Misconfiguration of sudo is insecure (Was: Sudo even more
secure)
Jens Bech Madsen
jbmadsen at wibble.dk
Thu Mar 23 05:54:41 GMT 2006
ons, 22 03 2006 kl. 23:39 +0100, skrev Étienne Bersac:
> Hello,
>
> A good solution should be to really become root when typing sudo -s.
> This is sometimes very annoying that some .files of user's home
> belong to root, because sudo -s keep using user's home as $HOME.
man sudo
-H The -H (HOME) option sets the HOME environment variable to the
homedir of the target user (root by default) as specified in
passwd(5). By default, sudo does not modify HOME (see set_home and
always_set_home in sudoers(5)).
man sudoers
always_set_home
If set, sudo will set the HOME environment variable to the home
directory of the target user (which is root unless the -u option is
used). This effectively means that the -H flag is always implied.
This flag is off by default.
I think it would be a mistake to change the defaults of sudo without
carefully considering what might break.
/Jens
More information about the ubuntu-devel
mailing list