Hi, this is one of the monster bugs of sudo that has seen a lot of discussion years ago.
On Mon, Apr 13, 2009 at 12:43:18PM +0200, Vincent Lefevre wrote: > The sudo man page says: > > -i The -i (simulate initial login) option runs the shell specified in > the passwd(5) entry of the user that the command is being run as. > The command name argument given to the shell begins with a `-' to > tell the shell to run as a login shell. sudo attempts to change to > that user's home directory before running the shell. It also ini- > tializes the environment, leaving TERM unchanged, setting HOME, > SHELL, USER, LOGNAME, and PATH, and unsetting all other environment > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > variables. Note that because the shell to use is determined before > ^^^^^^^^^ > the sudoers file is parsed, a runas_default setting in sudoers will > specify the user to run the shell as but will not affect which > shell is actually run. I must admit that I have lost overview over sudo's behavior (expected/real) in the last years. The topic of env_reset and env_keep has changed quite a bit over the years. Debian is unlikely to deviate from Upstream here. Would it be ok for you to check current sudo's behavior, compare it with the docs and explain whether it's buggy and how? It would be great if you would write your results to this bug report, and maybe even open a report in upstream's bugzilla on https://bugzilla.sudo.ws/index.cgi . Frankly, I don't think that the Debian sudo maintainers would be able to do much more than that. Thank you for your patience! Greetings Marc
