export problem

Question

Hi. I run the following script in bash 3.2.48:

#!/bin/bash

export var1='var1'
echo "UID=$UID"

if [ x"$UID" != x"0" ]
then
    export var2='var2'
    while ! { sudo -v; }; do { sudo -v; }; done;
    sudo $0
    exit
fi

echo $var1
echo $var2

exit 0

What I get as output is:

UID=1000
UID=0
var1

My question: Why is var2 not exported and echoed? Does that make sense? I'm pretty sure that the same script worked with older bash versions.

Tanks for any help. Chris

Answer 1

• you enter first time con UID == 1000, you enter the if clause
• you sudo to execute the script with UID == 0; sudo doesn't preserve the environment if env_reset is set in /etc/sudoers (default in most distros). You need sudo -E to preserve env.
• you exit (before echoing)

from the sudo call you enter with clean env.

• you enter with UID == 0
• you don't enter the if clause, var2 is not set
• you echo the variables.

Answer 2

Thanks for the reply. I do not agree with your answer.

When you enter the script the second time with UID 0 it did not exit the first instance! The first instance with UID 1000 (or whatever) is not exited until the second instance finished (inside the 'sudo $0' line). But this is not really helping anyway. The thing is, I export var1 as well as var2 before the script is called with UID 0, do you agree?

So, if you are right and sudo does not preserve the environment, why is var1 preserved then? And why var2 not? Both are exported before I call 'sudo $0'.

The very same script with bash 3.00.0 outputs the "var2", I just tried...

I'm confused! Chris

Answer 3

The answer is much more simpler than is seems: you never echo those vars (when not running as root, obviously), because you already exit :))

Try avoiding/minimizing confusion by adding more appropriate/concise debug statements. For instance, use a single echo that contains everything that's relevant to your problem (i.e. process ID, user ID, var1, var2):

#!/bin/bash
export var1='var1'
if [ "$UID" != "0" ] ; then
    export var2='var2'
    while ! { sudo -v; }; do { sudo -v; }; done;
    sudo $0
    # this is "the key exit" ;-)
    #exit
fi
echo "pid=[$$] uid=[$UID] var1=[$var1] var2=[$var2]"

With the exit commented out you get what you expect (obviously, in the "parent" process, as the "child" one - the one running as "root" - never reaches that part of the code that exports var2):

pid=[12346] uid=[0] var1=[var1] var2=[]
pid=[12345] uid=[1] var1=[var1] var2=[var2]

++ sometimes running scripts in debug mode (bash -x) helps too ;-)

Answer 4

Thank you altblue, I really appreciate your help. But no, that is not what I want. Of cource this is only a sample code, the real script is much longer and the part after the if-clause should only be executed once, after re-calling the script with 'sudo $0'.

But I see the point with sudo now, it really works with 'sudo -E $0', since var2 is exported then. The strange thing is, that this worked on my old system without the -E switch or modifying the sudoers file. Anyway, I'm happy now.

Thank you guys. Chris