Bug #3500

Do not set secure_path in sudoers file

Added by EOLE Team over 6 years ago. Updated about 6 years ago.

Status:ClosedStart date:01/14/2015
Priority:NormalDue date:
Assignee:-% Done:


Target version:Release 4.12
Resolution:fixed Pull request:
Affected Versions:OpenNebula 4.10, OpenNebula 4.8



I use molly-guard on my nodes to prevent accidental reboot over SSH.

It provides a shell wrapper and symlinks in /usr/sbin/ to replace the reboot, poweroff, halt and shutdown commands.

I have a problem with the Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin provided by OpenNebula sudoers configuration file as a sudo reboot does not use the molly-guard symlink in /usr/sbin/.

Note that on my Debian and Ubuntu systems, I have a secure_path defined in /etc/sudoers:

Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 

I think a parameter like secure_path should be the responsibility of the administrator or this Defaults may be restricted to the oneadmin user:

Defaults:oneadmin       secure_path = /sbin:/bin:/usr/sbin:/usr/bin



#1 Updated by Daniel Dehennin about 6 years ago

This could be closed by the pull request https://github.com/OpenNebula/one/pull/48.

#2 Updated by Javi Fontan about 6 years ago

  • Category set to Packaging
  • Status changed from Pending to Closed
  • Target version set to Release 4.12
  • Resolution set to fixed

The pull request is now merged in master. Thanks!

Also available in: Atom PDF