USER Set to the same value as LOGNAME, described above.
- USERNAME Same as USER.
-
VISUAL Default editor to use in -\b-e\be (sudoedit) mode if
SUDO_EDITOR is not set.
\fRLOGNAME\fR,
described above.
.TP 17n
-\fRUSERNAME\fR
-Same as
-\fRUSER\fR.
-.TP 17n
\fRVISUAL\fR
Default editor to use in
\fB\-e\fR
Set to the same value as
.Ev LOGNAME ,
described above.
-.It Ev USERNAME
-Same as
-.Ev USER .
.It Ev VISUAL
Default editor to use in
.Fl e
_\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt file. On BSD systems, if the _\bu_\bs_\be_\b__\bl_\bo_\bg_\bi_\bn_\bc_\bl_\ba_\bs_\bs option is
enabled, the environment is initialized based on the _\bp_\ba_\bt_\bh and _\bs_\be_\bt_\be_\bn_\bv
settings in _\b/_\be_\bt_\bc_\b/_\bl_\bo_\bg_\bi_\bn_\b._\bc_\bo_\bn_\bf. The new environment contains the TERM,
- PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in
- addition to variables from the invoking process permitted by the
- _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and _\be_\bn_\bv_\b__\bk_\be_\be_\bp options. This is effectively a whitelist for
- environment variables. The environment variables LOGNAME, USER and
- USERNAME are treated specially. If one or more variables are preserved
- from the invoking process, any of the three remaining variables (that
- were not explicitly preserved) will be set to the same value as the first
- one in the list that was preserved. This avoids an inconsistent
- environment where some of the variables describing the user name are set
- to the invoking user and some are set to the target user. () are removed
+ PATH, HOME, MAIL, SHELL, LOGNAME, USER and SUDO_* variables in addition
+ to variables from the invoking process permitted by the _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and
+ _\be_\bn_\bv_\b__\bk_\be_\be_\bp options. This is effectively a whitelist for environment
+ variables. The environment variables LOGNAME and USER are treated
+ specially. If only one of them is preserved from user's environment, the
+ other will be set to the same value. This avoids an inconsistent
+ environment where one of the variables describing the user name is set to
+ the invoking user and one is set to the target user. () are removed
unless both the name and value parts are matched by _\be_\bn_\bv_\b__\bk_\be_\be_\bp or
_\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk, as they may be interpreted as functions by the b\bba\bas\bsh\bh shell.
Prior to version 1.8.11, such variables were always removed.
env_reset If set, s\bsu\bud\bdo\bo will run the command in a minimal
environment containing the TERM, PATH, HOME, MAIL,
- SHELL, LOGNAME, USER, USERNAME and SUDO_* variables.
- Any variables in the caller's environment or in the
- file specified by the _\br_\be_\bs_\bt_\br_\bi_\bc_\bt_\be_\bd_\b__\be_\bn_\bv_\b__\bf_\bi_\bl_\be option that
- match the env_keep and env_check lists are then added,
+ SHELL, LOGNAME, USER and SUDO_* variables. Any
+ variables in the caller's environment or in the file
+ specified by the _\br_\be_\bs_\bt_\br_\bi_\bc_\bt_\be_\bd_\b__\be_\bn_\bv_\b__\bf_\bi_\bl_\be option that match
+ the env_keep and env_check lists are then added,
followed by any variables present in the file specified
by the _\be_\bn_\bv_\b__\bf_\bi_\bl_\be option (if any). The contents of the
env_keep and env_check lists, as modified by global
disabled or HOME is present in the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list. This
flag is _\bo_\bf_\bf by default.
- set_logname Normally, s\bsu\bud\bdo\bo will set the LOGNAME, USER and USERNAME
+ set_logname Normally, s\bsu\bud\bdo\bo will set the LOGNAME and USER
environment variables to the name of the target user
(usually root unless the -\b-u\bu option is given). However,
since some programs (including the RCS revision control
This can be done by negating the set_logname option.
Note that _\bs_\be_\bt_\b__\bl_\bo_\bg_\bn_\ba_\bm_\be will have no effect if the
_\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option has not been disabled and the _\be_\bn_\bv_\b__\bk_\be_\be_\bp
- list contains LOGNAME, USER or USERNAME. This flag is
- _\bo_\bn by default.
