0

I have specified the full pathname in the allowed commands. eg. "/bin/systemctl stop tomcat" to eliminate someone putting in a systemctl command that does something else somewhere else in the $PATH. My problem is that "sudo systemctl stop tomcat" works. I expect that to fail and the user to be required to type "sudo /bin/systemctl stop tomcat"

What is going on with sudo?

Darryl Baker
  • 1
  • `sudo` sets a limited path for commands and `/bin` is in that path. `/bin/cmd` and ` cmd` will be treated equivalently. It is only if the command is outside the standard PATH that your sudo restrictions really apply. If the user had `systemctl` in a non-standard place (e.g. ~/bin/systemctl`) that command would be ignored. – doneal24 Sep 15 '22 at 19:31
  • See [What environment do I get with sudo?](https://unix.stackexchange.com/questions/16084/what-environment-do-i-get-with-sudo), in particular concerning sudo's `secure_path` feature – steeldriver Sep 15 '22 at 19:44

0 Answers0