Environment variables when run with 'sudo'

133,705

Solution 1

Environment variables can be simply passed after sudo in form ENV=VALUE and thay'll be accepted by followed command. It's not known to me if there are restrictions to this usage, so my example problem can be solved with:

sudo LD_LIBRARY_PATH=/opt/intel/mkl/lib/ia32:$LD_LIBRARY_PATH LD_PRELOAD=/opt/intel/mkl/lib/ia32/libmkl_core.so python -c "import numpy"

Solution 2

The -E option you mention seems to work just fine:

enzotib@host:~$ export DUMMY=dummy
enzotib@host:~$ sudo -E sh -c 'echo $DUMMY'
dummy
enzotib@host:~$ sudo -E env | grep DUMMY
DUMMY=dummy

Solution 3

You can use -E sudo option to preserve current environment (if you have rights to do that)

$ man sudo
 -E, --preserve-env
             Indicates to the security policy that the user wishes to preserve
             their existing environment variables.  The security policy may
             return an error if the user does not have permission to preserve
             the environment.

Solution 4

You need to edit your sudoers by sudo visudo as possibly you've security policy plugin enabled which overrides your PATH by secure_path option. So add the path to the list and you can also use env_keep instead, for example:

Defaults env_reset
Defaults env_keep += "PATH PYTHONPATH"

To check if your PATH is overridden, run the following command:

$ sudo sudo -V | grep PATH
Value to override user's $PATH with: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

Solution 5

This works for me (~/.bashrc):

alias sudo='sudo env PATH=$PATH VAR1=SOME_VALUE VAR2=SOME_VALUE...'

^{Source: As per OP edit}

View more solutions

133,705

Author by

zetah

Updated on September 18, 2022

Comments

zetah over 1 year
As example to my question, my ~/.bashrc file contains this lines:
```
export LD_LIBRARY_PATH=/opt/intel/mkl/lib/ia32:$LD_LIBRARY_PATH
export LD_PRELOAD=/opt/intel/mkl/lib/ia32/libmkl_core.so
```
so that Numpy (Python) could find libraries that it needs to run, as it's build with MKL and Intel compilers. This workflow isn't the best, but that's another story.

My question is how can I pass arbitrary variables (like those in ~/.bashrc) when I run program with 'sudo' (but not root)?

Currently, if I run:
```
sudo python -c "import numpy"
```
I get an error:
```
ImportError: libimf.so: cannot open shared object file: No such file or directory*
```
Some suggestions as sudo -i or sudo -E does not change anything here.

Edit:

I can't answer my question (not enough points :D ) but I'll comment here, in a hope that there are other Linux newbies wondering about sudo traps.

[Only temporarily!] This works for me (~/.bashrc):
```
alias sudo='sudo env PATH=$PATH VAR1=SOME_VALUE VAR2=SOME_VALUE...'
```
zetah over 12 years

Sorry, but I don't understand your answer. Can you provide example on scenario I posted above? i.e. to be able to run sudo python -c "import numpy" with LD_LIBRARY_PATH and LD_PRELOAD defined as written above?
enzotib over 12 years

@zetah: ok, i'm wrong, because it works for generic variable, but not for dymanic linking controlling variables, as stated in section SECURITY NOTES of sudo manual page.
zetah over 12 years

It is simpler then that (as in provided answer), although man sudo does not make it clear, and when user tries to follow references pointed there, it is very easy to be discouraged by all branches needed to be followed, to be able to decrypt supposed meaning.
ses about 10 years

stackoverflow.com/questions/8080866/…
Zanna about 6 years

+1, but env_keep does not work on PATH (in the sense that sudo still uses secure_path when looking for the command)
Zanna about 6 years

this works, but it is a bad idea because it makes running sudo less safe
DarkCygnus over 5 years

Still today this worked for me, on my Raspbian Jessy for my RPi 3 ... after almost a week breaking my head why didn't my script ran on startup. Thanks a lot!
CvRChameleon over 3 years

Extremely useful, this works to populate a variable inside Docker Container as well where I require sudo.