isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Substitute the value of EDITOR into the sudoers and visudo manuals.

Browse Source
This commit is contained in:
Todd C. Miller
2010-07-14 09:33:53 -04:00
parent fde091cc00
commit 26ca852a98
9 changed files with 169 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
aclocal.m4 vendored
View File

@@ -35,25 +35,19 @@ fi
])dnl
dnl
dnl check for vi
dnl check for vi in well-known locations
dnl
AC_DEFUN(SUDO_PROG_VI, [AC_MSG_CHECKING(for vi)
if test -f "/usr/bin/vi"; then
AC_MSG_RESULT(/usr/bin/vi)
SUDO_DEFINE(_PATH_VI, "/usr/bin/vi")
elif test -f "/usr/ucb/vi"; then
AC_MSG_RESULT(/usr/ucb/vi)
SUDO_DEFINE(_PATH_VI, "/usr/ucb/vi")
elif test -f "/usr/bsd/vi"; then
AC_MSG_RESULT(/usr/bsd/vi)
SUDO_DEFINE(_PATH_VI, "/usr/bsd/vi")
elif test -f "/bin/vi"; then
AC_MSG_RESULT(/bin/vi)
SUDO_DEFINE(_PATH_VI, "/bin/vi")
elif test -f "/usr/local/bin/vi"; then
AC_MSG_RESULT(/usr/local/bin/vi)
SUDO_DEFINE(_PATH_VI, "/usr/local/bin/vi")
else
AC_DEFUN(SUDO_PROG_VI, [AC_MSG_CHECKING([for vi])
found=no
for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do
if test -f "$editor"; then
found=yes
AC_MSG_RESULT([$editor])
SUDO_DEFINE_UNQUOTED(_PATH_VI, "$editor")
break
fi
done
if test X"$found" != X"no"; then
AC_MSG_RESULT(not found)
fi
])dnl

93
configure vendored
View File

@@ -785,6 +785,7 @@ OBJEXT
EXEEXT
ac_ct_CC
CC
editor
secure_path
netsvc_conf
nsswitch_conf
@@ -2780,6 +2781,7 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
#
@@ -2807,6 +2809,7 @@ badpass_message="Sorry, try again."
fqdn=off
runas_default=root
env_editor=off
editor=vi
passwd_tries=3
tty_tickets=off
insults=off
@@ -4682,6 +4685,7 @@ _ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_editor" >&5
$as_echo "$with_editor" >&6; }
editor="$with_editor"
;;
esac
else
@@ -5082,10 +5086,9 @@ if test "${with_askpass+set}" = set; then :
yes) as_fn_error "\"--with-askpass takes a path as an argument.\"" "$LINENO" 5
;;
no) ;;
*)
cat >>confdefs.h <<_ACEOF
*) cat >>confdefs.h <<EOF
#define _PATH_SUDO_ASKPASS "$with_askpass"
_ACEOF
EOF
;;
esac
@@ -6934,13 +6937,13 @@ if test "${lt_cv_nm_interface+set}" = set; then :
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
(eval echo "\"\$as_me:6937: $ac_compile\"" >&5)
(eval echo "\"\$as_me:6940: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
(eval echo "\"\$as_me:6940: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval echo "\"\$as_me:6943: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
(eval echo "\"\$as_me:6943: output\"" >&5)
(eval echo "\"\$as_me:6946: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
@@ -8145,7 +8148,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
echo '#line 8148 "configure"' > conftest.$ac_ext
echo '#line 8151 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -9406,11 +9409,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:9409: $lt_compile\"" >&5)
(eval echo "\"\$as_me:9412: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:9413: \$? = $ac_status" >&5
echo "$as_me:9416: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -9745,11 +9748,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:9748: $lt_compile\"" >&5)
(eval echo "\"\$as_me:9751: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:9752: \$? = $ac_status" >&5
echo "$as_me:9755: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -9850,11 +9853,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:9853: $lt_compile\"" >&5)
(eval echo "\"\$as_me:9856: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:9857: \$? = $ac_status" >&5
echo "$as_me:9860: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -9905,11 +9908,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:9908: $lt_compile\"" >&5)
(eval echo "\"\$as_me:9911: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:9912: \$? = $ac_status" >&5
echo "$as_me:9915: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -12272,7 +12275,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
#line 12275 "configure"
#line 12278 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -12368,7 +12371,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
#line 12371 "configure"
#line 12374 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -13792,42 +13795,20 @@ fi
if test -z "$with_editor"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for vi" >&5
$as_echo_n "checking for vi... " >&6; }
if test -f "/usr/bin/vi"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/bin/vi" >&5
$as_echo "/usr/bin/vi" >&6; }
cat >>confdefs.h <<\EOF
#define _PATH_VI "/usr/bin/vi"
found=no
for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do
if test -f "$editor"; then
found=yes
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $editor" >&5
$as_echo "$editor" >&6; }
cat >>confdefs.h <<EOF
#define _PATH_VI "$editor"
EOF
elif test -f "/usr/ucb/vi"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/ucb/vi" >&5
$as_echo "/usr/ucb/vi" >&6; }
cat >>confdefs.h <<\EOF
#define _PATH_VI "/usr/ucb/vi"
EOF
elif test -f "/usr/bsd/vi"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/bsd/vi" >&5
$as_echo "/usr/bsd/vi" >&6; }
cat >>confdefs.h <<\EOF
#define _PATH_VI "/usr/bsd/vi"
EOF
elif test -f "/bin/vi"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /bin/vi" >&5
$as_echo "/bin/vi" >&6; }
cat >>confdefs.h <<\EOF
#define _PATH_VI "/bin/vi"
EOF
elif test -f "/usr/local/bin/vi"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/local/bin/vi" >&5
$as_echo "/usr/local/bin/vi" >&6; }
cat >>confdefs.h <<\EOF
#define _PATH_VI "/usr/local/bin/vi"
EOF
else
break
fi
done
if test X"$found" != X"no"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
$as_echo "not found" >&6; }
fi
@@ -18234,18 +18215,16 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
INSTALL_NOEXEC="install-noexec"
eval noexec_file="$with_noexec"
cat >>confdefs.h <<_ACEOF
cat >>confdefs.h <<EOF
#define _PATH_SUDO_NOEXEC "$noexec_file"
_ACEOF
EOF
fi
if test X"$with_selinux" != X"no"; then
eval sesh_file="$libexecdir/sesh"
cat >>confdefs.h <<_ACEOF
cat >>confdefs.h <<EOF
#define _PATH_SUDO_SESH "$sesh_file"
_ACEOF
EOF
fi
eval PLUGINDIR="$with_plugindir"

