KDE4: sudo removes /usr/lib/kde4/bin from PATH: e.g. "sudo kate" fails

Bug #191264 reported by yegle on 2008-02-12
108
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Medium
Unassigned
Hardy
Undecided
Mackenzie Morgan

Bug Description

I installed kate-kde4 and run "sudo kate",the system tells me "command not found"
I tried to run kate normally and run kate after "sudo su",everything is fine.

Ralph Janke (txwikinger) wrote :

Thanks for reporting this issue.

It seems that /usr/lib/kde4/bin/ is not part of your path variable in the root environment. When you execute "sudo su" you do not change the environment variables to the root defaults, but they stay as they are.

I do not believe this is a bug as this stage, but rather a configuration issue because of parallel KDE versions. Therefore I would like to close this report.

Thanks

Changed in kdesdk-kde4:
assignee: nobody → txwikinger
status: New → Incomplete

yegle@yegle-laptop:~$ cat /etc/environment
PATH="/usr/lib/kde4/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
LANG="en_US.UTF-8"
LANGUAGE="en_US:en"

I'm confused...

On 2/13/08, Ralph Janke <email address hidden> wrote:
>
> Thanks for reporting this issue.
>
> It seems that /usr/lib/kde4/bin/ is not part of your path variable in
> the root environment. When you execute "sudo su" you do not change the
> environment variables to the root defaults, but they stay as they are.
>
> I do not believe this is a bug as this stage, but rather a configuration
> issue because of parallel KDE versions. Therefore I would like to close
> this report.
>
> Thanks
>
>
> ** Changed in: kdesdk-kde4 (Ubuntu)
> Assignee: (unassigned) => Ralph Janke (txwikinger)
> Status: New => Incomplete
>
> ** Tags added: kde4
>
> --
> run "sudo kate" and got a "command not found"
> https://bugs.launchpad.net/bugs/191264
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Could you please provide the results of the following:

1) "which kate"
2) "sudo which kate"
3) "sudo su" and then "which kate"

Thanks

yegle@yegle-laptop:~$ which kate
/usr/lib/kde4/bin/kate
yegle@yegle-laptop:~$ sudo which kate
[sudo] password for yegle:
yegle@yegle-laptop:~$ sudo su

root@yegle-laptop:/home/yegle# which kate

/usr/lib/kde4/bin/kate

The second command don't have any output.

On 2/17/08, Ralph Janke <email address hidden> wrote:
>
> Could you please provide the results of the following:
>
> 1) "which kate"
> 2) "sudo which kate"
> 3) "sudo su" and then "which kate"
>
> Thanks
>
> --
> run "sudo kate" and got a "command not found"
> https://bugs.launchpad.net/bugs/191264
> You received this bug notification because you are a direct subscriber
> of the bug.
>

This points to what I was referring to. Somehow your environment when using sudo is changed, which creates the problem. Have you configured any changes to the environment in /etc/sudoers file?

no,I'm pretty sure about that.

On 2/29/08, Ralph Janke <email address hidden> wrote:
>
> This points to what I was referring to. Somehow your environment when
> using sudo is changed, which creates the problem. Have you configured
> any changes to the environment in /etc/sudoers file?
>
>
> --
> run "sudo kate" and got a "command not found"
> https://bugs.launchpad.net/bugs/191264
> You received this bug notification because you are a direct subscriber
> of the bug.
>

It is not possible to reproduce this problem with the information given. Could you please provide information that allows us to reproduce this problem.

Thanks

Sorry that I'm a newbie to linux,and I'm not sure which information is
needed.

The problem is probably related to the PATH environment.All the program in
 /usr/lib/kde4/bin (e.g. konsole-kde4) ,when I try to run with sudo ,this
error occured.

No one can confirm this bug?

