Commands.page Logo

How to Disable Secure Path in Sudo on Ubuntu

This article provides a step-by-step guide on modifying or bypassing secure_path restrictions within the sudo configuration on Ubuntu. You will learn how to safely access the sudoers file, locate the specific path settings, and adjust them to allow custom binary locations. Follow these instructions to change environment paths for privileged commands while understanding the associated security implications.

Understand Secure Path

The secure_path setting in sudo defines the system path used when running commands with elevated privileges. It prevents users from executing binaries located in non-standard directories, reducing the risk of running malicious scripts. However, specific administrative tasks may require adding directories to this path or disabling the restriction entirely.

Edit the Sudoers File

Never edit the /etc/sudoers file directly. Always use the visudo command, which checks for syntax errors before saving changes. Open your terminal and run the following command:

sudo visudo

Modify the Secure Path Setting

Inside the editor, locate the line that begins with Defaults secure_path. It typically looks like this:

Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

To bypass the restriction, you have two options. First, you can add your custom directory to the existing list within the quotes. Second, you can comment out the line entirely by adding a # at the beginning, which reverts sudo to use the user’s existing PATH environment variable.

Save and Exit

If you are using the default nano editor, press Ctrl + O to save and Ctrl + X to exit. If you are using vim, type :wq and press Enter. visudo will verify the syntax. If there are no errors, the changes take effect immediately.

Security Warning

Disabling secure_path reduces system security. It allows sudo to execute binaries from directories writable by standard users, potentially enabling privilege escalation attacks. Only disable this restriction if absolutely necessary and ensure custom directories have strict permissions.