3

From https://stackoverflow.com/a/29400598/156458

The other solutions I've seen here so far are based on some system definitions, but it's in fact possible to have sudo use the current PATH (with the env command) and/or the rest of the environment (with the -E option) just by invoking it right:

sudo -E env "PATH=$PATH" <command> [arguments]

In fact, one can make an alias out of it:

alias mysudo='sudo -E env "PATH=$PATH"'

(It's also possible to name the alias itself sudo, replacing the original sudo.)

Given that

-E, --preserve-env Indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the user does not have permission to preserve the environment.

I was wondering why the following doesn't work

sudo -E <command> [arguments]

?

Given that "PATH=$PATH" <command> [arguments] is also a command, I was wondering why the following doesn't work:

sudo  "PATH=$PATH" <command> [arguments]

?

Thanks.

Tim
  • 98,580
  • 191
  • 570
  • 977
  • 1
    Possible duplicate of [How to make \`sudo\` preserve $PATH?](https://unix.stackexchange.com/questions/83191/how-to-make-sudo-preserve-path) – Stephen Kitt May 09 '18 at 12:44
  • Why the downvotes? – Stéphane Chazelas May 09 '18 at 12:52
  • 4
    I haven't voted, but I could imagine a reader asking "What do you mean by `doesn't work`?" - Does sudo fail? Does the command not get the updated environment? Does it not match a sudoers entry? I think it'd also be useful to include the sudo configuration here regarding whitelist/blacklist/keep settings. – Jeff Schaller May 09 '18 at 13:08
  • Your statement, "_Given that `"PATH=$PATH" [arguments]` is also a command..._" is a false premise. It's not a command; it's an environment variable assignment followed by a command. Quoting aside, you could try `sudo bash -c "PATH=... command args..."`. Just bear in mind that `command` would still need to be in your default `sudo` value of `$PATH` or else you'd need to use an explicit `/path/to/command` – roaima May 09 '18 at 22:25

1 Answers1

11
sudo -E <command> [arguments]

doesn’t work in your case because Debian defines secure_path in /etc/defaults, which overrides the value of PATH even with -E.

sudo  "PATH=$PATH" <command> [arguments]

should work because PATH=$PATH is recognised and processed by sudo. In my case sudo "PATH=$PATH" env shows my current PATH value. (Note that PATH=$PATH <command> isn’t a universally-recognised command; it corresponds to a construct which is recognised by the shell and by sudo, but not necessarily in other contexts.).

However sudo itself doesn't use that $PATH to look the <command> up and still uses the secure_path.

sudo -E env "PATH=$PATH" <command> [arguments]

works because "PATH=$PATH" stores the current value of PATH in the command as seen by sudo and then env; sudo replaces the value of PATH as given to env in its environment, but env then reads the value from its arguments to build the environment for <command>.

And here, the env command is looked-up by sudo in secure_path, but env itself looks <command> up in the provided $PATH.

Stéphane Chazelas
  • 522,931
  • 91
  • 1,010
  • 1,501
Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164