Re: Too much log for sudo.
Hi,
On Thu, Oct 12, 2023 at 05:20:58PM +0200, Erwan David wrote:
> I use a script to run borg backup. For it to be able to backup files that
> only root may read, i use sudo --preserv-env=BORG_REPO,BORG_PASSPHRASE.
>
> However I see that in the logs the VALUE of the env variable is loggued. How
> to change this ?
I don't think there is a way to stop that happening. If sudo will
log, it logs the names and values of any environment you specify on
its command line.
Your options as far as I am aware:
- Preserve your entire environment with sudo --preserve-env (no
specific variables). It won't log the entire environment.
- Add an entry to sudoers that says to not log this particular
command. There'll be no logging at all.
- Run the job as root to begin with.
- Make your script source another shell file that contains
BORG_PASSPHRASE=whatever
and have that file with appropriate restricted permissions.
Thanks,
Andy
Reply to: