Why is $HOME inherited when I start a shell with sudo?

Question

I'm setting up a Vagrant box and I noticed something I found odd.

root@box:~# sudo --user=vagrant bash
bash: /root/.bashrc: Permission denied
vagrant@box:~$ export
declare -x HOME="/root"

Why is HOME set to /root here? The home directory for the user vagrant is certainly not /root:

vagrant@box:~$ grep vagrant /etc/passwd
vagrant:x:1000:1000::/home/vagrant:/bin/bash

Everything I found online talked about how to inherit environment variables, not how to prevent it. The sudoers file contains the env_reset default. I don't know what else controls this behavior.

Answer 1

This is a choice. If you don't like it, you can use the -i or -H option, or change the configuration. The sudo(8) man page says for HOME:

Set to the home directory of the target user if -i or -H are specified, env_reset or always_set_home are set in sudoers, or when the -s option is specified and set_home is set in sudoers.

Actually env_reset doesn't have an effect on $HOME under Ubuntu (but see below). This is an inaccuracy in the man page. See Launchpad bug #889936.

Additional information

Some environment variables may still be kept when env_reset is provided. There are compile-time defaults, and this can be changed with the env_keep option; see the sudoers(5) man page for more information. In the sudo -V output under root, you can see the list of these environment variables under "Environment variables to preserve:". In particular, HOME is listed by default under Ubuntu, but not under Debian.

For more information, see:

• How is sudo set to not change $HOME in Ubuntu and how to disable this behavior?

• Launchpad bug #760140 about the compile-time default for HOME in Debian and Ubuntu.