+ list contains LOGNAME or USER. This flag is _\bo_\bn by
+ default.
set_utmp When enabled, s\bsu\bud\bdo\bo will create an entry in the utmp (or
utmpx) file when a pseudo-tty is allocated. A pseudo-
Here we override some of the compiled in default values. We want s\bsu\bud\bdo\bo to
log via syslog(3) using the _\ba_\bu_\bt_\bh facility in all cases. We don't want to
subject the full time staff to the s\bsu\bud\bdo\bo lecture, user m\bmi\bil\bll\ble\ber\brt\bt need not
- give a password, and we don't want to reset the LOGNAME, USER or USERNAME
+ give a password, and we don't want to reset the LOGNAME or USER
environment variables when running commands as root. Additionally, on
the machines in the _\bS_\bE_\bR_\bV_\bE_\bR_\bS Host_Alias, we keep an additional local log
file and make sure we log the year in each log line since the log entries
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.25 August 7, 2018 Sudo 1.8.25
+Sudo 1.8.26 August 7, 2018 Sudo 1.8.26
\fRMAIL\fR,
\fRSHELL\fR,
\fRLOGNAME\fR,
-\fRUSER\fR,
-\fRUSERNAME\fR
+\fRUSER\fR
and
\fRSUDO_*\fR
variables
This is effectively a whitelist
for environment variables.
The environment variables
-\fRLOGNAME\fR,
-\fRUSER\fR
+\fRLOGNAME\fR
and
-\fRUSERNAME\fR
+\fRUSER\fR
are treated specially.
-If one or more variables are preserved from the invoking process,
-any of the three remaining variables (that were not explicitly
-preserved) will be set to the same value as the first one in the
-list that was preserved.
-This avoids an inconsistent environment where some of the variables
-describing the user name are set to the invoking user and some are
+If only one of them is preserved from user's environment, the other
+will be set to the same value.
+This avoids an inconsistent environment where one of the variables
+describing the user name is set to the invoking user and one is
set to the target user.
\fR()\fR
are removed unless both the name and value parts are matched by
\fRMAIL\fR,
\fRSHELL\fR,
\fRLOGNAME\fR,
-\fRUSER\fR,
-\fRUSERNAME\fR
+\fRUSER\fR
and
\fRSUDO_*\fR
variables.
Normally,
\fBsudo\fR
will set the
-\fRLOGNAME\fR,
-\fRUSER\fR
+\fRLOGNAME\fR
and
-\fRUSERNAME\fR
+\fRUSER\fR
environment variables to the name of the target user (usually root unless the
\fB\-u\fR
option is given).
option has not been disabled and the
\fIenv_keep\fR
list contains
-\fRLOGNAME\fR,
-\fRUSER\fR
+\fRLOGNAME\fR
or
-\fRUSERNAME\fR.
+\fRUSER\fR.
This flag is
\fIon\fR
by default.
lecture, user
\fBmillert\fR
need not give a password, and we don't want to reset the
-\fRLOGNAME\fR,
-\fRUSER\fR
+\fRLOGNAME\fR
or
-\fRUSERNAME\fR
+\fRUSER\fR
environment variables when running commands as root.
Additionally, on the machines in the
\fISERVERS\fR
.Ev MAIL ,
.Ev SHELL ,
.Ev LOGNAME ,
-.Ev USER ,
-.Ev USERNAME
+.Ev USER
and
.Ev SUDO_*
variables
This is effectively a whitelist
for environment variables.
The environment variables
-.Ev LOGNAME ,
-.Ev USER
+.Ev LOGNAME
and
-.Ev USERNAME
+.Ev USER
are treated specially.
-If one or more variables are preserved from the invoking process,
-any of the three remaining variables (that were not explicitly
-preserved) will be set to the same value as the first one in the
-list that was preserved.
-This avoids an inconsistent environment where some of the variables
-describing the user name are set to the invoking user and some are
+If only one of them is preserved from user's environment, the other
+will be set to the same value.
+This avoids an inconsistent environment where one of the variables
+describing the user name is set to the invoking user and one is
set to the target user.
.Li ()
are removed unless both the name and value parts are matched by
.Ev MAIL ,
.Ev SHELL ,
.Ev LOGNAME ,
-.Ev USER ,
-.Ev USERNAME
+.Ev USER
and
.Ev SUDO_*
variables.
Normally,
.Nm sudo
will set the
-.Ev LOGNAME ,
-.Ev USER
+.Ev LOGNAME
and
-.Ev USERNAME
+.Ev USER
environment variables to the name of the target user (usually root unless the
.Fl u
option is given).
option has not been disabled and the
.Em env_keep
list contains
-.Ev LOGNAME ,
-.Ev USER
+.Ev LOGNAME
or
-.Ev USERNAME .
+.Ev USER .
This flag is
.Em on
by default.
lecture, user
.Sy millert
need not give a password, and we don't want to reset the
-.Ev LOGNAME ,
-.Ev USER
+.Ev LOGNAME
or
-.Ev USERNAME
+.Ev USER
environment variables when running commands as root.
