Overall issue is when I log in, my prompt appears correctly formatted as per the /etc/bashrc but when I sudo to another user using bash, the prompt gets fubar'd.
Essential formatting in the /etc/bashrc
PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
…and…
prompt_host=`/bin/hostname`
Sequence:
I log into my terminal as myuser. My prompt is properly formatted as matching the /etc/bashrc above:
myuser@the.hostname.fully.qualified pwd :
Though the above implies my default shell program appears to be bash, I believe I'm using sh:
echo $SHELL <---not very meaningful but I expect someone will ask me to run this
/bin/sh
ps -p `echo $$`
PID TTY TIME CMD
7105 pts/2 00:00:00 sh <---which looks to be an interactive shell (no dash)
ps -f
UID PID PPID C STIME TTY TIME CMD
72338 9321 9320 0 01:07 pts/3 00:00:00 -sh <---or is it a login shell????
./filethatsnotthere.sh
-sh: ./filethatsnotthere.sh: No such file or directory
And last, but not least…
getent passwd myuser
myuser:x:72338:25000:My Name:/home/myuser:/bin/sh
Also, it's apparent that the /etc/profile is being sourced because:
echo $prompt_host
the.hostname.fully.qualified
So looks like sh and that the /etc/profile is being sourced. BUT this confuses me…
ls -l `which sh`
lrwxrwxrwx. 1 root root 4 Jan 12 2018 /bin/sh -> bash
…sigh…But even if we go with the theory that I'm using sh, I then sudo to newuser using bash. newuser has a profile setup as newuser .bash_profile which sources newuser .bashrc which sources the /etc/bashrc.
But the prompt for newuser isn't working right and it's apparent that none of the newuser profile is run. It totally loses the hostname in the prompt
sudo -u newuser bash
newuser@ pwd <---no hostname
I know NONE of the newuser profile is run because I put echo statements in them to confirm when they're run, and they don't display. Even so, I've confirmed that newuser is truly running bash:
ps -f
UID PID PPID C STIME TTY TIME CMD
newuser 11717 11715 0 03:47 pts/1 00:00:00 bash
ps -p `echo $$`
PID TTY TIME CMD
11717 pts/1 00:00:00 bash
./filethatsnotthere.sh
bash: ./filethatsnotthere.sh: No such file or directory
The /etc/profile is not being run (which makes sense since this is an interactive, not login, shell):
echo $prompt_host
<crickets....>
BUT – neither is newuser's startup files in the /home/newuser directory…So, if I'm using sudo to a user with command bash, why isn't that user's bash profile files being sourced? Since it's an interactive shell, even though the /etc/profile is not directly being sourced I would still expect the newuser's files to be run.
Best Answer
sudo
can be configured to set$HOME
to match the new user when switching users, or not to. In your case, it appears it is set to not switch$HOME
. That can be useful when you want to switch to user accounts that are dedicated to specific service applications, but still want to keep using your personal shell configuration and other settings.And
~/.bashrc
is actually just a shorthand for$HOME/.bashrc
.So when you do
sudo -u newuser bash
,sudo
switches the username tonewuser
but$HOME
is still set to/home/myuser
.When
bash
attempts to execute~/.bashrc
, it has a slight problem: asnewuser
, it might have no access to read/home/myuser/.bashrc
unless you have specifically granted that access. If you haven't, that is probably why.bashrc
is getting skipped. Because$HOME
is still set to/home/myuser
, there will be no attempt to execute/home/newuser/.bashrc
.If you want
sudo
to setHOME=/home/newuser
, you can:-H
option with the sudo command:sudo -Hu newuser bash
Defaults>newuser always_set_home
to yoursudoers
file to automatically set the home directory when switching tonewuser
onlyDefaults:myuser always_set_home
to sudoers file to automatically set the home directory to match the new identity whenmyuser
is running anysudo
commandsDefaults always_set_home
to sudoers file to force this behavior for allsudo
commands on the system. (Some Linux distributions have this enabled by default.)If you don't especially want to switch the home directory when switching users, then you'll need to make sure the new user can read your personal shell startup files instead.
The minimal permissions you'd need to allow for
sudo -u newuser bash
to run/home/myuser/.bashrc
are:/home/myuser
/home/myuser/.bashrc
If there is no convenient user group that would be common to both
myuser
andnewuser
, and ACLs are not available (i.e. traditional Unix-style permissions only), this would be the traditional way to do it:If ACLs are available for the filesystem containing your home directory, you could do this instead to grant the minimal necessary access:
If the permissions of the home directory were initially
drwx------
, after this command the permissions to/home/myuser
would look likedrwx--x---+
. To check the complete ACL, usegetfacl
: