mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

Reset HOME when env_reset is enabled unless it is in env_keep

Browse Source
This commit is contained in:
Todd C. Miller 2010-07-19 15:35:47 -04:00
parent c31e1227f1
commit ee7221f1fe
9 changed files with 156 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
WHATSNEW
View File

@ -42,9 +42,14 @@ What's new in Sudo 1.7.4?
more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
* If env_reset is enabled in sudoers (the default), sudo will now set
the MAIL environment variable based on the target user unless MAIL is
explicitly preserved in sudoers. Previously MAIL was passed unchanged.
* The HOME and MAIL environment variables are now reset based on the
target user's password database entry when the env_reset sudoers option
is enabled (which is the case in the default configuration). Users
wishing to preserve the original values should use a sudoers entry like:
Defaults env_keep += HOME
to preserve the old value of HOME and
Defaults env_keep += MAIL
to preserve the old value of MAIL.
What's new in Sudo 1.7.3?

9
doc/UPGRADE
View File

@ -10,6 +10,15 @@ o Upgrading from a version prior to 1.7.4:
system reboots. Time stamp files older than the boot time are
ignored on systems where it is possible to determine this.
The HOME and MAIL environment variables are now reset based on the
target user's password database entry when the env_reset sudoers option
is enabled (which is the case in the default configuration). Users
wishing to preserve the original values should use a sudoers entry like:
Defaults env_keep += HOME
to preserve the old value of HOME and
Defaults env_keep += MAIL
to preserve the old value of MAIL.
o Upgrading from a version prior to 1.7.0:
Starting with sudo 1.7.0, comments in the sudoers file must not

24
doc/sudo.cat
View File

@ -186,10 +186,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-H The --HH (_H_O_M_E) option requests that the security policy set
the HOME environment variable to the home directory of the
target user (root by default) as specified by the password
database.
database. Depending on the policy, this may be the default
behavior.
-h The --hh (_h_e_l_p) option causes ssuuddoo to print a usage message
and exit.
@ -202,6 +202,8 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
and exit.
-i [command]
The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell
specified by the password database entry of the target user
@ -254,8 +256,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
messages and exit.
-P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to
preserve the invoking user's group vector unaltered. By
default, the _s_u_d_o_e_r_s policy will initialize the group
@ -268,6 +268,8 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
preserve the invoking user's group vector unaltered. By
default, the _s_u_d_o_e_r_s policy will initialize the group
vector to the list of groups the target user is in. The
real and effective group IDs, however, are still set to
match the target user.
@ -320,8 +322,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
role.
-U _u_s_e_r The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the
--ll option to specify the user whose privileges should be
listed. The security policy may restrict listing other
@ -334,6 +334,8 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
--ll option to specify the user whose privileges should be
listed. The security policy may restrict listing other
users' privileges. The _s_u_d_o_e_r_s policy only allows root or
a user with the ALL privilege on the current host to use
this option.
@ -389,8 +391,6 @@ PPLLUUGGIINNSS
1.8.0b1 July 19, 2010 6
@ -484,9 +484,10 @@ EENNVVIIRROONNMMEENNTT
MAIL In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set
to the mail spool of the target user
HOME In --ii, --ss or --HH mode (or if sudo was configured with
the --enable-shell-sets-home option), set to homedir of
the target user
HOME Set to the home directory of the target user if --ii or
--HH are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set
in _s_u_d_o_e_r_s, or when the --ss option is specified and
_s_e_t___h_o_m_e is set in _s_u_d_o_e_r_s
PATH May be overridden by the security policy.
@ -522,7 +523,6 @@ FFIILLEESS
1.8.0b1 July 19, 2010 8

