[Bug 2131153] Re: wrong /dev/pts owner for login shell (and $HOME)

Simon Johnsson 2131153 at bugs.launchpad.net
Thu Nov 13 13:24:15 UTC 2025 

After some research it seems that the `-i` flag has special behaviour
for PAM environment variables in sudo.ws:

(From https://www.sudo.ws/docs/man/1.8.15/sudoers.man/#Command_environment)
> As a special case, if the -i option (initial login) is specified, sudoers will initialize the environment regardless of the value of env_reset. The DISPLAY, PATH and TERM variables remain unchanged; HOME, MAIL, SHELL, USER, and LOGNAME are set based on the target user. On AIX (and Linux systems without PAM), the contents of /etc/environment are also included. On BSD systems, if the use_loginclass flag is enabled, the path and setenv variables in /etc/login.conf are also applied. All other environment variables are removed unless permitted by env_keep or env_check, described above.

I have filed a bug report upstream to get input on whether this aligns
with their opinions regarding sudo-rs:
https://github.com/trifectatechfoundation/sudo-rs/issues/1335

** Bug watch added: github.com/trifectatechfoundation/sudo-rs/issues #1335
   https://github.com/trifectatechfoundation/sudo-rs/issues/1335

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2131153

Title:
  wrong /dev/pts owner for login shell (and $HOME)

Status in rust-sudo-rs package in Ubuntu:
  Triaged

Bug description:
  sudo-rs doesn't set a login shells /dev/pts owner correctly and
  doesn't set its $HOME, while sudo.ws does.

  sudo.ws:

  jj at host % lxc exec canonical -- sudo.ws -i -u ubuntu
  ubuntu at canonical ~ % pwd
  /home/ubuntu
  ubuntu at canonical ~ % echo $HOME
  /home/ubuntu
  ubuntu at canonical ~ % tty
  /dev/pts/4
  ubuntu at canonical ~ % ls -la /dev/pts/4
  crw--w---- 1 ubuntu tty  136, 4 Nov 12 15:37 4

  sudo-rs:

  jj at host % lxc exec canonical -- sudo-rs -i -u ubuntu
  canonical% pwd
  /home/ubuntu
  canonical% echo $HOME
  /root
  canonical% tty
  /dev/pts/4
  ubuntu at canonical ~ % ls -l /dev/pts/4
  crw--w---- 1 root tty  136, 4 Nov 12 15:28 4

  two bugs in sudo-rs:
  - pty owner is wrong (should be the login user, not root)
  - HOME is not set (it is in env_keep) (and it works with: lxc exec canonical -- sudo-rs HOME=/home/ubuntu -i -u ubuntu)

  correct pty owning is important, otherwise e.g. gpg-agent can't show
  pinentry on the terminal where gpg was invoked on!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rust-sudo-rs/+bug/2131153/+subscriptions

More information about the foundations-bugs mailing list