Attempt to clarify the conditions under which MAIL and HOME are

set to the target user.
2025-08-22 09:57:41 +00:00 · 2015-07-10 10:02:38 -06:00 · 2015-07-10 10:02:38 -06:00 · 42666204e2
commit 42666204e2
parent 4870060e91
6 changed files with 73 additions and 47 deletions
--- a/doc/sudo.cat
+++ b/doc/sudo.cat
@ -455,13 +455,16 @@ EENNVVIIRROONNMMEENNTT
     EDITOR           Default editor to use in --ee (sudoedit) mode if neither
                      SUDO_EDITOR nor VISUAL is set.

-     MAIL             In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set
-                      to the mail spool of the target user.
+     MAIL             Set to the mail spool of the target user when the --ii
+                      option is specified or when _e_n_v___r_e_s_e_t is enabled in
+                      _s_u_d_o_e_r_s (unless MAIL is present in the _e_n_v___k_e_e_p list).

-     HOME             Set to the home directory of the target user if --ii or --HH
-                      are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set in
-                      _s_u_d_o_e_r_s, or when the --ss option is specified and _s_e_t___h_o_m_e
-                      is set in _s_u_d_o_e_r_s.
+     HOME             Set to the home directory of the target user when the --ii
+                      or --HH options are specified, when the --ss option is
+                      specified and _s_e_t___h_o_m_e is set in _s_u_d_o_e_r_s, when
+                      _a_l_w_a_y_s___s_e_t___h_o_m_e is enabled in _s_u_d_o_e_r_s, or when _e_n_v___r_e_s_e_t
+                      is enabled in _s_u_d_o_e_r_s and _H_O_M_E is not present in the
+                      _e_n_v___k_e_e_p list.

     PATH             May be overridden by the security policy.

@ -582,4 +585,4 @@ DDIISSCCLLAAIIMMEERR
     file distributed with ssuuddoo or http://www.sudo.ws/license.html for
     complete details.

-Sudo 1.8.14                      June 8, 2015                      Sudo 1.8.14
+Sudo 1.8.14                      July 10, 2015                     Sudo 1.8.14
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDO" "8" "June 8, 2015" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "8" "July 10, 2015" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@ -920,31 +920,42 @@ nor
 is set.
 .TP 17n
 \fRMAIL\fR
-In
+Set to the mail spool of the target user when the
 \fB\-i\fR
-mode or when
+option is specified or when
 \fIenv_reset\fR
 is enabled in
-\fIsudoers\fR,
-set to the mail spool of the target user.
+\fIsudoers\fR
+(unless
+\fRMAIL\fR
+is present in the
+\fIenv_keep\fR
+list).
 .TP 17n
 \fRHOME\fR
-Set to the home directory of the target user if
+Set to the home directory of the target user when the
 \fB\-i\fR
 or
 \fB\-H\fR
-are specified,
-\fIenv_reset\fR
-or
-\fIalways_set_home\fR
-are set in
-\fIsudoers\fR,
-or when the
+options are specified, when the
 \fB\-s\fR
 option is specified and
 \fIset_home\fR
 is set in
-\fIsudoers\fR.
+\fIsudoers\fR,
+when
+\fIalways_set_home\fR
+is enabled in
+\fIsudoers\fR,
+or when
+\fIenv_reset\fR
+is enabled in
+\fIsudoers\fR
+and
+\fIHOME\fR
+is not present in the
+\fIenv_keep\fR
+list.
 .TP 17n
 \fRPATH\fR
 May be overridden by the security policy.
--- a/doc/sudo.mdoc.in
+++ b/doc/sudo.mdoc.in
@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd June 8, 2015
+.Dd July 10, 2015
 .Dt SUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@ -851,30 +851,41 @@ nor
 .Ev VISUAL
 is set.
 .It Ev MAIL
-In
+Set to the mail spool of the target user when the
 .Fl i
-mode or when
+option is specified or when
 .Em env_reset
 is enabled in
-.Em sudoers ,
-set to the mail spool of the target user.
+.Em sudoers
+(unless
+.Ev MAIL
+is present in the
+.Em env_keep
+list).
 .It Ev HOME
-Set to the home directory of the target user if
+Set to the home directory of the target user when the
 .Fl i
 or
 .Fl H
-are specified,
-.Em env_reset
-or
-.Em always_set_home
-are set in
-.Em sudoers ,
-or when the
+options are specified, when the
 .Fl s
 option is specified and
 .Em set_home
 is set in
-.Em sudoers .
+.Em sudoers ,
+when
+.Em always_set_home
+is enabled in
+.Em sudoers ,
+or when
+.Em env_reset
+is enabled in
+.Em sudoers
+and
+.Em HOME
+is not present in the
+.Em env_keep
+list.
 .It Ev PATH
 May be overridden by the security policy.
 .It Ev SHELL
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@ -837,9 +837,10 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
     always_set_home   If enabled, ssuuddoo will set the HOME environment variable
                       to the home directory of the target user (which is root
                       unless the --uu option is used).  This effectively means
-                       that the --HH option is always implied.  Note that HOME
-                       is already set when the _e_n_v___r_e_s_e_t option is enabled, so
-                       _a_l_w_a_y_s___s_e_t___h_o_m_e is only effective for configurations
+                       that the --HH option is always implied.  Note that by
+                       default, HOME will be set to the home directory of the
+                       target user when the _e_n_v___r_e_s_e_t option is enabled, so
+                       _a_l_w_a_y_s___s_e_t___h_o_m_e only has an effect for configurations
                       where either _e_n_v___r_e_s_e_t is disabled or HOME is present
                       in the _e_n_v___k_e_e_p list.  This flag is _o_f_f by default.

@ -2416,4 +2417,4 @@ DDIISSCCLLAAIIMMEERR
     file distributed with ssuuddoo or http://www.sudo.ws/license.html for
     complete details.

-Sudo 1.8.14                     March 24, 2015                     Sudo 1.8.14
+Sudo 1.8.14                      July 10, 2015                     Sudo 1.8.14
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDOERS" "5" "March 24, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "July 10, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@ -1825,13 +1825,13 @@ option is used).
 This effectively means that the
 \fB\-H\fR
 option is always implied.
-Note that
+Note that by default,
 \fRHOME\fR
-is already set when the
+will be set to the home directory of the target user when the
 \fIenv_reset\fR
 option is enabled, so
 \fIalways_set_home\fR
-is only effective for configurations where either
+only has an effect for configurations where either
 \fIenv_reset\fR
 is disabled or
 \fRHOME\fR
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd March 24, 2015
+.Dd July 10, 2015
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@ -1697,13 +1697,13 @@ option is used).
 This effectively means that the
 .Fl H
 option is always implied.
-Note that
+Note that by default,
 .Ev HOME
-is already set when the
+will be set to the home directory of the target user when the
 .Em env_reset
 option is enabled, so
 .Em always_set_home
-is only effective for configurations where either
+only has an effect for configurations where either
 .Em env_reset
 is disabled or
 .Ev HOME