isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add simple runchroot and runcwd examples.

Browse Source 
Also document the limitation of command-based Defaults settings.
This commit is contained in:
Todd C. Miller
2020-09-09 21:16:38 -06:00
parent c200e71637
commit 5ca6056a32
2 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
doc/sudoers.man.in
View File

@@ -25,7 +25,7 @@
.nr BA @BAMAN@ .nr BA @BAMAN@
.nr LC @LCMAN@ .nr LC @LCMAN@
.nr PS @PSMAN@ .nr PS @PSMAN@
.TH "SUDOERS" "@mansectform@" "September 1, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS" "@mansectform@" "September 9, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -1556,7 +1556,7 @@ indicates that the user may specify the root directory by running
\fBsudo\fR \fBsudo\fR
with the with the
\fB\-R\fR \fB\-R\fR
option . option.
This setting can be used to run the command in a This setting can be used to run the command in a
chroot(2) chroot(2)
\(lqsandbox\(rq \(lqsandbox\(rq
@@ -4481,6 +4481,16 @@ See the
\fIChroot_Spec\fR \fIChroot_Spec\fR
section for more details. section for more details.
.sp .sp
It is only possible to use
\fIrunchroot\fR
as a command-specific Defaults setting if the command exists with
the same path both inside and outside the chroot jail.
This restriction does not apply to generic, host or user-based
Defaults settings or to a
\fICmnd_Spec\fR
that includes a
\fIChroot_Spec\fR.
.sp
This setting is only supported by version 1.9.3 or higher. This setting is only supported by version 1.9.3 or higher.
.TP 14n .TP 14n
runcwd runcwd
@@ -5524,12 +5534,19 @@ to log via
syslog(3) syslog(3)
using the using the
\fIauth\fR \fIauth\fR
facility in all cases. facility in all cases and for commands to be run with
the target user's home directory as the working directory.
We don't want to subject the full time staff to the We don't want to subject the full time staff to the
\fBsudo\fR \fBsudo\fR
lecture, user lecture and we want to allow them to run commands in a
chroot(2)
\(lqsandbox\(rq
via the
\fB\-R\fR
option.
User
\fBmillert\fR \fBmillert\fR
need not give a password, and we don't want to reset the need not provide a password and we don't want to reset the
\fRLOGNAME\fR \fRLOGNAME\fR
or or
\fRUSER\fR \fRUSER\fR
@@ -5554,9 +5571,9 @@ privileges.
.sp .sp
.RS 0n .RS 0n
# Override built-in defaults # Override built-in defaults
Defaults syslog=auth Defaults syslog=auth,runcwd=~
Defaults>root !set_logname Defaults>root !set_logname
Defaults:FULLTIMERS !lecture Defaults:FULLTIMERS !lecture,runchroot=*
Defaults:millert !authenticate Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log Defaults@SERVERS log_year, logfile=/var/log/sudo.log
Defaults!PAGERS noexec Defaults!PAGERS noexec

31
doc/sudoers.mdoc.in
View File

@@ -24,7 +24,7 @@
.nr BA @BAMAN@ .nr BA @BAMAN@
.nr LC @LCMAN@ .nr LC @LCMAN@
.nr PS @PSMAN@ .nr PS @PSMAN@
.Dd September 1, 2020 .Dd September 9, 2020
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -1476,7 +1476,7 @@ indicates that the user may specify the root directory by running
.Nm sudo .Nm sudo
with the with the
.Fl R .Fl R
option . option.
This setting can be used to run the command in a This setting can be used to run the command in a
.Xr chroot 2 .Xr chroot 2
.Dq sandbox .Dq sandbox
@@ -4192,6 +4192,16 @@ See the
.Sx Chroot_Spec .Sx Chroot_Spec
section for more details. section for more details.
.Pp .Pp
It is only possible to use
.Em runchroot
as a command-specific Defaults setting if the command exists with
the same path both inside and outside the chroot jail.
This restriction does not apply to generic, host or user-based
Defaults settings or to a
.Em Cmnd_Spec
that includes a
.Em Chroot_Spec .
.Pp
This setting is only supported by version 1.9.3 or higher. This setting is only supported by version 1.9.3 or higher.
.It runcwd .It runcwd
If set, If set,
@@ -5132,12 +5142,19 @@ to log via
.Xr syslog 3 .Xr syslog 3
using the using the
.Em auth .Em auth
facility in all cases. facility in all cases and for commands to be run with
the target user's home directory as the working directory.
We don't want to subject the full time staff to the We don't want to subject the full time staff to the
.Nm sudo .Nm sudo
lecture, user lecture and we want to allow them to run commands in a
.Xr chroot 2
.Dq sandbox
via the
.Fl R
option.
User
.Sy millert .Sy millert
need not give a password, and we don't want to reset the need not provide a password and we don't want to reset the
.Ev LOGNAME .Ev LOGNAME
or or
.Ev USER .Ev USER
@@ -5161,9 +5178,9 @@ Note that this will not effectively constrain users with
privileges. privileges.
.Bd -literal .Bd -literal
# Override built-in defaults # Override built-in defaults
Defaults syslog=auth Defaults syslog=auth,runcwd=~
Defaults>root !set_logname Defaults>root !set_logname
Defaults:FULLTIMERS !lecture Defaults:FULLTIMERS !lecture,runchroot=*
Defaults:millert !authenticate Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log Defaults@SERVERS log_year, logfile=/var/log/sudo.log
Defaults!PAGERS noexec Defaults!PAGERS noexec