[sudo-users] sudo keeps the SHELL of the calling user

Todd C. Miller Todd.Miller at courtesan.com
Tue Oct 6 10:04:37 MDT 2015


This is just a case of "it's always been like that".  There's not
really a good reason for it.  The diff below should make the behavior
match the documentation.

 - todd

diff -r adb927ad5e86 plugins/sudoers/env.c
--- a/plugins/sudoers/env.c	Tue Oct 06 09:33:27 2015 -0600
+++ b/plugins/sudoers/env.c	Tue Oct 06 10:04:03 2015 -0600
@@ -939,8 +939,6 @@
 	    CHECK_SETENV2("USERNAME", runas_pw->pw_name,
 		ISSET(didvar, DID_USERNAME), true);
 	} else {
-	    if (!ISSET(didvar, DID_SHELL))
-		CHECK_SETENV2("SHELL", sudo_user.pw->pw_shell, false, true);
 	    /* We will set LOGNAME later in the def_set_logname case. */
 	    if (!def_set_logname) {
 		if (!ISSET(didvar, DID_LOGNAME))
@@ -984,6 +982,8 @@
 	    if (!env_should_delete(*ep)) {
 		if (strncmp(*ep, "SUDO_PS1=", 9) == 0)
 		    ps1 = *ep + 5;
+		else if (strncmp(*ep, "SHELL=", 6) == 0)
+		    SET(didvar, DID_SHELL);
 		else if (strncmp(*ep, "PATH=", 5) == 0)
 		    SET(didvar, DID_PATH);
 		else if (strncmp(*ep, "TERM=", 5) == 0)
@@ -1039,7 +1039,9 @@
     if (reset_home)
 	CHECK_SETENV2("HOME", runas_pw->pw_dir, true, true);
 
-    /* Provide default values for $TERM and $PATH if they are not set. */
+    /* Provide default values for $SHELL, $TERM and $PATH if not set. */
+    if (!ISSET(didvar, DID_SHELL))
+	CHECK_SETENV2("SHELL", runas_pw->pw_shell, false, false);
     if (!ISSET(didvar, DID_TERM))
 	CHECK_PUTENV("TERM=unknown", false, false);
     if (!ISSET(didvar, DID_PATH))


More information about the sudo-users mailing list