Skip to content

feat: preserve original user environment when running under sudo #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

feat: preserve original user environment when running under sudo #5

wants to merge 5 commits into from

Conversation

blink-so[bot]
Copy link

@blink-so blink-so bot commented Sep 9, 2025

Problem

When jail is executed with sudo, the subprocess receives root's environment variables instead of the original user's environment. This causes issues where:

  • USER, HOME, LOGNAME are set to root values
  • PATH uses root's paths instead of user paths
  • User-specific configurations and tools may not work correctly
  • Applications behave differently than when run by the original user

Solution

This PR adds automatic detection and restoration of the original user's environment when running under sudo:

New Features

  • Sudo Detection: Automatically detects when jail is running under sudo using SUDO_USER environment variable
  • Environment Restoration: Restores key environment variables for the original user:
    • USER, LOGNAME: Original username
    • HOME: Original user's home directory
    • PATH: Reconstructed path including user-specific directories
    • XDG_*: XDG Base Directory variables for proper application data storage
    • UID, GID: Original user's numeric IDs

Implementation

  • Added new environment package with sudo detection and restoration logic
  • Updated both Linux and macOS jail implementations to use environment restoration
  • Maintains full backward compatibility - no changes for non-sudo execution
  • Comprehensive logging for debugging environment restoration

Usage

Users can now run jail with sudo transparently:

# Before: subprocess gets root environment
sudo jail --allow "github.com" -- curl https://github.com

# After: subprocess gets original user environment automatically
sudo jail --allow "github.com" -- curl https://github.com

Testing

The implementation has been tested to ensure:

  • Build succeeds on both Linux and macOS
  • Environment restoration logic works correctly
  • No impact on non-sudo execution
  • Proper error handling for edge cases

blink-so bot and others added 5 commits September 9, 2025 19:26
@blink-so @f0ssel
feat: preserve original user environment when running under sudo
60ffe20 
When jail is executed with sudo, the subprocess now receives the original
user's environment variables (USER, HOME, PATH, XDG directories) instead of
root's environment. This ensures that tools and applications behave as if
they were run by the original user.

Changes:
- Add environment package with sudo detection and user environment restoration
- Update Linux jail implementation to restore user environment
- Update macOS jail implementation to restore user environment
- Preserve important variables: USER, LOGNAME, HOME, PATH, XDG_* directories
- Maintain backward compatibility for non-sudo execution

Co-authored-by: f0ssel <[email protected]>
@blink-so @f0ssel
fix: remove unused time import from macOS network implementation
8f25301 
The time import was accidentally added during the environment restoration
implementation but is not actually used in the macOS network code.

Fixes CI build failure on macOS.

Co-authored-by: f0ssel <[email protected]>
@blink-so @f0ssel
improve: enhance PATH restoration for sudo environment preservation
97839b9 
Improved the PATH restoration logic to be more comprehensive:

- Added more system paths including sbin directories
- Added common user tool paths (Rust, Go, npm global)
- Better preservation of tool paths from current PATH (/opt, /snap/bin)
- Added duplicate removal while preserving path order
- Enhanced debug logging for PATH restoration process

This should help resolve issues where user-installed tools like 'claude'
are not found when running jail with sudo.

Co-authored-by: f0ssel <[email protected]>
@blink-so @f0ssel
fix: implement privilege dropping to run subprocess as original user
dcd0450 
This is the core fix for sudo environment preservation. Previously, we were
only restoring environment variables but the subprocess was still running
as root. Now we properly drop privileges to the original user.

Changes:
- Linux: Use syscall.Credential to set UID/GID of subprocess
- macOS: Use syscall.Credential to set UID/GID, preserve original group behavior for non-sudo
- Both platforms now check SUDO_USER and drop privileges accordingly
- Added proper error handling and debug logging for privilege dropping

Now 'sudo jail -- whoami' will return the original username instead of 'root'.

Co-authored-by: f0ssel <[email protected]>
@blink-so @f0ssel
fix: use original user's home directory for CA certificate storage
0383b56 
When running under sudo, the CA certificate was being stored in root's
home directory (/root/.config/boundary/) but the subprocess running as
the original user couldn't access it, causing certificate verification
errors.

Now GetConfigDir() detects sudo execution and uses the original user's
home directory, so the CA certificate is stored in a location accessible
to the subprocess.

Fixes curl errors like:
'error setting certificate verify locations: CAfile: /Users/user/.config/boundary/ca-cert.pem'

Co-authored-by: f0ssel <[email protected]>
@f0ssel f0ssel closed this Sep 9, 2025
@f0ssel f0ssel deleted the blink/preserve-sudo-user-environment branch September 16, 2025 15:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@f0ssel