ablog

不器用で落着きのない技術者のメモ

sudo でコマンドを実行するときにスイッチしたユーザの環境変数をセットする方法

Linux

Mac OS X Snow Leopard でちょっと試してみた。

yoheia% man sudo  

...

       -i [command]
                   The -i (simulate initial login) option runs the shell specified in the passwd(5) entry of the target user as a login shell.  This means that
                   login-specific resource files such as .profile or .login will be read by the shell.  If a command is specified, it is passed to the shell for
                   execution.  Otherwise, an interactive shell is executed.  sudo attempts to change to that user's home directory before running the shell.  It
                   also initializes the environment, leaving DISPLAY and TERM unchanged, setting HOME, SHELL, USER, LOGNAME, and PATH, as well as the contents of
                   /etc/environment on Linux and AIX systems.  All other environment variables are removed.

...

ふむふむ。

i オプションがないとき〜 

yoheia% sudo -u oracle env 
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin
HOME=/Users/yoheia
DISPLAY=/tmp/launch-aTpApB/org.x:0
SSH_AUTH_SOCK=/tmp/launch-jweNxS/Listeners
__CF_USER_TEXT_ENCODING=0x0:1:14
LANG=ja_JP.UTF-8
TERM=xterm-color
SHELL=/bin/bash
LOGNAME=oracle
USER=oracle
USERNAME=oracle
SUDO_COMMAND=/usr/bin/env
SUDO_USER=yoheia
SUDO_UID=501
SUDO_GID=20

i オプションがあるとき〜

yoheia% sudo -u oracle -i env
PATH=.:/Users/oracle/u01/app/oracle/product/10.2.0/db_1/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin
HOME=/Users/oracle
DISPLAY=/tmp/launch-aTpApB/org.x:0
SSH_AUTH_SOCK=/tmp/launch-jweNxS/Listeners
__CF_USER_TEXT_ENCODING=0x0:1:14
LANG=ja_JP.UTF-8
TERM=xterm-color
SHELL=/bin/zsh
LOGNAME=oracle
USER=oracle
USERNAME=oracle
SUDO_COMMAND=/bin/zsh -c env
SUDO_USER=yoheia
SUDO_UID=501
SUDO_GID=20
SHLVL=0
PWD=/Users/oracle
OLDPWD=/Users/oracle
ORACLE_BASE=/Users/oracle/u01/app/oracle
ORACLE_HOME=/Users/oracle/u01/app/oracle/product/10.2.0/db_1
DYLD_LIBRARY_PATH=/Users/oracle/u01/app/oracle/product/10.2.0/db_1/lib
NLS_LANG=American_America.JA16SJISTILDE
ORACLE_SID=orcl
_=/usr/bin/env


追記(2010/06/02):
CentOS5.3 でやってみると、

$ sudo -u oracle -i env         
/usr/bin/env: /usr/bin/env: cannot execute binary file

ありゃ。

$ man sudo

...

       -i  The -i (simulate initial login) option runs the shell specified in the passwd(5) entry of the user that the command is being run as.  The command name argument given to the shell
           begins with a '-' to tell the shell to run as a login shell.  sudo attempts to change to that user's home directory before running the shell.  It also initializes the environ-
           ment, leaving TERM unchanged, setting HOME, SHELL, USER, LOGNAME, and PATH, and unsetting all other environment variables.  Note that because the shell to use is determined
           before the sudoers file is parsed, a runas_default setting in sudoers will specify the user to run the shell as but will not affect which shell is actually run.

...

う〜む。

ぐぐってみると、

The -i flag is for starting an interactive shell, not for
running a command. You may be able to do what you want by
passing your shell the -c flag. E.g.

sudo -i -- -c ls /

Though this will probably only work in sudo 1.6.9 and higher.

- todd

[sudo-users] Cannot run binaries while using -i

こんなんでてきたので、試してみると、

$ sudo -u oracle env|grep ORA
$ sudo -u oracle -i -- -c env|grep ORA
ORACLE_SID=orcl
ORACLE_BASE=/opt/oracle
ORACLE_HOME=/opt/oracle/10.2.0

いけた。


追記(2010/09/06):

-bash-3.2$ sudo -u oracle -i -- -c 'env'|grep SUDO
SUDO_USER=yoheia
SUDO_UID=10043
SUDO_COMMAND=/bin/bash -c env
SUDO_GID=10001