7
doc/sudo.man.in
View File

@ -345,6 +345,7 @@ root). In either case, the primary group will be set to \fIgroup\fR.
The \fB\-H\fR (\fI\s-1HOME\s0\fR) option requests that the security policy set
the \f(CW\*(C`HOME\*(C'\fR environment variable to the home directory of the target
user (root by default) as specified by the password database.
Depending on the policy, this may be the default behavior.
.IP "\-h" 12
.IX Item "-h"
The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
@ -605,8 +606,10 @@ to the mail spool of the target user
.ie n .IP "\*(C`HOME\*(C'" 16
.el .IP "\f(CW\*(C`HOME\*(C'\fR" 16
.IX Item "HOME"
In \fB\-i\fR, \fB\-s\fR or \fB\-H\fR mode (or if sudo was configured with the
\&\-\-enable\-shell\-sets\-home option), set to homedir of the target user
Set to the home directory of the target user if \fB\-i\fR or \fB\-H\fR are
specified, \fIenv_reset\fR or \fIalways_set_home\fR are set in \fIsudoers\fR,
or when the \fB\-s\fR option is specified and \fIset_home\fR is set in
\&\fIsudoers\fR
.ie n .IP "\*(C`PATH\*(C'" 16
.el .IP "\f(CW\*(C`PATH\*(C'\fR" 16
.IX Item "PATH"

7
doc/sudo.pod
View File

@ -225,6 +225,7 @@ root). In either case, the primary group will be set to I<group>.
The B<-H> (I<HOME>) option requests that the security policy set
the C<HOME> environment variable to the home directory of the target
user (root by default) as specified by the password database.
Depending on the policy, this may be the default behavior.
=item -h
@ -505,8 +506,10 @@ to the mail spool of the target user
=item C<HOME>
In B<-i>, B<-s> or B<-H> mode (or if sudo was configured with the
--enable-shell-sets-home option), set to homedir of the target user
Set to the home directory of the target user if B<-i> or B<-H> are
specified, I<env_reset> or I<always_set_home> are set in I<sudoers>,
or when the B<-s> option is specified and I<set_home> is set in
I<sudoers>
=item C<PATH>

