01-26-2009
I believe sudo has security problems with LD_LIBRARY_PATH and some other envrionment variables. According to the man page for sudo on 11.23 - it removes that environment variable.
The easiest way around that is to relink the executable file using the -L parameter, so that ld looks in the right path for libraries.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello,
I want to set some environment variables with this script:
ip=$@
echo Remote Computer: $ip
PERLDB_OPTS="CallKomodo=$ip:9000 RemotePort=$ip:9010 PrintRet=0"
export PERLDB_OPTS
PERL5LIB=/opt/komodo
export PERL5LIB
echo PERLDB_OPTS: $PERLDB_OPTS
echo PERL5LIB: $PERL5LIB
But it... (5 Replies)
Discussion started by: Gargamel
5 Replies
2. Shell Programming and Scripting
Hi all,
I am trying to set up some variables in a shell script. The variables contain values of various paths needed to run a java module. The problem is the variables dont seem to be setting at all.
here is what i am trying to do :
JAR_HOME=/home/was5/bdcms/scheduledjobs/lib
export... (6 Replies)
Discussion started by: rpandey
6 Replies
3. UNIX for Dummies Questions & Answers
I want the user to be able to commands as another user.. but when they do that.. I need them to have the environment variables of the other user. is this possible with sudo?
sudo -H -u user env
'env' is giving me the environment of the current user, not the user I want to run commands as.
... (1 Reply)
Discussion started by: julesdiane
1 Replies
4. Shell Programming and Scripting
Hi All
I'm attempting to automate the process of setting the DISPLAY environment variable when logging on (sourcing the .cshrc).
I have a mixture of linux and solaris servers and this comnand:
who -m | awk '{ print $6}' | tr -d '()'
seems to work on all the servers.
I want... (2 Replies)
Discussion started by: huskie69
2 Replies
5. UNIX for Dummies Questions & Answers
Hi
I am new to Solaris and was just given my id and need to setup my environment, what do i need to do to run certain commands without putting in the complete path.
How do I create my .profile, I do not see under my login?
Any help would be greatly appreciated. (5 Replies)
Discussion started by: sa_ken
5 Replies
6. UNIX for Dummies Questions & Answers
hi all,
I would appreciate if some one could explain me the difference between setting up the variables as shown below
HOME=${HOME:-"/home/user1"}
HOME=/home/user1 (1 Reply)
Discussion started by: SSSB
1 Replies
7. UNIX for Dummies Questions & Answers
#!/bin/bash
if ; then
ASS1_DATA_DIR=./
echo $ASS1_DATA_DIR
export ASS1_DATA_DIR
echo "data dir"
fi
if ; then
ASS1_OUTPUT_DIR=./
export ASS1_OUTPUT_DIR
fi
I want to create a new environment variable ASS1_DATA_DIR and ASS1_OUTPUT_DIR in bash and set them to the current... (4 Replies)
Discussion started by: bigubosu
4 Replies
8. Red Hat
Hi,
I was wondering about this question today,
After logging to a linux server (putty - ssh), I set environment variables like PATH etc.
When I launch a command as sudo, is the environment variables that were set applicable to the command launched as sudo also?
Please let me know what you... (2 Replies)
Discussion started by: jredx
2 Replies
9. UNIX for Dummies Questions & Answers
Hi all,
This is my first post here. I need to set up a few environment variables with a shell script. Some are hard-coded, but some should come from other commands or as input from the user. How do I do that?
For example, I need to export a variable as such:
export DISPLAY=127.0.0.1:8.0
... (2 Replies)
Discussion started by: exchequer598
2 Replies
10. Red Hat
I wish to setup LAMP environment. Amongst, I have successfully installed Linux 6.1. I am looking fwd to install - Apace Web Server, My Sql Database & PHP environment.
Say if I look for MySql, could see downloadable available in rpm format. But this must be copied over to Linux machine.
As... (2 Replies)
Discussion started by: videsh77
2 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)