Runing a command without inheriting parent's environment

Here's an answer that doesn't require sudo privileges or the user's password, but still provides an environment like what you'd get on a fresh login.

env -i HOME="$HOME" bash -l -c 'your_command'

Example:

$ export ABC=123
$ env -i HOME="$HOME" bash -l -c 'env' | grep ABC
$ env HOME="$HOME" bash -l -c 'env' | grep ABC
ABC=123

Breaking this down for explanation:

  1. env -i HOME="$HOME": Clears the environment. The -i sets up an empty environment with no variables whatsoever. This is problematic because it means that if you try to naively run bash -l it won't load your .bash_profile etc. because HOME isn't set. To mitigate this, we explicitly pass HOME="$HOME", creating an environment where HOME (and only HOME) is set.

  2. bash -l -c ...: Runs the desired command in a login shell. You'll want a login shell for this because we're starting from a clean environment and need to reload everything.

Notably:

  • This doesn't require sudo privileges (the sudo version does).
  • This doesn't require typing the user's password (the su version does).
  • This doesn't require running an SSH server and having a passwordless key that can be used to log back in to the machine (the ssh version does).

su -l $USER

sudo -u $USER -i

For something even more aggressive try env -i bash, but that unsets everything including $HOME and $TERM.