9
configure.in
View File

@@ -96,6 +96,7 @@ AC_SUBST([ldap_secret])
AC_SUBST([nsswitch_conf])
AC_SUBST([netsvc_conf])
AC_SUBST([secure_path])
AC_SUBST([editor])
#
# Begin initial values for man page substitution
#
@@ -121,6 +122,7 @@ badpass_message="Sorry, try again."
fqdn=off
runas_default=root
env_editor=off
editor=vi
passwd_tries=3
tty_tickets=off
insults=off
@@ -847,6 +849,7 @@ AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for vi
;;
*) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
AC_MSG_RESULT([$with_editor])
editor="$with_editor"
;;
esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
@@ -1088,7 +1091,7 @@ AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pat
yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
;;
no) ;;
*) AC_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
*) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
;;
esac], AC_MSG_RESULT(no))
@@ -2741,11 +2744,11 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
INSTALL_NOEXEC="install-noexec"
eval noexec_file="$with_noexec"
AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi
if test X"$with_selinux" != X"no"; then
eval sesh_file="$libexecdir/sesh"
AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
fi
eval PLUGINDIR="$with_plugindir"
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")

144
doc/sudoers.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.8.0b1 July 2, 2010 1
1.8.0b1 July 14, 2010 1
@@ -127,7 +127,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
1.8.0b1 July 2, 2010 2
1.8.0b1 July 14, 2010 2
@@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 3
1.8.0b1 July 14, 2010 3
@@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 4
1.8.0b1 July 14, 2010 4
@@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 5
1.8.0b1 July 14, 2010 5
@@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 6
1.8.0b1 July 14, 2010 6
@@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 7
1.8.0b1 July 14, 2010 7
@@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 8
1.8.0b1 July 14, 2010 8
@@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 9
1.8.0b1 July 14, 2010 9
@@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 10
1.8.0b1 July 14, 2010 10
@@ -721,7 +721,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
1.8.0b1 July 2, 2010 11
1.8.0b1 July 14, 2010 11
@@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 12
1.8.0b1 July 14, 2010 12
@@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 13
1.8.0b1 July 14, 2010 13
@@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 14
1.8.0b1 July 14, 2010 14
@@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 15
1.8.0b1 July 14, 2010 15
@@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 16
1.8.0b1 July 14, 2010 16
@@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 17
1.8.0b1 July 14, 2010 17
@@ -1154,8 +1154,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
used with vviissuuddoo. vviissuuddoo will choose the editor that
matches the user's EDITOR environment variable if
possible, or the first editor in the list that exists
and is executable. The default is the path to vi on
your system.
and is executable. The default is "vi".
mailsub Subject of the mail sent to the _m_a_i_l_t_o user. The escape
%h will expand to the host name of the machine.
@@ -1180,10 +1179,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
%h expanded to the local host name without the domain
name
%p expanded to the user whose password is being asked
1.8.0b1 July 2, 2010 18
1.8.0b1 July 14, 2010 18
@@ -1192,7 +1192,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
%p expanded to the user whose password is being asked
for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w
flags in _s_u_d_o_e_r_s)
@@ -1246,10 +1245,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
terminal is available. This may be the case when ssuuddoo is
executed from a graphical (as opposed to text-based)
application. The program specified by _a_s_k_p_a_s_s should
display the argument passed to it as the prompt and write
1.8.0b1 July 2, 2010 19
1.8.0b1 July 14, 2010 19
@@ -1258,7 +1258,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
display the argument passed to it as the prompt and write
the user's password to the standard output. The value of
_a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment
variable.
@@ -1312,10 +1311,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
will be used in place of the standard lecture if the named
file exists. By default, ssuuddoo uses a built-in lecture.
listpw This option controls when a password will be required when
1.8.0b1 July 2, 2010 20
1.8.0b1 July 14, 2010 20
@@ -1324,7 +1324,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
listpw This option controls when a password will be required when
a user runs ssuuddoo with the --ll option. It has the following
possible values:
@@ -1381,7 +1380,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 21
1.8.0b1 July 14, 2010 21
@@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 22
1.8.0b1 July 14, 2010 22
@@ -1484,7 +1484,13 @@ FFIILLEESS
EEXXAAMMPPLLEESS
Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit
contrived. First, we define our _a_l_i_a_s_e_s:
contrived. First, we allow a few environment variables to pass and
then define our _a_l_i_a_s_e_s:
