You are not logged in.

#1 2020-08-21 15:45:51

Ooops
Member
Registered: 2020-06-16
Posts: 4

[Solved] How to set global variables correctly to work with sudo

Question as per title...

Simple example: I want to set EDITOR=nano.

If i add "export EDITOR=nano" to ~/.bash_profile and /root/.bash_profile it works as user and root, but "sudo visudo" uses vi instead, although "sudo echo $EDITOR" returns "nano".

If i add "export EDITOR=nano" to /etc/profile it has the exact same effect (but at least if have to edit only one file): "sudo -i" followed by "visudo" uses nano. "sudo visudo" does not.

The 3rd option to add "EDITOR=nano" to /etc/environment works... but of course only if PAM is used, so for example not for ssh unless i explicitly activate it.


I'm pretty sure there has to be an 4th option to set a variable globally for all users that works with sudo. I just don't seem to be able to find it...

Last edited by Ooops (2020-08-21 18:11:24)

Offline

#2 2020-08-21 15:58:22

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: [Solved] How to set global variables correctly to work with sudo

You are not describing "global" variables, you are setting environment variables (which are really almost the opposite of global variables).   In any case, the means of setting the variables is not the issue - you just need to read the sudo and/or sudoers man page (look for "env_editor" in the latter).

EDIT: oops - it seems env_editor should be set by default according to the man page and wiki, but I can confirm this is not the behavior of sudo for me either.  This can be confirmed with 'env':

$ env | grep -i edit
EDITOR=vim

$ sudo env | grep -i edit

$

Even explicitly setting "Defaults env_editor" in sudoers doesn't change this behavior.

Last edited by Trilby (2020-08-21 16:12:52)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#3 2020-08-21 16:54:04

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: [Solved] How to set global variables correctly to work with sudo

This worked for me

Defaults env_keep += "EDITOR"

Offline

#4 2020-08-21 16:58:00

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: [Solved] How to set global variables correctly to work with sudo

Thanks loqs, that works for me - but were you able to replicate the failure of env_editor?

The following also works (you can have a colon separated list of editors):

Defaults editor=/usr/bin/vim

This also avoid the potential vulnerability of running arbitrary code as root if an untrusted process sets EDITOR in the user's environment.

Last edited by Trilby (2020-08-21 17:01:41)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#5 2020-08-21 17:14:51

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: [Solved] How to set global variables correctly to work with sudo

All of the following is with EDITOR=nano in the none root user environment,  EDITOR is not set for root. vi/vim is not installed.

Without Defaults env_editor or Defaults env_keep += "EDITOR".

sudo visudo
visudo: no editor found (editor path = /usr/bin/vi)

With Defaults env_editor without Defaults env_keep += "EDITOR".

sudo visudo
visudo: no editor found (editor path = /usr/bin/vi)

Without Defaults env_editor with Defaults env_keep += "EDITOR".

sudo visudo

visudo starts using nano

With Defaults env_editor with Defaults env_keep += "EDITOR".

sudo visudo

visudo starts using nano

Last edited by loqs (2020-08-21 17:17:04)

Offline

#6 2020-08-21 18:10:20

Ooops
Member
Registered: 2020-06-16
Posts: 4

Re: [Solved] How to set global variables correctly to work with sudo

Trilby wrote:

You are not describing "global" variables, you are setting environment variables (which are really almost the opposite of global variables).

Yeah, I know. But i brain-farted when writing the title. "How to set environment variables [for all user | globally] to work with sudo" both were too long for the title. "...set variables globally..." would probably have been at least a bit better to avoid confusion.

loqs wrote:
Defaults env_keep += "EDITOR"

Thanks, that works.

Trilby wrote:

The following also works (you can have a colon separated list of editors):

Defaults editor=/usr/bin/vim

This also avoid the potential vulnerability of running arbitrary code as root if an untrusted process sets EDITOR in the user's environment.

Ok, thinking about that vulnerability now it actually makes some sense to keep the EDITOR= variable in /etc/environment and let PAM handle it.

Last edited by Ooops (2020-08-21 18:52:07)

Offline

#7 2021-04-14 13:37:06

no-cheating
Member
From: Poland
Registered: 2016-04-26
Posts: 61

Re: [Solved] How to set global variables correctly to work with sudo

Trilby wrote:

Thanks loqs, that works for me - but were you able to replicate the failure of env_editor?

The following also works (you can have a colon separated list of editors):

Defaults editor=/usr/bin/vim

This also avoid the potential vulnerability of running arbitrary code as root if an untrusted process sets EDITOR in the user's environment.

It is a good advice, but while the solution works for visudo command, it again fails when you run vipw or vigr.

I have been trying for hours to set nvim as default editor system wide and visudo, vipw, vigr were still failing to use it, even though env_editor was set. The only solution I found so far was to add Defaults env_keep += "EDITOR" in /etc/sudoers.

Offline

#8 2021-04-14 20:34:27

Tarqi
Member
From: Ixtlan
Registered: 2012-11-27
Posts: 179
Website

Re: [Solved] How to set global variables correctly to work with sudo

man sudoers wrote:

If the env_reset flag is enabled, the SUDO_EDITOR, VISUAL and/or EDITOR environment variables must be present in the env_keep list for the env_editor flag to function when visudo is invoked via sudo.  This flag is on by default.


Knowing others is wisdom, knowing yourself is enlightenment. ~Lao Tse

Offline

#9 2021-04-16 18:17:04

no-cheating
Member
From: Poland
Registered: 2016-04-26
Posts: 61

Re: [Solved] How to set global variables correctly to work with sudo

Tarqi wrote:
man sudoers wrote:

If the env_reset flag is enabled, the SUDO_EDITOR, VISUAL and/or EDITOR environment variables must be present in the env_keep list for the env_editor flag to function when visudo is invoked via sudo.  This flag is on by default.

Thanks for posting that fragment. I had actually read that part of manual myself, but I misunderstood that This flag in This flag is on by default refers to env_editor and not to env_reset. Now it all makes sense.

Offline

Board footer

Powered by FluxBB