Bug 876 – Unexpected LOGNAME and USER set when sudoing twice

Bug 876 - Unexpected LOGNAME and USER set when sudoing twice


Summary:	Unexpected LOGNAME and USER set when sudoing twice

Status:	RESOLVED WORKSFORME

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.23
Hardware:	PC Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-03-14 07:41 MDT by Marek Tamaskovic
Modified:	2019-03-19 06:55 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marek Tamaskovic 2019-03-14 07:41:58 MDT

Hi, I noticed some 'unexpected' behavior and I am not sure if it is normal or not. If you sudo -u user once everything is set correctly but when you chain it to sudo sudo -u user the variables as LOGNAME are set maybe incorrectly. I was expecting after chained sudo to appear 'user' in LOGNAME and not 'root'.

Reproduction: 

[user@host-8-248-192 root]$ sudo -u user echo $LOGNAME
user
[user@host-8-248-192 root]$ sudo sudo -u user echo $LOGNAME
[sudo] password for user: 
user


[root@host-8-248-192 ~]# sudo -u user echo $LOGNAME
root
[root@host-8-248-192 ~]# sudo sudo -u user echo $LOGNAME
root


[root@host-8-248-192 ~]# sudo /usr/bin/env | egrep '(LOGNAME|USERNAME|SUDO_USER)'
LOGNAME=root
USERNAME=root
SUDO_USER=root
[root@host-8-248-192 ~]# sudo -u user /usr/bin/env | egrep '(LOGNAME|USERNAME|SUDO_USER)'
LOGNAME=user
USERNAME=user
SUDO_USER=root
[root@host-8-248-192 ~]# sudo sudo -u user /usr/bin/env | egrep '(LOGNAME|USERNAME|SUDO_USER)'
USERNAME=root
LOGNAME=root
SUDO_USER=root
[root@host-8-248-192 ~]# sudo sudo /usr/bin/env | egrep '(LOGNAME|USERNAME|SUDO_USER)'
USERNAME=root
LOGNAME=root
SUDO_USER=root

Comment 1 Todd C. Miller 2019-03-14 09:06:45 MDT

Isn't this the same as https://bugzilla.sudo.ws/show_bug.cgi?id=805 ?

Comment 2 Todd C. Miller 2019-03-14 11:17:21 MDT

Your example won't work as you expect since the variables are being expanded by your shell before sudo even runs.  You need to wrap things in a shell like this:

$ sudo -u user sh -c 'echo $LOGNAME'
user

$ sudo sudo -u user sh -c 'echo $LOGNAME'
user

Comment 3 Marek Tamaskovic 2019-03-19 02:01:24 MDT

# sudo -u user1 sh -c 'echo $LOGNAME'
user1
# sudo sudo -u user1 sh -c 'echo $LOGNAME'
root

Comment 4 Marek Tamaskovic 2019-03-19 02:06:39 MDT

Or better to describe this problem as this:

[root@host ~]# sudo -u user1 sh -c 'echo $LOGNAME'
user1
[root@host ~]# sudo sudo -u user1 sh -c 'echo $LOGNAME'
root


[user1@host ~]$ sudo -u user2 sh -c 'echo $LOGNAME'
user1
[user1@host ~]$ sudo sudo -u user2 sh -c 'echo $LOGNAME'
user1


As you can see there are two behaviors one for root and one for other users.

Comment 5 Marek Tamaskovic 2019-03-19 04:12:34 MDT

I think I found answer in documentation. Please you can close this bug.