# Run X applications through sudo; HOME is used to find .Xauthority file
# Note that some programs may use HOME for other purposes too and
# this may lead to privilege escalation!
Defaults env_keep = "DISPLAY HOME"
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
@@ -1504,16 +1510,10 @@ EEXXAAMMPPLLEESS
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
1.8.0b1 July 2, 2010 23
1.8.0b1 July 14, 2010 23
@@ -1522,6 +1522,12 @@ EEXXAAMMPPLLEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
@@ -1571,15 +1577,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
any host but they must authenticate themselves first (since the entry
lacks the NOPASSWD tag).
jack CSNETS = ALL
The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias
(the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of
those networks, only 128.138.204.0 has an explicit netmask (in CIDR
1.8.0b1 July 2, 2010 24
1.8.0b1 July 14, 2010 24
@@ -1588,6 +1588,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
jack CSNETS = ALL
The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias
(the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of
those networks, only 128.138.204.0 has an explicit netmask (in CIDR
notation) indicating it is a class C network. For the other networks
in _C_S_N_E_T_S, the local machine's netmask will be used during matching.
@@ -1637,15 +1642,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
fred ALL = (DB) NOPASSWD: ALL
The user ffrreedd can run commands as any user in the _D_B Runas_Alias
(oorraaccllee or ssyybbaassee) without giving a password.
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
1.8.0b1 July 2, 2010 25
1.8.0b1 July 14, 2010 25
@@ -1654,6 +1654,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The user ffrreedd can run commands as any user in the _D_B Runas_Alias
(oorraaccllee or ssyybbaassee) without giving a password.
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is
not allowed to specify any options to the _s_u(1) command.
@@ -1703,15 +1708,10 @@ SSEECCUURRIITTYY NNOOTTEESS
Doesn't really prevent bbiillll from running the commands listed in _S_U or
_S_H_E_L_L_S since he can simply copy those commands to a different name, or
use a shell escape from an editor or other program. Therefore, these
kind of restrictions should be considered advisory at best (and
reinforced by policy).
Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to
reliably negate commands where the path name includes globbing (aka
1.8.0b1 July 2, 2010 26
1.8.0b1 July 14, 2010 26
@@ -1720,6 +1720,11 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
kind of restrictions should be considered advisory at best (and
reinforced by policy).
Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to
reliably negate commands where the path name includes globbing (aka
wildcard) characters. This is because the C library's _f_n_m_a_t_c_h(3)
function cannot resolve relative paths. While this is typically only
an inconvenience for rules that grant privileges, it can result in a
@@ -1769,15 +1774,10 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
File containing dummy exec functions:
then ssuuddoo may be able to replace the exec family of functions
in the standard library with its own that simply return an
error. Unfortunately, there is no foolproof way to know
whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c
should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
1.8.0b1 July 2, 2010 27
1.8.0b1 July 14, 2010 27
@@ -1786,6 +1786,11 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
then ssuuddoo may be able to replace the exec family of functions
in the standard library with its own that simply return an
error. Unfortunately, there is no foolproof way to know
whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c
should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and
UnixWare. _n_o_e_x_e_c is expected to work on most operating
systems that support the LD_PRELOAD environment variable.
@@ -1835,15 +1840,10 @@ SSEECCUURRIITTYY NNOOTTEESS
On systems where the boot time is available, _s_u_d_o_e_r_s will ignore time
stamps that date from before the machine booted.
Since time stamp files live in the file system, they can outlive a
user's login session. As a result, a user may be able to login, run a
command with ssuuddoo after authenticating, logout, login again, and run
ssuuddoo without authenticating so long as the time stamp file's
modification time is within 5 minutes (or whatever the timeout is set
1.8.0b1 July 2, 2010 28
1.8.0b1 July 14, 2010 28
@@ -1852,6 +1852,11 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Since time stamp files live in the file system, they can outlive a
user's login session. As a result, a user may be able to login, run a
command with ssuuddoo after authenticating, logout, login again, and run
ssuuddoo without authenticating so long as the time stamp file's
modification time is within 5 minutes (or whatever the timeout is set
to in _s_u_d_o_e_r_s). When the _t_t_y___t_i_c_k_e_t_s option is enabled, the time stamp
has per-tty granularity but still may outlive the user's session. On
Linux systems where the devpts filesystem is used, Solaris systems with
@@ -1904,11 +1909,6 @@ DDIISSCCLLAAIIMMEERR
1.8.0b1 July 2, 2010 29
1.8.0b1 July 14, 2010 29

