Error message "sudo: sorry, you are not allowed to set the following environment variables: PCAP_PF_RING_CLUSTER_ID"

[josemic]

Error message "sudo: sorry, you are not allowed to set the following environment variables: PCAP_PF_RING_CLUSTER_ID"

Solution: "Defaults env_reset" to “Defaults !env_reset” in /etc/sudoers

Add this to the readme.

[msantos]

See sudoers(5):

If, however, the env_reset option is disabled, any variables not explicitly denied by the env_check and env_delete options are inherited from the invoking process. In this case, env_check and env_delete behave like a blacklist. Since it is not possible to blacklist all potentially dangerous environment variables, use of the default env_reset behavior is encouraged.

Encouraging users to disable env_reset by default (affects everything running sudo) is not good advice.

Thanks for posting your experiences getting things working though. So it doesn't get lost in the issue tracker, probably better to send a merge request or put it in the wiki that I just created:

https://github.com/msantos/epcap/wiki

[josemic]

Not sure. But maybe using erl with environment variable may be another solution:

erl -env DISPLAY gin:0

http://erlang.org/doc/man/erl.html

[msantos]

That might work. I think I'll introduce a epcap:getenv/1 to match epcap:getopts/1:

-spec getenv(proplists:proplist()) -> proplists:proplist().

Then epcap:init/1 can do:

Env = getenv(Options),
Port = open_port({spawn, Cmd}, [{packet, 2}, {env, Env}, binary, exit_status])

If that works, epcap can switch from using spawn to spawn_executable.

[msantos]

I forgot that sudo resets the environment, so we can't pass in the env to open_port. Instead I added an option to set env vars on the command line.

[josemic]

Michael. These are good news. Could you please elaborate how to use it. Preferably by putting some info into the Wiki.

[msantos]

You shouldn't have to do anything. The patch moves where the PCAP_PF_RING_CLUSTER_ID environment variable is set so sudo won't be confused.