[Bug 1301557] Re: sudo not setting environment variables in /etc/environment

Christopher Hoskin 1301557 at bugs.launchpad.net
Thu Apr 3 07:36:22 UTC 2014 

Investigating a bit further, I notice that /etc/pam.d/su contains the
lines:

# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session       required   pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session       required   pam_env.so readenv=1 envfile=/etc/default/locale

If I add these to /etc/pam.d/sudo then I can set environment variables
either in /etc/environment or in /etc/security/pam_env.conf.

So should "session       required   pam_env.so readenv=1" be added to
/etc/pam.d/sudo or is there a security reason why sudo should not use
pam_env.so but su should?

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1301557

Title:
  sudo not setting environment variables in /etc/environment

Status in “sudo” package in Ubuntu:
  New

Bug description:
  With 1.8.9p5-1ubuntu1 sudo does not load environment variables from
  /etc/environment, which is a change in behaviour from Ubuntu 13.10.

  lsb_release -rd
  Description:    Ubuntu Trusty Tahr (development branch)
  Release:        14.04

  apt-cache policy sudo
  sudo:
    Installed: 1.8.9p5-1ubuntu1
    Candidate: 1.8.9p5-1ubuntu1
    Version table:
   *** 1.8.9p5-1ubuntu1 0
          500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
          100 /var/lib/dpkg/status

  Steps to reproduce:

  cat /etc/environment
  PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usrgames:/usr/local/games"
  JAVA_HOME="/usr/lib/jvm/java-7-openjdk-amd64/jre/"

  env | grep JAVA_HOME
  JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre/
  sudo env | grep JAVA_HOME
  sudo -s
  root at sant-idp:~# env | grep JAVA_HOME
  root at sant-idp:~# exit
  exit

  cat /etc/sudoers
  #
  # This file MUST be edited with the 'visudo' command as root.
  #
  # Please consider adding local content in /etc/sudoers.d/ instead of
  # directly modifying this file.
  #
  # See the man page for details on how to write a sudoers file.
  #
  Defaults        env_reset
  Defaults        mail_badpass
  Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

  # Host alias specification

  # User alias specification

  # Cmnd alias specification

  # User privilege specification
  root    ALL=(ALL:ALL) ALL

  # Members of the admin group may gain root privileges
  %admin ALL=(ALL) ALL

  # Allow members of group sudo to execute any command
  %sudo   ALL=(ALL:ALL) ALL

  # See sudoers(5) for more information on "#include" directives:

  #includedir /etc/sudoers.d

  Please advise if this is a bug or new intended behaviour? Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1301557/+subscriptions

More information about the foundations-bugs mailing list