Misconfiguration of sudo is insecure (Was: Sudo even more secure)

Jens Bech Madsen jbmadsen at wibble.dk
Thu Mar 23 05:54:41 GMT 2006

ons, 22 03 2006 kl. 23:39 +0100, skrev Étienne Bersac:
> Hello,
> A good solution should be to really become root when typing sudo -s.  
> This is sometimes very annoying that some .files of user's home  
> belong to root, because sudo -s keep using user's home as $HOME.

man sudo

-H  The -H (HOME) option sets the HOME environment variable to the
    homedir of the target user (root by default) as specified in
    passwd(5).  By default, sudo does not modify HOME (see set_home and
    always_set_home in sudoers(5)).

man sudoers

  If set, sudo will set the HOME environment variable to the home    
  directory of the target user (which is root unless the -u option is
  used).  This effectively means that the -H flag is always implied. 
  This flag is off by default.

I think it would be a mistake to change the defaults of sudo without
carefully considering what might break.


More information about the ubuntu-devel mailing list