Hi, On Thu, Oct 12, 2023 at 05:20:58PM +0200, Erwan David wrote: > I use a script to run borg backup. For it to be able to backup files that > only root may read, i use sudo --preserv-env=BORG_REPO,BORG_PASSPHRASE. > > However I see that in the logs the VALUE of the env variable is loggued. How > to change this ?
I don't think there is a way to stop that happening. If sudo will log, it logs the names and values of any environment you specify on its command line. Your options as far as I am aware: - Preserve your entire environment with sudo --preserve-env (no specific variables). It won't log the entire environment. - Add an entry to sudoers that says to not log this particular command. There'll be no logging at all. - Run the job as root to begin with. - Make your script source another shell file that contains BORG_PASSPHRASE=whatever and have that file with appropriate restricted permissions. Thanks, Andy
