[sudo-users] enforcing "sudo -i"

Todd C. Miller Todd.Miller at sudo.ws
Thu Aug 8 11:24:12 MDT 2019


On Thu, 08 Aug 2019 12:54:14 -0400, "Michael W. Lucas" wrote:

> Is there a reasonable way to ensure that users always use "sudo -i"?

There is no way to make "sudo -i" be the default, if that is what
you mean.

> Or do you need to use environment files and blow away env_keep to nail
> the desired environment in place?

You could use env_file (or restricted_env_file in 1.8.28) but on
systems with PAM you could also use the pam_env session module.
One advantage of pam_env is you can configure it such that there
is a user-specific environment file to use.

 - todd


More information about the sudo-users mailing list