13
doc/sudoers.man.in
View File

@@ -148,7 +148,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "July 2, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.TH SUDOERS @mansectform@ "July 14, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -1188,8 +1188,7 @@ The default is \f(CW\*(C`@badpass_message@\*(C'\fR unless insults are enabled.
A colon (':') separated list of editors allowed to be used with
\&\fBvisudo\fR. \fBvisudo\fR will choose the editor that matches the user's
\&\s-1EDITOR\s0 environment variable if possible, or the first editor in the
list that exists and is executable. The default is the path to vi
on your system.
list that exists and is executable. The default is \f(CW"@editor@"\fR.
.IP "mailsub" 16
.IX Item "mailsub"
Subject of the mail sent to the \fImailto\fR user. The escape \f(CW%h\fR
@@ -1512,9 +1511,15 @@ Initial environment for \fB\-i\fR mode on Linux and \s-1AIX\s0
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Below are example \fIsudoers\fR entries. Admittedly, some of
these are a bit contrived. First, we define our \fIaliases\fR:
these are a bit contrived. First, we allow a few environment
variables to pass and then define our \fIaliases\fR:
.PP
.Vb 4
\& # Run X applications through sudo; HOME is used to find .Xauthority file
\& # Note that some programs may use HOME for other purposes too and
\& # this may lead to privilege escalation!
\& Defaults env_keep = "DISPLAY HOME"
\&
\& # User alias specification
\& User_Alias FULLTIMERS = millert, mikef, dowdy
\& User_Alias PARTTIMERS = bostley, jwfox, crawl

11
doc/sudoers.pod
View File

@@ -1107,8 +1107,7 @@ The default is C<@badpass_message@> unless insults are enabled.
A colon (':') separated list of editors allowed to be used with
B<visudo>. B<visudo> will choose the editor that matches the user's
EDITOR environment variable if possible, or the first editor in the
list that exists and is executable. The default is the path to vi
on your system.
list that exists and is executable. The default is C<"@editor@">.
=item mailsub
@@ -1483,7 +1482,13 @@ Initial environment for B<-i> mode on Linux and AIX
=head1 EXAMPLES
Below are example I<sudoers> entries. Admittedly, some of
these are a bit contrived. First, we define our I<aliases>:
these are a bit contrived. First, we allow a few environment
variables to pass and then define our I<aliases>:
# Run X applications through sudo; HOME is used to find .Xauthority file
# Note that some programs may use HOME for other purposes too and
# this may lead to privilege escalation!
Defaults env_keep = "DISPLAY HOME"
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy

