Comment 1 for bug 1301557

Investigating a bit further, I notice that /etc/pam.d/su contains the lines:

# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale

If I add these to /etc/pam.d/sudo then I can set environment variables either in /etc/environment or in /etc/security/pam_env.conf.

So should "session required pam_env.so readenv=1" be added to /etc/pam.d/sudo or is there a security reason why sudo should not use pam_env.so but su should?

Thanks.