sudo -E does not pass PYTHONPATH

Question

I am trying to add a python path value to a different environment, as some script I run with another user needs it to be set.

Now, the weird thing is that when I run sudo -E, variables that I have in my env do pass on to the user I'm sudoing to- except that PYTHONPATH doesn't.

Running:

TESTVAR=testValue sudo -E bash -c 'echo $TESTVAR'

will print "testValue", but:

PYTHONPATH=testValue sudo -E bash -c 'echo $PYTHONPATH'

Won't print anything.

I'm trying to understand if there is anything special about specific variables, that sudo acts different with when passing them to a different environment.

Help will be much appreciated, Thanks.

Answer 1

Because PYTHONPATH is in the sudo's Default table of "bad" variables to remove from the environment (if not kept explicitly with env_keep).

From plugins/sudoers/env.c file of sudo source code:

/*
 * Default table of "bad" variables to remove from the environment.
 * XXX - how to omit TERMCAP if it starts with '/'?
 */
static const char *initial_badenv_table[] = {
    "IFS",
    .
    . (Truncated)
    .
    "PYTHONHOME",               /* python, module search path */
    "PYTHONPATH",               /* python, search path */
    "PYTHONINSPECT",            /* python, allow inspection */
    "PYTHONUSERBASE",           /* python, per user site-packages directory */
    "RUBYLIB",                  /* ruby, library load path */
    "RUBYOPT",                  /* ruby, extra command line options */
    NULL
};

As you can see PYTHONPATH is right in there.

The compiled binary file that implements this on runtime is /usr/lib/sudo/sudoers.so.