Ubuntu – Why does sudo not add root’s PATH with Ubuntu 12.04

12.04serversudo

I've recently upgraded my server to Ubuntu Server 12.04. Previously it was running 11.04.

Ever since then I've been having trouble carrying out root user commands through sudo. An example of this would be:

> sudo ufw status
sudo: ufw: command not found
> sudo su - root
> ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    LIMIT       Anywhere

With Ubuntu 11.04 the plain sudo ufw status worked fine, but with Ubuntu 12.04 it can't find the command.

This seems to just be a problem with the PATH not being set (ufw is found in /usr/sbin/ufw).

What I'm trying to understand is what I need to change back so that root's PATH is set correctly when I just sudo <sbin command>?

Best Answer

Besides security reasons (as Anders has referred to), keeping the original user's PATH also conforms to the Principle of Least Astonishment.

Suppose you run a program called foo, but discover that you really need to run it as root. So you run sudo foo. It would be bad if the program run by sudo foo is different from the program run by foo, which would happen if there's a different foo in root's PATH. This would fundamentally violate your expectations and the general assumption that sudo does the same thing as what you put after it, except as root.

That's what would happen if sudo prepended root's PATH to your PATH. But suppose sudo appended root's path to your PATH. If this was sudo's behavior, then you'd probably assume that if you can run a program (call it bar) when simulating an initial root login shell (sudo -i), you could also run it with sudo bar. But that assumption would be wrong, because there might be a different bar in your own (i.e., not root's) path.

Rather than sudo's behavior changing from one Ubuntu release to another, what probably happened was that your PATH changed. If you add /sbin, /usr/sbin, and /usr/local/sbin to your PATH, the problem will be solved. Unless you only want sbin in your PATH when running programs as root. In that case, I recommend posting a separate question about that (though one technique for accomplishing this is hinted at in Anders's answer.)