how sudo handles $HOME

Dan Streetman dan.streetman at canonical.com
Thu May 16 11:58:01 UTC 2019


On Thu, May 16, 2019 at 6:35 AM Carl Friis-Hansen
<carl.friis-hansen at carl-fh.com> wrote:
>
> On 5/16/19 3:03 AM, Alex Murray wrote:
> >
> > On Wed, 2019-05-15 at 02:42:56 +0930, Dan Streetman wrote:
> >
> >> in Ubuntu, sudo retains the calling user's $HOME
> >>
> >> this is different from upstream sudo as well as all other UNIXes and
> >> even the sudo documentation we provide.  Should we remove our custom
> >> patch that adds this behavior?
> >
> > I would argue that our current behaviour provides a more usable default
> > (eg. running vim via sudo uses your own configuration so you don't have
> > to maintain a copy of it in /root) and in the case of a machine with
> > multiple sudo users, they all get to use their own configuration rather
> > than a single configuration under /root.
> >
> > However, it does diverge from upstream and so for new users this creates
> > a surprising situation if they are used to and expect the upstream
> > behaviour - (see comments 6 and 7 in
> > https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/760140) - plus it
> > seems we do not document this change in the man page and so we are
> > creating even more surprises for our users.
> >
> >  From a security point of view I do not see any advantage from either
> > behaviour, so it is really more a usability question IMO.
> >
> >>
> >> for reference and more details on downsides of our current sudo behavior, see:
> >> https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302
> >>
> >> Note that I have kind-of hijacked the bug, as I believe the issue is
> >> larger than the python-based example in that bug.
> >>
> >> Also as I commented in that bug, I do not recommend changing the
> >> behavior for existing releases.  But I do think we should change the
> >> behavior starting in Eoan and future releases.
> >
> > I agree if this is changed we should not try and SRU it back.
> >
> I would say let it remain user's home for editor configs.
> You could always use option -i in case you want root home.

That is a significant upside to current behavior; but please don't
forget about the downside of accessing editor configs under sudo:
root-owned editor config files, e.g.:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302/comments/9

For some users, this is a simple fix of running sudo chown.  For users
simply following online directions though, the errors resulting from
this can be quite frustrating and confusing.  Try googling for 'root
owned emacs.d' or 'root owned viminfo', e.g.:
http://blog.robertelder.org/vim-forgets-copy-buffer-on-reopen/

For those that commonly use fresh vms or containers, root-owned editor
config files can be a common occurance/annoyance.

>
> --
>                            ---------=oOOo=---------
>                              Carl Friis-Hansen
>                              https://carl-fh.com/
>                              https://dronehyr.se/
>                              Phone: +46 372 775199
>                            ---------=oOOo=---------
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss



More information about the Ubuntu-devel-discuss mailing list