6

I'm having a hard time getting my brain wrapped around how LD_LIBRARY_PATH is handled differently for the following three cases:

  • run as a regular user
  • run via "sudo command"
  • run via "sudo bash" followed in the root shell by "command"

My particular problem is that a binary I'm trying to run (called dc_full) requires sudo access, but throws the following error when run as "sudo command":

ljw@test$ sudo ./dc_full ./dc_full: error while loading shared libraries: libthrift-0.9.1.so: cannot open shared object file: No such file or directory ljw@test$ sudo bash root@ljw-vm1:~/test# ./dc_full . ...<works fine here!> .

I have the following line in both /etc/bash.bashrc and in ~/.bashrc for user ljw.

root@ljw-vm1:~# grep LD_LIBRARY ~/.bashrc export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib root@ljw-vm1:~# grep LD_LIBRARY /etc/bash.bashrc export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib

I would expect that this covers both the sudo and sudo-bash cases, one covers the user shell and one covers the "root" shell. But clearly this is not happening.

I found references to ldd, which gives me a big hint that it's not working, but not quite WHY...

root@ljw-vm1:~/dc_full# ldd ./dc_full | grep thrift libthrift-0.9.1.so => /usr/local/lib/libthrift-0.9.1.so (0x00007eff19e7c000) ljw@ljw-vm1:~/dc_full$ ldd ./dc_full | grep thrift libthrift-0.9.1.so => /usr/local/lib/libthrift-0.9.1.so (0x00007f8340cc5000) ljw@ljw-vm1:~/dc_full$ sudo ldd ./dc_full | grep thrift [sudo] password for ljw: libthrift-0.9.1.so => not found

How is LD_LIBRARY_PATH set in each of these three cases?

Improve this question
1

2 Answers 2

Reset to default
6

Allowing LD_LIBRARY_PATH for suid binaries like sudo is a security problem, thus LD_LIBRARY_PATH gets stripped out of the environment. sudo by default doesn't passthrough LD_LIBRARY_PATH to its children either for the same security concerns: carefully crafted libraries would allow you to bypass the sudo argument restrictions to execute whatever you want.

If you need a variable set like this either use sudo -E, or pass the env variables on the command line like so: sudo -- LD_LIBRARY_PATH=/usr/local/lib dc_full. sudo will have to be configured to allow you to pass environment variables, which usually does not need manual configuration.

Improve this answer
1
3

Add /usr/local/lib to /etc/ld.so.conf and run ldconfig, then you'll have this path added as a default path for libraries.

Improve this answer

    You must log in to answer this question.

    Start asking to get answers

    Find the answer to your question by asking.

    Ask question

    Explore related questions

    See similar questions with these tags.