[sudo-users] prevent sudo from setting TERM and SUDO_* envvars
Christoph Anton Mitterer
calestyo at scientia.net
Sun Jan 8 11:05:58 EST 2012
Hi.
I'm using sudo from CGI scripts with these options:
Defaults: cgi-suexec authenticate, !setenv, !preserve_groups,
!closefrom_override
Defaults: cgi-suexec env_reset, !env_file, always_set_home,
set_home, set_logname, secure_path="/usr/bin:/bin", umask=0022
Defaults: cgi-suexec !requiretty, !pwfeedback, !visiblepw,
!umask_override, !stay_setuid, closefrom=3, timestamp_timeout=0,
!shell_noargs, runas_default=nobody, !root_sudo
Defaults: cgi-suexec ignore_dot, !fast_glob
Defaults: cgi-suexec mail_no_perms, mail_no_host
Defaults: cgi-suexec lecture=never, !path_info
cgi-suexec ALL = (cgi-davical) NOPASSWD: SETENV:
/usr/lib/cgi-bin/php ""
I'm invoking sudo like this:
sudo -n -E -H -k -u cgi-davical -- command
Now it seems that sudo adds always some environment variables,... some
which I want:
USER
USERNAME
LOGNAME
but some which for me make no sense:
SUDO_COMMAND
SUDO_GID
SUDO_UID
SUDO_USER
TERM
Is there anyway to prevent their setting?
Cheers,
Chris.
More information about the sudo-users
mailing list