on the target user unless MAIL is explicitly preserved in sudoers.
--HG--
branch : 1.7
more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
+ * If env_reset is enabled in sudoers (the default), sudo will now set
+ the MAIL environment variable based on the target user unless MAIL is
+ explicitly preserved in sudoers. Previously MAIL was passed unchanged.
+
What's new in Sudo 1.7.3?
* Support for logging I/O for the command being run.
for d in /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then
timedir="$d/sudo"
- break;
+ break
fi
done
fi
fi
])
+dnl
+dnl Determine the mail spool location
+dnl NOTE: must be run *after* check for paths.h
+dnl
+AC_DEFUN(SUDO_MAILDIR, [
+maildir=no
+if test X"$ac_cv_header_paths_h" = X"yes"; then
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
+#include <paths.h>
+int main() {char *p = _PATH_MAILDIR;}], [])], [maildir=yes], [])
+fi
+if test $maildir = no; then
+ # Solaris has maillock.h which defines MAILDIR
+ AC_CHECK_HEADERS(maillock.h, [
+ SUDO_DEFINE(_PATH_MAILDIR, MAILDIR)
+ maildir=yes
+ ])
+ if test $maildir = no; then
+ for d in /var/mail /var/spool/mail /usr/spool/mail; do
+ if test -d "$d"; then
+ maildir=yes
+ SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "$d")
+ break
+ fi
+ done
+ if test $maildir = no; then
+ # unable to find mail dir, hope for the best
+ SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "/var/mail")
+ fi
+ fi
+fi
+])
+
dnl
dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support
dnl tracing that we use to define paths for pathnames.h so autoheader doesn't
/* Define to 1 if you have the `lrand48' function. */
#undef HAVE_LRAND48
+/* Define to 1 if you have the <maillock.h> header file. */
+#undef HAVE_MAILLOCK_H
+
/* Define to 1 if you have the <malloc.h> header file. */
#undef HAVE_MALLOC_H
done
fi
+
+maildir=no
+if test X"$ac_cv_header_paths_h" = X"yes"; then
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+#include <paths.h>
+int main() {char *p = _PATH_MAILDIR;}
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ maildir=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+if test $maildir = no; then
+ # Solaris has maillock.h which defines MAILDIR
+ for ac_header in maillock.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "maillock.h" "ac_cv_header_maillock_h" "$ac_includes_default"
+if test "x$ac_cv_header_maillock_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_MAILLOCK_H 1
+_ACEOF
+
+ cat >>confdefs.h <<\EOF
+#define _PATH_MAILDIR MAILDIR
+EOF
+
+ maildir=yes
+
+fi
+
+done
+
+ if test $maildir = no; then
+ for d in /var/mail /var/spool/mail /usr/spool/mail; do
+ if test -d "$d"; then
+ maildir=yes
+ cat >>confdefs.h <<EOF
+#define _PATH_MAILDIR "$d"
+EOF
+
+ break
+ fi
+ done
+ if test $maildir = no; then
+ # unable to find mail dir, hope for the best
+ cat >>confdefs.h <<EOF
+#define _PATH_MAILDIR "/var/mail"
+EOF
+
+ fi
+ fi
+fi
+
if test ${with_logincap-'no'} != "no"; then
for ac_header in login_cap.h
do :
for d in /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then
timedir="$d/sudo"
- break;
+ break
fi
done
fi
else
AC_CHECK_HEADERS(termio.h)
fi
+SUDO_MAILDIR
if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
case "$OS" in
#define DID_USER 0x0020
#undef DID_USERNAME
#define DID_USERNAME 0x0040
+#undef DID_MAIL
+#define DID_MAIL 0x0080
#undef DID_MAX
#define DID_MAX 0x00ff
#define KEPT_USER 0x2000
#undef KEPT_USERNAME
#define KEPT_USERNAME 0x4000
+#undef KEPT_MAIL
+#define KEPT_MAIL 0x8000
#undef KEPT_MAX
#define KEPT_MAX 0xff00
"HOSTNAME",
"KRB5CCNAME",
"LS_COLORS",
- "MAIL",
"PATH",
"PS1",
"PS2",
if (strncmp(*ep, "LOGNAME=", 8) == 0)
SET(didvar, DID_LOGNAME);
break;
+ case 'M':
+ if (strncmp(*ep, "MAIL=", 5) == 0)
+ SET(didvar, DID_MAIL);
+ break;
case 'P':
if (strncmp(*ep, "PATH=", 5) == 0)
SET(didvar, DID_PATH);
if (!ISSET(didvar, DID_USERNAME))
sudo_setenv("USERNAME", user_name, FALSE);
}
+ /*
+ * Set MAIL to target user in -i mode or if MAIL is not preserved
+ * from user's environment.
