[sudo-users] enforcing "sudo -i"
Todd C. Miller
Todd.Miller at sudo.ws
Thu Aug 8 11:24:12 MDT 2019
On Thu, 08 Aug 2019 12:54:14 -0400, "Michael W. Lucas" wrote:
> Is there a reasonable way to ensure that users always use "sudo -i"?
There is no way to make "sudo -i" be the default, if that is what
you mean.
> Or do you need to use environment files and blow away env_keep to nail
> the desired environment in place?
You could use env_file (or restricted_env_file in 1.8.28) but on
systems with PAM you could also use the pam_env session module.
One advantage of pam_env is you can configure it such that there
is a user-specific environment file to use.
- todd
More information about the sudo-users
mailing list