User name before sudo

Question

I got a script requiring sudo, but the script must set parameters according to the original user, such as:

chown "${USER}:${USER}" dir

If I set it under sudo, I just end up with chmod root:root, which doesn't help.

So how can I get the user name before sudo?

score 12 · Accepted Answer · answered Nov 30 '09 at 13:42

12

The environment variable SUDO_USER should work as a replacement for USER.

Since you are setting the ownership to USER:USER I assume there is always a group with the same name as the user? A more strict solution might otherwise be to use SUDO_UID and SUDO_GID.

Two possible solutions would then be:

chown "${SUDO_USER}:${SUDO_USER}" dir

or

chown "${SUDO_UID}:${SUDO_GID}" dir

answered Nov 30 '09 at 13:42

andol

6,938
29
43

Nice anwser, with the solution AND some additional infos. – Bite code Nov 30 '09 at 13:43
Using the UID/GID is the best solution, as it is possible to have multiple UIDs with the same username. – duffbeer703 Nov 30 '09 at 13:46

score 6 · Answer 2 · edited Aug 02 '14 at 00:31

6

You can use the SUDO_USER variable:

sudo bash -c 'echo $SUDO_USER'

From the sudo man page:

sudo utilizes the following environment variables. The security policy has control over the actual content of the command's environment. [...]

SUDO_UID Set to the user ID of the user who invoked sudo.

SUDO_USER Set to the login name of the user who invoked sudo.

edited Aug 02 '14 at 00:31

Cristian Ciupitu

6,396
2
42
56

answered Nov 30 '09 at 13:41

Kyle Brandt

83,619
74
305
448

But why `sudo echo $SUDO_USER` outputs nothing? – Robert Jul 18 '19 at 14:14

score 1 · Answer 3 · edited May 23 '17 at 12:41

1

SUDO_USER can be overwritten by the user.

 $ SUDO_USER='lala' sudo SUDO_USER='test' printenv | grep USER
 USER=root
 SUDO_USER=test
 USERNAME=root

You should use 'who am i' or 'logname' to get the original username

toto:~$ SUDO_USER='lala' sudo SUDO_USER='test' logname             
toto
toto:~$ SUDO_USER='lala' sudo SUDO_USER='test' who am i
toto   pts/4        Jan 23 15:13 (:0.0)

Coming from https://stackoverflow.com/questions/4598001/how-do-you-find-the-original-user-through-multiple-sudo-and-su-commands

edited May 23 '17 at 12:41

Community

1

answered Jan 23 '13 at 14:16

cladmi

11
1

After running 'sudo su -' the environment variables aren't available, but `logname` and `who am i` work. – RickMeasham Mar 03 '15 at 01:47
You're right, it's not possible to rely on environment variable. – cladmi Mar 05 '15 at 10:09
Found on some host that SUDO_USER can't be overwritten: `sudo: sorry, you are not allowed to set the following environment variables: SUDO_USER` So it may still be safe, should still verify this. – cladmi Feb 17 '16 at 08:31
It's because my command is set as "NOPASSWD", so it depends on your sudoers configuration via "NOSETENV". – cladmi Feb 17 '16 at 08:49

User name before sudo

3 Answers3