On 3/6/08, Ralph Janke <email address hidden> wrote:
>
> It is not possible to reproduce this problem with the information given.
> Could you please provide information that allows us to reproduce this
> problem.
>
> Thanks
>
>
> --
> run "sudo kate" and got a "command not found"
> https://bugs.launchpad.net/bugs/191264
> You received this bug notification because you are a direct subscriber
> of the bug.
>

What do you get if you run

sudo env | grep PATH?

Ralph Janke (txwikinger) wrote :

sudo env | grep PATH

without the ? :)

Thanks

finally!I think this is the problem.

the result is
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin

/usr/lib/kde4/bin is not in the PATH variable

Is this a bug or just a configuration problem?

On 3/6/08, Ralph Janke <email address hidden> wrote:
>
> sudo env | grep PATH
>
> without the ? :)
>
> Thanks
>
>
> --
> run "sudo kate" and got a "command not found"
> https://bugs.launchpad.net/bugs/191264
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Ok.. I finally found the problem. Sorry for it taking so long!

sudo for ubuntu is compiled with a secure_path that contains "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin".

Therefore using sudo kate would only look for kate in the search path above, not in the search path you have defined in /etc/environment or in your user environment. This is a security measure to prevent sudo users to execute a wrong system command by accident and therefore possibly create a security breach.

I am not sure if there is a real solution for this except an override of the compiled search path by a configured one in /etc. I have not found yet if this possible.

Thank you for your answer!

On 3/6/08, Ralph Janke <email address hidden> wrote:
>
> Ok.. I finally found the problem. Sorry for it taking so long!
>
> sudo for ubuntu is compiled with a secure_path that contains
>
> "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin".
>
> Therefore using sudo kate would only look for kate in the search path
> above, not in the search path you have defined in /etc/environment or in
> your user environment. This is a security measure to prevent sudo users
> to execute a wrong system command by accident and therefore possibly
> create a security breach.
>
> I am not sure if there is a real solution for this except an override of
> the compiled search path by a configured one in /etc. I have not found
> yet if this possible.
>
>
> --
> run "sudo kate" and got a "command not found"
> https://bugs.launchpad.net/bugs/191264
> You received this bug notification because you are a direct subscriber
> of the bug.
>

I don't think the secure search path set during compile time can be overrode.

There are different options.

1) You can call kate with full path.
2) You can create a link i.e. in /usr/local/bin that points to the correct place of kate (manageable if you only use, but not very nice)

In any case, you should use kdesudo instead of sudo when using kde GUI apps. However, kdesudo seems to have the same search path, so there is no difference.

Ralph Janke (txwikinger) wrote :

kdesudo should include /usr/lib/kde4/bin in its secure search path, otherwise any command run with kdesudo will run only the kde3 version, or will fail if none exists.

Changed in kdesdk-kde4:
importance: Undecided → Low
status: Incomplete → Triaged
Changed in kdesudo-kde4:
assignee: txwikinger → nobody

I tried "kdesu kate" and it worked,but "gksu kate" gets nothing(no error,and
kate didn't run)

"kdesudo kate" gets a "command not found"

On 3/6/08, Ralph Janke <email address hidden> wrote:
>
> I don't think the secure search path set during compile time can be
> overrode.
>
> There are different options.
>
> 1) You can call kate with full path.
> 2) You can create a link i.e. in /usr/local/bin that points to the correct
> place of kate (manageable if you only use, but not very nice)
>
> In any case, you should use kdesudo instead of sudo when using kde GUI
> apps. However, kdesudo seems to have the same search path, so there is
> no difference.
>
>
> --
> run "sudo kate" and got a "command not found"
> https://bugs.launchpad.net/bugs/191264
> You received this bug notification because you are a direct subscriber
> of the bug.
>

"kdesu kate" has for me exactly the same behaviour as "kdesudo kate"

Others an I do have the same problem, see https://bugs.launchpad.net/ubuntu/+source/kubuntu-default-settings/+bug/199787 for more details.

