[sf-lug] sudo

Michael Paoli Michael.Paoli at cal.berkeley.edu
Thu Nov 9 01:33:26 PST 2017

> From: "Akkana Peck" <akkana at shallowsky.com>
> Subject: Re: [sf-lug] sudo
> Date: Wed, 8 Nov 2017 20:20:09 -0700

> Alex Kleider writes:
>> Here is what I have come up with so far:
>> #!/bin/bash
>> export ap_ip=
>> sudo sh -c 'echo "$ap_ip  library library.lan rachel rachel.lan" >>  
>> /etc/hosts'
>> This seems to work except for the fact that the variable ap_ip
>> does not get inserted, only the other part of the line.
> I'm not sure why the export doesn't pass ap_ip through to the su
> shell. Seems like that should work, but you're right, it doesn't.

Because, security, "of course".  :-)

sudoers(5) ...
    Command environment
      Since environment variables can influence program behavior, sudoers pro-
      vides a means to restrict which variables from the user's environment are
      inherited by the command to be run.  There are two distinct ways sudoers
      can deal with environment variables.
      By default, the env_reset option is enabled.  This causes commands to be
      executed with a new, minimal environment. ...

More information about the sf-lug mailing list