[sudo-users] sudo keeps the SHELL of the calling user

Michael Schwager mschwager at mochotrading.com
Tue Oct 6 09:48:15 MDT 2015

I ran with debugging on, and I see this in the debug log file:

Oct  6 15:45:35 sudo[65011] keep SHLVL=3: NO
Oct  6 15:45:35 sudo[65011] <- env_should_keep @ ./env.c:688 := false
Oct  6 15:45:35 sudo[65011] -> sudo_setenv2 @ ./env.c:386
Oct  6 15:45:35 sudo[65011] -> sudo_putenv @ ./env.c:360
Oct  6 15:45:35 sudo[65011] sudo_putenv: SHELL=/sbin/nologin
Oct  6 15:45:35 sudo[65072] exec /usr/bin/salt-call [/usr/bin/salt-call
grains.items --output=json --local] [TERM=linux LANG=en_US.UTF-8
SHELL=/sbin/nologin MAIL=/var/mail/root
LOGNAME=root USER=root USERNAME=root HOME=/root
SUDO_COMMAND=/usr/bin/salt-call grains.items --output=json --local

*- Mike Schwager*

*  Linux Network Engineer, Mocho Trading LLC*
*  312-646-4783 Phone    312-637-0011 Cell    312-957-9804 Fax*

On Tue, Oct 6, 2015 at 10:23 AM, Michael Schwager <
mschwager at mochotrading.com> wrote:

> Hello,
> We are running sudo-1.8.6 on a CentOS 6.5 machine. I have a problem in
> that sudo is preserving the calling user's SHELL. The basic question is:
> Absent any env_keep directives in any file in /etc/sudoers*, what would
> compel sudo to preserve SHELL? Note that the machine is running PAM so
> /etc/environment should not apply, and according to the man page the SHELL
> should not be preserved.

This message is for the named person(s) use only. It may contain 
confidential proprietary or legally privileged information. No 
confidentiality or privilege is waived or lost by any mistransmission. If 
you receive this message in error, please immediately delete it and all 
copies of it from your system, destroy any hard copies of it and notify the 
sender. You must not, directly or indirectly use, disclose, distribute, 
print, or copy any part of this message if you are not the intended 
recipient. Mocho Trading LLC reserves the right to monitor all e-mail 
communications through its networks. Any views expressed in this message 
are those of the individual sender, except where the message states 
otherwise and the sender is authorized to state them to be the views of any 
such entity.

More information about the sudo-users mailing list