Bug 876

Summary: Unexpected LOGNAME and USER set when sudoing twice
Product: Sudo Reporter: Marek Tamaskovic <mtamasko>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED WORKSFORME    
Severity: normal    
Priority: low    
Version: 1.8.23   
Hardware: PC   
OS: Linux   

Description Marek Tamaskovic 2019-03-14 07:41:58 MDT 
Hi, I noticed some 'unexpected' behavior and I am not sure if it is normal or not. If you sudo -u user once everything is set correctly but when you chain it to sudo sudo -u user the variables as LOGNAME are set maybe incorrectly. I was expecting after chained sudo to appear 'user' in LOGNAME and not 'root'.

Reproduction: 

[user@host-8-248-192 root]$ sudo -u user echo $LOGNAME
user
[user@host-8-248-192 root]$ sudo sudo -u user echo $LOGNAME
[sudo] password for user: 
user


[root@host-8-248-192 ~]# sudo -u user echo $LOGNAME
root
[root@host-8-248-192 ~]# sudo sudo -u user echo $LOGNAME
root


[root@host-8-248-192 ~]# sudo /usr/bin/env | egrep '(LOGNAME|USERNAME|SUDO_USER)'
LOGNAME=root
USERNAME=root
SUDO_USER=root
[root@host-8-248-192 ~]# sudo -u user /usr/bin/env | egrep '(LOGNAME|USERNAME|SUDO_USER)'
LOGNAME=user
USERNAME=user
SUDO_USER=root
[root@host-8-248-192 ~]# sudo sudo -u user /usr/bin/env | egrep '(LOGNAME|USERNAME|SUDO_USER)'
USERNAME=root
LOGNAME=root
SUDO_USER=root
[root@host-8-248-192 ~]# sudo sudo /usr/bin/env | egrep '(LOGNAME|USERNAME|SUDO_USER)'
USERNAME=root
LOGNAME=root
SUDO_USER=root
Comment 1 Todd C. Miller 2019-03-14 09:06:45 MDT 
Isn't this the same as https://bugzilla.sudo.ws/show_bug.cgi?id=805 ?
Comment 2 Todd C. Miller 2019-03-14 11:17:21 MDT 
Your example won't work as you expect since the variables are being expanded by your shell before sudo even runs.  You need to wrap things in a shell like this:

$ sudo -u user sh -c 'echo $LOGNAME'
user

$ sudo sudo -u user sh -c 'echo $LOGNAME'
user
Comment 3 Marek Tamaskovic 2019-03-19 02:01:24 MDT 
# sudo -u user1 sh -c 'echo $LOGNAME'
user1
# sudo sudo -u user1 sh -c 'echo $LOGNAME'
root
Comment 4 Marek Tamaskovic 2019-03-19 02:06:39 MDT 
Or better to describe this problem as this:

[root@host ~]# sudo -u user1 sh -c 'echo $LOGNAME'
user1
[root@host ~]# sudo sudo -u user1 sh -c 'echo $LOGNAME'
root


[user1@host ~]$ sudo -u user2 sh -c 'echo $LOGNAME'
user1
[user1@host ~]$ sudo sudo -u user2 sh -c 'echo $LOGNAME'
user1


As you can see there are two behaviors one for root and one for other users.
Comment 5 Marek Tamaskovic 2019-03-19 04:12:34 MDT 
I think I found answer in documentation. Please you can close this bug.