Changed in kdesudo-kde4:
status: Triaged → Confirmed

To find out more about Twitter, visit the link below:

http://twitter.com/i/f12a10f9a8e62ae40be4c1410d591180d0e57101

Thanks,
-The Twitter Team

About Twitter

Twitter is a unique approach to communication and networking based on the simple concept of status. What are you doing? What are your friends doing—right now? With Twitter, you may answer this question over SMS, IM, or the Web and the responses are shared between contacts.

Daniel Hahler (blueyed) on 2008-04-11
Changed in kdesudo-kde4:
importance: Low → Medium
Blackpaw (lindsay-mathieson) wrote :

Confirming I have the same issue. Kubuntu 8.04 KDE4

j@mcnamara.name (j-mcnamara) wrote :

Everything described here is common to my installation of 8.04 KDE4 as well.

I did a fresh install and received "No command argument supplied[-u <runs>] kdesudo will now exit"
after completing my installation. I reinstalled with formating and received the same message.

When I enter sudo kate I get "command not found"

Entering sudo env | grep PATH results in

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin

thoughts??

SerGuMa (serguma) wrote :

Same thing happens to me and other people, sorry for the duplicate, didn't see that report earlier

https://bugs.launchpad.net/bugs/223264

Andrei Holub (holub) wrote :

Quick fix solution:
Kubuntu 8.04 KDE 4 Remix:
kdesudo systemsettings #doesn't work
/usr/lib/kde4/bin/kdesudo /usr/lib/kde4/bin/systemsettings #works fine for me

jonijones (jonijones) wrote :

Sorry, i didn't get the point which solved the problem.
i tried to install the AVM-USB-stick linux-driver with:
sudo ./install
but got the same result as with
/usr/lib/kde4/bin/kdesudo ./install
and sudo kate doesn't work either.
I do remember this being easier in 7.10!

Here is my quick workaround for this problem, using some bash scripting to create a new command and putting it in your .bashrc file.

Add the following to the bottom of your ~/.bashrc file:

kde4sudo () {
otherargs=""
first=true
for i in $*
do
  if [ $first = true ]
  then
    first=false
  else
    otherargs="$otherargs $i"
  fi
done
kdesudo `which "$1"` $otherargs
}

Then run kde4 applications as root by typing, for example, "kde4sudo dolphin" or "kde4sudo kate /etc/X11/xorg.conf".
This gets rid of the annoyance of having to type the full path each time you wish to run a kde4 application as root.

Note: this will only start functioning in new shells so close open shells or restart to get it fully working.

Fred Hermanns (fintan) wrote :

@gerard:
Your work around unfortunately does not work in Hardy kde4 remix kde4.04 or upgraded to 4.1 beta.

No application is shown in the run command screen.

I think this is a serious problem.

Mike (mike0999) wrote :

I've got the same issue in the KDE4 remix.

Bazilio (bazilio-recast1) wrote :

the same problem.
also if I type alt+F2 and try to run konsole, I get konsole-kde3 instead of konsole-kde4
Kubuntu-8.04 KDE4.1 betta
This is a serious problem. I can't use default kde4 applications in kde4...

Terrax (tball-es) wrote :

I can confirm this bug on Kubuntu Hardy - kde 4 beta 2,

This is a very serious bug. Thx in advance

Simone Tolotti (simontol) wrote :

Anyone? I'm looking for a way to force PATH=/usr/lib/kde4/bin:${PATH} for sudoers...

Ian Dickerson (iandickerson) wrote :

I have this problem in KDE Version: 4:4.1.0-0ubuntu1~hardy1~ppa2.

H.i.M (hir-i-mogul-gmail) wrote :

confirm.

