Sudo and environment variables
- If env_reset is set in sudoers, sudo will reset most environment variables.
- If you want to preserve one or more environment variables for all commands in sudoers, add it to env_keep.
env_keep Environment variables to be preserved in the user's environment when the env_reset option is in effect. This allows fine-grained control over the environment sudo-spawned processes will receive. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the =, +=, -=, and ! operators respectively. The default list of variables to keep is displayed when sudo is run by root with the -V option. env_reset If set, sudo will reset the environment to only contain the following variables: HOME, LOGNAME, PATH, SHELL, TERM, and USER (in addition to the SUDO_* variables). Of these, only TERM is copied unaltered from the old environment. The other variables are set to default values (possibly modi- fied by the value of the set_logname option). If sudo was compiled with the SECURE_PATH option, its value will be used for the PATH environment variable. Other variables may be preserved with the env_keep option.
- If you want to execute a command in sudoers with environment variables preserved, add the SETENV tag to the command, and execute the command with sudo -E.
-E The -E (preserve environment) option will override the env_reset option in sudoers(4)). It is only available when either the matching command has the SETENV tag or the setenv option is set in sudoers(4).
- Run sudo -V as root to list the environment variables sudo clears.
# sudo -V Environment variables to remove: PERL5OPT PERL5LIB PERLLIB JAVA_TOOL_OPTIONS SHELLOPTS PS4 BASH_ENV ENV TERMCAP TERMPATH TERMINFO_DIRS TERMINFO _RLD* LD_* PATH_LOCALE NLSPATH HOSTALIASES RES_OPTIONS LOCALDOMAIN PS4 SHELLOPTS CDPATH IFS