Re: how sudo handles $HOME
On Thu, May 16, 2019 at 6:35 AM Carl Friis-Hansen wrote: > > On 5/16/19 3:03 AM, Alex Murray wrote: > > > > On Wed, 2019-05-15 at 02:42:56 +0930, Dan Streetman wrote: > > > >> in Ubuntu, sudo retains the calling user's $HOME > >> > >> this is different from upstream sudo as well as all other UNIXes and > >> even the sudo documentation we provide. Should we remove our custom > >> patch that adds this behavior? > > > > I would argue that our current behaviour provides a more usable default > > (eg. running vim via sudo uses your own configuration so you don't have > > to maintain a copy of it in /root) and in the case of a machine with > > multiple sudo users, they all get to use their own configuration rather > > than a single configuration under /root. > > > > However, it does diverge from upstream and so for new users this creates > > a surprising situation if they are used to and expect the upstream > > behaviour - (see comments 6 and 7 in > > https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/760140) - plus it > > seems we do not document this change in the man page and so we are > > creating even more surprises for our users. > > > > From a security point of view I do not see any advantage from either > > behaviour, so it is really more a usability question IMO. > > > >> > >> for reference and more details on downsides of our current sudo behavior, > >> see: > >> https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302 > >> > >> Note that I have kind-of hijacked the bug, as I believe the issue is > >> larger than the python-based example in that bug. > >> > >> Also as I commented in that bug, I do not recommend changing the > >> behavior for existing releases. But I do think we should change the > >> behavior starting in Eoan and future releases. > > > > I agree if this is changed we should not try and SRU it back. > > > I would say let it remain user's home for editor configs. > You could always use option -i in case you want root home. That is a significant upside to current behavior; but please don't forget about the downside of accessing editor configs under sudo: root-owned editor config files, e.g.: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302/comments/9 For some users, this is a simple fix of running sudo chown. For users simply following online directions though, the errors resulting from this can be quite frustrating and confusing. Try googling for 'root owned emacs.d' or 'root owned viminfo', e.g.: http://blog.robertelder.org/vim-forgets-copy-buffer-on-reopen/ For those that commonly use fresh vms or containers, root-owned editor config files can be a common occurance/annoyance. > > -- >-=oOOo=- > Carl Friis-Hansen > https://carl-fh.com/ > https://dronehyr.se/ > Phone: +46 372 775199 >-=oOOo=- > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: how sudo handles $HOME
Good question. I've cc'ed sudo-users, so the question to the upstream sudo list can be summarized as: How likely would it be for upstream sudo to add HOME to env_keep by default? We ask because Ubuntu carries a patch that adds HOME to env_keep, unlike the default upstream, or any other Linux/Unix. We are considering removing that patch, to match upstream defaults, of *not* including HOME in env_keep. More details are in this bug: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302 On Thu, May 16, 2019 at 5:10 AM Robie Basak wrote: > > On Tue, May 14, 2019 at 01:12:56PM -0400, Dan Streetman wrote: > > in Ubuntu, sudo retains the calling user's $HOME > > > > this is different from upstream sudo as well as all other UNIXes and > > even the sudo documentation we provide. Should we remove our custom > > patch that adds this behavior? > > Does upstream have a position on this question, apart from our > observation of their current default? > > For example: what if we changed it back, then someone persuaded upstream > to flip the default? That would cause disruption to our users twice. Can > we ensure, before reverting to their default, that upstream have no > intention of changing it? > > Robie -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: how sudo handles $HOME
On 5/16/19 3:03 AM, Alex Murray wrote: On Wed, 2019-05-15 at 02:42:56 +0930, Dan Streetman wrote: in Ubuntu, sudo retains the calling user's $HOME this is different from upstream sudo as well as all other UNIXes and even the sudo documentation we provide. Should we remove our custom patch that adds this behavior? I would argue that our current behaviour provides a more usable default (eg. running vim via sudo uses your own configuration so you don't have to maintain a copy of it in /root) and in the case of a machine with multiple sudo users, they all get to use their own configuration rather than a single configuration under /root. However, it does diverge from upstream and so for new users this creates a surprising situation if they are used to and expect the upstream behaviour - (see comments 6 and 7 in https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/760140) - plus it seems we do not document this change in the man page and so we are creating even more surprises for our users. From a security point of view I do not see any advantage from either behaviour, so it is really more a usability question IMO. for reference and more details on downsides of our current sudo behavior, see: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302 Note that I have kind-of hijacked the bug, as I believe the issue is larger than the python-based example in that bug. Also as I commented in that bug, I do not recommend changing the behavior for existing releases. But I do think we should change the behavior starting in Eoan and future releases. I agree if this is changed we should not try and SRU it back. I would say let it remain user's home for editor configs. You could always use option -i in case you want root home. -- -=oOOo=- Carl Friis-Hansen https://carl-fh.com/ https://dronehyr.se/ Phone: +46 372 775199 -=oOOo=- -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: how sudo handles $HOME
On Tue, May 14, 2019 at 01:12:56PM -0400, Dan Streetman wrote: > in Ubuntu, sudo retains the calling user's $HOME > > this is different from upstream sudo as well as all other UNIXes and > even the sudo documentation we provide. Should we remove our custom > patch that adds this behavior? Does upstream have a position on this question, apart from our observation of their current default? For example: what if we changed it back, then someone persuaded upstream to flip the default? That would cause disruption to our users twice. Can we ensure, before reverting to their default, that upstream have no intention of changing it? Robie signature.asc Description: PGP signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: how sudo handles $HOME
On Wed, 2019-05-15 at 02:42:56 +0930, Dan Streetman wrote: > in Ubuntu, sudo retains the calling user's $HOME > > this is different from upstream sudo as well as all other UNIXes and > even the sudo documentation we provide. Should we remove our custom > patch that adds this behavior? I would argue that our current behaviour provides a more usable default (eg. running vim via sudo uses your own configuration so you don't have to maintain a copy of it in /root) and in the case of a machine with multiple sudo users, they all get to use their own configuration rather than a single configuration under /root. However, it does diverge from upstream and so for new users this creates a surprising situation if they are used to and expect the upstream behaviour - (see comments 6 and 7 in https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/760140) - plus it seems we do not document this change in the man page and so we are creating even more surprises for our users. From a security point of view I do not see any advantage from either behaviour, so it is really more a usability question IMO. > > for reference and more details on downsides of our current sudo behavior, see: > https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302 > > Note that I have kind-of hijacked the bug, as I believe the issue is > larger than the python-based example in that bug. > > Also as I commented in that bug, I do not recommend changing the > behavior for existing releases. But I do think we should change the > behavior starting in Eoan and future releases. I agree if this is changed we should not try and SRU it back. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss