Bug #3500
Do not set secure_path in sudoers file
| Status: | Closed | Start date: | 01/14/2015 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | Packaging | |||
| Target version: | Release 4.12 | |||
| Resolution: | fixed | Pull request: | ||
| Affected Versions: | OpenNebula 4.10, OpenNebula 4.8 |
Description
Hello,
I use molly-guard on my nodes to prevent accidental reboot over SSH.
It provides a shell wrapper and symlinks in /usr/sbin/ to replace the reboot, poweroff, halt and shutdown commands.
I have a problem with the Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin provided by OpenNebula sudoers configuration file as a sudo reboot does not use the molly-guard symlink in /usr/sbin/.
Note that on my Debian and Ubuntu systems, I have a secure_path defined in /etc/sudoers:
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
I think a parameter like secure_path should be the responsibility of the administrator or this Defaults may be restricted to the oneadmin user:
Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Regards.
History
#1
Updated by Daniel Dehennin over 6 years ago
This could be closed by the pull request https://github.com/OpenNebula/one/pull/48.
#2
Updated by Javi Fontan over 6 years ago
- Category set to Packaging
- Status changed from Pending to Closed
- Target version set to Release 4.12
- Resolution set to fixed
The pull request is now merged in master. Thanks!