Kubuntu 8.04 KDE4.1

friedrich@linsmann:~$ sudo kate
[sudo] password for friedrich:
sudo: kate: command not found
friedrich@linsmann:~$

H.i.M (hir-i-mogul-gmail) wrote :

I dont think, that this is an security issue, but the improtance should be "high".
The problem exists since the first package release (alpha) for Kubuntu.
A solution is a MUST. What about to "ln" all application

Could a short workaround be to "ln"?
e.g.:
"root@linsmann:/# ln /usr/lib/kde4/bin/kate /bin/"

....and replace the "kate" example with other applications in a script, which "ln"s all apps in "/usr/lib/kde4/bin/" to "/bin"?

Yuriy Kozlov (yuriy-kozlov) wrote :

This is not an issue in intrepid because KDE4 there is installed to standard places (/usr/bin). Binaries or links can't go there in Hardy because kde3 binaries go there and Hardy lets you install both alongside.

Fred Hermanns (fintan) wrote :

"Binaries or links can't go there in Hardy because kde3 binaries go there and Hardy lets you install both alongside."

I understand that logic for kde3 / kde4 environments but not for the HH remix version which is supposed to be kde4 only.

Bazilio (bazilio-recast1) wrote :

> I understand that logic for kde3 / kde4 environments but not for the HH remix version which is supposed to be kde4 only.
I agree.

kdesudo in KDE4 must use /usr/lib/kde4/bin/ as the first path.

Fred Hermanns (fintan) wrote :

Why?
Intrepid =>/usr/bin

Debian kde4 =>/usr/bin

As I said with a kde3 / kde4 environment it is logical but not for a kde4 only system (HH remix).

Piotr M (yabolus) wrote :

Is it really such a big problem for Ubuntu devs to recompile sudo with /usr/lib/kde4/bin/ added to this secure_path thingy?

I'm not mocking anyone, it just seems like a 10 minute task... I'm simply wondering what's keeping the devs from doing it.

Mackenzie Morgan (maco.m) wrote :

Fred:
Just because the HH remix only includes KDE4 apps *by default* doesn't mean it has to stay that way. You still have access to the full repositories, so it's still possible to make KDE3/KDE4 clashes.

Changed in kdesudo-kde4 (Ubuntu):
assignee: nobody → Mackenzie Morgan (maco.m)
status: Confirmed → In Progress
Martin Pitt (pitti) wrote :

Accepted sudo into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Martin Pitt (pitti) wrote :

Is this an issue in karmic as well?

affects: kdesudo-kde4 (Ubuntu) → sudo (Ubuntu)
Changed in sudo (Ubuntu Hardy):
assignee: nobody → Mackenzie Morgan (maco.m)
status: New → Fix Committed
Shaved Wookie (shavedwookie) wrote :

Not for me. Neither was it a problem in Jaunty. I think it was only an issue sometime around Intrepid or earlier.

The KDE3/KDE4 thing in Hardy made it a problem for Hardy-only.

Martin Pitt (pitti) on 2009-07-30
Changed in sudo (Ubuntu):
assignee: Mackenzie Morgan (maco.m) → nobody
status: In Progress → Invalid
Steve Beattie (sbeattie) wrote :

I have reproduced the PATH issue with hardy-update's (kubuntu-kde4) sudo, 1.6.9p10-1ubuntu3.4, and can confirm that the sudo in hardy-proposed, 1.6.9p10-1ubuntu3.5, adds /usr/lib/kde4/bin to sudo's builtin path and kde4 binaries can be invoked without full paths with kdesudo/sudo. I verified that the minimal sudo tests in qa-regression-testing tree continued to pass, and sudo, kdesudo, and gksu/gksudo all continue to work for non-kde4 binaries, on both kubuntu-kde4 and an ubuntu desktop install. Marking verification-done.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sudo - 1.6.9p10-1ubuntu3.5

---------------
sudo (1.6.9p10-1ubuntu3.5) hardy-proposed; urgency=low

  * debian/rules:
   - add /usr/lib/kde4/bin to secure_path (LP: #191264)

 -- Mackenzie Morgan <email address hidden> Thu, 23 Jul 2009 12:32:28 -0400

Changed in sudo (Ubuntu Hardy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers