4

You can edit sudoers file and set secure_path to match your path. This is documented in Unix & Linux.

Is there a command line switch I can pass to sudo such that it uses the path I have set? For example:

rick@alien:~$ sudo echo $PATH
/home/rick/bin:/home/rick/.local/bin:/mnt/e/bin:/mnt/e/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
───────────────────────────────────────────────────────────────────────────────
rick@alien:~$ echo $PATH
/home/rick/bin:/home/rick/.local/bin:/mnt/e/bin:/mnt/e/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
───────────────────────────────────────────────────────────────────────────────
rick@alien:~$ sudo which auto-brightness-config
/usr/local/bin/auto-brightness-config
───────────────────────────────────────────────────────────────────────────────
rick@alien:~$ which auto-brightness-config
/mnt/e/usr/local/bin/auto-brightness-config
───────────────────────────────────────────────────────────────────────────────
rick@alien:~$ sudo locate auto-brightness-config
/Desktop/Link to auto-brightness-config
/home/rick/Pictures/display-auto-brightness-config 1.png
/mnt/e/Desktop/Link to auto-brightness-config
/mnt/e/usr/local/bin/.auto-brightness-config
/mnt/e/usr/local/bin/Link to auto-brightness-config
/mnt/e/usr/local/bin/auto-brightness-config
/usr/local/bin/.auto-brightness-config
/usr/local/bin/Link to auto-brightness-config
/usr/local/bin/auto-brightness-config

When I run using sudo it is finding the wrong copy of the script in /usr/local/bin when I really want the version in /mnt/e/usr/local/bin .

If I don't want to maintain the path in sudoers file, is there a switch I can pass to sudo to use my path to find the right command?

WinEunuuchs2Unix
  • 102,282
  • 2
    echo $PATH and sudo echo $PATH are going to give you the same results because Bash expands the variable before running the commands. Instead of sudo echo $PATH, use sudo sh -c 'echo $PATH'. – wjandrea Mar 08 '18 at 02:35
  • 1
    I assume you know this, but you can specify the full command path on the command line: sudo /mnt/e/usr/local/bin/auto-brightness-config – wjandrea Mar 08 '18 at 02:36
  • @wjandrea Yes I know about hard-coding path. I just find it bizarre I can't find an easy way for sudo to use the user's path. I tried -i and -h switches to no avail. Still your point is well-taken. Thanks. – WinEunuuchs2Unix Mar 08 '18 at 02:46
  • Personally I would move the binary to root's path or set root's path – Panther Mar 08 '18 at 03:18
  • @Panther but what I don't understand the binary is in sudo $PATH hierarchical order above, it just doesn't find it with as confirmed by which. I'm the only user on this laptop (I hope no one uses it when I'm working) so every time I set my path I don't want to remember to change it in /etc/sudoers as well. – WinEunuuchs2Unix Mar 08 '18 at 03:22
  • @WinEunuuchs2Unix It's probably not actually in the secure path. See my first comment. – wjandrea Mar 08 '18 at 03:44
  • @wjandrea Definitely not in secure_path which is default install including useless /snap/bin and missing important /home/Me/bin. The default install is: secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" – WinEunuuchs2Unix Mar 08 '18 at 03:53

1 Answers1

7

Ubuntu by default already has secure_path set:

~ sudo -l
Matching Defaults entries for muru on muru-1604:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin    
User muru may run the following commands on muru-1604:
    (ALL : ALL) ALL

There is no command-line option that can override secure_path set in sudoers.

From man sudoers:

 secure_path   Path used for every command run from sudo.  If you don't
               trust the people running sudo to have a sane PATH
               environment variable you may want to use this.  Another use
               is if you want to have the “root path” be separate from the
               “user path”.  Users in the group specified by the
               exempt_group option are not affected by secure_path.  This
               option is not set by default.

So either set exempt_group in sudoers and add yourself to that group, or exempt yourself from sudoers:

Defaults:rick !secure_path

(rick presumably being your username.)

muru
  • 197,895
  • 55
  • 485
  • 740
  • 4
    I think most users will not want to use exempt_group for this, since users in exempt groups are also never required to enter their passwords to run commands with sudo. Although I don't think it's unreasonable to mention that exempt_group is a possible approach here, I recommend stating that explicitly, and I would recommend most people not do it unless they also want (and have thought through the implications of) that effect. – Eliah Kagan Apr 13 '18 at 19:38