[sudo-users] prevent sudo from setting TERM and SUDO_* envvars
Dempsey, Steve AZ
steve.az.dempsey at intel.com
Sun Jan 8 13:19:10 EST 2012
Running the command through su - will yield a clean environment,
something like:
sudo -n -E -H -k /bin/su - cgi-davical -c 'command'
TERM was likely there before running sudo, it's just being preserved
with -E and not being installed by sudo, or something in your target
user's .profile/.cshrc flow created it.
-Steve
-----Original Message-----
From: sudo-users-bounces at courtesan.com [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Christoph Anton Mitterer
Sent: Sunday, January 08, 2012 9:06 AM
To: sudo-users at sudo.ws
Subject: [sudo-users] prevent sudo from setting TERM and SUDO_* envvars
Hi.
I'm using sudo from CGI scripts with these options:
Defaults: cgi-suexec authenticate, !setenv, !preserve_groups,
!closefrom_override
Defaults: cgi-suexec env_reset, !env_file, always_set_home,
set_home, set_logname, secure_path="/usr/bin:/bin", umask=0022
Defaults: cgi-suexec !requiretty, !pwfeedback, !visiblepw,
!umask_override, !stay_setuid, closefrom=3, timestamp_timeout=0,
!shell_noargs, runas_default=nobody, !root_sudo
Defaults: cgi-suexec ignore_dot, !fast_glob
Defaults: cgi-suexec mail_no_perms, mail_no_host
Defaults: cgi-suexec lecture=never, !path_info
cgi-suexec ALL = (cgi-davical) NOPASSWD: SETENV:
/usr/lib/cgi-bin/php ""
I'm invoking sudo like this:
sudo -n -E -H -k -u cgi-davical -- command
Now it seems that sudo adds always some environment variables,... some
which I want:
USER
USERNAME
LOGNAME
but some which for me make no sense:
SUDO_COMMAND
SUDO_GID
SUDO_UID
SUDO_USER
TERM
Is there anyway to prevent their setting?
Cheers,
Chris.
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list