3

NB: Yes, I've read How can I tell if I'm in a tmux session from a bash script?

How can I find out whether I am running inside a Tmux session from my shell or shell script or shell function or alias if I used sudo su - in between?:

The problem

Community
  • 1
0xC0000022L
  • 16,593

2 Answers2

3

In your /etc/sudoers file you can explicitly allow environment variables to propagate to the sudo environment.

Example

Defaults    requiretty

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

So one method would be to add a variable that is resultant of tmux and let it through.

slm
  • 369,824
  • Thanks, indeed that's one way (btw: one I know and had contemplated). And in this particular case I am able to modify sudoers, but I'll leave the question open to see whether some better method exists. – 0xC0000022L Jun 06 '14 at 13:38
  • That'll work for sudo -s but not for sudo su - since su - also resets the environment. Not that there's usually a good reason to run su - instead of keeping as much information about your environment as you can @0xC0000022L – Gilles 'SO- stop being evil' Jun 06 '14 at 23:12
2
% sudo su -- 2<<STATE
>    TMUX='$TMUX'
>    exec 2>/dev/tty 
> STATE
# . /dev/fd/2
# { 
#   echo "$TMUX"
#   echo "$TMUX" >&2
# }

###OUTPUT

/tmp/tmux-1000/default,23878,1
/tmp/tmux-1000/default,23878,1

sudo will close all file descriptors for its invoked process but 0,1,2 and you need /dev/tty on <&0 or you can't enter a password, but if you can accept blocking >&2 for the span it takes to run a single command then you can do the above.

You can use this technique to bring along whatever else you might like as well.

mikeserv
  • 58,310
  • 1
    Nice, I need to check how well this works in case of unprivileged users running a Cmnd_Alias, but certainly a very interesting piece of info! – 0xC0000022L Jun 06 '14 at 13:57
  • 1
    @0xC0000022L - it works pretty well. It can be controlled with permissions, but one thing about .dot is it doesn't exec anything - it only requires read rights. So even when su 4<<HEREDOC /dev/fd/4\n...\nHEREDOC\n doesn't work su -c '. /dev/fd/4' 4<<.. generally will. – mikeserv Jun 06 '14 at 14:04
  • 2
    That's not very convenient for an interactive session though. However, you could do something like exec $SHELL 2>/dev/tty – Gilles 'SO- stop being evil' Jun 06 '14 at 23:13
  • @Gilles - thanks for that. It took me a minute to figure out what you meant because I thought the shell would automatically reopen >&2 but I was wrong. You likely can't exec it with a new process like that though without chowning the file created by your last user first, but just exec 2>/dev/tty seems to do the trick anyway. I did it but added an >&2 to echo as above and it worked. – mikeserv Jun 06 '14 at 23:32