How to programatically add secure_path in sudoers file

linux grep

Solution 1:

If you can live with replacing the secure_path value instead of appending it, you can use a much easier solution. Usually sudo has a config directory like /etc/sudoers.d where you can drop additional configuration files.

Just create a file there with your complete secure_path value:

Defaults secure_path="<default value>:/usr/local/bin"

This overwrites the value from the main config. If the path value is the same for all your machines this can easily be deployed with scripts or a package.

This has the additional advantage that you don't have to check and possibly merge config files when the sudo package is updated in the future.

Solution 2:

assuming you know the line with secure_path exists, a simple sed command to do this

sed -i -e '/secure_path/ s[=.*[&:/usr/local/bin[' /etc/sudoers

or a bit more sophisticated (more syntax check on input) : 

sed -i -r -e '/^\s*Defaults\s+secure_path/ s[=(.*)[=\1:/usr/local/bin[' /etc/sudoers

Related

Windows secure file copy between servers
How to determine cause of system crash?
How can I find what options an rpm was compiled with
Checklist for changing the hostname of a server [closed]
How to find out the source of a POSIX signal
SSH if command output is more than about 5 lines
Is it possible to span one huge VM across several physical commodity servers?
Change the Powershell $profile directory
Can an LDAP query on AD provide the netbios domain name for a single account when using the Global Catalog?
Remove Duplicate Messages from Maildir
What is the reason for choosing a different print processor?
Anyone know of a tool to detect and report on repeating patterns in a log file? [closed]