On Ubuntu 12.04, when I sudo -s
the $HOME variable is not changed, so if my regular user is regularuser
, the situation goes like this:
$ cd
$ pwd
/home/regularuser
$ sudo -s
# cd
# pwd
/home/regularuser
I have abandoned Ubuntu a long time ago, so I cannot be sure, but I think this is the default behavior. So, my questions are:
Q1. How is this done? Where is the config?
Q2. How do I disable it?
Edit:
Thanks for the answers, which clarified things a bit, but I guess I must add a couple of questions, to get the answer I am looking for.
Q3. In Debian sudo -s
, changes the $HOME variable to /root
. From what I get from the answers and man sudo
the shell ran with sudo -s
is the one given in /etc/passwd
, right?
Q4. However, on both Ubuntu and Debian the shell given in /etc/passwd
for root is /bin/bash
. In either system also, I cannot find where the difference in .profile
or .bashrc
files is, as far as $HOME is concerned, so that the behavior of sudo -s
differs. Any help on this?
Best Answer
Sudo has many compile-time configuration options. You can list the settings in your version with
sudo -V
. One of the differences between the configuration in Debian wheezy and in Ubuntu 12.04 is that theHOME
environment variable is preserved in Ubuntu but not in Debian; both distributions erase all environment variables except for a few that are explicitly marked as safe to preserve. Thussudo -s
preservesHOME
on Ubuntu, while on DebianHOME
is erased andsudo
then sets it to the home directory of the target user.You can override this behavior in the
sudoers
file. Runvisudo
to edit thesudoers
file. There are several relevant options:env_keep
determines which environment variables are preserved. UseDefaults env_keep += "HOME"
to retain the caller'sHOME
environment variable orDefaults env_keep -= "HOME"
to erase it (and replace it by the home directory of the target user).env_reset
determines whether environment variables are reset at all. Resetting environment variables is often necessary for rules that allow running a specific command, but does not have a direct security benefit for rules that allow running arbitrary commands anyway.always_set_home
, if set, causesHOME
to be overridden even if it was preserved due toenv_reset
being disabled orHOME
being in theenv_keep
list. This option has no effect ifHOME
isn't preserved anyway.set_home
is likealways_set_home
, but only applies tosudo -s
, not when callingsudo
with an explicit command.These options can be set for a given source user, a given target user or a given command; see the
sudoers
manual for details.You can always choose to override
HOME
for a given call tosudo
by passing the option-H
.The shell will never override the value of
HOME
. (It would setHOME
if it was unset, butsudo
always setsHOME
one way or another.)If you run
sudo -i
,sudo
simulates an initial login. This includes settingHOME
to the home directory of the target user and invoking a login shell.