On Wed, 2016-11-16 at 14:19 +0000, Samuel Rakitničan wrote: > > Am 16.11.2016 08:08, schrieb Samuel Rakitničan: > > > > You can change the default behaviour in "/etc/sudoers" or (better) > > by adding a file in "/etc/sudoers.d". > > > > If you want to keep the users path, add: > > > > Defaults env_keep += "PATH" > > Defaults !secure_path > > > > or to change the (default) secure path, just add > > > > Defaults secure_path = /your/path/here:/as/usual > > File in /etc/sudoers.d is neat, thanks. But I am hoping we can came > up with a new default setting or is there a reason not to include > anything else? > > I was thinking about it some more, and I think this setting does more > harm then good. It limits what users can do but it doesn't stop them > to bypass it with a simple alias sudo="sudo PATH=$PATH". So in my > opinion the original "If you don't trust the people running sudo to > have a sane PATH environment variable you may want to use this." kind > of defeats its purpose.
Note that there's been a ticket in Bugzilla requesting this for two years: https://bugzilla.redhat.com/show_bug.cgi?id=1166185 -- Mathieu _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
