How is sudo set to not change $HOME in Ubuntu and how to disable this behavior?

by

On Ubuntu 12.04, when I sudo -s the $HOME variable is not changed, so if my regular user is regularuser, the situation goes like this:

$ cd
$ pwd
/home/regularuser
$ sudo -s
# cd
# pwd
/home/regularuser

I have abandoned Ubuntu a long time ago, so I cannot be sure, but I think this is the default behavior. So, my questions are:

  1. How is this done? Where is the config?
  2. How do I disable it?

Edit:
Thanks for the answers, which clarified things a bit, but I guess I must add a couple of questions, to get the answer I am looking for.

  1. In Debian sudo -s, changes the $HOME variable to /root. From what I get from the answers and man sudo the shell ran with sudo -s is the one given in /etc/passwd, right?
  2. However, on both Ubuntu and Debian the shell given in /etc/passwd for root is /bin/bash. In either system also, I cannot find where the difference in .profile or .bashrc files is, as far as $HOME is concerned, so that the behavior of sudo -s differs. Any help on this?
Contents hide
Answers:
Method 1
Method 2
Method 3
Method 4
Method 5

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Sudo has many compile-time configuration options. You can list the settings in your version with sudo -V. One of the differences between the configuration in Debian wheezy and in Ubuntu 12.04 is that the HOME environment variable is preserved in Ubuntu but not in Debian; both distributions erase all environment variables except for a few that are explicitly marked as safe to preserve. Thus sudo -s preserves HOME on Ubuntu, while on Debian HOME is erased and sudo then sets it to the home directory of the target user.

You can override this behavior in the sudoers file. Run visudo to edit the sudoers file. There are several relevant options:

  • env_keep determines which environment variables are preserved. Use Defaults env_keep += "HOME" to retain the caller’s HOME environment variable or Defaults env_keep -= "HOME" to erase it (and replace it by the home directory of the target user).
  • env_reset determines whether environment variables are reset at all. Resetting environment variables is often necessary for rules that allow running a specific command, but does not have a direct security benefit for rules that allow running arbitrary commands anyway.
  • always_set_home, if set, causes HOME to be overridden even if it was preserved due to env_reset being disabled or HOME being in the env_keep list. This option has no effect if HOME isn’t preserved anyway.
  • set_home is like always_set_home, but only applies to sudo -s, not when calling sudo with an explicit command.

These options can be set for a given source user, a given target user or a given command; see the sudoers manual for details.

You can always choose to override HOME for a given call to sudo by passing the option -H.

The shell will never override the value of HOME. (It would set HOME if it was unset, but sudo always sets HOME one way or another.)

If you run sudo -i, sudo simulates an initial login. This includes setting HOME to the home directory of the target user and invoking a login shell.

Method 2

Use sudo -H -i instead of sudo -s to get an interactive login root shell:

sudo -H -i
cd
pwd -P  #  /private/var/root  (on Mac OS X 10.6.8)

From man sudo:

-H      The -H (HOME) option sets the HOME environment variable to
        the homedir of the target user (root by default) as
        specified in passwd(5).  By default, sudo does not modify
        HOME (see set_home and always_set_home in sudoers(5)).

Method 3

This has little to do with the behavior of sudo and much to do with the difference between a “login shell” and a “non-login shell”. The quick fix is

$ sudo -i

as can be seen with:

$ sudo -s
# id
uid=0(root) gid=0(root) groups=0(root)
# echo $HOME
/home/msw
# exit
$ sudo -i
# echo $HOME
/root
# pwd
/root

As noted in the sudo manual:

The -i (simulate initial login) option runs the shell specified by the password database entry of the target user as a
login shell. This means that login-specific resource files
such as .profile or .login will be read by the shell. If a
command is specified, it is passed to the shell for execution
via the shell’s -c option. If no command is specified, an
interactive shell is executed.

Method 4

Quite popular way of getting root shell is also using:

 $ sudo su - 
 # id
 uid=0(root) gid=0(root) groups=0(root)
 # pwd
 /root

Method 5

To get rid of the different behavior of sudo -s on Ubuntu and Debian respectively, you could use a sudo wrapper (answer to Q4):

sudos() {
   local PATH="$(getconf PATH)" root_homedir
   root_homedir="$(sudo -H sh -c 'printf "%s" "$HOME"')"
   sudo sh -c 'export HOME="$0"; exec sh -i' "$root_homedir"
   return 0
}

sudo -k
sudos
{
logname
whoami
id -un
id -ur
echo "PATH: $PATH"
}
exit
echo "PATH: $PATH"


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x