Additionally, on the machines in the
.Em SERVERS
/*
- * Copyright (c) 2000-2005, 2007-2016
+ * Copyright (c) 2000-2005, 2007-2018
* Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
#define DID_LOGNAME 0x00000010
#undef DID_USER
#define DID_USER 0x00000020
-#undef DID_USERNAME
-#define DID_USERNAME 0x00000040
#undef DID_LOGIN
-#define DID_LOGIN 0x00000080
+#define DID_LOGIN 0x00000040
#undef DID_MAIL
-#define DID_MAIL 0x00000100
+#define DID_MAIL 0x00000080
#undef DID_MAX
#define DID_MAX 0x0000ffff
#define KEPT_LOGNAME 0x00100000
#undef KEPT_USER
#define KEPT_USER 0x00200000
-#undef KEPT_USERNAME
-#define KEPT_USERNAME 0x00400000
#undef KEPT_LOGIN
-#define KEPT_LOGIN 0x00800000
+#define KEPT_LOGIN 0x00400000
#undef KEPT_MAIL
-#define KEPT_MAIL 0x01000000
+#define KEPT_MAIL 0x00800000
#undef KEPT_MAX
#define KEPT_MAX 0xffff0000
* AIX sets the LOGIN environment variable too.
*/
#ifdef _AIX
-# define KEPT_USER_VARIABLES (KEPT_LOGIN|KEPT_LOGNAME|KEPT_USER|KEPT_USERNAME)
+# define KEPT_USER_VARIABLES (KEPT_LOGIN|KEPT_LOGNAME|KEPT_USER)
#else
-# define KEPT_USER_VARIABLES (KEPT_LOGNAME|KEPT_USER|KEPT_USERNAME)
+# define KEPT_USER_VARIABLES (KEPT_LOGNAME|KEPT_USER)
#endif
struct environment {
case 'U':
if (strncmp(ep, "USER=", 5) == 0)
SET(*didvar, DID_USER);
- if (strncmp(ep, "USERNAME=", 9) == 0)
- SET(*didvar, DID_USERNAME);
break;
}
}
ISSET(didvar, DID_LOGNAME), true);
CHECK_SETENV2("USER", runas_pw->pw_name,
ISSET(didvar, DID_USER), true);
- CHECK_SETENV2("USERNAME", runas_pw->pw_name,
- ISSET(didvar, DID_USERNAME), true);
} else {
/* We will set LOGNAME later in the def_set_logname case. */
if (!def_set_logname) {
CHECK_SETENV2("LOGNAME", user_name, false, true);
if (!ISSET(didvar, DID_USER))
CHECK_SETENV2("USER", user_name, false, true);
- if (!ISSET(didvar, DID_USERNAME))
- CHECK_SETENV2("USERNAME", user_name, false, true);
}
}
}
/*
- * Set LOGIN, LOGNAME, USER and USERNAME to target if "set_logname" is not
+ * Set LOGIN, LOGNAME, and USER to target if "set_logname" is not
* disabled. We skip this if we are running a login shell (because
* they have already been set).
*/
#endif
CHECK_SETENV2("LOGNAME", runas_pw->pw_name, true, true);
CHECK_SETENV2("USER", runas_pw->pw_name, true, true);
- CHECK_SETENV2("USERNAME", runas_pw->pw_name, true, true);
} else if ((didvar & KEPT_USER_VARIABLES) != KEPT_USER_VARIABLES) {
/*
- * Preserved some of LOGIN, LOGNAME, USER, USERNAME but not all.
+ * Preserved some of LOGIN, LOGNAME, USER but not all.
* Make the unset ones match so we don't end up with some
* set to the invoking user and others set to the runas user.
*/
#endif
else if (ISSET(didvar, KEPT_USER))
cp = sudo_getenv("USER");
- else if (ISSET(didvar, KEPT_USERNAME))
- cp = sudo_getenv("USERNAME");
else
cp = NULL;
if (cp != NULL) {
CHECK_SETENV2("LOGNAME", cp, true, true);
if (!ISSET(didvar, KEPT_USER))
CHECK_SETENV2("USER", cp, true, true);
- if (!ISSET(didvar, KEPT_USERNAME))
- CHECK_SETENV2("USERNAME", cp, true, true);
}
}
}
"HOME=/",
"PATH=/usr/bin:/bin:/usr/sbin:/sbin",
"LOGNAME=root",
- "USERNAME=root",
"USER=root",
+# ifdef _AIX
+ "LOGIN=root",
+# endif
NULL
};
#endif /* NO_ROOT_MAILER */
Defaults env_keep -= "HOME"
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
-Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
+Defaults env_keep += "MAIL PS1 PS2 QTDIR LANG LC_ADDRESS LC_CTYPE"
User_Alias FULLTIMERS = millert, mikef, dowdy
projects / sudo / commitdiff