The become command

The become command allows you to sudo to another user while retaining your personalised environment. It tells sudo to run bash with a startup file which reads your regular shell initialisation by passing commands on sudo's stdin and opening, then immediately deleting, private temporary files so that other users cannot eavesdrop. If the target user is root or if you use the -x flag, become can pass the display and an xauth cookie to the other user's shell. If the target user is root or if you use the -k flag, it can delegate your Kerberos credentials, and sets PRINCIPAL to your Kerberos principal name.

The target user's environment has PROFILE_HOME set to your home directory so the shell can find your startup scripts. It is assumed that sudo will automatically set SUDO_USER to your account name in the target user's environment.

Per-user startup

If the file ~/.become/user exists (in YOUR home directory) it will be appended to the startup script when you become user. If the file ~/.become/all exists it will be also be parsed (before the per-user script).


The become command has been tested on various releases of Linux, OS X and Solaris. It works only with bash and probably only if you use a variation of my whole profile.

Security considerations

The target user must be able to chdir to your home directory (ie it must be executable), read your .profile.d (it must be readable and executable) and run your opt/bin/became script.

Your .become directory does not need to be accessible to the target user.

Think carefully about passing xauth cookies and Kerberos credentials to accounts which other users can access, as anyone who can access the account can then access these credentials. If you become root they are passed through without requiring the -x and -k flags. Anyone who can be root can steal your files already.