435099 – env_keep doesn't seem to work as advertised

Bug 435099 - env_keep doesn't seem to work as advertised

Summary: env_keep doesn't seem to work as advertised

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sudo
Sub Component:
Version:	8
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Peter Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-02-27 11:21 UTC by Neal Becker
Modified:	2008-03-31 14:03 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-03-31 14:03:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Neal Becker 2008-02-27 11:21:26 UTC

Description of problem:
I'm pleased to see that env_keep was added.  It doesn't seem to work.


I'm using the default sudoers installed with the rpm, the only thing I added 
was:
nbecker	ALL=(ALL)	NOPASSWD: SETENV: ALL
#nbecker	ALL=(ALL)	NOPASSWD: ALL

I had to use the 1st line to make sudo -E xemacs work (keep DISPLAY).  Even 
though there is
Defaults env_keep = blah blah

sudo env shows it isn't keeping any env variables.


Version-Release number of selected component (if applicable):


How reproducible:

sudo-1.6.9p4-4.fc8.x86_64

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Karel Zak 2008-02-27 16:14:26 UTC

Well, diff between my sudoers and the default sudoers installed with the rpm:

# diff -u /etc/sudoers.rpmnew  /etc/sudoers
--- /etc/sudoers.rpmnew 2008-02-21 18:36:49.000000000 +0100
+++ /etc/sudoers        2008-02-27 16:59:00.000000000 +0100
@@ -74,6 +74,8 @@
 ## Allow root to run any commands anywhere 
 root   ALL=(ALL)       ALL
 
+kzak    ALL=(ALL)       NOPASSWD: ALL
+
 ## Allows members of the 'sys' group to run networking, software, 
 ## service management apps and more.
 # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES,
LOCATE, DRIVERS


Now, see my script:

$ cat ~/a
echo "display is $DISPLAY for UID=$(id -u)"

$ ~/a
display is :0.0 for UID=500

$ sudo ~/a
display is :0.0 for UID=0

... it means "Defaults env_keep =  "COLORS DISPLAY ...." works as expected.

Comment 2 Neal Becker 2008-02-27 16:49:09 UTC

The problem I believe is I used smb4k.  Look what I got:

sudo diff -u /etc/sudoers{.rpmnew,}
--- /etc/sudoers.rpmnew	2008-02-21 12:36:49.000000000 -0500
+++ /etc/sudoers	2008-02-27 11:44:51.000000000 -0500
@@ -73,6 +73,8 @@
 ##
 ## Allow root to run any commands anywhere 
 root	ALL=(ALL) 	ALL
+#nbecker	ALL=(ALL)	NOPASSWD: SETENV: ALL
+nbecker	ALL=(ALL)	NOPASSWD: ALL
 
 ## Allows members of the 'sys' group to run networking, software, 
 ## service management apps and more.
@@ -90,4 +92,11 @@
 
 ## Allows members of the users group to shutdown this system
 # %users  localhost=/sbin/shutdown -h now
-
+# Entries for Smb4K users.
+# Generated by Smb4K. Please do not modify!
+User_Alias	SMB4KUSERS = nbecker
+SMB4KUSERS	nbecker4 = NOPASSWD: /usr/bin/smb4k_kill
+SMB4KUSERS	nbecker4 = NOPASSWD: /usr/bin/smb4k_umount
+SMB4KUSERS	nbecker4 = NOPASSWD: /usr/bin/smb4k_mount
+Defaults:SMB4KUSERS	env_keep=PASSWD
+# End of Smb4K user entries.

Note You need to log in before you can comment on or make changes to this bug.