3

I have a variable set in a script file in /etc/profile.d/somescript.sh I have modified the /etc/sudoers and added "ansible" user to the sudoers file like this:

Defaults !env_reset
ansible    ALL=(ALL) NOPASSWD:   ALL

Why isn't the first line outputting anything ? why "sudo env" is not showing all environment variables (only partial)?

[ansible@ACEPP-LM-01 ~]$ sudo env | grep ENV
[ansible@ACEPP-LM-01 ~]$ sudo echo $ENV
PP
[ansible@ACEPP-LM-01 ~]$ echo $ENV
PP
[ansible@ACEPP-LM-01 ~]$ env | grep ENV
ENV=PP

Solution for what I need is putting an alias sudo="sudo -i" in ~/.bashrc of root and also the user ansible.

Improve this question
6
  • 1
    When ENV contains a file path, it is used by some old shells as the path of a file sourced on startup (also in POSIX shells, but only when interactive). So it's one of those that sudo always blacklists to avoid users bypassing the sudo policies (even with !env_reset). Commented May 19, 2015 at 8:44
  • ENV=hostname | awk -F- '{print $1}' | sed 's/ACE//'`` - no path Commented May 19, 2015 at 8:49
  • 2
    Note that when you run sudo echo $ENV, that is not actually an indication that $ENV is set in the sudo environment. The variable is expanded by your shell before it runs sudo. Commented May 19, 2015 at 11:41
  • setting the file with the variables like : Defaults:user env_file=/path/to/file/to/be/sourced is not doing the substitutions Commented May 19, 2015 at 12:58
  • @StéphaneChazelas Your comment should be an answer! Commented May 19, 2015 at 15:46

1 Answer 1

Reset to default
2

Try using the -E parameter on sudo:

-E, --preserve-env
             Indicates to the security policy that the user wishes to pre‐
             serve their existing environment variables.  The security
             policy may return an error if the user does not have permis‐
             sion to preserve the environment.
Improve this answer
4
  • I want sudo to use -E or -i by default Commented May 19, 2015 at 8:48
  • That won't work. ENV like other dangerous environment variables (PS4, BASHOPTS, BASH_ENV, JAVA_TOOL_OPTIONS, PYTHONPATH...) is always blacklisted. It also overwrites a number of env vars and sanitises many, and blacklists based on content as well (like the ones starting with () for bash exported functions). You'd need to add Defaults env_keep = "*" to override that. Commented May 19, 2015 at 8:55
  • Wouldn't be easier if I put all my variables in ~/.bashrc ? This way sudo will see them no matter what ? Commented May 19, 2015 at 9:27
  • no, that will not work. unix.stackexchange.com/a/228441/261934 Commented Dec 1, 2020 at 18:13

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.