sudo: always_set_home
Colin Watson
cjwatson at canonical.com
Sun Jan 9 16:45:16 CST 2005
On Sun, Jan 09, 2005 at 02:26:49PM -0800, Matt Zimmerman wrote:
> On Mon, Jan 10, 2005 at 07:36:08AM +1100, Jeff Waugh wrote:
> > <quote who="David Mandelberg">
> > > cons:
> > > * may cause problems with gnome apps, but I've been using it for a few
> > > weeks without any problems
> >
> > The only GNOME apps you'd want to run with elevated privileges would be
> > administrative apps, and they very rarely rely on user settings (and are
> > better off explicitly avoiding user settings), so I agree with this
> > suggestion in theory - makes sudo use a lot clearer. Matt, any practical or
> > security issues with this?
>
> The only surprise that I think would result would be that bash would no
> longer read ~/.bash_profile and such during 'sudo -s'. I work around this
> with zsh by setting ZDOTDIR, so this doesn't really affect me, but it could
> surprise others.
I'm not really sure whether my surprise at that would be greater than
the surprises I currently get from realising that it *has* read
~cjwatson/.bash_profile, or, more commonly, from finding that HOME is
still set to /home/cjwatson when I've chrooted to a temporary tree where
my normal user account doesn't exist. On balance, I prefer the former
surprise.
> Apart from that, I've no problem with setting this option by default.
Likewise, generally speaking. My chief reservation is that there appears
to be no command-line flag that's the opposite of -H that one could use
if always_set_home were set. At the moment, you can get either behaviour
by using 'sudo' or 'sudo -H' as appropriate; it would be a bit annoying
to lose that feature.
Cheers,
--
Colin Watson [cjwatson at canonical.com]
More information about the ubuntu-devel
mailing list