+ */
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, DID_MAIL)) {
+ cp = _PATH_MAILDIR;
+ if (cp[sizeof(_PATH_MAILDIR) - 2] == '/')
+ easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name);
+ else
+ easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name);
+ sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
+ }
} else {
/*
* Copy environ entries as long as they don't match env_delete or
#define _PATH_USRTMP "/usr/tmp/"
#endif /* _PATH_USRTMP */
+#ifndef _PATH_MAILDIR
+#undef _PATH_MAILDIR
+#endif /* _PATH_MAILDIR */
+
#ifndef _PATH_SUDO_SESH
#undef _PATH_SUDO_SESH
#endif /* _PATH_SUDO_SESH */
-1.7.4 July 14, 2010 1
+1.7.4 July 19, 2010 1
-1.7.4 July 14, 2010 2
+1.7.4 July 19, 2010 2
-1.7.4 July 14, 2010 3
+1.7.4 July 19, 2010 3
s\bsu\bud\bdo\bo attempts to change to that user's home directory
before running the shell. It also initializes the
environment, leaving _\bD_\bI_\bS_\bP_\bL_\bA_\bY and _\bT_\bE_\bR_\bM unchanged, setting
- _\bH_\bO_\bM_\bE, _\bS_\bH_\bE_\bL_\bL, _\bU_\bS_\bE_\bR, _\bL_\bO_\bG_\bN_\bA_\bM_\bE, and _\bP_\bA_\bT_\bH, as well as the
+ _\bH_\bO_\bM_\bE, _\bM_\bA_\bI_\bL, _\bS_\bH_\bE_\bL_\bL, _\bU_\bS_\bE_\bR, _\bL_\bO_\bG_\bN_\bA_\bM_\bE, and _\bP_\bA_\bT_\bH, as well as the
contents of _\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt on Linux and AIX systems. All
other environment variables are removed.
-1.7.4 July 14, 2010 4
+1.7.4 July 19, 2010 4
-1.7.4 July 14, 2010 5
+1.7.4 July 19, 2010 5
-1.7.4 July 14, 2010 6
+1.7.4 July 19, 2010 6
-1.7.4 July 14, 2010 7
+1.7.4 July 19, 2010 7
EDITOR Default editor to use in -\b-e\be (sudoedit) mode if neither
SUDO_EDITOR nor VISUAL is set
+ MAIL In -\b-i\bi mode or when _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is enabled in _\bs_\bu_\bd_\bo_\be_\br_\bs, set
+ to the mail spool of the target user
+
HOME In -\b-s\bs or -\b-H\bH mode (or if sudo was configured with the
--enable-shell-sets-home option), set to homedir of the
target user
SUDO_PS1 If set, PS1 will be set to its value for the program
being run
- SUDO_UID Set to the user ID of the user who invoked sudo
-
-
-1.7.4 July 14, 2010 8
+1.7.4 July 19, 2010 8
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ SUDO_UID Set to the user ID of the user who invoked sudo
+
SUDO_USER Set to the login of the user who invoked sudo
USER Set to the target user (root unless the -\b-u\bu option is
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
_\bg_\br_\be_\bp(1), _\bs_\bu(1), _\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), _\bp_\ba_\bs_\bs_\bw_\bd(4), _\bs_\bu_\bd_\bo_\be_\br_\bs(5),
- _\bv_\bi_\bs_\bu_\bd_\bo(1m)
-
-1.7.4 July 14, 2010 9
+1.7.4 July 19, 2010 9
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ _\bv_\bi_\bs_\bu_\bd_\bo(1m)
+
A\bAU\bUT\bTH\bHO\bOR\bRS\bS
Many people have worked on s\bsu\bud\bdo\bo over the years; this version consists
of code written primarily by:
-
-
-1.7.4 July 14, 2010 10
+1.7.4 July 19, 2010 10
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "July 14, 2010" "1.7.4" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "July 19, 2010" "1.7.4" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
shell is executed. \fBsudo\fR attempts to change to that user's home
directory before running the shell. It also initializes the
environment, leaving \fI\s-1DISPLAY\s0\fR and \fI\s-1TERM\s0\fR unchanged, setting
-\&\fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, \fI\s-1LOGNAME\s0\fR, and \fI\s-1PATH\s0\fR, as well as
+\&\fI\s-1HOME\s0\fR, \fI\s-1MAIL\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, \fI\s-1LOGNAME\s0\fR, and \fI\s-1PATH\s0\fR, as well as
the contents of \fI/etc/environment\fR on Linux and \s-1AIX\s0 systems.
All other environment variables are removed.
.IP "\-K" 12
.IX Item "EDITOR"
Default editor to use in \fB\-e\fR (sudoedit) mode if neither \f(CW\*(C`SUDO_EDITOR\*(C'\fR
nor \f(CW\*(C`VISUAL\*(C'\fR is set
+.ie n .IP "\*(C`MAIL\*(C'" 16
+.el .IP "\f(CW\*(C`MAIL\*(C'\fR" 16
+.IX Item "MAIL"
+In \fB\-i\fR mode or when \fIenv_reset\fR is enabled in \fIsudoers\fR, set
+to the mail spool of the target user
.ie n .IP "\*(C`HOME\*(C'" 16
.el .IP "\f(CW\*(C`HOME\*(C'\fR" 16
.IX Item "HOME"
shell is executed. B<sudo> attempts to change to that user's home
directory before running the shell. It also initializes the
environment, leaving I<DISPLAY> and I<TERM> unchanged, setting
-I<HOME>, I<SHELL>, I<USER>, I<LOGNAME>, and I<PATH>, as well as
+I<HOME>, I<
MAIL>, I<SHELL>, I<USER>, I<LOGNAME>, and I<PATH>, as well as
the contents of F</etc/environment> on Linux and AIX systems.
All other environment variables are removed.
Default editor to use in B<-e> (sudoedit) mode if neither C<SUDO_EDITOR>
nor C<VISUAL> is set
+=item C<MAIL>
+
+In B<-i> mode or when I<env_reset> is enabled in I<sudoers>, set
+to the mail spool of the target user
+
=item C<HOME>
In B<-s> or B<-H> mode (or if sudo was configured with the
projects / sudo / commitdiff