Sudo cannot find scripts in the user's home despite the ENV set correctly [Solved]

[mikech]

I am trying to run a script, who's path is within subdirectories in the user's home, and is listed in the env, and works perfectly when run by the user from any directory without specifying its path, but only works with sudo when using the absolute path. In that case it works perfectly also.

I can confirm that the PATH is being inherited correctly by sudo, and it does include the /home/q/Desktop/Scripts/ directory where the script is located. So, the issue doesn't seem to be related to the PATH or the environment variables.

However, since the "sudo which filename" command doesn't find the script even though it's in the sudo PATH, this suggests that the problem is likely related to how sudo resolves the file or possibly an issue with how the script is being executed in the root environment.

To summarize the key points:
1. The script works with sudo when run directly from its directory, and the issue occurs when running it from anywhere else using sudo.
2. The PATH is correct: I can see that /home/q/Desktop/Scripts/ is in the PATH both for the user and when using sudo.
3. The script is executable (chmod +x is set properly).
4. "sudo" won't find and run scripts except directly from the absoulte path even though it sees the same env variable as the user.
5. "which" doesn't find the script when run with sudo, even though the PATH is correct.
6. The user can use the script from anywhere with "bash filename".
7. The script performs a complete backup of the user's home, however some files will not be backed up unless using "sudo".

Not much point in having env variables if sudo can''t use them!! By the way, ChatGPT4.0 was completely useless for this issue. I think it seems to be getting dumber every day!

I ALWAYS forget this:

