We have a complicated shell script, and need root permission to finish some operations. But this script may be executed by everyone and we don't want to leak root password, we still don't want everyone to do anything that root can do.
So we can add this script into /etc/sudoers
with NOPASSWD.
Ref:
How do I run specific sudo commands without a password?
But the script misses some environment variables when using sudo to execute. We can use -E
in command line to keep environment variables in current session, or configure Defaults !env_reset
option in /etc/sudoers
.
But the PYTHONPATH
environment variables is still missing. We can use Defaults env_keep+=PYTHONPATH
to keep PYTHONPATH
explicitly.
Ref:
Avoid using env_reset in sudoers file
Only commenting Defaults env_reset
is useless, because reset environment is default action.
We still want to known why sudo can keep many custom environment variables except PYTHONPATH
.
After reading codes, it's because PYTHONPATH
is a bad variable. Although we explictly set keep env, these bad variables still will be removed. Except explictly use Defaults env_keep+=PYTHONPATH
to keep.
1 | /* |
In env_should_keep()
it will check if ep
in bad variables list.
Following list are these bad variables:
1 | /* |