SUMMARY: sudo version 1.6.7p5 : using -H -u options on Solaris 8

From: David Stapleton <>
Date: Tue Dec 16 2003 - 03:50:53 EST
Hi all,

Many thanks to those that responded, as expected all responses were helpful.

In essence, using the -H -u option only designates the homedir of the target 
user but does NOT initialise any of the profile initialisation scripts such 
as .profile, .login or whatever variant of the shell you are using.

Hence the variables, as was pointed out, were never lost, they weren't there 
in the first place.

The solutions, in pretty much their original form, are as follows:

a) Use a command line syntax something like the following;

$ sudo su - oracle -c 'command to pass to oracle'

b) To set up an alias in the sudoers file something like the following;

alias orac 'sudo su - oracle -c'

This will allow you to do the thing that the user oracle requires while also 
allowing access to oracle's $HOME, $PATH, etc. by using the following;

$ orac "<required command>"

Note the double quotes; since they are required for 'su - user -c', they are 
also required for the orac alias.

c) To create shell wrapper scripts owned by the target secured user with 
correct permissions set, etc. which have the required commands within them 
as well as PATH variables, et al.  The idea is to allow any other user, as 
designated in the sudoers file who requires to use the command, to sudo to 
the script and not the actual command.

Again thanks to all who responded - my original note is below.


David S.

====  original, (relevant), note ====

Hi all (again),

I must apologise as my original example seems to have put the trust of the 
into one of shell expansion rules and not what I really wanted to find out,
my fault for not thinking and for not giving a good example.

The main trust of my question is really this, when executing the command :

$ sudo -H -u oracle env

some of the variables are lost, for example, if I su to the oracle user
there is a CLASSPATH variable set which, as the oracle user I can see by
typing `echo $CLASSPATH` or I can also see it easily if I use the "env"
command as oracle and grep out CLASSPATH.

If I use the sudo command above while logged in as user X, I would expect
the output to be the same as if I used "env" as oracle.

Although some variables are correct, for example, when I use the above
command, the "env" output correctly tells me that the SUDO_USER is "X" and
that the USER is oracle BUT it doesn't pass over all variables, such as
CLASSPATH, etc. which are set up for oracle.

I hope that this is a little clearer and apologies for the stupid example.
(original note below) and I WILL summarise.

David S.

Tired of spam? Get advanced junk mail protection with MSN 8.
sunmanagers mailing list
Received on Tue Dec 16 03:50:49 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:25 EST