Code: Select all

System:
  Kernel: 6.9.9-1-liquorix-amd64 [6.9-8~mx23ahs] arch: x86_64 bits: 64 compiler: gcc v: 12.2.0 parameters: audit=0
    intel_pstate=disable BOOT_IMAGE=/boot/vmlinuz-6.9.9-1-liquorix-amd64 root=UUID=<filter> ro
    quiet splash
  Desktop: Xfce v: 4.18.1 tk: Gtk v: 3.24.36 info: xfce4-panel wm: xfwm v: 4.18.0 vt: 7
    dm: LightDM v: 1.26.0 Distro: MX-23.4_ahs_x64 Libretto January 21  2024 base: Debian GNU/Linux
    12 (bookworm)
Machine:
  Type: Desktop System: Gigabyte product: Z390 AORUS PRO WIFI v: N/A serial: <superuser required>
  Mobo: Gigabyte model: Z390 AORUS PRO WIFI-CF serial: <superuser required>
    UEFI: American Megatrends v: F12 date: 11/05/2021
Battery:
  Device-1: hidpp_battery_0 model: Logitech M720 Triathlon Multi-Device Mouse serial: <filter>
    charge: 10% (should be ignored) rechargeable: yes status: discharging
CPU:
  Info: model: Intel Core i5-9600K bits: 64 type: MCP arch: Coffee Lake gen: core 9 level: v3
    note: check built: 2018 process: Intel 14nm family: 6 model-id: 0x9E (158) stepping: 0xD (13)
    microcode: 0x100
  Topology: cpus: 1x cores: 6 smt: <unsupported> cache: L1: 384 KiB desc: d-6x32 KiB; i-6x32 KiB
    L2: 1.5 MiB desc: 6x256 KiB L3: 9 MiB desc: 1x9 MiB
  Speed (MHz): avg: 2600 high: 4400 min/max: 800/3701 boost: enabled scaling:
    driver: acpi-cpufreq governor: ondemand cores: 1: 4400 2: 4400 3: 4400 4: 800 5: 800 6: 800
    bogomips: 44398
  Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
  Vulnerabilities:
  Type: gather_data_sampling mitigation: Microcode
  Type: itlb_multihit status: KVM: VMX disabled
  Type: l1tf status: Not affected
  Type: mds status: Not affected
  Type: meltdown status: Not affected
  Type: mmio_stale_data mitigation: Clear CPU buffers; SMT disabled
  Type: reg_file_data_sampling status: Not affected
  Type: retbleed mitigation: Enhanced IBRS
  Type: spec_rstack_overflow status: Not affected
  Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl
  Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization
  Type: spectre_v2 mitigation: Enhanced / Automatic IBRS; IBPB: conditional; RSB filling;
    PBRSB-eIBRS: SW sequence; BHI: SW loop, KVM: SW loop
  Type: srbds mitigation: Microcode
  Type: tsx_async_abort mitigation: TSX disabled
Graphics:
  Device-1: NVIDIA TU106 [GeForce RTX 2060 SUPER] vendor: Micro-Star MSI driver: nouveau v: kernel
    non-free: 530.xx+ status: current (as of 2023-03) arch: Turing code: TUxxx process: TSMC 12nm FF
    built: 2018-22 pcie: gen: 1 speed: 2.5 GT/s lanes: 16 link-max: gen: 3 speed: 8 GT/s ports:
    active: HDMI-A-1 empty: DP-1,DP-2,DP-3 bus-ID: 01:00.0 chip-ID: 10de:1f06 class-ID: 0300
  Display: x11 server: X.Org v: 1.21.1.7 compositor: xfwm v: 4.18.0 driver: X:
    loaded: modesetting unloaded: fbdev,vesa dri: nouveau gpu: nouveau display-ID: :0.0 screens: 1
  Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.00x11.22") s-diag: 582mm (22.93")
  Monitor-1: HDMI-A-1 mapped: HDMI-1 model: Samsung serial: <filter> built: 2014 res: 1920x1080
    hz: 60 dpi: 40 gamma: 1.2 size: 1209x680mm (47.6x26.77") diag: 801mm (31.5") ratio: 16:9 modes:
    max: 1920x1080 min: 720x400
  API: OpenGL v: 4.3 Mesa 24.2.2-1~mx23ahs renderer: NV166 direct-render: Yes
Audio:
  Device-1: Intel Cannon Lake PCH cAVS vendor: Gigabyte driver: snd_hda_intel v: kernel
    alternate: snd_soc_avs,snd_sof_pci_intel_cnl bus-ID: 00:1f.3 chip-ID: 8086:a348 class-ID: 0403
  Device-2: NVIDIA TU106 High Definition Audio vendor: Micro-Star MSI driver: snd_hda_intel
    v: kernel pcie: gen: 1 speed: 2.5 GT/s lanes: 16 link-max: gen: 3 speed: 8 GT/s bus-ID: 01:00.1
    chip-ID: 10de:10f9 class-ID: 0403
  API: ALSA v: k6.9.9-1-liquorix-amd64 status: kernel-api tools: alsamixer,amixer
  Server-1: PipeWire v: 1.0.0 status: active with: 1: pipewire-pulse status: active
    2: wireplumber status: active 3: pipewire-alsa type: plugin 4: pw-jack type: plugin