160
doc/sudoers.cat
View File

@ -706,18 +706,18 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
BBoooolleeaann FFllaaggss:
always_set_home If set, ssuuddoo will set the HOME environment variable to
the home directory of the target user (which is root
always_set_home If enabled, ssuuddoo will set the HOME environment variable
to the home directory of the target user (which is root
unless the --uu option is used). This effectively means
that the --HH option is always implied. This flag is _o_f_f
by default.
that the --HH option is always implied. Note that HOME
is already set when the the _e_n_v___r_e_s_e_t option is
enabled, so _a_l_w_a_y_s___s_e_t___h_o_m_e is only effective for
configurations where _e_n_v___r_e_s_e_t is disabled. This flag
is _o_f_f by default.
authenticate If set, users must authenticate themselves via a
password (or other means of authentication) before they
may run commands. This default may be overridden via
the PASSWD and NOPASSWD tags. This flag is _o_n by
default.
@ -730,6 +730,9 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
the PASSWD and NOPASSWD tags. This flag is _o_n by
default.
closefrom_override
If set, the user may use ssuuddoo's --CC option which
overrides the default starting point at which ssuuddoo
@ -781,9 +784,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
fqdn Set this flag if you want to put fully qualified host
names in the _s_u_d_o_e_r_s file. I.e., instead of myhost you
would use myhost.mydomain.edu. You may still use the
short form if you wish (and even mix the two). Beware
that turning on _f_q_d_n requires ssuuddoo to make DNS lookups
@ -796,6 +796,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
would use myhost.mydomain.edu. You may still use the
short form if you wish (and even mix the two). Beware
that turning on _f_q_d_n requires ssuuddoo to make DNS lookups
which may make ssuuddoo unusable if DNS stops working (for
example if the machine is not plugged into the
network). Also note that you must use the host's
@ -847,9 +850,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
does not enter the correct password. This flag is _o_f_f
by default.
mail_no_host If set, mail will be sent to the _m_a_i_l_t_o user if the
invoking user exists in the _s_u_d_o_e_r_s file, but is not
allowed to run commands on the current host. This flag
@ -862,6 +862,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
mail_no_host If set, mail will be sent to the _m_a_i_l_t_o user if the
invoking user exists in the _s_u_d_o_e_r_s file, but is not
allowed to run commands on the current host. This flag
is _o_f_f by default.
mail_no_perms If set, mail will be sent to the _m_a_i_l_t_o user if the
@ -914,9 +917,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
able to determine the length of the password being
entered. This flag is _o_f_f by default.
requiretty If set, ssuuddoo will only run when the user is logged in
to a real tty. When this flag is set, ssuuddoo can only be
1.8.0b1 July 19, 2010 14
@ -928,6 +928,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
requiretty If set, ssuuddoo will only run when the user is logged in
to a real tty. When this flag is set, ssuuddoo can only be
run from a login session and not via other means such
as _c_r_o_n(1m) or cgi-bin scripts. This flag is _o_f_f by
default.
@ -950,11 +952,14 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
instead of the password of the invoking user. This
flag is _o_f_f by default.
set_home If set and ssuuddoo is invoked with the --ss option the HOME
environment variable will be set to the home directory
of the target user (which is root unless the --uu option
is used). This effectively makes the --ss option imply
--HH. This flag is _o_f_f by default.
set_home If enabled and ssuuddoo is invoked with the --ss option the
HOME environment variable will be set to the home
directory of the target user (which is root unless the
--uu option is used). This effectively makes the --ss
option imply --HH. Note that HOME is already set when
the the _e_n_v___r_e_s_e_t option is enabled, so _s_e_t___h_o_m_e is
only effective for configurations where _e_n_v___r_e_s_e_t is
disabled. This flag is _o_f_f by default.
set_logname Normally, ssuuddoo will set the LOGNAME, USER and USERNAME
environment variables to the name of the target user
@ -977,11 +982,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
shell_noargs If set and ssuuddoo is invoked with no arguments it acts as
if the --ss option had been given. That is, it runs a
shell as root (the shell is determined by the SHELL
environment variable if it is set, falling back on the
shell listed in the invoking user's /etc/passwd entry
if not). This flag is _o_f_f by default.
@ -994,6 +994,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
shell as root (the shell is determined by the SHELL
environment variable if it is set, falling back on the
shell listed in the invoking user's /etc/passwd entry
if not). This flag is _o_f_f by default.
stay_setuid Normally, when ssuuddoo executes a command the real and
effective UIDs are set to the target user (root by
default). This option changes that behavior such that
@ -1043,11 +1048,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Normally, ssuuddoo uses a directory in the ticket dir with
the same name as the user running it. With this flag
enabled, ssuuddoo will use a file named for the tty the
user is logged in on in that directory. This flag is
_o_f_f by default.
umask_override If set, ssuuddoo will set the umask as specified by _s_u_d_o_e_r_s
without modification. This makes it possible to
@ -1060,6 +1060,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
user is logged in on in that directory. This flag is
_o_f_f by default.
umask_override If set, ssuuddoo will set the umask as specified by _s_u_d_o_e_r_s
without modification. This makes it possible to
specify a more permissive umask in _s_u_d_o_e_r_s than the
user's own umask and matches historical behavior. If
_u_m_a_s_k___o_v_e_r_r_i_d_e is not set, ssuuddoo will set the umask to
@ -1109,11 +1114,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
passwd_timeout Number of minutes before the ssuuddoo password prompt times
out, or 0 for no timeout. The timeout may include a
fractional component if minute granularity is
insufficient, for example 2.5. The default is 5.
timestamp_timeout
Number of minutes that can elapse before ssuuddoo will ask
@ -1126,6 +1126,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
fractional component if minute granularity is
insufficient, for example 2.5. The default is 5.
timestamp_timeout
Number of minutes that can elapse before ssuuddoo will ask
for a passwd again. The timeout may include a
fractional component if minute granularity is
insufficient, for example 2.5. The default is 5. Set
