FYI tech@, there was a thread on misc@ about sudo -iu not setting some environment variables: http://thread.gmane.org/gmane.os.openbsd.misc/211823/
On 2014-04-08 Tue 09:26 AM |, Craig R. Skinner wrote: > To clarify, there are no ~/. shell dot files. > > $PATH & umask are set in /etc/login.conf > $MAIL is the default set by login(1) > > /etc/profile sources /etc/ksh.kshrc, which just sets $PS1, > window decor & some aliases, nothing major. > > This arrangement works fine when logging in directly, > or via "sudo su -l user" > > From my reading of sudo(8), I thought the same environment could be > gained with something like "sudo -H -i -u username". > > Am I missing sudo flags or settings in /etc/sudoers? > > > On 2014-04-04 Fri 11:30 AM |, Craig R. Skinner wrote: > > Hi, > > > > When sudo'ing to another user, how can I obtain all of their environment > > settings as they receive when logging in themselves? > > > > When I use sudo in this manner, settings such as $PATH, $MAIL & umask > > aren't being honoured: > > > > > > $ echo $LOGNAME; echo $PATH; echo $MAIL; umask > > craig > > /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/site/bin:/usr/site/sbin:/home/craig/bin > > /var/mail/craig > > 027 > > > > > > > > Here, $PATH, $MAIL & umask are unchanged: > > > > $ sudo -H -i -u david > > $ echo $LOGNAME; echo $PATH; echo $MAIL; umask > > david > > /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/site/bin:/usr/site/sbin:/home/craig/bin > > /var/mail/craig > > 027 > > > > > > Compare the difference when logging in as that user: > > > > $ login david > > ... > > $ echo $LOGNAME; echo $PATH; echo $MAIL; umask > > david > > /usr/bin:/bin:/usr/local/bin:/usr/site/bin:/home/david/bin > > /var/mail/david > > 022 > > > > > > > > > > /etc/login.conf: > > default:\ > > :passwordcheck=/usr/local/bin/pwqcheck -1:\ > > :passwordtries=0:\ > > :path=/usr/bin /bin /usr/local/bin /usr/site/bin ~/bin:\ > > :umask=022:\ > > :datasize-cur=.... > > > > staff:\ > > :path=/usr/bin /bin /usr/sbin /sbin /usr/local/bin /usr/local/sbin > > /usr/site/bin /usr/site/sbin ~/bin:\ > > :umask=027:\ > > :datasize-cur=.... > > > > > > $ egrep 'env_|Defaults' /etc/sudoers | grep -v ^# > > Defaults env_keep +="DESTDIR DISTDIR EDITOR FETCH_CMD FLAVOR FTPMODE GROUP > > MAKE" > > Defaults env_keep +="MAKECONF MULTI_PACKAGES NOMAN OKAY_FILES OWNER > > PKG_CACHE" > > Defaults env_keep +="PKG_DBDIR PKG_DESTDIR PKG_PATH PKG_TMPDIR PORTSDIR" > > Defaults env_keep +="RELEASEDIR SHARED_ONLY SSH_AUTH_SOCK SUBPACKAGE VISUAL" > > Defaults env_keep +="WRKOBJDIR" > > Defaults always_set_home, ignore_dot, use_loginclass > > > > > > > > login(1): > > > > login enters information into the environment (see environ(7)) > > specifying > > the user's home directory (HOME), command interpreter (SHELL), search > > path (PATH), terminal type (TERM), and user name (both LOGNAME and > > USER). > > > > ENVIRONMENT > > login sets the following environment variables: > > > > HOME > > MAIL > > > > sudo(8): > > > > Command Environment > > ...................... On BSD systems, if the use_loginclass option is > > enabled, the environment is initialized based on the path and setenv > > settings in /etc/login.conf. The new environment contains the TERM, > > PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables > > in > > addition to variables from the invoking process permitted by the > > env_check and env_keep options. This is effectively a whitelist for > > environment variables. > > > > > > > > How can I become another user - without knowing their password, > > and gain their 'natural' environment? > > > > e.g. from wheel group to a users group member. > > > > 'su -l username' & 'login username' require their password. > > > > I thought 'sudo -H -i -u username' would do it. > > > > Any suggestions on what else I need to configure? >
