search

sudo-project / sudo

Utility to execute a command as another user
https://www.sudo.ws
Other
1.19k stars 221 forks source link

Initial checkenv and keepenv not (or partially) documented in man page #164

Closed bdrung closed 2 years ago

bdrung commented 2 years ago

I tried to find documentation about the initial checkenv and keepenv. I only found following in the sudoers man page (in the "Command environment" section):

Additional variables, such as DISPLAY, PATH and TERM, are preserved from the invoking user's environment if permitted by the env_check, or env_keep options.

In contrast, plugins/sudoers/env.c specifies following:

static const char *initial_checkenv_table[] = {
    "COLORTERM",
    "LANG",
    "LANGUAGE",
    "LC_*",
    "LINGUAS",
    "TERM",
    "TZ",
    NULL
};

static const char *initial_keepenv_table[] = {
    "COLORS",
    "DISPLAY",
    "HOSTNAME",
    "KRB5CCNAME",
    "LS_COLORS",
    "PATH",
    "PS1",
    "PS2",
    "XAUTHORITY",
    "XAUTHORIZATION",
    NULL
};

Please document all initial checkenv and keepenv variables in the man page or document in the man page how to get this list (e.g. by running sudo -V as root).

millert commented 2 years ago

The manual already has the following in that section:


The complete list of environment variables that are preserved or removed,
as modified by global Defaults parameters in sudoers, is displayed when
sudo is run by root with the -V option.  The list of environment
variables to remove varies based on the operating system sudo is running
on.```

I specifically chose not to list them all since the list in the manual would inevitably get out of sync with the code.
bdrung commented 2 years ago

Thanks for pointing it out. Then this ticket is obsolete.

For future reference: That sentence is around in the middle of the "Command environment" section.