the target user's group in the password database, it is now
allowed even if no groups are present in the Runas_Spec.
+ * "sudo -i command" now works correctly with the bash version
+ 2.0 and higher. Previously, the .bash_profile would not be
+ sourced prior to running the command unless bash was built with
+ NON_INTERACTIVE_LOGIN_SHELLS defined.
+
* Multi-factor authentication is now supported on AIX.
* Added support for non-RFC 4517 compliant LDAP servers that require
*p = '-';
NewArgv[0] = p;
+ /*
+ * Newer versions of bash require the --login option to be used
+ * in conjunction with the -c option even if the shell name starts
+ * with a '-'. Unfortunately, bash 1.x uses -login, not --login
+ * so this will cause an error for that.
+ */
+ if (NewArgc > 1 && strcmp(NewArgv[0], "-bash") == 0) {
+ /* Use an extra slot before NewArgv so we can store --login. */
+ NewArgv--;
+ NewArgc++;
+ NewArgv[0] = NewArgv[1];
+ NewArgv[1] = "--login";
+ }
+
#if defined(__linux__) || defined(_AIX)
/* Insert system-wide environment variables. */
read_env_file(_PATH_ENVIRONMENT, TRUE);
if (ISSET(sudo_mode, MODE_SHELL)) {
char **av;
- /* Allocate an extra slot for execve() failure (ENOEXEC). */
- av = (char **) emalloc2(5, sizeof(char *));
- av++;
+ /* Allocate 2 extra slots for --login and execve() failure (ENOEXEC). */
+ av = (char **) emalloc2(6, sizeof(char *));
+ av += 2;
av[0] = user_shell; /* may be updated later */
if (NewArgc > 0) {
projects / sudo / commitdiff