Sudo and environment variables

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
m
m
Line 2: Line 2:
From ''sudoers''(5):
From ''sudoers''(5):
-
env_reset If set, sudo will reset the environment to only contain the
+
env_reset If set, sudo will reset the environment to only contain the
following variables: HOME, LOGNAME, PATH, SHELL, TERM, and
following variables: HOME, LOGNAME, PATH, SHELL, TERM, and
USER (in addition to the SUDO_* variables). Of these, only
USER (in addition to the SUDO_* variables). Of these, only

Revision as of 15:19, 13 February 2008

  • If env_reset is set in sudoers, sudo will reset most environment variables. To preserve an environment variable during a sudo execution, add it to env_keep in sudoers.

From sudoers(5):

       env_reset  If set, sudo will reset the environment to only contain the
                  following variables: HOME, LOGNAME, PATH, SHELL, TERM, and
                  USER (in addition to the SUDO_* variables).  Of these, only
                  TERM is copied unaltered from the old environment.  The
                  other variables are set to default values (possibly modi-
                  fied by the value of the set_logname option).  If sudo was
                  compiled with the SECURE_PATH option, its value will be
                  used for the PATH environment variable.  Other variables
                  may be preserved with the env_keep option.
  • Run sudo -V as root to list the environment variables sudo clears.

e.g.,

# sudo -V
Environment variables to remove:
       PERL5OPT
       PERL5LIB
       PERLLIB
       JAVA_TOOL_OPTIONS
       SHELLOPTS
       PS4
       BASH_ENV
       ENV
       TERMCAP
       TERMPATH
       TERMINFO_DIRS
       TERMINFO
       _RLD*
       LD_*
       PATH_LOCALE
       NLSPATH
       HOSTALIASES
       RES_OPTIONS
       LOCALDOMAIN
       PS4
       SHELLOPTS
       CDPATH
       IFS
Personal tools