所以,这是我无法理解的事情。我知道如何配置sudo以保持所有 envs 完好无损,我现在很困惑是什么导致了 Ubuntu 和 Debian 上的不同行为。
所以在 Debian 中我配置了 sudoers
~# cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
我设置了一些变量/etc/environment,重新登录并测试:
~# sudo sh -c 'echo $FOO'
环境不存在,因为它不应该(至少 AFAIK),因为 sudoers 配置为重置环境。
在 Ubuntu 上做同样的事情:
~# cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
注意:它具有相同的env_reset设置。但:
~# sudo sh -c 'echo $FOO'
bar
所以让我困惑的问题是:为什么即使env_reset设置了并且我的 Ubuntu 或 Debian 配置都没有env_keep设置,为什么它在 Ubuntu 上也能正常工作?
man 5 sudoers说:所以PAM很重要。让我们检查
/etc/pam.d/sudo两个系统。这一行在 Ubuntu 上有,但在 Debian 上没有:然后是这样
man 8 pam_env说的:看起来
readenv=1在这一行中负责运行/etc/environment时的解析sudo。实际上,将它设置为0(或注释掉整行)会使sudo sh -c 'echo $FOO'我的 Ubuntu 表现得像在 Debian 中一样。