How can I preserve an environment variable across su -?

I found su has an option for preserving the environment: 

-m, -p, --preserve-environment
           Preserve the current environment, except for:
...

This way, the target user's shell init files are executed, just as they would be for a login shell, but any LC_xxx variables can be tested and not initialized if they contain a valid value already.

EDIT: Just a note, I was able to apply this system-wide by adding a script in /etc/profile.d/ssh_lc_vars.sh which worked with the exported LC_xxx variables. I also had to do some extra work with the un-initialized environment variables which do not get handled with su -ml userxxx. Below is more of an example as I am not able to include the entire script. If someone can improve on it, all the better.

...
# clean up client-side variable for junk
lc_sanitize()
{
   arg="$1"
   # first, strip underscores
   clean="${arg//_/}"

   # next, replace spaces with underscores
   clean="${clean// /_}"

   # now, clean out anything that's not alphanumeric, underscore, hypen or dot
   ret="${clean//[^a-zA-Z0-9_\.-]/}"

   # return santized value to caller
   echo "$ret"
}

# LC_MY_LANG comes from an ssh client environment. If empty,
# this isn't a remote ssh user, but set it locally so this user
# can connect elsewhere where this script runs
if [ -z "$LC_MY_LANG" ]; then
   # force an LC_xxx setting for the environment
    LC_MY_LANG="en-US.utf-8"
else
    # otherwise, use the LC_xxxx variable from the ssh environment
    # 2017-01-30 - when using "su --preserve-environment  userxxx --login" be sure to fixup needed variables
    # shorthand: su -ml user111
    export USER=`whoami`
    export LOGNAME=${USER}
    export HOME=$( getent passwd "$USER" | cut -d: -f6 )
    cd ${HOME}

    # sanitize variable which was set client-side and log it
    u_sanitized=$(lc_sanitize "$LC_MY_LANG")
    echo "Notice: LC_MY_LANG sanitized to $u_sanitized from $SSH_CLIENT as user $USER" | logger -p auth.info
fi

# mark variable read-only so user cannot change it then export it
readonly LC_MY_LANG
# set terminal to LC_MY_LANG
export LC_LANG=${LC_MY_LANG}
export LC_MY_LANG
...

Skip the - parameter of su.

   -, -l, --login
       Provide an environment similar to what the user would expect had
       the user logged in directly.

Tags:

Shell

Environment Variables

Su

Recent Posts