Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Error message "sudo: sorry, you are not allowed to set the following environment variables: PCAP_PF_RING_CLUSTER_ID" #17

Closed
josemic opened this Issue · 6 comments

2 participants

@josemic

Error message "sudo: sorry, you are not allowed to set the following environment variables: PCAP_PF_RING_CLUSTER_ID"

Solution:
"Defaults env_reset" to “Defaults !env_reset” in /etc/sudoers

Add this to the readme.

@msantos
Owner

See sudoers(5):

If, however, the env_reset option is disabled, any variables not explicitly denied by the env_check and env_delete options are inherited from the invoking process. In this case, env_check and env_delete behave like a blacklist. Since it is not possible to blacklist all potentially dangerous environment variables, use of the default env_reset behavior is encouraged.

Encouraging users to disable env_reset by default (affects everything running sudo) is not good advice.

Thanks for posting your experiences getting things working though. So it doesn't get lost in the issue tracker, probably better to send a merge request or put it in the wiki that I just created:

https://github.com/msantos/epcap/wiki

@josemic

Not sure. But maybe using erl with environment variable may be another solution:

erl -env DISPLAY gin:0

http://erlang.org/doc/man/erl.html

@msantos
Owner

That might work. I think I'll introduce a epcap:getenv/1 to match epcap:getopts/1:

-spec getenv(proplists:proplist()) -> proplists:proplist().

Then epcap:init/1 can do:

Env = getenv(Options),
Port = open_port({spawn, Cmd}, [{packet, 2}, {env, Env}, binary, exit_status])

If that works, epcap can switch from using spawn to spawn_executable.

@msantos msantos referenced this issue from a commit
@msantos epcap: add switch to set env vars for libpcap
Support setting environment variables using a command line switch:

    -e KEY=1234

This works around some issues with running epcap under sudo, since sudo,
by default, resets the environment for the process. See:

#17
14c9eb9
@msantos
Owner

I forgot that sudo resets the environment, so we can't pass in the env to open_port. Instead I added an option to set env vars on the command line.

@msantos msantos closed this
@josemic

Michael. These are good news. Could you please elaborate how to use it. Preferably by putting some info into the Wiki.

@msantos
Owner

You shouldn't have to do anything. The patch moves where the PCAP_PF_RING_CLUSTER_ID environment variable is set so sudo won't be confused.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.