centos 6.4,sudo -u -H 不起作用
centos 6.4, sudo -u -H doesn't work
我在使用 sudo 中的某些命令时遇到问题。
我在 Centos 6.4 上尝试了以下命令,但出现错误。
sudo -u someuser -H bundle install
sudo: bundle: command not found
然而,当我在 Ubuntu 14.04 上尝试相同的命令时,它工作正常。
不仅bundle而且很多命令都会出现同样的错误。例如 ruby, node。但是有些命令工作正常。例如echo, mkdir, touch ...
有人有想法吗?
secure_path in /etc/sudoers 确保当 运行 二进制文件在 sudo 下时你的路径是干净的。
在 CentOS 中你应该有类似
的东西
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
这就解释了为什么会找到一些命令(echo、mkdir、touch ...)。
您可以保留您的环境变量(如 $PATH)
这种形式
sudo -u someuser "PATH=$PATH" bundle install
来自man sudo
Environment variables to be set for the command may also be passed on
the command line in the form of VAR=value, e.g.
LD_LIBRARY_PATH=/usr/local/pkg/lib. Variables passed on the command
line are subject to the same
restrictions as normal environment variables with one important exception. If the setenv option is set in sudoers, the command to be
run has the SETENV tag set or the command matched is ALL, the user may
set variables
that would otherwise be forbidden. See sudoers(5) for more information.
根据您系统的安全策略,您可以使用 -E 而不是上面写的方法。
-E The -E (preserve environment) option indicates to the security policy that the user wishes to preserve their existing
environment variables. The security policy may return an error if the
-E option is specified and the user does not have permission to preserve the environment.
我在使用 sudo 中的某些命令时遇到问题。
我在 Centos 6.4 上尝试了以下命令,但出现错误。
sudo -u someuser -H bundle install
sudo: bundle: command not found
然而,当我在 Ubuntu 14.04 上尝试相同的命令时,它工作正常。
不仅bundle而且很多命令都会出现同样的错误。例如 ruby, node。但是有些命令工作正常。例如echo, mkdir, touch ...
有人有想法吗?
secure_path in /etc/sudoers 确保当 运行 二进制文件在 sudo 下时你的路径是干净的。
在 CentOS 中你应该有类似
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
这就解释了为什么会找到一些命令(echo、mkdir、touch ...)。
您可以保留您的环境变量(如 $PATH) 这种形式
sudo -u someuser "PATH=$PATH" bundle install
来自man sudo
Environment variables to be set for the command may also be passed on the command line in the form of VAR=value, e.g. LD_LIBRARY_PATH=/usr/local/pkg/lib. Variables passed on the command line are subject to the same restrictions as normal environment variables with one important exception. If the setenv option is set in sudoers, the command to be run has the SETENV tag set or the command matched is ALL, the user may set variables that would otherwise be forbidden. See sudoers(5) for more information.
根据您系统的安全策略,您可以使用 -E 而不是上面写的方法。
-E The -E (preserve environment) option indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the -E option is specified and the user does not have permission to preserve the environment.