Re: Secure $PATH for regular user



On 29 Oct, 10:37, Dmitry <dim...@xxxxxxxxx> wrote:
Hi,

I remember, but can not find it, that for non root user it's advised
not include /sbin and /usr/sbin in $PATH. Is it right?

If yes, I'll be glad to find a reference to security audit indicating
it, as a proof to my manager :)

Under most Linux systems I've seen, there's a widget in /etc/profile
that *provides* /sbin and /usr/sbin for the root user, and does not do
so for non-root users. This is irritating if you use sudo to run
things as root, since programs from the sbin directories are not in
the PATH as expected.

Now, the "." and the "~/bin" directories, *those* do not belong in the
default PATH.

.



Relevant Pages

  • Re: Secure $PATH for regular user
    ... This is irritating if you use sudo to run ... since programs from the sbin directories are not in ... The security risk is with sudo since it does leave ... when your UID is 0 as for the root user. ...
    (comp.os.linux.security)
  • Re: Secure $PATH for regular user
    ... I remember, but can not find it, that for non root user it's advised ... This is irritating if you use sudo to run ... since programs from the sbin directories are not in ... The security risk is with sudo since it does leave ...
    (comp.os.linux.security)
  • Re: Terminal
    ... Mobile: +4917649520175 ... Fortune message of the moment ... I still don't get the point, why would someone enable the root user ... Is the pleasure of not typing sudo or just to avoid pain of entering the ...
    (Ubuntu)
  • Re: configuring sudo access for some users
    ... I want to configure sudo access for some users on my system. ... You don't want them running any shells (so no sudo -i) unless you have them thoroughly constrained with selinux. ... they are not able to become root user when they issue "su -". ... Ankush Grover ...
    (Fedora)
  • Re: [kde] new to Kubuntu
    ... install time the password is set to a random phrase and is pretty ... All root user work is assumed to be done with sudo. ...
    (KDE)