Le 26/11/2011 20:38, Timothy Pearson a écrit :
>> (I have no /opt/trinity/sbin and apps in /opt/trinity/bin may be run with
>> sudo `which ...`.)
>>
> 
> Yes, but is this with the stock sudo?  I would be very surprised if that
> were true.

For the moment, with Trinity's sudo, sudo `which ...` works with
executables in $HOME/bin that aren't in the secure path of sudo
(AFAIK 'which' is called before 'sudo').

I just replaced /usr/bin/sudo, and /usr/lib/sudo/sudo_noexec.so by
debian versions (and added /usr/lib/sudo/sudoers.so) and everything
works.

$ sudo `which kwrite`
Error: "/var/tmp/kdecache-eldi" is owned by uid 1000 instead of uid 0.

$ sudo `which konqueror`
Error: "/var/tmp/kdecache-eldi" is owned by uid 1000 instead of uid 0.
Error: "/tmp/kde-eldi" is owned by uid 1000 instead of uid 0.
Error: "/tmp/ksocket-eldi" is owned by uid 1000 instead of uid 0.
Error: "/var/tmp/kdecache-eldi" is owned by uid 1000 instead of uid 0.
Error: "/var/tmp/kdecache-eldi" is owned by uid 1000 instead of uid 0.
Error: "/var/tmp/kdecache-eldi" is owned by uid 1000 instead of uid 0.
Error: "/var/tmp/kdecache-eldi" is owned by uid 1000 instead of uid 0.

I added:
  Defaults secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/opt/trinity/bin:/usr/bin:/opt/trinity/sbin:/sbin:/bin:/usr/X11R6/bin
in /etc/sudoers: 'sudo kwrite' and 'sudo konqueror' worked perfectly
(with the same error messages but that's the same messages with
Trinity's version).

-- 
Laurent Dard