[sudo-users] Removing env_reset on a per-Cmnd_Alias basis?
syberghost at gmail.com
Thu Aug 23 11:38:18 EDT 2012
Oh derp, never mind, I figured it out:
sudo -E -u testuser /path/to/script
You may begin mocking me to your friends for this; just don't do it on
Todd's list. :)
On Thu, Aug 23, 2012 at 11:33 AM, Shawn McMahon <syberghost at gmail.com> wrote:
> Let's say I've got a Cmnd_Alias which contains scripts (defined as
> /bin/bash -c /path/to/script). I have env_reset defined by default,
> but for anything in that command alias, I want to unset it.
> What's the syntax? This appears not to work:
> Cmnd_Alias FOO = /bin/bash -c /path/to/script
> Defaults!FOO !env_reset
> user ALL = (testuser) FOO
> With that config in place, if I run the script with:
> sudo -u testuser /path/to/script
> ...as expected, I don't get variables that aren't in the "magic" list.
> However, if I run it as:
> sudo -i -u testuser /path/to/script
> ....I still don't get them. I'd expect in that case that env_reset
> would be disabled, but it doesn't appear to be so. Is there a way to
> disable env_reset for just that command alias, or am I going to have
> to tell the user they need to explicitly source the environment in
> their script (because I'm not whitelisting a jillion variables for
> This is with version 1.8.4p5.
More information about the sudo-users