On 2014-04-08 Tue 07:17 AM |, Andres Perera wrote:
>
> You do that with `sudo -c - -l`:
>
> $ sudo -c - -i 'ulimit -a; env' > eb
> $ diff -u ea e
> --- ea Tue Apr 8 07:13:11 2014
> +++ eb Tue Apr 8 07:14:22 2014
> @@ -1,29 +1,24 @@
> -LOGNAME=a
> +LOGNAME=root
>
> Also see `use_loginclass` in sudoers(5).
>
Unfortunately Andres, that doesn't work here for non-root:
$ userinfo $LOGNAME | fgrep class
class staff
^^^^^
$ echo $LOGNAME; echo $PATH; echo $MAIL; umask
craig
/usr/bin:/bin:/usr/sbin:.../usr/site/bin:/usr/site/sbin:/home/craig/bin
/var/mail/craig
027
$ userinfo david | fgrep class
class
$ sudo -c - -i -u david
$ userinfo $LOGNAME | fgrep class
class
^^^^^
$ echo $LOGNAME; echo $PATH; echo $MAIL; umask
david
/usr/bin:/bin:/usr/sbin:.../usr/site/bin:/usr/site/sbin:/home/craig/bin
^^^^^
/var/mail/craig
^^^^^
027
^
$ exit
$ fgrep use_loginclass /etc/sudoers
Defaults always_set_home, ignore_dot, use_loginclass
$ login david
Password:
$ echo $LOGNAME; echo $PATH; echo $MAIL; umask
david
/usr/bin:/bin:/usr/local/bin:/usr/site/bin:/home/david/bin
^^^^^
/var/mail/david
^^^^^
022
^
$ /usr/sbin/userinfo $LOGNAME | fgrep class
class
^^^^^
/etc/login.conf:
...
...
default:\
:path=/usr/bin /bin /usr/local/bin /usr/site/bin ~/bin:\
:umask=022:\
:datasize....
staff:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/local/bin /usr/local/sbin
/usr/site/bin /usr/site/sbin ~/bin:\
:umask=027:\
:ignorenologin:\
:datasize...
$ sudo -c default -i -u david
sudo: only root can use -c default
>From what I'm seeing, "sudo -iu username" isn't setting
$PATH, $MAIL & umask, as set by login/su -l, rather than shell dotfiles.
