[sudo-users] sudo crontab

Todd C. Miller Todd.Miller at courtesan.com
Thu Mar 6 15:04:31 EST 2008


In message <47D0466A.4090001 at wrlc.org>
	so spake Jeanne Ilchuk (ilchuk):

> I'm telnet from home using our VPN, and I export TERM=vt100, EDITOR=vi 
> VISUAL=vi, from the .profile in my home dir.
> 
> The setting Todd recommended for the sudoers file works fine, but I was 
> wondering why it wasn't defaulting to my editor, or root's editor, which 
> is vi.

Newer versions of sudo run programs with a clean environment that
does not include the EDITOR environment variable by default.  The
target user's .profile does not come into play since that is only
read by a login shell.

The "env_keep+=EDITOR" line tells sudo to preserve the existing
EDITOR variable from the invoking user's environment.  It is not
preserved by default because there are security ramifications where
the user could set EDITOR to an arbitrary program, then run "sudo
crontab -e".

The default editor for crontab is probably hard-coded to ed.

 - todd



More information about the sudo-users mailing list