Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

visudo missing from PATH during cron runs #116

Closed
szymonpk opened this issue Sep 19, 2017 · 4 comments
Closed

visudo missing from PATH during cron runs #116

szymonpk opened this issue Sep 19, 2017 · 4 comments

Comments

@szymonpk
Copy link

I think it is separate from #103. I am just not sure if it should be fixed here or in chef-client cookbook.

visudo is called directly. In my case it is not in the PATH (defaults for this AMI). Can we safely assume it is always /usr/sbin/visudo?

Cookbook version

3.5.3

Chef-client version

13.4.24

Platform Details

Distributor ID: Ubuntu
Description:    Ubuntu 16.04.3 LTS
Release:        16.04
Codename:       xenial

AWS AMI - ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20170811 (ami-674cbc1e)

Scenario:

Trying to run sudo resource using chef running from cron.

Steps to Reproduce:

node.default["authorization"]["sudo"]["groups"] = %w(sudo admin)
node.default["authorization"]["sudo"]["include_sudoers_d"] = true
node.default["authorization"]["sudo"]["passwordless"] = true
node.default["authorization"]["sudo"]["sudoers_defaults"] = [
  "env_reset",
  "mail_badpass",
  'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"',
  "syslog_goodpri=debug"
]

include_recipe "sudo"

sudo "foo" do
  commands ["/usr/local/sbin/foo.sh"]
  nopasswd true
  user     "%aux"
end

Expected Result:

Chef runs fine.

Actual Result:

[2017-09-19T10:12:40+00:00] WARN: Error during compile phase, no Datadog metrics available.
[2017-09-19T10:12:41+00:00] ERROR: Exception handlers complete
[2017-09-19T10:12:41+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2017-09-19T10:12:41+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
...
Errno::ENOENT: No such file or directory - visudo
...
@gdurand
Copy link

gdurand commented Oct 12, 2017

You can fix this by setting this attribute:
default['chef_client']['cron']['environment_variables'] = 'PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
Or by putting this at the start of your recipe:
ENV['PATH'] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:#{ENV['PATH']}"

@szymonpk
Copy link
Author

@gdurand Thanks, but shouldn't /usr/sbin/ be part of enviroment_variables out of the box? At least on ubuntu 16.04?

@idispatch75
Copy link

Perhaps, but that probably could interfer with other settings. But I think it should at least be documented. And perhaps even more in the sudo cookbook since it uses a relative path for visudo.
And this seems related to https://github.com/chef-cookbooks/chef-client/issues/473

@knightorc knightorc mentioned this issue Oct 22, 2017
Closed
rhass added a commit that referenced this issue Nov 16, 2017
@rhass
Improve visudo path resolution.
924cbd7 
Added a new `visudo_path` attribute to the sudo resource to allow users
to specify the installed path of visudo.

In addition, the setting for the PATH environment variable on SLES and
Solaris does not include the sbin path in which the visudo command is
installed. This ensures the correct path value is inserted into the
PATH environment variable automaticall before executing the command.

Fixes #116
rhass added a commit that referenced this issue Nov 16, 2017
@rhass
Improve visudo path resolution.
46094a6 
Added a new `visudo_path` attribute to the sudo resource to allow users
to specify the installed path of visudo.

In addition, the setting for the PATH environment variable on SLES and
Solaris does not include the sbin path in which the visudo command is
installed. This ensures the correct path value is inserted into the
PATH environment variable automatically before executing the command.

Fixes #116
@rhass rhass mentioned this issue Nov 16, 2017
Merged
4 tasks
rhass added a commit that referenced this issue Nov 16, 2017
@rhass
Improve visudo path resolution.
1b0acff 
Added a new `visudo_path` attribute to the sudo resource to allow users
to specify the installed path of visudo.

In addition, the setting for the PATH environment variable on SLES and
Solaris does not include the sbin path in which the visudo command is
installed. This ensures the correct path value is inserted into the
PATH environment variable automatically before executing the command.

Fixes #116
@rhass
Copy link
Contributor

rhass commented Nov 16, 2017

@szymonpk The linked PR will allow you to add visudo_path '/some/path' to your sudo resource calls. However, in the context of cron this is usually handled by adding PATH=/insert/path:/here to the beginning of a crontab entry or preceding the command to be executed in cron.

rhass added a commit that referenced this issue Nov 16, 2017
@rhass
Improve visudo path resolution.
8b9946d 
Added a new `visudo_path` attribute to the sudo resource to allow users
to specify the installed path of visudo.

In addition, the setting for the PATH environment variable on SLES and
Solaris does not include the sbin path in which the visudo command is
installed. This ensures the correct path value is inserted into the
PATH environment variable automatically before executing the command.

Fixes #116

Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@szymonpk @rhass @idispatch75 @gdurand