HPE Community
Operating System - HP-UX
1833323 Members
3163 Online
110051 Solutions
New Discussion

sudo environment settings

 
Sanjiv Sharma_1
Honored Contributor

‎09-20-2005 06:27 PM

‎09-20-2005 06:27 PM

sudo environment settings

Hi,

I have given sudo permission to a user to restart apache. The user is able to restart apache server but want to set the environment variable before restarting apache.

Is it possible to set the user profile so that when he run 'sudo' command the parameters remain set?
The parameter he need are :
export LD_PRELOAD=/usr/lib/lib123
export SHLIB_PATH=/usr:/usr/lib:/opt/abc/bin:/opt/abc/bin/lib/ext:/opt/abc/cgi-bin
export AB_LIBRARY_PATH=/opt/abc/cgi-bin
export ABC_DEFG_DIR=/opt/abc/cgi-bin

Thanks,
Everything is possible
0 Kudos
Reply
6 REPLIES 6
RAC_1
Honored Contributor

‎09-20-2005 06:33 PM

‎09-20-2005 06:33 PM

Re: sudo environment settings

host_name (user_name) "export LD_PRELOAD=/usr/lib/lib123;export SHLIB_PATH=/usr:/usr/lib:/opt/abc/bin:/opt/abc/bin/lib/ext:/opt/abc/cgi-bin;export AB_LIBRARY_PATH=/opt/abc/c
gi-bin;export ABC_DEFG_DIR=/opt/abc/cgi-bin;apachectl start"

Will also work. You can also put required things in one file and last statement in this file to start apache.

host_name (user_name) "one_big_script"
There is no substitute to HARDWORK
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎09-20-2005 06:44 PM

‎09-20-2005 06:44 PM

Re: sudo environment settings

Yes, Sudo runs with user's environment variable. You can set in his profile.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Jeff Lightner_1
Frequent Advisor

‎09-22-2005 01:11 AM

‎09-22-2005 01:11 AM

Re: sudo environment settings

Does the command only run as root? If it runs as another user you can give him permissions to run:

sudo su -

By doing the above he would get all environment variables that user normally gets.

Of course you would NOT want to set it up to allow him to do "sudo su - root" (or just "su -" which is the same thing).

Alternatively you could create a wrapper script that sets the above variables then executes the command and give him sudo access to execute that script. If you do that make sure the wrapper script is only editable by root so that no one puts a back door in it by adding an "su - " statement to it.
0 Kudos
Reply
Raj D.
Honored Contributor

‎09-22-2005 02:09 AM

‎09-22-2005 02:09 AM

Re: sudo environment settings

Hi Raje ,

It seems you can put these commands ,

export LD_PRELOAD=/usr/lib/lib123
export SHLIB_PATH=/usr:/usr/lib:/opt/abc/bin:/opt/abc/bin/lib/ext:/opt/abc/cgi-bin
export AB_LIBRARY_PATH=/opt/abc/cgi-bin
export ABC_DEFG_DIR=/opt/abc/cgi-bin

in .profile of the user .
So when they will run sudo command it will be remain same,

You have to give the permission for running apache commands in /usr/local/etc/sudo/sudoers file.

Once the user .profile executed ..
the command would be look like that...and can start the apache web server:
$ /usr/locla/bin/sudo apache start




hth,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
dirk dierickx
Honored Contributor

‎09-26-2005 12:59 AM

‎09-26-2005 12:59 AM

Re: sudo environment settings

the user can define his own env vars, sudo will pick them up, except the LD_PRELOAD one!!

from the manpage;

Variables that control how dynamic loading and binding is done can be used to subvert the program that sudo runs. To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables are removed from the environment passed on to all commands executed.
0 Kudos
Reply
SANTOSH S. MHASKAR
Trusted Contributor

‎01-15-2007 06:44 PM

‎01-15-2007 06:44 PM

Re: sudo environment settings

Hi,

I agree with RAC,

U make a script to start apache as root, set all
env. in this script, and give access to this
script in /etc/sudoers to that user.
This will make /etc/sudoers simple and this is
more secure also.

-Santosh
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.