[sf-lug] sudo
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Thu Nov 9 01:33:26 PST 2017
> From: "Akkana Peck" <akkana at shallowsky.com>
> Subject: Re: [sf-lug] sudo
> Date: Wed, 8 Nov 2017 20:20:09 -0700
> Alex Kleider writes:
>> Here is what I have come up with so far:
>>
>> #!/bin/bash
>>
>> export ap_ip=10.10.10.10
>>
>> sudo sh -c 'echo "$ap_ip library library.lan rachel rachel.lan" >>
>> /etc/hosts'
>>
>> This seems to work except for the fact that the variable ap_ip
>> does not get inserted, only the other part of the line.
>
> I'm not sure why the export doesn't pass ap_ip through to the su
> shell. Seems like that should work, but you're right, it doesn't.
Because, security, "of course". :-)
sudoers(5) ...
Command environment
Since environment variables can influence program behavior, sudoers pro-
vides a means to restrict which variables from the user's environment are
inherited by the command to be run. There are two distinct ways sudoers
can deal with environment variables.
By default, the env_reset option is enabled. This causes commands to be
executed with a new, minimal environment. ...
More information about the sf-lug
mailing list