isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

regen

Browse Source
This commit is contained in:
Todd C. Miller
2004-06-10 20:54:25 +00:00
parent 18dae902b2
commit 5f7943db50
2 changed files with 134 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

166
sudo.cat
View File

@@ -21,11 +21,14 @@ DDEESSCCRRIIPPTTIIOONN
superuser or another user, as specified in the _s_u_d_o_e_r_s superuser or another user, as specified in the _s_u_d_o_e_r_s
file. The real and effective uid and gid are set to match file. The real and effective uid and gid are set to match
those of the target user as specified in the passwd file those of the target user as specified in the passwd file
(the group vector is also initialized when the target user and the group vector is initialized based on the group
is not root). By default, ssuuddoo requires that users file (unless the --PP option was specified). If the invok<6F>
authenticate themselves with a password (NOTE: by default ing user is root or if the target user is the same as the
this is the user's password, not the root password). Once invoking user, no password is required. Otherwise, ssuuddoo
a user has been authenticated, a timestamp is updated and requires that users authenticate themselves with a pass<73>
word by default (NOTE: in the default configuration this
is the user's password, not the root password). Once a
user has been authenticated, a timestamp is updated and
the user may then use sudo without a password for a short the user may then use sudo without a password for a short
period of time (5 minutes unless overridden in _s_u_d_o_e_r_s). period of time (5 minutes unless overridden in _s_u_d_o_e_r_s).
@@ -41,7 +44,7 @@ DDEESSCCRRIIPPTTIIOONN
If a user who is not listed in the _s_u_d_o_e_r_s file tries to If a user who is not listed in the _s_u_d_o_e_r_s file tries to
run a command via ssuuddoo, mail is sent to the proper author<6F> run a command via ssuuddoo, mail is sent to the proper author<6F>
ities, as defined at configure time or the _s_u_d_o_e_r_s file ities, as defined at configure time or in the _s_u_d_o_e_r_s file
(defaults to root). Note that the mail will not be sent (defaults to root). Note that the mail will not be sent
if an unauthorized user tries to run sudo with the --ll or if an unauthorized user tries to run sudo with the --ll or
--vv flags. This allows users to determine for themselves --vv flags. This allows users to determine for themselves
@@ -56,12 +59,9 @@ DDEESSCCRRIIPPTTIIOONN
however, that the sudoers lookup is still done for root, however, that the sudoers lookup is still done for root,
not the user specified by SUDO_USER. not the user specified by SUDO_USER.
ssuuddoo can log both successful and unsuccessful attempts (as
well as errors) to _s_y_s_l_o_g(3), a log file, or both. By
1.6.8 June 10, 2004 1
1.6.8 May 17, 2004 1
@@ -70,6 +70,8 @@ DDEESSCCRRIIPPTTIIOONN
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
ssuuddoo can log both successful and unsuccessful attempts (as
well as errors) to _s_y_s_l_o_g(3), a log file, or both. By
default ssuuddoo will log via _s_y_s_l_o_g(3) but this is changeable default ssuuddoo will log via _s_y_s_l_o_g(3) but this is changeable
at configure time or via the _s_u_d_o_e_r_s file. at configure time or via the _s_u_d_o_e_r_s file.
@@ -79,11 +81,12 @@ OOPPTTIIOONNSS
-H The --HH (_H_O_M_E) option sets the HOME environment vari<72> -H The --HH (_H_O_M_E) option sets the HOME environment vari<72>
able to the homedir of the target user (root by able to the homedir of the target user (root by
default) as specified in passwd(4). By default, ssuuddoo default) as specified in passwd(4). By default, ssuuddoo
does not modify HOME. does not modify HOME (see _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e
in sudoers(4)).
-K The --KK (sure _k_i_l_l) option to ssuuddoo removes the user's -K The --KK (sure _k_i_l_l) option is like --kk except that it
timestamp entirely. Likewise, this option does not removes the user's timestamp entirely. Like --kk, this
require a password. option does not require a password.
-L The --LL (_l_i_s_t defaults) option will list out the param<61> -L The --LL (_l_i_s_t defaults) option will list out the param<61>
eters that may be set in a _D_e_f_a_u_l_t_s line along with a eters that may be set in a _D_e_f_a_u_l_t_s line along with a
@@ -91,14 +94,15 @@ OOPPTTIIOONNSS
conjunction with _g_r_e_p(1). conjunction with _g_r_e_p(1).
-P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to
preserve the user's group vector unaltered. By preserve the invoking user's group vector unaltered.
default, ssuuddoo will initialize the group vector to the By default, ssuuddoo will initialize the group vector to
list of groups the target user is in. The real and the list of groups the target user is in. The real
effective group IDs, however, are still set to match and effective group IDs, however, are still set to
the target user. match the target user.
-S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password -S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password
from standard input instead of the terminal device. from the standard input instead of the terminal
device.
-V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the ver<65> -V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the ver<65>
sion number and exit. If the invoking user is already sion number and exit. If the invoking user is already
@@ -120,14 +124,10 @@ OOPPTTIIOONNSS
--bb option you cannot use shell job control to manipu<70> --bb option you cannot use shell job control to manipu<70>
