It strongly depends on how you call your program with sudo
or su
.
E.g. on the system on which I am in this moment:
.bashrc
COMMAND $HOME $USER Env. $PATH
1. sudo -i (root) root root [1]
2. sudo -s (USER) root USER /home/${USER}/bin:[1]
3. sudo /bin/bash (USER) root USER /home/${USER}/bin:[1]
4. sudo su (root) root USER [1]:/usr/games:/usr/local/games
5. sudo su - (root) root root [1]
Where [1]=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Env=Environment variables are reset for 1 and 5, taken from $USER in 2,3,4.
So a script, or a program that is launched with a different option can see different $PATH
, $HOME
, its shell can read different .bashrc
,.profile
and Environment variables. It reads the file related with the $HOME
. Each user can modify his environment in a different way (variables, $PATH
, .bashrc, .profile, .bash_profile, alias...). In particular a user can have a different order of the directories in his $PATH
and, as a consequence, a script can execute a command e.g. in /home/$USER/bin
instead then the one in the path expected from root.
You can run the program under sudo -i
as you were logged as root with su -
,
but you can have different behaviour if you run it with sudo MyCommand
or with su -c MyCommand
.
From man su
:
In the description part:
The current environment is passed to the new shell. The value of $PATH is reset to /bin:/usr/bin for normal users, or
/sbin:/bin:/usr/sbin:/usr/bin for the superuser
...
In the options part:
-, -l, --login
Provide an environment similar to what the user would expect had the user logged in directly.
From man sudo
-i, --login
Run the shell specified by the target user's password database entry as a login shell. This means that login-specific resource files
such as .profile or .login will be read by the shell. If a command is specified, it is passed to the shell for execution via the
shell's -c option. If no command is specified, an interactive shell is executed. sudo
attempts to change to that user's home directory before running the shell. The command is run with an environment similar to the one a user would receive at log in. The Command Environment section in the sudoers(5) manual documents how the -i option affects the environment in which a command is run
when the sudoers policy is in use.
2I think you should throw it back on him. As others have shown, there are a myriad of ways to gain root using sudo and if he cannot provide you with a concrete reason as to why sudo is insufficient, then he has no leg to stand on. – Garrett – 2014-06-20T22:27:03.000
1Environment and subcommands come to mind. I think Hastur did a good job with environment, and Jayen did a goo job with subcommands, piping and redirection. – jww – 2014-06-22T02:14:05.257
2Garrett has a good point, but before I got into a potential pissing contest, I would ask the support member: have you tried it both ways and has it failed one of those ways? He may have been down the failure road with
sudo
and the scripts as the scripts are currently written. If that's the case, then sds' answer might be most helpful to you:sudo su -
. – jww – 2014-06-22T02:16:24.340