    tools: pactl,pw-cat,pw-cli,wpctl
Network:
  Device-1: Intel Ethernet I219-V vendor: Gigabyte driver: e1000e v: kernel port: N/A
    bus-ID: 00:1f.6 chip-ID: 8086:15bc class-ID: 0200
  IF: eth0 state: up speed: 1000 Mbps duplex: full mac: <filter>
  IF-ID-1: nordlynx state: unknown speed: N/A duplex: N/A mac: N/A
Bluetooth:
  Device-1: Broadcom BCM20702A0 Bluetooth 4.0 type: USB driver: btusb v: 0.8 bus-ID: 1-11.1:4
    chip-ID: 0a5c:21e8 class-ID: fe01 serial: <filter>
  Report: hciconfig ID: hci0 rfk-id: 0 state: up address: <filter> bt-v: 2.1 lmp-v: 4.0
    sub-v: 220e hci-v: 4.0 rev: 1000
  Info: acl-mtu: 1021:8 sco-mtu: 64:1 link-policy: rswitch sniff link-mode: peripheral accept
    service-classes: rendering, capturing, audio, telephony
RAID:
  Hardware-1: Intel SATA Controller [RAID mode] driver: ahci v: 3.0 port: 5020 bus-ID: 00:17.0
    chip-ID: 8086:2822 rev: N/A class-ID: 0104
Drives:
  Local Storage: total: 9.12 TiB used: 2.61 TiB (28.6%)
  SMART Message: Unable to run smartctl. Root privileges required.
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: A-Data model: SX8200PNP size: 953.87 GiB block-size:
    physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 type: SSD serial: <filter> rev: 42AZS6AC
    temp: 35.9 C scheme: GPT
  ID-2: /dev/sda maj-min: 8:0 vendor: Western Digital model: WD4002FYYZ-01B7CB0 size: 3.64 TiB
    block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s type: HDD rpm: 7200 serial: <filter>
    rev: 1M02 scheme: GPT
  ID-3: /dev/sdb maj-min: 8:16 vendor: Western Digital model: WD40EZRZ-00GXCB0 size: 3.64 TiB
    block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s type: HDD rpm: 5400 serial: <filter>
    rev: 0A80 scheme: GPT
  ID-4: /dev/sdc maj-min: 8:32 vendor: Samsung model: SSD 860 QVO 1TB size: 931.51 GiB
    block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s type: SSD serial: <filter> rev: 1B6Q
    scheme: MBR
Partition:
  ID-1: / raw-size: 953.53 GiB size: 937.49 GiB (98.32%) used: 25.72 GiB (2.7%) fs: ext4
    dev: /dev/nvme0n1p1 maj-min: 259:1
  ID-2: /boot/efi raw-size: 345 MiB size: 344.3 MiB (99.80%) used: 288 KiB (0.1%) fs: vfat
    dev: /dev/nvme0n1p2 maj-min: 259:2
  ID-3: /home raw-size: 3.64 TiB size: 3.58 TiB (98.43%) used: 580.25 GiB (15.8%) fs: ext4
    dev: /dev/sda1 maj-min: 8:1
Swap:
  Kernel: swappiness: 15 (default 60) cache-pressure: 100 (default)
  ID-1: swap-1 type: file size: 8 GiB used: 0 KiB (0.0%) priority: -2 file: /swap
Sensors:
  System Temperatures: cpu: 43.2 C pch: 50.0 C mobo: N/A
  Fan Speeds (RPM): N/A
Repos:
  Packages: pm: dpkg pkgs: 2992 libs: 1650 tools: apt,apt-get,aptitude,nala,synaptic pm: rpm
    pkgs: 0
  No active apt repos in: /etc/apt/sources.list
  No active apt repos in: /etc/apt/sources.list.d/contrib.list
  Active apt repos in: /etc/apt/sources.list.d/cuda-debian12-x86_64.list
    1: deb [signed-by=/usr/share/keyrings/cuda-archive-keyring.gpg] https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64/ /
  Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list
    1: deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware
  Active apt repos in: /etc/apt/sources.list.d/debian.list
    1: deb http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
    2: deb http://security.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
  Active apt repos in: /etc/apt/sources.list.d/mx.list
    1: deb https://mxrepo.com/mx/repo/ bookworm main non-free
    2: deb https://mxrepo.com/mx/testrepo/ bookworm test
    3: deb https://mxrepo.com/mx/repo/ bookworm ahs
  Active apt repos in: /etc/apt/sources.list.d/nordvpn.list
    1: deb https://repo.nordvpn.com//deb/nordvpn/debian/ stable main
Info:
  Processes: 342 Uptime: 2h 33m wakeups: 34 Memory: 62.72 GiB used: 2.34 GiB (3.7%) Init: SysVinit
  v: 3.06 runlevel: 5 default: graphical tool: systemctl Compilers: gcc: 12.2.0 alt: 12
  Client: shell wrapper v: 5.2.15-release inxi: 3.3.26
Boot Mode: UEFI

