Hi,
When sudo'ing to another user, how can I obtain all of their environment
settings as they receive when logging in themselves?
When I use sudo in this manner, settings such as $PATH, $MAIL & umask
aren't being honoured:
$ echo $LOGNAME; echo $PATH; echo $MAIL; umask
craig
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/site/bin:/usr/site/sbin:/home/craig/bin
/var/mail/craig
027
Here, $PATH, $MAIL & umask are unchanged:
$ sudo -H -i -u david
$ echo $LOGNAME; echo $PATH; echo $MAIL; umask
david
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/site/bin:/usr/site/sbin:/home/craig/bin
/var/mail/craig
027
Compare the difference when logging in as that user:
$ login david
...
$ echo $LOGNAME; echo $PATH; echo $MAIL; umask
david
/usr/bin:/bin:/usr/local/bin:/usr/site/bin:/home/david/bin
/var/mail/david
022
/etc/login.conf:
default:\
:passwordcheck=/usr/local/bin/pwqcheck -1:\
:passwordtries=0:\
:path=/usr/bin /bin /usr/local/bin /usr/site/bin ~/bin:\
:umask=022:\
:datasize-cur=....
staff:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/local/bin /usr/local/sbin
/usr/site/bin /usr/site/sbin ~/bin:\
:umask=027:\
:datasize-cur=....
$ egrep 'env_|Defaults' /etc/sudoers | grep -v ^#
Defaults env_keep +="DESTDIR DISTDIR EDITOR FETCH_CMD FLAVOR FTPMODE GROUP MAKE"
Defaults env_keep +="MAKECONF MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_CACHE"
Defaults env_keep +="PKG_DBDIR PKG_DESTDIR PKG_PATH PKG_TMPDIR PORTSDIR"
Defaults env_keep +="RELEASEDIR SHARED_ONLY SSH_AUTH_SOCK SUBPACKAGE VISUAL"
Defaults env_keep +="WRKOBJDIR"
Defaults always_set_home, ignore_dot, use_loginclass
login(1):
login enters information into the environment (see environ(7)) specifying
the user's home directory (HOME), command interpreter (SHELL), search
path (PATH), terminal type (TERM), and user name (both LOGNAME and USER).
ENVIRONMENT
login sets the following environment variables:
HOME
MAIL
sudo(8):
Command Environment
...................... On BSD systems, if the use_loginclass option is
enabled, the environment is initialized based on the path and setenv
settings in /etc/login.conf. The new environment contains the TERM,
PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in
addition to variables from the invoking process permitted by the
env_check and env_keep options. This is effectively a whitelist for
environment variables.
How can I become another user - without knowing their password,
and gain their 'natural' environment?
e.g. from wheel group to a users group member.
'su -l username' & 'login username' require their password.
I thought 'sudo -H -i -u username' would do it.
Any suggestions on what else I need to configure?
