" and a few env lines. However I cannot seem to get this
> to work. I understand that the highest number in "Sudo order" is processed
> first but regardless of ordering I cannot seem to apply a default along
> with other sudo groups. I would expect that if this default was numbered
> "1" and everything else was higher that it would apply the Sudo options
> what I'm seeing in practice is that the options aren't additive and if a
> higher numbered rule doesn't contain them that they are removed. Is this
> the expected behavior here?
>
> For example if I have:
>
> env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
>
> In a sudo group called "Default" and that group is set for all users on
> all hosts with Commands and As whom all set to "Specified" with Sudo order
> of 1, then a group called "IT" with set for all users, all hosts, all
> commands, any user, any group with a Sudo order of 2 it appears that the
> Sudo options aren't applied and only what's set for "IT".
>
> If there is no inheritance I can work with that but I would be brilliant
> if I I have simply missed something simple and can configure a default set
> of options.
> --
>
> *Mark Potter*
>
> Senior Linux Administrator
>
>
>
--
*Mark Potter*
Senior Linux Administrator
DownUnder GeoSolutions
16200 Park Row Drive, Suite 100
Houston TX 77084, USA
tel +1 832 582 3221
ma...@dug.com
www.dug.com
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
