Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Error message "sudo: sorry, you are not allowed to set the following environment variables: PCAP_PF_RING_CLUSTER_ID" #17

Closed
josemic opened this Issue Dec 14, 2013 · 6 comments

Comments

Projects
None yet
2 participants

josemic commented Dec 14, 2013

Error message "sudo: sorry, you are not allowed to set the following environment variables: PCAP_PF_RING_CLUSTER_ID"

Solution:
"Defaults env_reset" to “Defaults !env_reset” in /etc/sudoers

Add this to the readme.

Owner

msantos commented Dec 15, 2013

See sudoers(5):

If, however, the env_reset option is disabled, any variables not explicitly denied by the env_check and env_delete options are inherited from the invoking process. In this case, env_check and env_delete behave like a blacklist. Since it is not possible to blacklist all potentially dangerous environment variables, use of the default env_reset behavior is encouraged.

Encouraging users to disable env_reset by default (affects everything running sudo) is not good advice.

Thanks for posting your experiences getting things working though. So it doesn't get lost in the issue tracker, probably better to send a merge request or put it in the wiki that I just created:

https://github.com/msantos/epcap/wiki

josemic commented Jan 23, 2014

Not sure. But maybe using erl with environment variable may be another solution:

erl -env DISPLAY gin:0

http://erlang.org/doc/man/erl.html

Owner

msantos commented Jan 29, 2014

That might work. I think I'll introduce a epcap:getenv/1 to match epcap:getopts/1:

-spec getenv(proplists:proplist()) -> proplists:proplist().

Then epcap:init/1 can do:

Env = getenv(Options),
Port = open_port({spawn, Cmd}, [{packet, 2}, {env, Env}, binary, exit_status])

If that works, epcap can switch from using spawn to spawn_executable.

msantos added a commit that referenced this issue Jan 31, 2014

epcap: add switch to set env vars for libpcap
Support setting environment variables using a command line switch:

    -e KEY=1234

This works around some issues with running epcap under sudo, since sudo,
by default, resets the environment for the process. See:

#17
Owner

msantos commented Jan 31, 2014

I forgot that sudo resets the environment, so we can't pass in the env to open_port. Instead I added an option to set env vars on the command line.

@msantos msantos closed this Jan 31, 2014

josemic commented Feb 2, 2014

Michael. These are good news. Could you please elaborate how to use it. Preferably by putting some info into the Wiki.

Owner

msantos commented Feb 2, 2014

You shouldn't have to do anything. The patch moves where the PCAP_PF_RING_CLUSTER_ID environment variable is set so sudo won't be confused.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment