Sudo and environment variables

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
(New page: Run '''sudo -V''' as root to list the environment variables sudo clears. e.g., # '''sudo -V''' Environment variables to remove: PERL5OPT PERL5LIB PERLLIB ...)
m
Line 1: Line 1:
-
Run '''sudo -V''' as root to list the environment variables sudo clears.
+
* If '''env_reset''' is set in '''sudoers''', sudo will reset most environment variables. To preserve an environment variable during a sudo execution, add it to '''env_keep''' in '''sudoers'''.
 +
 
 +
From ''sudoers''(5):
 +
env_reset If set, sudo will reset the environment to only contain the
 +
following variables: HOME, LOGNAME, PATH, SHELL, TERM, and
 +
USER (in addition to the SUDO_* variables). Of these, only
 +
TERM is copied unaltered from the old environment. The
 +
other variables are set to default values (possibly modi-
 +
fied by the value of the set_logname option). If sudo was
 +
compiled with the SECURE_PATH option, its value will be
 +
used for the PATH environment variable. Other variables
 +
may be preserved with the env_keep option.
 +
 
 +
* Run '''sudo -V''' as root to list the environment variables sudo clears.
e.g.,
e.g.,
Line 27: Line 40:
CDPATH
CDPATH
IFS
IFS
- 
-
To preserve an environment variable during a sudo execution, add it to '''env_keep''' in '''sudoers'''.
 

Revision as of 23:35, 11 January 2008

  • If env_reset is set in sudoers, sudo will reset most environment variables. To preserve an environment variable during a sudo execution, add it to env_keep in sudoers.

From sudoers(5):

       env_reset   If set, sudo will reset the environment to only contain the
                  following variables: HOME, LOGNAME, PATH, SHELL, TERM, and
                  USER (in addition to the SUDO_* variables).  Of these, only
                  TERM is copied unaltered from the old environment.  The
                  other variables are set to default values (possibly modi-
                  fied by the value of the set_logname option).  If sudo was
                  compiled with the SECURE_PATH option, its value will be
                  used for the PATH environment variable.  Other variables
                  may be preserved with the env_keep option.
  • Run sudo -V as root to list the environment variables sudo clears.

e.g.,

# sudo -V
Environment variables to remove:
       PERL5OPT
       PERL5LIB
       PERLLIB
       JAVA_TOOL_OPTIONS
       SHELLOPTS
       PS4
       BASH_ENV
       ENV
       TERMCAP
       TERMPATH
       TERMINFO_DIRS
       TERMINFO
       _RLD*
       LD_*
       PATH_LOCALE
       NLSPATH
       HOSTALIASES
       RES_OPTIONS
       LOCALDOMAIN
       PS4
       SHELLOPTS
       CDPATH
       IFS
Personal tools