sudo not setting environment variables in /etc/environment
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
With 1.8.9p5-1ubuntu1 sudo does not load environment variables from /etc/environment, which is a change in behaviour from Ubuntu 13.10.
lsb_release -rd
Description: Ubuntu Trusty Tahr (development branch)
Release: 14.04
apt-cache policy sudo
sudo:
Installed: 1.8.9p5-1ubuntu1
Candidate: 1.8.9p5-1ubuntu1
Version table:
*** 1.8.9p5-1ubuntu1 0
500 http://
100 /var/lib/
Steps to reproduce:
cat /etc/environment
PATH="/
JAVA_HOME=
env | grep JAVA_HOME
JAVA_HOME=
sudo env | grep JAVA_HOME
sudo -s
root@sant-idp:~# env | grep JAVA_HOME
root@sant-idp:~# exit
exit
cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
Please advise if this is a bug or new intended behaviour? Thanks.
Investigating a bit further, I notice that /etc/pam.d/su contains the lines:
# This module parses environment configuration file(s) pam_env. conf. /etc/default/ locale
# and also allows you to use an extended config
# file /etc/security/
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=
If I add these to /etc/pam.d/sudo then I can set environment variables either in /etc/environment or in /etc/security/ pam_env. conf.
So should "session required pam_env.so readenv=1" be added to /etc/pam.d/sudo or is there a security reason why sudo should not use pam_env.so but su should?
Thanks.