On Thu, Jul 26, 2007 at 09:44:12PM +0200, Antoine Jacoutot wrote: > On Thu, 26 Jul 2007, Todd C. Miller wrote: > >3) Use the SETENV tag on commands or the setenv Defaults options. > > E.g. > > %wheel ALL = (ALL) SETENV: ALL > > > > then use "sudo -E" when you need to preserve the environment or > > specify the variables on the command line using sudo: > > $ sudo DESTDIR=/home/dst RELEASEDIR=/home/rel make release > > > >The default sudoers file will have a commented out entry for the > >wheel group like #3.
Let me comment about this for the 3rd time, first time on a public list. In my opinion, the simplest way for the ports tree to cope is to have your root entry in sudoers simply have SETENV: set. I quite understand how not passing env through is important when you use sudo for careful privilege elevation, but face it: when you use sudo to run arbitrary commands as root, you can as well take your environment with you. There is no inherent insecurity to this. And I also understand why Todd has a global :SETENV flag that affects everything, for simplicity, even though, in my opinion, !:SETENV makes *no sense* for arbitrary root. So, just set :SETENV in your sudoers file, and be done with it. We won't be touching the ports tree to adjust for this in any way.
