Describe the bug
PAM environment variables included in env_keep do not get overridden by the target user's environment when passing the -i option to sudo-rs.
To Reproduce
Steps to reproduce the behavior:
- Edit
/etc/sudoers using visudo to include:
Defaults env_keep += "HOME"
- Enter a login shell as a different user in the
sudo group:
root@host$ sudo -i -u ubuntu
- Print the HOME directory:
- HOME directory of the user who invoked the login shell is shown:
Expected behavior
When entering a login shell using sudo -i -u <target_user> the environment is expected to reflect the target user's PAM environment, not the invoking user's, even though PAM environment variables have been preserved using env_keep.
Environment (please complete the following information):
- Linux distribution: Ubuntu 26.04 (development branch)
sudo-rs version: 0.2.10
Additional context
This is a special case present in ogsudo (see Command Environment in the Sudoers manual):
As a special case, if sudo's -i option (initial login) is specified, sudoers will initialize the environment regardless of the value of env_reset. The DISPLAY, PATH and TERM variables remain unchanged; HOME, MAIL, SHELL, USER, and LOGNAME are set based on the target user. On AIX (and Linux systems without PAM), the contents of /etc/environment are also included. On BSD systems, if the use_loginclass flag is enabled, the path and setenv variables in /etc/login.conf are also applied. All other environment variables are removed.
Describe the bug
PAM environment variables included in
env_keepdo not get overridden by the target user's environment when passing the-ioption tosudo-rs.To Reproduce
Steps to reproduce the behavior:
/etc/sudoersusingvisudoto include:sudogroup:Expected behavior
When entering a login shell using
sudo -i -u <target_user>the environment is expected to reflect the target user's PAM environment, not the invoking user's, even though PAM environment variables have been preserved usingenv_keep.Environment (please complete the following information):
sudo-rsversion: 0.2.10Additional context
This is a special case present in ogsudo (see Command Environment in the Sudoers manual):