|
|
|
|
|
|
by tetris11
637 days ago
|
|
|
> Depending on the security policy, the user's PATH environment variable may be modified, replaced, or passed unchanged to the program that sudo executes. Essentially a "maybe, depending on what your OS policy is", proving that your comments are less than helpful. |
|
|
https://manpages.ubuntu.com/manpages/noble/en/man8/sudo.8.ht...
I am not sure what is meant by "masquerading as root" -- effective UID rather than real UID? "sudo" should set both to the target; there is no masquerading, even if you end up in a root shell with features of the invoking user's environment, those relevant variables should've been adjusted in the process.So what you're proposing to do is to escalate privilege using "sudo"s security model and configuration, which may add, suppress, or alter environment variables, as well as SELinux and resource limits and cgroups or whatever, and then have a second go-round through "su" may alter the environment further, making for an unpredictable interaction. Hopefully it's all harmonized through PAM, but all you wanted is an interactive shell. Why try to justify this copy-paste idiom?
In fact, I could rewrite your original snippet as
Why are you even opening an interactive shell to do one simple command? If that's all you want, then learn and use the appropriate idiom for it. "sudo(8)" was originally designed to run one-off commands without invoking that shell. In fact, security experts will tell you not to leave root shells open at any time. If you can run a "sudo command" and return to your user shell, then that is best practice.