-1

I've got an /etc/sudoers file that works just fine in all versions of Fedora prior to F18, but we've noticed that when upgrading to F18 (and installing FreeIPA, though the cases I'll show here were run with sudo processing done using this file to minimize variables), sudo is not preserving the DISPLAY variable as requested by sudo:

# sudo -V
:
Environment variables to preserve:
        PYTHONPATH
        :
        HOSTNAME
        DISPLAY
        COLORS
:
# exit
[user2]$ echo $DISPLAY
:1
[user2]$ sudo su - user1
[user1]$ echo $DISPLAY
DISPLAY: Undefined variable.
[user1]$

Usually, we use ssh -Y to pipe displays back and forth, but this is preventing us from doing so. I've been troubleshooting this for several days without success. Has anyone else experienced this, or have any ideas?

Update: Further testing revealed this may not be a sudo problem, but may be related to su itself:

[user2]$ sudo -u user1 echo $DISPLAY
:1
[user2]$

Does this change things? Why would "su" start stripping away (parts of) the environment?

wortmanb
  • 183
  • 3
  • 9
  • possible duplicate of http://serverfault.com/questions/51005/how-to-use-xauth-to-run-graphical-application-via-other-user-on-linux – fuero Oct 16 '13 at 14:43
  • The solutions to that question address the remote display issue directly; in my case, that works as long as the DISPLAY variable is intact. Sudo is breaking that chain and I'd prefer to figure out why the chain is breaking rather than working around it. – wortmanb Oct 16 '13 at 15:15

1 Answers1

2

While sudo preserves the variables, your use of su wipes them again. Don't use su, it's entirely unnecessary. If you want a shell, use sudo -i

Dennis Kaarsemaker
  • 19,277
  • 2
  • 44
  • 70
  • That worked like a champ so far. I'll have to see if the complicated app our developers use will be happy. Is this a new thing or has it always been this way and we've just been lucky that it wasn't enforced? – wortmanb Oct 16 '13 at 17:06
  • -i has been part of sudo for a few years now, and before that the correct thing to do would be `sudo -s -H`. – Dennis Kaarsemaker Oct 16 '13 at 17:07
  • As another option, see [this question & its answers](http://serverfault.com/questions/51005/how-to-use-xauth-to-run-graphical-application-via-other-user-on-linux) about using `xauth`. If this is working for you though it's probably a cleaner / easier solution. – voretaq7 Oct 17 '13 at 16:47