Sudo command bypassing proxy settings in environment

I’ve been struggling with some developers recently who keep claiming a firewall issue was occurring when they were trying to reach out to the internet. Like most corporate environments everything is required to proxy out to the internet.. They kept sending me screen shot after screen shot of them trying to wget a repo out on the web but it was attempting to wget directly out to the internet… Now when I login with root I would just wget sitename/*.repo and it would pull everything down fine through the proxy.. I logged into their user account and did the same thing without issues… Again I was perplexed how they were messing this up as the environmental variables are exported automatically through a bash script thrown in /etc/profile.d/..

 

Heres what I saw when they were doing it on there end:

 

[some.user@lxfoobar~]$ sudo wget https://pkg.jenkins-ci.org/redhat/jenkins.repo -O /etc/yum.repos.d/jenkins.repo
[sudo] password for some.user: 
--2018-06-27 08:37:42--  https://pkg.jenkins-ci.org/redhat/jenkins.repo
Resolving pkg.jenkins-ci.org (pkg.jenkins-ci.org)... 52.202.51.185
Connecting to pkg.jenkins-ci.org (pkg.jenkins-ci.org)|52.202.51.185|:443... 
Connection timed out.

 

When I would login with their account this is what I saw:

[some.user@lxfoobar ~]$ wget http://pkg.jenkins-ci.org/redhat/jenkins.repo
--2018-06-27 07:04:43--  http://pkg.jenkins-ci.org/redhat/jenkins.repo
Resolving some.proxy.int.foobar (some.proxy.int.foobar)... 11.100.1.2
Connecting to some.proxy.int.foobar (asome.proxy.int.foobar)|11.100.1.2|:80... connected.
Proxy request sent, awaiting response... 200 OK
Length: 71
Saving to: ‘jenkins.repo’

100%[=========================================================================================================================================================================>] 71          --.-K/s   in 0s      

2018-06-27 07:04:50 (5.42 MB/s) - ‘jenkins.repo’ saved [71/71]

You can see from the above this certainly is not a system problem right? Using wget goes out through the proxies as expected and grabs the file I want without issues. Then I noticed they were using sudo literally in front of every command they were putting in  and it occurred to me that this is bypassing my environmental variables I set through my proxy script in /etc/profile.d/.. SO here is how you fix it:

[root@lxfoobar ~]# visudo

Look for this section

Defaults    always_set_home

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

Add a line underneath the last line in this section that looks like this

Defaults    env_keep += "ftp_proxy http_proxy https_proxy no_proxy"

So the section should look like this now:

# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults    always_set_home

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults    env_keep += "ftp_proxy http_proxy https_proxy no_proxy"

 

Write and quit the file and everything will be fixed provided your env variables are set correctly.