use ENV["NOSUDO"]=true to prevent sudo -V check
#325
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Oct 3, 2017
|
the -V option just prints version info. why would your sysadmin care about that? from the man page: |
|
Our cluster is managed with Bright Computing's Cluster Manager, and I think
the notification on non sudoers trying to sudo is a default configuration
out of the box.
On our cluster, every time someone types sudo without permission it sends
an email to the entire support team with the subject line `*** SECURITY
information for hostname ***` command that was typed even if the command
was only `sudo -V`. This causes my sysadmin to walk to my office and talk
to me.
Additionally sudo will timeout if it is not successful and it will cause my
installs to proceed slowly since failed sudo's have a timeout between them.
Since I can tell computer that `sudo -V` wont work anyway, what's wrong
with avoiding all the above hassle for the cost of an added option. If
there are other ways we can avoid calling `sudo`, those implementations
would be acceptable to me too.
…On Sat, Dec 9, 2017 at 6:13 PM, Ben Arthur ***@***.***> wrote:
the -V option just prints version info. why would your sysadmin care about
that?
from the man page:
-V, --version
Print the sudo version string as well as the version string of the
security policy plugin and any I/O plugins. If the invoking user is
already root the -V option will display the arguments passed to
configure when sudo was built and plugins may display more verbose
information such as default options.
$ sudo -V
Sudo version 1.8.17p1
Sudoers policy plugin version 1.8.17p1
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.17p1
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#325 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA9_0BdoOV_XhincpSvpH5JnNrDwYez5ks5s-yIqgaJpZM4Op6I1>
.
--
Jon Anderson
|
|
after reading #330 maybe this should be renamed to |
the return type of a get on the env should be a string and i've added lowercase on the output... Again the reasons this is annoying is twofold. 1) when a non sudo enabled user uses sudo, this emails our entire company as a security precaution. 2) when it runs sudo, my prompt sits there waiting me to type the sudo password and when I get back to my terminal, my install of a package hasn't happened yet.
actually avoid calling sudo if you don't want to
|
Again the reasons this is frustrating is twofold.
|
|
This is also frustrating for me for similar reasons. Is there something that I could do to get this merged? |
|
@cmcaine I can take a look when i'm home, but LGTM |
|
Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This will help prevent my sysadmin from yelling at me about the sudo requests I keep making when installing packages.