Bug 435099 - env_keep doesn't seem to work as advertised
env_keep doesn't seem to work as advertised
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: sudo (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Peter Vrabec
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-27 06:21 EST by Neal Becker
Modified: 2008-03-31 10:03 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-31 10:03:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Neal Becker 2008-02-27 06:21:26 EST
Description of problem:
I'm pleased to see that env_keep was added.  It doesn't seem to work.


I'm using the default sudoers installed with the rpm, the only thing I added 
was:
nbecker	ALL=(ALL)	NOPASSWD: SETENV: ALL
#nbecker	ALL=(ALL)	NOPASSWD: ALL

I had to use the 1st line to make sudo -E xemacs work (keep DISPLAY).  Even 
though there is
Defaults env_keep = blah blah

sudo env shows it isn't keeping any env variables.


Version-Release number of selected component (if applicable):


How reproducible:

sudo-1.6.9p4-4.fc8.x86_64

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Karel Zak 2008-02-27 11:14:26 EST
Well, diff between my sudoers and the default sudoers installed with the rpm:

# diff -u /etc/sudoers.rpmnew  /etc/sudoers
--- /etc/sudoers.rpmnew 2008-02-21 18:36:49.000000000 +0100
+++ /etc/sudoers        2008-02-27 16:59:00.000000000 +0100
@@ -74,6 +74,8 @@
 ## Allow root to run any commands anywhere 
 root   ALL=(ALL)       ALL
 
+kzak    ALL=(ALL)       NOPASSWD: ALL
+
 ## Allows members of the 'sys' group to run networking, software, 
 ## service management apps and more.
 # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES,
LOCATE, DRIVERS


Now, see my script:

$ cat ~/a
echo "display is $DISPLAY for UID=$(id -u)"

$ ~/a
display is :0.0 for UID=500

$ sudo ~/a
display is :0.0 for UID=0

... it means "Defaults env_keep =  "COLORS DISPLAY ...." works as expected.


Comment 2 Neal Becker 2008-02-27 11:49:09 EST
The problem I believe is I used smb4k.  Look what I got:

sudo diff -u /etc/sudoers{.rpmnew,}
--- /etc/sudoers.rpmnew	2008-02-21 12:36:49.000000000 -0500
+++ /etc/sudoers	2008-02-27 11:44:51.000000000 -0500
@@ -73,6 +73,8 @@
 ##
 ## Allow root to run any commands anywhere 
 root	ALL=(ALL) 	ALL
+#nbecker	ALL=(ALL)	NOPASSWD: SETENV: ALL
+nbecker	ALL=(ALL)	NOPASSWD: ALL
 
 ## Allows members of the 'sys' group to run networking, software, 
 ## service management apps and more.
@@ -90,4 +92,11 @@
 
 ## Allows members of the users group to shutdown this system
 # %users  localhost=/sbin/shutdown -h now
-
+# Entries for Smb4K users.
+# Generated by Smb4K. Please do not modify!
+User_Alias	SMB4KUSERS = nbecker
+SMB4KUSERS	nbecker4 = NOPASSWD: /usr/bin/smb4k_kill
+SMB4KUSERS	nbecker4 = NOPASSWD: /usr/bin/smb4k_umount
+SMB4KUSERS	nbecker4 = NOPASSWD: /usr/bin/smb4k_mount
+Defaults:SMB4KUSERS	env_keep=PASSWD
+# End of Smb4K user entries.

Note You need to log in before you can comment on or make changes to this bug.