From: Lukas Schauer Date: Sun, 4 Aug 2024 10:04:56 +0000 (+0200) Subject: added option to pass environment variables over sudo X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fsudo-env;p=thirdparty%2Fdehydrated.git added option to pass environment variables over sudo --- diff --git a/CHANGELOG b/CHANGELOG index 47092e1..91ce851 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,7 +2,8 @@ This file contains a log of major changes in dehydrated ## [x.x.x] - xxxx-xx-xx -... +## Added +- New config variable `DEHYDRATED_SUDO_ENV` to allow passing environment variables over sudo calls ## [0.7.1] - 2022-10-31 ## Changed diff --git a/dehydrated b/dehydrated index a15fb04..a46ae17 100755 --- a/dehydrated +++ b/dehydrated @@ -390,6 +390,7 @@ load_config() { AUTO_CLEANUP="no" DEHYDRATED_USER= DEHYDRATED_GROUP= + DEHYDRATED_SUDO_ENV="no" API="auto" if [[ -z "${CONFIG:-}" ]]; then @@ -442,7 +443,11 @@ load_config() { if [[ -z "${DEHYDRATED_GROUP}" ]]; then if [[ "${EUID}" != "${TARGET_UID}" ]]; then echo "# INFO: Running $0 as ${DEHYDRATED_USER}" - has_sudo && exec sudo -u "${DEHYDRATED_USER}" "${0}" "${ORIGARGS[@]}" + if [ "${DEHYDRATED_SUDO_ENV}" = "yes" ]; then + has_sudo && exec sudo -E -H -u "${DEHYDRATED_USER}" "${0}" "${ORIGARGS[@]}" + else + has_sudo && exec sudo -u "${DEHYDRATED_USER}" "${0}" "${ORIGARGS[@]}" + fi fi else TARGET_GID="$(getent group "${DEHYDRATED_GROUP}" | cut -d':' -f3)" || _exiterr "DEHYDRATED_GROUP ${DEHYDRATED_GROUP} is invalid" @@ -452,7 +457,11 @@ load_config() { fi if [[ "${EUID}" != "${TARGET_UID}" ]] || [[ "${EGID}" != "${TARGET_GID}" ]]; then echo "# INFO: Running $0 as ${DEHYDRATED_USER}/${DEHYDRATED_GROUP}" - has_sudo && exec sudo -u "${DEHYDRATED_USER}" -g "${DEHYDRATED_GROUP}" "${0}" "${ORIGARGS[@]}" + if [ "${DEHYDRATED_SUDO_ENV}" = "yes" ]; then + has_sudo && exec sudo -E -H -u "${DEHYDRATED_USER}" -g "${DEHYDRATED_GROUP}" "${0}" "${ORIGARGS[@]}" + else + has_sudo && exec sudo -u "${DEHYDRATED_USER}" -g "${DEHYDRATED_GROUP}" "${0}" "${ORIGARGS[@]}" + fi fi fi elif [[ -n "${DEHYDRATED_GROUP}" ]]; then diff --git a/docs/examples/config b/docs/examples/config index 51e38de..d518908 100644 --- a/docs/examples/config +++ b/docs/examples/config @@ -16,6 +16,9 @@ # Which group should dehydrated run as? This will be implicitly enforced when running as root #DEHYDRATED_GROUP= +# Should dehydrated pass environment variables over sudo? +#DEHYDRATED_SUDO_ENV="no" + # Resolve names to addresses of IP version only. (curl) # supported values: 4, 6 # default: