[sudo-users] Removing env_reset on a per-Cmnd_Alias basis?
Shawn McMahon
syberghost at gmail.com
Thu Aug 23 11:33:48 EDT 2012
Let's say I've got a Cmnd_Alias which contains scripts (defined as
/bin/bash -c /path/to/script). I have env_reset defined by default,
but for anything in that command alias, I want to unset it.
What's the syntax? This appears not to work:
Cmnd_Alias FOO = /bin/bash -c /path/to/script
Defaults!FOO !env_reset
user ALL = (testuser) FOO
With that config in place, if I run the script with:
sudo -u testuser /path/to/script
...as expected, I don't get variables that aren't in the "magic" list.
However, if I run it as:
sudo -i -u testuser /path/to/script
....I still don't get them. I'd expect in that case that env_reset
would be disabled, but it doesn't appear to be so. Is there a way to
disable env_reset for just that command alias, or am I going to have
to tell the user they need to explicitly source the environment in
their script (because I'm not whitelisting a jillion variables for
them.)
This is with version 1.8.4p5.
More information about the sudo-users
mailing list