[sudo-users] Retain "root" environment variables
Michael L Griffin
milegrin at gmail.com
Fri Jan 12 02:43:06 EST 2007
Greetings
Having finally managed to get onto the list, here goes my foist Q (c:} :
The "env_keep" etc settings in sudoers retain the users environement
variables which is great, however, I have a number of applications (Oracle,
TSM, DSH, ssh-agent ...) that require root environment variables in order to
execute correctly. This results in the commands failing if run via sudo as
the user does not have the required variables set.
Setting the these environment variables individually for each user is
impractical or not possible where set by applications (eg ssh-agent) and in
the case of SSH key passphrases a security risk (sudo/security policies can
be circumvented using the ssh-keys if the passphrase is common knowledge)
Examples of root environment variables that need to be passed throug to
the user when running a command via sudo :
SSH_AUTH_SOCK
SSH_AGENT_PID
LOCPATH
WCOLL
DSH_LIST
... and more ...
I need to do this for the backup application user and oracle user but once
I know I can do this for root I can figure the rest out
Any assistance from the gurus would be greatly appreciated as I have been
banging my head on this for 2 weeks already without a viable solution.
_______________________________________
( R e g a r d s )
( )
( M i c h a e l L G r i f f i n )
( michael at griffin.org.za )
( http://www.griffin.org.za )
( Fax : +27 86 670 8945 )
( Cel : +27 83 462 0462 )
( )
( Next step in OS evolution is found on )
( the command line... )
( .: L I N U X :. )
---------------------------------------
o
o
.--.
|o_o |
|:_/ |
// \ \
(| | )
/'\_ _/`\
\___)=(___/
Confucius: He who play in root,
eventually kill tree.
More information about the sudo-users
mailing list