How to programatically add secure_path in sudoers file

Solution 1:

If you can live with replacing the secure_path value instead of appending it, you can use a much easier solution. Usually sudo has a config directory like /etc/sudoers.d where you can drop additional configuration files.

Just create a file there with your complete secure_path value:

Defaults secure_path="<default value>:/usr/local/bin"

This overwrites the value from the main config. If the path value is the same for all your machines this can easily be deployed with scripts or a package.

This has the additional advantage that you don't have to check and possibly merge config files when the sudo package is updated in the future.

Solution 2:

assuming you know the line with secure_path exists, a simple sed command to do this

sed -i -e '/secure_path/ s[=.*[&:/usr/local/bin[' /etc/sudoers

or a bit more sophisticated (more syntax check on input) :

sed -i -r -e '/^\s*Defaults\s+secure_path/ s[=(.*)[=\1:/usr/local/bin[' /etc/sudoers

How to programatically add secure_path in sudoers file

Solution 1:

Solution 2:

Tags:

Linux

Grep

Related

Recent Posts