[sudo-users] sudo -i does not run root's .profile when issued
Denis Martin
dnsmrtn at gmail.com
Thu Nov 11 08:36:45 EST 2010
Hi,
Thanks for the answer...
I have "always_set_home" defined in the "Defaults" section. My understanding
is that it "will set the HOME environment variable to the home directory of
the target user". So in effect, it should not include $HOME.
But, there is always a "but", I found that there is also a statement that
says:
"Defaults env_keep += *" which, as I understand it, does as if
I had included HOME in the env_keep list.
Can I keep everything BUT $HOME?
For the time being I have commented out this line and it works fine, for the
VISUAL as well, which is the subject of my second query to this mailing
list... But I'm not sure it will not break anything else which is the reason
of my previous question.
Thanks again.
Denis
2010/11/10 Todd C. Miller <Todd.Miller at courtesan.com>
> > Have you added HOME to the list of environment variables to preserve
> > in the env_keep list? If so, that may be overriding the default
> > behavior of "sudo -i". This is arguably a bug.
>
> This will be fixed in sudo 1.7.5. Here's a diff against 1.7.4p4.
>
> - todd
>
> --- 1.7.4p4/env.c Wed Aug 18 15:27:03 2010
> +++ 1.7.5/env.c Mon Sep 27 14:09:19 2010
> @@ -608,10 +611,16 @@
> #ifdef ENV_DEBUG
> memset(env.envp, 0, env.env_size * sizeof(char *));
> #endif
> - if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
> - /* Reset HOME based on target user unless keeping old value. */
> - reset_home = TRUE;
>
> + /* Reset HOME based on target user if configured to. */
> + if (ISSET(sudo_mode, MODE_RUN)) {
> + if (def_always_set_home ||
> + ISSET(sudo_mode, MODE_RESET_HOME | MODE_LOGIN_SHELL) ||
> + (ISSET(sudo_mode, MODE_SHELL) && def_set_home))
> + reset_home = TRUE;
> + }
> +
> + if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
> /* Pull in vars we want to keep from the old environment. */
> for (ep = old_envp; *ep; ep++) {
> int keepit;
> @@ -696,6 +705,11 @@
> if (!ISSET(didvar, DID_USERNAME))
> sudo_setenv("USERNAME", user_name, FALSE);
> }
> +
> + /* If we didn't keep HOME, reset it based on target user. */
> + if (!ISSET(didvar, KEPT_HOME))
> + reset_home = TRUE;
> +
> /*
> * Set MAIL to target user in -i mode or if MAIL is not preserved
> * from user's environment.
> @@ -709,13 +723,6 @@
> sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
> }
> } else {
> - /* Reset HOME based on target user if configured to. */
> - if (ISSET(sudo_mode, MODE_RUN)) {
> - if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME) ||
> - (ISSET(sudo_mode, MODE_SHELL) && def_set_home))
> - reset_home = TRUE;
> - }
> -
> /*
> * Copy environ entries as long as they don't match env_delete or
> * env_check.
> @@ -765,7 +772,7 @@
> }
>
> /* Set $HOME to target user if not preserving user's value. */
> - if (reset_home && !ISSET(didvar, KEPT_HOME))
> + if (reset_home)
> sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
>
> /* Provide default values for $TERM and $PATH if they are not set. */
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
--
Denis Martin
_
AVIS
Le présent message n'est destiné qu'à la personne à qui il est adressé et
peut contenir des renseignements de nature privilégiée et confidentielle. Si
le lecteur du présent message n'est pas le destinataire prévu, veuillez
nous en aviser immédiatement. Toute diffusion, distribution ou reproduction
des renseignements contenus dans ce message ou des documents qui lui sont
attachés est strictement interdite.
_
NOTICE
This message is intended only for the use of the individual to which it is
addressed and may contain information that is privileged and confidential.
If the reader of this message is not the intended recipient, please notify
us immediately. Any disclosure, distribution or copying of this message or
the information contained herein or attached hereto is strictly prohibited
More information about the sudo-users
mailing list