I’m trying to determine a user’s path when I’m root, but sudo, even with the -i flag, doesn’t seem to replicate the user’s environment correctly. Is this some sudoers policy setting?
$ sudo bash # export PATH=$PATH:/dev/null/$RANDOM # printenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/dev/null/28718 # sudo -u david-ehrmann -i printenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/dev/null/28718 #
Answer
From man sudoers
As a special case, if sudo’s -i option (initial login) is specified, sudoers will initialize the environment regardless of the value of env_reset. The DISPLAY, PATH and TERM variables remain unchanged; HOME, MAIL, SHELL, USER, and LOGNAME are set based on the target user.
Thus, -i means that you get to keep your $PATH unless the user’s .bash_profile (or similar, depending on shell) changes $PATH itself.
What’s not clear is whether secure_path overrides this behavior of -i. I believe it should (plus changes by the user’s login scripts).
Attribution
Source : Link , Question Author : David Ehrmann , Answer Author : DerfK