@ -1176,11 +1181,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
domain name (on if the machine's host name is fully
qualified or the _f_q_d_n option is set)
%h expanded to the local host name without the domain
name
%p expanded to the user whose password is being asked
1.8.0b1 July 19, 2010 18
@ -1192,6 +1192,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
%h expanded to the local host name without the domain
name
%p expanded to the user whose password is being asked
for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w
flags in _s_u_d_o_e_r_s)
@ -1242,10 +1246,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
askpass The _a_s_k_p_a_s_s option specifies the fully qualified path to a
helper program used to read the user's password when no
terminal is available. This may be the case when ssuuddoo is
executed from a graphical (as opposed to text-based)
application. The program specified by _a_s_k_p_a_s_s should
display the argument passed to it as the prompt and write
@ -1258,6 +1258,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
terminal is available. This may be the case when ssuuddoo is
executed from a graphical (as opposed to text-based)
application. The program specified by _a_s_k_p_a_s_s should
display the argument passed to it as the prompt and write
the user's password to the standard output. The value of
_a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment
variable.
@ -1308,10 +1312,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
lecture_file
Path to a file containing an alternate ssuuddoo lecture that
will be used in place of the standard lecture if the named
file exists. By default, ssuuddoo uses a built-in lecture.
listpw This option controls when a password will be required when
@ -1324,6 +1324,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
will be used in place of the standard lecture if the named
file exists. By default, ssuuddoo uses a built-in lecture.
listpw This option controls when a password will be required when
a user runs ssuuddoo with the --ll option. It has the following
possible values:
@ -1374,10 +1378,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
syslog Syslog facility if syslog is being used for logging (negate
to disable syslog logging). Defaults to local2.
verifypw This option controls when a password will be required when
a user runs ssuuddoo with the --vv option. It has the following
possible values:
@ -1390,6 +1390,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
verifypw This option controls when a password will be required when
a user runs ssuuddoo with the --vv option. It has the following
possible values:
all All the user's _s_u_d_o_e_r_s entries for the current host
must have the NOPASSWD flag set to avoid entering a
password.
@ -1440,10 +1444,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
env_keep Environment variables to be preserved in the user's
environment when the _e_n_v___r_e_s_e_t option is in effect.
This allows fine-grained control over the environment
ssuuddoo-spawned processes will receive. The argument may
be a double-quoted, space-separated list or a single
value without double-quotes. The list can be replaced,
added to, deleted from, or disabled by using the =, +=,
@ -1456,6 +1456,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
ssuuddoo-spawned processes will receive. The argument may
be a double-quoted, space-separated list or a single
value without double-quotes. The list can be replaced,
added to, deleted from, or disabled by using the =, +=,
-=, and ! operators respectively. The default list of
variables to keep is displayed when ssuuddoo is run by root
with the _-_V option.
@ -1506,10 +1510,6 @@ EEXXAAMMPPLLEESS
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
ALPHA = widget, thalamus, foobar :\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
@ -1522,6 +1522,10 @@ EEXXAAMMPPLLEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification
@ -1573,10 +1577,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
PARTTIMERS ALL = ALL
Part time sysadmins (bboossttlleeyy, jjwwffooxx, and ccrraawwll) may run any command on
any host but they must authenticate themselves first (since the entry
lacks the NOPASSWD tag).
1.8.0b1 July 19, 2010 24
@ -1588,6 +1588,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Part time sysadmins (bboossttlleeyy, jjwwffooxx, and ccrraawwll) may run any command on
any host but they must authenticate themselves first (since the entry
lacks the NOPASSWD tag).
jack CSNETS = ALL
The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias
@ -1638,10 +1642,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Users in the sseeccrreettaarriieess netgroup need to help manage the printers as
well as add and remove users, so they are allowed to run those commands
on all machines.
fred ALL = (DB) NOPASSWD: ALL
@ -1654,6 +1654,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
on all machines.
fred ALL = (DB) NOPASSWD: ALL
The user ffrreedd can run commands as any user in the _D_B Runas_Alias
(oorraaccllee or ssyybbaassee) without giving a password.
@ -1705,10 +1709,6 @@ SSEECCUURRIITTYY NNOOTTEESS
bill ALL = ALL, !SU, !SHELLS
Doesn't really prevent bbiillll from running the commands listed in _S_U or
_S_H_E_L_L_S since he can simply copy those commands to a different name, or
use a shell escape from an editor or other program. Therefore, these
1.8.0b1 July 19, 2010 26
@ -1720,6 +1720,9 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Doesn't really prevent bbiillll from running the commands listed in _S_U or
_S_H_E_L_L_S since he can simply copy those commands to a different name, or
use a shell escape from an editor or other program. Therefore, these
kind of restrictions should be considered advisory at best (and
reinforced by policy).
@ -1772,9 +1775,6 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
If the resulting output contains a line that begins with:
File containing dummy exec functions:
1.8.0b1 July 19, 2010 27
@ -1786,6 +1786,8 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
File containing dummy exec functions:
then ssuuddoo may be able to replace the exec family of functions
in the standard library with its own that simply return an
error. Unfortunately, there is no foolproof way to know
@ -1838,8 +1840,6 @@ SSEECCUURRIITTYY NNOOTTEESS
writable directory.
On systems where the boot time is available, _s_u_d_o_e_r_s will ignore time
stamps that date from before the machine booted.
@ -1852,6 +1852,8 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
stamps that date from before the machine booted.
Since time stamp files live in the file system, they can outlive a
user's login session. As a result, a user may be able to login, run a
command with ssuuddoo after authenticating, logout, login again, and run
@ -1907,8 +1909,6 @@ DDIISSCCLLAAIIMMEERR
1.8.0b1 July 19, 2010 29

