4

When I was trying to run chkconfig as an ordinary user (on CentOS 5) I realized that I could not access it because the directory, sbin, is not in my $PATH. When I su to root it still doesn't work. I realize that the $PATH variable is the same as the ordinary user that I switched from.

However when I log in as root to begin with, the $PATH variable is the correct one for root and I can run the command.

Is this supposed to work this way? How can I make an ordinary user have temporary access to commands that can only be run as root?

Thanks

Ron
  • 157
  • 1
  • 9
  • 2
    You can always fully qualify the command you are trying to run. i.e. `#/sbin/chkconfig -options` will work if you path isn't correct – Zypher Aug 18 '10 at 23:37

3 Answers3

18

Try using the command su -. The - means the new shell will get a environment of the user you have changed to. If you don't use it most of your environment will remain the same.

The man page for su says:

The optional argument - may be used to provide an environment similar to what the user would expect had the user logged in directly.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
0

I think it's normal, each user has his own PATH variable and you can change it for the user in his profile if you need.

Regarding allowing a user to execute commands reserved to root it is possible using setuid bit but it can be dangerous (setuid). If the user has execute permission (via group for example) on a root owned file with setuid bit set, he will execute this file with the owner's permissions (root) and not with his own permissions. I'm not sure it works on all distributions because according to the docs many distributions do not respect it due to security risks but it works on Ubuntu at least.

laurent
  • 2,055
  • 16
  • 14
0

Root and User have totally different and discrete environments. Using sudo, gives you the ability to execute restricted commands, but actually keeping for environmental variables untouched.

On the other hand, su , let's say that loads the root's environment. It's almost like login as root.

About your question, you can make a regular user to be able to "see" the commands, but not execute them. you still need root priviledges for this.

for example, you can run ifconfig as a regular user, just to see your ip , but if you want to change something then you must have the proper priviledges.

Nikolaidis Fotis
  • 2,032
  • 11
  • 13