Sudo and environment variables

From Brandonhutchinson.com

Revision as of 15:19, 13 February 2008 by Hutch (Talk | contribs)
Jump to: navigation, search
  • If env_reset is set in sudoers, sudo will reset most environment variables. To preserve an environment variable during a sudo execution, add it to env_keep in sudoers.

From sudoers(5):

       env_reset  If set, sudo will reset the environment to only contain the
                  following variables: HOME, LOGNAME, PATH, SHELL, TERM, and
                  USER (in addition to the SUDO_* variables).  Of these, only
                  TERM is copied unaltered from the old environment.  The
                  other variables are set to default values (possibly modi-
                  fied by the value of the set_logname option).  If sudo was
                  compiled with the SECURE_PATH option, its value will be
                  used for the PATH environment variable.  Other variables
                  may be preserved with the env_keep option.
  • Run sudo -V as root to list the environment variables sudo clears.

e.g.,

# sudo -V
Environment variables to remove:
       PERL5OPT
       PERL5LIB
       PERLLIB
       JAVA_TOOL_OPTIONS
       SHELLOPTS
       PS4
       BASH_ENV
       ENV
       TERMCAP
       TERMPATH
       TERMINFO_DIRS
       TERMINFO
       _RLD*
       LD_*
       PATH_LOCALE
       NLSPATH
       HOSTALIASES
       RES_OPTIONS
       LOCALDOMAIN
       PS4
       SHELLOPTS
       CDPATH
       IFS
Personal tools