16
doc/sudoers.man.in
View File

@ -828,9 +828,12 @@ grouped by type, are listed below.
\&\fBBoolean Flags\fR:
.IP "always_set_home" 16
.IX Item "always_set_home"
If set, \fBsudo\fR will set the \f(CW\*(C`HOME\*(C'\fR environment variable to the home
directory of the target user (which is root unless the \fB\-u\fR option is used).
This effectively means that the \fB\-H\fR option is always implied.
If enabled, \fBsudo\fR will set the \f(CW\*(C`HOME\*(C'\fR environment variable to the
home directory of the target user (which is root unless the \fB\-u\fR
option is used). This effectively means that the \fB\-H\fR option is
always implied. Note that \f(CW\*(C`HOME\*(C'\fR is already set when the the
\&\fIenv_reset\fR option is enabled, so \fIalways_set_home\fR is only
effective for configurations where \fIenv_reset\fR is disabled.
This flag is \fIoff\fR by default.
.IP "authenticate" 16
.IX Item "authenticate"
@ -1021,10 +1024,13 @@ If set, \fBsudo\fR will prompt for the password of the user defined by the
password of the invoking user. This flag is \fIoff\fR by default.
.IP "set_home" 16
.IX Item "set_home"
If set and \fBsudo\fR is invoked with the \fB\-s\fR option the \f(CW\*(C`HOME\*(C'\fR
If enabled and \fBsudo\fR is invoked with the \fB\-s\fR option the \f(CW\*(C`HOME\*(C'\fR
environment variable will be set to the home directory of the target
user (which is root unless the \fB\-u\fR option is used). This effectively
makes the \fB\-s\fR option imply \fB\-H\fR. This flag is \fIoff\fR by default.
makes the \fB\-s\fR option imply \fB\-H\fR. Note that \f(CW\*(C`HOME\*(C'\fR is already
set when the the \fIenv_reset\fR option is enabled, so \fIset_home\fR is
only effective for configurations where \fIenv_reset\fR is disabled.
This flag is \fIoff\fR by default.
.IP "set_logname" 16
.IX Item "set_logname"
Normally, \fBsudo\fR will set the \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR and \f(CW\*(C`USERNAME\*(C'\fR

16
doc/sudoers.pod
View File

@ -689,9 +689,12 @@ B<Boolean Flags>:
=item always_set_home
If set, B<sudo> will set the C<HOME> environment variable to the home
directory of the target user (which is root unless the B<-u> option is used).
This effectively means that the B<-H> option is always implied.
If enabled, B<sudo> will set the C<HOME> environment variable to the
home directory of the target user (which is root unless the B<-u>
option is used). This effectively means that the B<-H> option is
always implied. Note that C<HOME> is already set when the the
I<env_reset> option is enabled, so I<always_set_home> is only
effective for configurations where I<env_reset> is disabled.
This flag is I<off> by default.
=item authenticate
@ -910,10 +913,13 @@ password of the invoking user. This flag is I<off> by default.
=item set_home
If set and B<sudo> is invoked with the B<-s> option the C<HOME>
If enabled and B<sudo> is invoked with the B<-s> option the C<HOME>
environment variable will be set to the home directory of the target
user (which is root unless the B<-u> option is used). This effectively
makes the B<-s> option imply B<-H>. This flag is I<off> by default.
makes the B<-s> option imply B<-H>. Note that C<HOME> is already
set when the the I<env_reset> option is enabled, so I<set_home> is
only effective for configurations where I<env_reset> is disabled.
This flag is I<off> by default.
=item set_logname