34
doc/visudo.cat
View File

@@ -17,17 +17,16 @@ DDEESSCCRRIIPPTTIIOONN
_s_u_d_o_e_r_s file is currently being edited you will receive a message to
try again later.
There is a hard-coded list of editors that vviissuuddoo will use set at
compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s Default
variable. This list defaults to the path to _v_i(1) on your system, as
determined by the _c_o_n_f_i_g_u_r_e script. Normally, vviissuuddoo does not honor
the VISUAL or EDITOR environment variables unless they contain an
editor in the aforementioned editors list. However, if vviissuuddoo is
configured with the _-_-_w_i_t_h_-_e_n_v_e_d_i_t_o_r option or the _e_n_v___e_d_i_t_o_r Default
variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by
VISUAL or EDITOR. Note that this can be a security hole since it
allows the user to execute any program they wish simply by setting
VISUAL or EDITOR.
There is a hard-coded list of one or more editors that vviissuuddoo will use
set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s
Default variable. This list defaults to "vi". Normally, vviissuuddoo does
not honor the VISUAL or EDITOR environment variables unless they
contain an editor in the aforementioned editors list. However, if
vviissuuddoo is configured with the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option or the
_e_n_v___e_d_i_t_o_r Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the
editor defines by VISUAL or EDITOR. Note that this can be a security
hole since it allows the user to execute any program they wish simply
by setting VISUAL or EDITOR.
vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the
changes if there is a syntax error. Upon finding an error, vviissuuddoo will
@@ -58,10 +57,11 @@ OOPPTTIIOONNSS
appended to it.
-q Enable qquuiieett mode. In this mode details about syntax
errors are not printed. This option is only useful when
1.8.0b1 June 11, 2010 1
1.8.0b1 July 14, 2010 1
@@ -70,7 +70,6 @@ OOPPTTIIOONNSS
VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
errors are not printed. This option is only useful when
combined with the --cc option.
-s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an alias is
@@ -124,10 +123,11 @@ SSEEEE AALLSSOO
AAUUTTHHOORR
Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo
was written by:
1.8.0b1 June 11, 2010 2
1.8.0b1 July 14, 2010 2
@@ -136,8 +136,6 @@ AAUUTTHHOORR
VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
was written by:
Todd Miller
See the HISTORY file in the sudo distribution or visit
@@ -193,6 +191,8 @@ DDIISSCCLLAAIIMMEERR
1.8.0b1 June 11, 2010 3
1.8.0b1 July 14, 2010 3

11
doc/visudo.man.in
View File

@@ -144,7 +144,7 @@
.\" ========================================================================
.\"
.IX Title "VISUDO @mansectsu@"
.TH VISUDO @mansectsu@ "June 11, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.TH VISUDO @mansectsu@ "July 14, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,13 +162,12 @@ simultaneous edits, provides basic sanity checks, and checks
for parse errors. If the \fIsudoers\fR file is currently being
edited you will receive a message to try again later.
.PP
There is a hard-coded list of editors that \fBvisudo\fR will use set
at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR
\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on
your system, as determined by the \fIconfigure\fR script. Normally,
There is a hard-coded list of one or more editors that \fBvisudo\fR will
use set at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR
\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to \f(CW"@editor@"\fR. Normally,
\&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment
variables unless they contain an editor in the aforementioned editors
list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR
list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-env\-editor\fR
option or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR,
\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.
Note that this can be a security hole since it allows the user to

9
doc/visudo.pod
View File

@@ -36,13 +36,12 @@ simultaneous edits, provides basic sanity checks, and checks
for parse errors. If the I<sudoers> file is currently being
edited you will receive a message to try again later.
There is a hard-coded list of editors that B<visudo> will use set
at compile-time that may be overridden via the I<editor> I<sudoers>
C<Default> variable. This list defaults to the path to L<vi(1)> on
your system, as determined by the I<configure> script. Normally,
There is a hard-coded list of one or more editors that B<visudo> will
use set at compile-time that may be overridden via the I<editor> I<sudoers>
C<Default> variable. This list defaults to C<"@editor@">. Normally,
B<visudo> does not honor the C<VISUAL> or C<EDITOR> environment
variables unless they contain an editor in the aforementioned editors
list. However, if B<visudo> is configured with the I<--with-enveditor>
list. However, if B<visudo> is configured with the I<--with-env-editor>
option or the I<env_editor> C<Default> variable is set in I<sudoers>,
B<visudo> will use any the editor defines by C<VISUAL> or C<EDITOR>.
Note that this can be a security hole since it allows the user to