Behaviour of sudo on Ubuntu and Fedora

Posted by Kaya Kupferschmidt • Wednesday, February 4. 2015 • Category: Linux

I often use the Linux command sudo for performing some administrative tasks on my machine or to run otherwise restricted programs. But sometimes I observe strange behaviour, when the program under sudo-control tries to access some files in the users home. The location of the home directory of the current user is stored in an environment variable named HOME, so it is interesting to see how this variable is defined under sudo. First let's try Fedora 21:

kaya@fedora:~$ env | grep HOME
HOME=/home/kaya

kaya@fedora:~$ sudo env | grep HOME
HOME=/root

So when I run a program with sudo, on Fedora 21, the home directory of the user root will be used. Let us check the user names stored in the environment:

kaya@fedora:~$ env | grep USER
USER=kaya
USERNAME=kaya

kaya@fedora:~$ sudo env | grep USER
USERNAME=kaya
USER=root
SUDO_USER=kaya

So this means that on Fedora 21, the environment variable USER will also change to root, but USERNAME remains unchanged and reflects the original user.

Now let us try the same on Ubuntu 14.04

kaya@ubuntu:~$ env | grep HOME
HOME=/home/kaya

kaya@ubuntu:~$ sudo env | grep HOME
HOME=/home/kaya

So on Ubuntu 14.04, the home directory also remains unchanged under sudo. Let's check the user names:

kaya@ubuntu:~$ env | grep USER
USER=kaya

kaya@ubuntu:~$ sudo env | grep USER
USER=root
USERNAME=root
SUDO_USER=kaya

This is really weird, and looks wrong to me! And the behaviour is completely different to Fedora 21.

Default sudo Behaviour on Fedora 21 and Ubuntu 14.04

The following table gives an overview of the default behaviour of sudo.

env (Fedora) env (Ubuntu) sudo env (Fedora) sudo env (Ubuntu)
USER kaya kaya root root
USERNAME kaya N/A kaya root
HOME /home/kaya /home/kaya /root /home/kaya

The really big problem here is that I mount my home directories via NFS onto my machine. In this environment, the root user only has a restricted access to the users home directory, which often causes some trouble with sudo. Therefore when I want to execute a command as a different user, I not only want to embody his ID, but I also want to use his home directory during the sudo operation. This works with Fedora, but does not work with Ubuntu.

Fixing sudo Behaviour

As it turns out, the behaviour can be fixed by adjusting the file /etc/sudoers according to the sudoers manual. Or simply by copying the relevant sections from the Fedora installation. (Note that you should use visudo for editing the file, as mentioned in the comments inside the file). At the beginning of the file /etc/sudoers on Ubuntu, you should add the following defaults for env_keep:

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

A Simple Sidebar