sudo
can be configured to set $HOME
to match the new user when switching users, or not to. In your case, it appears it is set to not switch $HOME
. That can be useful when you want to switch to user accounts that are dedicated to specific service applications, but still want to keep using your personal shell configuration and other settings.
And ~/.bashrc
is actually just a shorthand for $HOME/.bashrc
.
So when you do sudo -u newuser bash
, sudo
switches the username to newuser
but $HOME
is still set to /home/myuser
.
When bash
attempts to execute ~/.bashrc
, it has a slight problem: as newuser
, it might have no access to read /home/myuser/.bashrc
unless you have specifically granted that access. If you haven't, that is probably why .bashrc
is getting skipped. Because $HOME
is still set to /home/myuser
, there will be no attempt to execute /home/newuser/.bashrc
.
If you want sudo
to set HOME=/home/newuser
, you can:
- use the
-H
option with the sudo command: sudo -Hu newuser bash
- or add
Defaults>newuser always_set_home
to your sudoers
file to automatically set the home directory when switching to newuser
only
- or add
Defaults:myuser always_set_home
to sudoers file to automatically set the home directory to match the new identity when myuser
is running any sudo
commands
- or add
Defaults always_set_home
to sudoers file to force this behavior for all sudo
commands on the system. (Some Linux distributions have this enabled by default.)
If you don't especially want to switch the home directory when switching users, then you'll need to make sure the new user can read your personal shell startup files instead.
The minimal permissions you'd need to allow for sudo -u newuser bash
to run /home/myuser/.bashrc
are:
- a search permission to
/home/myuser
- a read permission to
/home/myuser/.bashrc
If there is no convenient user group that would be common to both myuser
and newuser
, and ACLs are not available (i.e. traditional Unix-style permissions only), this would be the traditional way to do it:
chmod 711 /home/myuser # i.e. directory permissions drwx--x--x
chmod 644 /home/myuser/.bashrc # i.e. file permissions -rw-r--r--
If ACLs are available for the filesystem containing your home directory, you could do this instead to grant the minimal necessary access:
setfacl -m u:newuser:x /home/myuser
setfacl -m u:newuser:r /home/myuser/.bashrc
If the permissions of the home directory were initially drwx------
, after this command the permissions to /home/myuser
would look like drwx--x---+
. To check the complete ACL, use getfacl
:
$ getfacl /home/myuser
getfacl: Removing leading '/' from absolute path names
# file: home/myuser
# owner: myuser
# group: myuser
user::rwx
user:newuser:--x
group::---
mask::--x
other::---
Best Answer
So after digging around some more, I found what's going on. RHEL5's build of bash doesn't use terminfo at all (why, who knows, it's Red Hat), it uses termcap. However, there is apparently another bash on the box which does use terminfo. This is why subshells and re-execing would work, as they would use the other bash, not the default one. I feel stupid for not noticing this.
This can be determined from comparing 2 commands:
Noticing that one is linked against libtermcap, and the other against libncurses.
I should have specified that I was using RHEL here, as that's apparently the critical factor. Why they use termcap when pretty much everyone else in the world has abandoned it makes no sense, but there it is.