29
plugins/sudoers/env.c
View File

@ -193,7 +193,6 @@ static const char *initial_checkenv_table[] = {
static const char *initial_keepenv_table[] = {
"COLORS",
"DISPLAY",
"HOME",
"HOSTNAME",
"KRB5CCNAME",
"LS_COLORS",
@ -416,6 +415,7 @@ rebuild_env(int noexec)
char **old_envp, **ep, *cp, *ps1;
char idbuf[MAX_UID_T_LEN];
unsigned int didvar;
int reset_home = FALSE;
/*
* Either clean out the environment or reset to a safe default.
@ -430,6 +430,9 @@ rebuild_env(int noexec)
memset(env.envp, 0, env.env_size * sizeof(char *));
#endif
if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
/* Reset HOME based on target user unless keeping old value. */
reset_home = TRUE;
/* Pull in vars we want to keep from the old environment. */
for (ep = old_envp; *ep; ep++) {
int keepit;
@ -498,7 +501,6 @@ rebuild_env(int noexec)
* on sudoers options).
*/
if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
sudo_setenv("HOME", runas_pw->pw_dir, ISSET(didvar, DID_HOME));
sudo_setenv("SHELL", runas_pw->pw_shell, ISSET(didvar, DID_SHELL));
sudo_setenv("LOGNAME", runas_pw->pw_name,
ISSET(didvar, DID_LOGNAME));
@ -506,8 +508,6 @@ rebuild_env(int noexec)
sudo_setenv("USERNAME", runas_pw->pw_name,
ISSET(didvar, DID_USERNAME));
} else {
if (!ISSET(didvar, DID_HOME))
sudo_setenv("HOME", user_dir, FALSE);
if (!ISSET(didvar, DID_SHELL))
sudo_setenv("SHELL", sudo_user.pw->pw_shell, FALSE);
if (!ISSET(didvar, DID_LOGNAME))
@ -530,6 +530,13 @@ rebuild_env(int noexec)
sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
}
} else {
/* Reset HOME based on target user if configured to. */
if (ISSET(sudo_mode, MODE_RUN)) {
if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME) ||
(ISSET(sudo_mode, MODE_SHELL) && def_set_home))
reset_home = TRUE;
}
/*
* Copy environ entries as long as they don't match env_delete or
* env_check.
@ -569,8 +576,7 @@ rebuild_env(int noexec)
}
/* Set $USER, $LOGNAME and $USERNAME to target if "set_logname" is true. */
/* XXX - not needed for MODE_LOGIN_SHELL */
if (def_set_logname && runas_pw->pw_name) {
if (def_set_logname && !ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
if (!ISSET(didvar, KEPT_LOGNAME))
sudo_setenv("LOGNAME", runas_pw->pw_name, TRUE);
if (!ISSET(didvar, KEPT_USER))
@ -579,14 +585,9 @@ rebuild_env(int noexec)
sudo_setenv("USERNAME", runas_pw->pw_name, TRUE);
}
/* Set $HOME for `sudo -H'. Only valid at PERM_FULL_RUNAS. */
/* XXX - not needed for MODE_LOGIN_SHELL */
if (runas_pw->pw_dir) {
if (ISSET(sudo_mode, MODE_RESET_HOME) ||
(ISSET(sudo_mode, MODE_RUN) && (def_always_set_home ||
(ISSET(sudo_mode, MODE_SHELL) && def_set_home))))
sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
}
/* Set $HOME to target user if not preserving user's value. */
if (reset_home && !ISSET(didvar, KEPT_HOME))
sudo_setenv("HOME", runas_pw->pw_dir, ISSET(didvar, DID_HOME));
/* Provide default values for $TERM and $PATH if they are not set. */
if (!ISSET(didvar, DID_TERM))