Re: sudo -u & environment help

Tue, 08 Apr 2014 05:27:08 -0700 

On Tue, Apr 8, 2014 at 7:17 AM, Andres Perera <andre...@zoho.com> wrote:
> On Fri, Apr 4, 2014 at 6:00 AM, Craig R. Skinner
> <skin...@britvault.co.uk> wrote:
>> Hi,
>>
>> When sudo'ing to another user, how can I obtain all of their environment
>> settings as they receive when logging in themselves?
>>
>> When I use sudo in this manner, settings such as $PATH, $MAIL & umask
>> aren't being honoured:
>
> [...]
>
> You do that with `sudo -c - -l`:
>
> $ { ulimit -a; env; } > ea
> $ sudo -c - -i 'ulimit -a; env' > eb
> $ diff -u ea e
> --- ea Tue Apr  8 07:13:11 2014
> +++ eb Tue Apr  8 07:14:22 2014
> @@ -1,29 +1,24 @@
>  time(cpu-seconds)    unlimited
>  file(blocks)         unlimited
>  coredump(blocks)     unlimited
> -data(kbytes)         524288
> -stack(kbytes)        4096
> +data(kbytes)         33554432
> +stack(kbytes)        8192
>  lockedmem(kbytes)    2667916
>  memory(kbytes)       7984356
> -nofiles(descriptors) 512
> -processes            128
> +nofiles(descriptors) 128
> +processes            1310
>  _=/usr/bin/env
> +USERNAME=root
>  XAUTHORITY=/home/a/.Xauthority
> -LOGNAME=a
> -WINDOWID=10485773
> -WINDOWPATH=5
> -XTERM_SHELL=/usr/bin/tmux
> -HOME=/home/a
> -PWD=/home/a
> -XTERM_VERSION=XTerm/OpenBSD(301)
> +LOGNAME=root
> +HOME=/root
> +SUDO_GID=1000
>  DISPLAY=:0
> +SUDO_COMMAND=/bin/ksh -c ulimit -a; env
> +SUDO_USER=a
> +SUDO_UID=1000
>  MAIL=/var/mail/a

^ the fact that $MAIL is preserved is a bug according to sudo(8),
section ``Command Environment'':

  As a special case, if sudo's -i option (initial login) is specified, sudo
  will initialize the environment regardless of the value of env_reset.
  The DISPLAY, PATH and TERM variables remain unchanged; HOME, MAIL, SHELL,
  USER, and LOGNAME are set based on the target user.

As shown, $MAIL doesn't correspond to the target user, which in this
invocation would be root.

> -PATH=/home/a/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games:.
> -TMUX=/tmp/tmux-1000/default,3104,0
> -PAGER=less
> -TMUX_PANE=%2
> -TERM=screen
> +PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin
>  SHELL=/bin/ksh
> -DBUS_SESSION_BUS_ADDRESS=unix:path=/tmp/dbus-8X6HB7BfTU,guid=b24ea188864417630554661f5343d7bf
> -USER=a
> -XTERM_LOCALE=C
> +TERM=screen
> +USER=root
>
> Also see `use_loginclass` in sudoers(5).

Reply via email to