Bug 279 – Please support extending env_keep via command-line or environment

Bug 279 - Please support extending env_keep via command-line or environment


Summary:	Please support extending env_keep via command-line or environment

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.9
Hardware:	PC Linux

Importance:	low enhancement
Assigned To:	Todd C. Miller

URL:	http://bugs.debian.org/466178

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2008-02-18 20:27 MST by Bdale Garbee
Modified:	2020-05-07 11:14 MDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bdale Garbee 2008-02-18 20:27:05 MST

From Debian user Josh Triplett:

I configure my system such that I have full sudo permissions, so in
particular I have permission to use "sudo -E" to preserve the entire
environment.  I like the idea of filtering the environment via a
whitelist, to avoid potentially undesirable behavior when running
programs as another user; however, I'd like the ability to extend this
whitelist without resorting to the big hammer of -E.  Thus, I'd really
like a command-line option or (more importantly) an environment
variable which would specify additional environment variables to keep,
treating them as though specified in /etc/sudoers with env_keep.  I
could then set that in my .bashrc to preserve some useful environment
variables, such as LESSHISTFILE (so I stop getting a root-owned
~/.lesshst in $HOME), LESS, EDITOR, EMAIL, PROMPT_COMMAND, GREP_COLOR,
and GREP_OPTIONS.

Comment 1 Todd C. Miller 2017-08-11 09:47:44 MDT

In sudo 1.8.21 it will be possible to specify a list of environment variables with "--preserve-env=list" for users with "setenv" permissions.

Comment 2 Todd C. Miller 2020-05-07 11:14:41 MDT

Closing, this was added in sudo 1.8.21.