rvmsudo does not properly detect secure_path #1329

Closed
sempervictus opened this Issue Nov 23, 2012 · 25 comments

Projects

None yet
@sempervictus

As per discussion in IRC - rvmsudo does not properly detect secure_path in /etc/sudoers on certain systems. Symptoms include failure to resolve paths for binaries run in rvmsudo context.

@mpapis mpapis was assigned Nov 23, 2012
@mpapis mpapis closed this in 53c86d2 Nov 23, 2012
@bsoule

I don't think this update fully fixes the issue. Attempting to install passenger w/nginx I was getting a blank stare from rvmsudo -- rvmsudo wasn't finding passenger-install-nginx-module in the path, despite echo $PATH and rvmsudo echo $PATH returning the same string.

I updated to this fix, and got the following using rvmsudo:

bsoule@ainslie:~$ rvmsudo passenger-install-nginx
Warning: can not check `/etc/sudoers` for `secure_path`, falling back to call via `/usr/bin/env`, this breaks rules from `/etc/sudoers`. export rvmsudo_secure_path=1 to avoid the warning.[sudo] password for bsoule: 
/usr/bin/env: passenger-install-nginx: No such file or directory
bsoule@ainslie:~$ export rvmsudo_secure_path=1
bsoule@ainslie:~$ rvmsudo passenger-install-nginx
/usr/bin/env: passenger-install-nginx: No such file or directory

downgraded to rvmsudo circa 1.16.x and rvmsudo successfully ran passenger-install-nginx-module

I'm not sure specifically how secure_path plays into it, but rvmsudo circa 1.16.x works, whereas the rvmsudo in 1.17.2 and rvmsudo as of this commit does not.

@mpapis
Ruby enVironment Manager member

@bsoule please try after rvm get head

@mpapis
Ruby enVironment Manager member
@bswinnerton

@mpapis rvm get head resolved this issue for me.

@number61971

As of today, rvm get head does not solve the problem. Please see https://gist.github.com/4692398.

@mpapis
Ruby enVironment Manager member

@number61971 have you tried:

export rvmsudo_secure_path=1
rvmsudo echo bla
@number61971

Sure. All that does is prevent the warning message from printing out. rvmsudo still fails to function on the command submitted to it as shown in the gist.

@bswinnerton

Are you getting a command not found, or just the warning about /etc/sudoers?

@johnsonch

The warning about /etc/sudoers and this is causing the script executing the command to exit.

@number61971

OK, something else is happening. False alarm. Thanks for being so prompt in trying to help, though! Much appreciated.

@diebels727

Can you please share what else is happening? I am experiencing a similar issue.

@johnsonch

So we actually found it was the way we scripted RVM inside of a bash script. We had a bash script that was running bundle for a specific gemset to bootstrap an application. To fix the issue we execute the RVM bits in a sub shell.

@ilessy
export rvmsudo_secure_path=1

This works!

@momer

If anyone else googles this issue and is stuck with the 'blank screen' at terminal after running something like rvmsudo passenger start -p 80 --user=username know that the prompt asking for your password isn't being displayed. Simply enter the sudoer password for your user, and the command will go through.

If you've already installed passenger on your user (not-root), don't be alarmed that it's installing passenger on root as well.

@gbetous

Still have this issue on Ubuntu 12.04 LTS server, even after a "rvmsudo rvm get head".

Any updates ?

@mpapis
Ruby enVironment Manager member

@gbetous can you prepare a gist which shows what you do and what you see.

@mpapis
Ruby enVironment Manager member

@gbetous as the message in top line explains you need to:

export rvmsudo_secure_path=1
@gbetous

Yes of course it works, but isn't it about simply hiding the error ? Is this behavior expected ?

@mpapis
Ruby enVironment Manager member

it disables the error message and makes sure you get the proved fallback path which has other issues

@climatecheck

The warning message about /etc/sudoers is stopping my deploy script. I've tried rvm get head and followed the suggestion about ~/.bash_profile. Running export rvmsudo_secure_path=1 has never worked and neither has export rvmsudo_secure_path=0. I've been wrestling this issue for several days now =/

@mpapis
Ruby enVironment Manager member

are you using rvm-capistrano? we could add documentation there for this http://stackoverflow.com/a/12502761/497756 :

I needed to set an environment variable for a specific task to work. The "run" command allows you to pass options which include :env:

run "cmd", :env => { 'name' => 'value' }

In my case, I wanted to add the environment variable to a task that I didn't write, so I used default_run_options which is used by all invocations of run. I added this to the top of my Capfile:

default_run_options[:env] = { 'name' => 'value' }

please open a new ticket as this one was fixed for RVM 1.18 and current version is 1.21 - also possibly this would fit better rvm-capistrano issue tracker

@climatecheck

I'll open a new ticket under rvm-capistrano. Thanks.

@RKushnir

Was there any reason to make rvmsudo_secure_path lowercase? According to capistrano/sshkit#121 capistrano isn't going to support lowercase env variables. So you can either use rvm, or capistrano, but not both.

upd. In fact, the warning was hiding another error I had in my setup, after I fixed it the warning itself doesn't prevent the deployment from finishing. Nonetheless, it's annoying.

@archonic

I've been using rvm and capistrano for nearly a year now. It's been a while since I understood my deploy file, but I've got default_run_options[:env] = {'rvmsudo_secure_path' => 1} at the top and I got around a password promt bug by defining restart with a generic sudo command whoami:

task :restart, :roles => :app, :except => { :no_release => true } do
  run <<-CMD
    #{try_sudo} whoami;
    if [[ -f #{deploy_to}/#{shared_dir}/tmp/pids/passenger.#{passenger_port}.pid ]];
    then
      cd #{current_path} && #{passenger_cmd} stop -p #{passenger_port};
    fi
  CMD
  run <<-CMD
    #{try_sudo} whoami;
    cd #{current_path} && #{passenger_cmd} start -e #{rails_env} -p #{passenger_port} -d --user=#{user};
  CMD
end

Touching restart.txt never did anything for me.

@tquackenbush tquackenbush referenced this issue in capistrano/passenger Apr 10, 2015
Closed

sudo: passenger-config: command not found #9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment