[sudo-users] Removing env_reset on a per-Cmnd_Alias basis?

Shawn McMahon syberghost at gmail.com
Thu Aug 23 11:38:18 EDT 2012


Oh derp, never mind, I figured it out:

sudo -E -u testuser /path/to/script

You may begin mocking me to your friends for this; just don't do it on
Todd's list. :)


On Thu, Aug 23, 2012 at 11:33 AM, Shawn McMahon <syberghost at gmail.com> wrote:
> Let's say I've got a Cmnd_Alias which contains scripts (defined as
> /bin/bash -c /path/to/script). I have env_reset defined by default,
> but for anything in that command alias, I want to unset it.
>
> What's the syntax? This appears not to work:
>
> Cmnd_Alias   FOO   = /bin/bash -c /path/to/script
>
> Defaults!FOO   !env_reset
>
> user   ALL   = (testuser) FOO
>
>
> With that config in place, if I run the script with:
>
> sudo -u testuser /path/to/script
>
>
> ...as expected, I don't get variables that aren't in the "magic" list.
>
> However, if I run it as:
>
> sudo -i -u testuser /path/to/script
>
>
> ....I still don't get them. I'd expect in that case that env_reset
> would be disabled, but it doesn't appear to be so. Is there a way to
> disable env_reset for just that command alias, or am I going to have
> to tell the user they need to explicitly source the environment in
> their script (because I'm not whitelisting a jillion variables for
> them.)
>
> This is with version 1.8.4p5.



More information about the sudo-users mailing list