[imschmeg]

How did you confirm that a command run within sudo sees your PATH?

sudo resets PATH by default, for security reasons, but this can be overridden using sudo command options.

[Adrian]

Does sudo -E work? (-E is preserve environment option)

[mikech]

I used:

Code: Select all

$ sudo bash -c "echo $PATH"
/home/q/.cargo/bin:/home/q/.local/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/sbin:/usr/sbin:/home/q/Desktop:/home/q/Desktop/Scripts/:/home/q/Applications/:/home/q/Scripts/

Using E did not help.

Code: Select all

sudo bash -E "backupforinternaldrive2024x.sh"
bash: backupforinternaldrive2024x.sh: No such file or directory

Your questions gave me another idea so I did this:

Code: Select all

sudo printenv
(excerpt) PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

I see that gives me a different path! Does that tell us anything? This is beyond my knowledge level.

Using -E did not help:

Code: Select all

$ sudo -E bash "backupforinternaldrive2024x.sh"
bash: backupforinternaldrive2024x.sh: No such file or directory

[fehlix]

Does sudo -E work? (-E is preserve environment option)

You can use "sudo -E", as shown here:

Code: Select all

echo $PATH
/opt/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/sbin:/usr/sbin
sudo -E env  | grep -E '^HOME|^PATH'
HOME=/home/fehlix
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

but it resets PATH, and keeps user HOME, which can create issues, when the app
started with "sudo -E", writes stuff as root into user HOME. So highly not recommended.
The way to pass an adjusted PATH into sudo envirenment could be like this:

Code: Select all

sudo PATH="$PATH" env | grep -E '^HOME|^PATH'
PATH=/opt/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/sbin:/usr/sbin
HOME=/root

The env command used in the examples above is just to print out the environment parameters.

[imschmeg]

Code: Select all

$ sudo bash -c "echo $PATH"

evaluates PATH before calling sudo.

[mikech]

I did'nt really understand but I ran:

Code: Select all

sudo PATH="$PATH" env | grep -E '^HOME|^PATH'  
PATH=/opt/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/sbin:/usr/sbin
HOME=/root

Seems the same as yours. SO I think this means that sudo has a different env path. SO does that mean I always have to use an absolute path when using sudo? Is it risky to modify the sudo path by adding the path to my scripts? If not how would I do that?

[imschmeg]

compare:

Code: Select all

$ sudo bash -c "echo $PATH"

Code: Select all

$ sudo bash -c 'echo $PATH'

The first expands $PATH immediately because of the double quotes, the second doesn't.

[mikech]

I tried that. I have no idea what the significance is but here are the results:

Code: Select all

q@mx:/home/q
$ sudo bash -c 'echo $PATH'
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
q@mx:/home/q
$ sudo bash -c "echo $PATH"
/opt/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/sbin:/usr/sbin

So they are definitely different but not enough to add my script directory. But if I am understanding correctly it is risky to have sudo use the user defined env path?

Bottomline: I don't fully understand all this but I seem to get the idea that I should not try to use an env path shortcut and should always use an absolute path when using sudo??

[fehlix]

I did'nt really understand but I ran:

Code: Select all

sudo PATH="$PATH" env | grep -E '^HOME|^PATH'  
PATH=/opt/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/sbin:/usr/sbin
HOME=/root

Seems the same as yours. SO I think this means that sudo has a different env path. SO does that mean I always have to use an absolute path when using sudo? Is it risky to modify the sudo path by adding the path to my scripts? If not how would I do that?

Yes, this means sudo resets the PATH, and not taking what is set in user's environment..
with

Code: Select all

sudo PATH="$PATH" myapp

you tell sudo to take the environment paramteer "PATH" as it is set on the command line.
But you havn't shown us how you actually want to start the app in question, e.g with a script, a desktop launcher, or just from the terminal command line? B/c there are some small differeneces to take into account.