late the process. late the process.
-c The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified
command with resources limited by the specified login
class. The _c_l_a_s_s argument can be either a class name
as defined in /etc/login.conf, or a single '-'
1.6.8 May 17, 2004 2 1.6.8 June 10, 2004 2
@@ -136,8 +136,12 @@ OOPPTTIIOONNSS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
character. Specifying a _c_l_a_s_s of - indicates that the -c The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified
command should be run restricted by the default login command with resources limited by the specified login
class. The _c_l_a_s_s argument can be either a class name
as defined in /etc/login.conf, or a single '-' charac<61>
ter. Specifying a _c_l_a_s_s of - indicates that the com<6F>
mand should be run restricted by the default login
capabilities for the user the command is run as. If capabilities for the user the command is run as. If
the _c_l_a_s_s argument specifies an existing user class, the _c_l_a_s_s argument specifies an existing user class,
the command must be run as root, or the ssuuddoo command the command must be run as root, or the ssuuddoo command
@@ -153,7 +157,8 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
authorized by _s_u_d_o_e_r_s the following steps are taken: authorized by _s_u_d_o_e_r_s the following steps are taken:
1. Temporary copies are made of the files to be 1. Temporary copies are made of the files to be
edited, owned by the invoking user. edited with the owner set to the invoking
user.
2. The editor specified by the VISUAL or EDITOR 2. The editor specified by the VISUAL or EDITOR
environment variables is run to edit the tem<65> environment variables is run to edit the tem<65>
@@ -185,15 +190,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
It also initializes the environment, leaving _T_E_R_M It also initializes the environment, leaving _T_E_R_M
unchanged, setting _H_O_M_E, _S_H_E_L_L, _U_S_E_R, _L_O_G_N_A_M_E, and unchanged, setting _H_O_M_E, _S_H_E_L_L, _U_S_E_R, _L_O_G_N_A_M_E, and
_P_A_T_H, and unsetting all other environment variables. _P_A_T_H, and unsetting all other environment variables.
Note that because the shell to use is determined
before the _s_u_d_o_e_r_s file is parsed, a _r_u_n_a_s___d_e_f_a_u_l_t
setting in _s_u_d_o_e_r_s will specify the user to run the
shell as but will not affect which shell is actually
run.
1.6.8 May 17, 2004 3 1.6.8 June 10, 2004 3
@@ -202,6 +202,12 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Note that because the shell to use is determined
before the _s_u_d_o_e_r_s file is parsed, a _r_u_n_a_s___d_e_f_a_u_l_t
setting in _s_u_d_o_e_r_s will specify the user to run the
shell as but will not affect which shell is actually
run.
-k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's -k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's
timestamp by setting the time on it to the epoch. The timestamp by setting the time on it to the epoch. The
next time ssuuddoo is run a password will be required. next time ssuuddoo is run a password will be required.
@@ -250,16 +256,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
command line arguments. It is most useful in conjunc<6E> command line arguments. It is most useful in conjunc<6E>
tion with the --ss flag. tion with the --ss flag.
RREETTUURRNN VVAALLUUEESS
Upon successful execution of a program, the return value
from ssuuddoo will simply be the return value of the program
that was executed.
Otherwise, ssuuddoo quits with an exit value of 1 if there is
1.6.8 May 17, 2004 4 1.6.8 June 10, 2004 4
@@ -268,6 +268,12 @@ RREETTUURRNN VVAALLUUEESS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
RREETTUURRNN VVAALLUUEESS
Upon successful execution of a program, the return value
from ssuuddoo will simply be the return value of the program
that was executed.
Otherwise, ssuuddoo quits with an exit value of 1 if there is
a configuration/permission problem or if ssuuddoo cannot exe<78> a configuration/permission problem or if ssuuddoo cannot exe<78>
cute the given command. In the latter case the error cute the given command. In the latter case the error
string is printed to stderr. If ssuuddoo cannot _s_t_a_t(2) one string is printed to stderr. If ssuuddoo cannot _s_t_a_t(2) one
@@ -316,16 +322,10 @@ SSEECCUURRIITTYY NNOOTTEESS
(_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's con<6F> (_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's con<6F>
tents if it is not owned by root and only writable by tents if it is not owned by root and only writable by
root. On systems that allow non-root users to give away root. On systems that allow non-root users to give away
files via _c_h_o_w_n(2), if the timestamp directory is located
in a directory writable by anyone (e.g.: _/_t_m_p), it is pos<6F>
sible for a user to create the timestamp directory before
ssuuddoo is run. However, because ssuuddoo checks the ownership
and mode of the directory and its contents, the only dam<61>
age that can be done is to "hide" files by putting them in
1.6.8 May 17, 2004 5 1.6.8 June 10, 2004 5
@@ -334,6 +334,12 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
files via _c_h_o_w_n(2), if the timestamp directory is located
in a directory writable by anyone (e.g.: _/_t_m_p), it is pos<6F>
sible for a user to create the timestamp directory before
ssuuddoo is run. However, because ssuuddoo checks the ownership
and mode of the directory and its contents, the only dam<61>
age that can be done is to "hide" files by putting them in
the timestamp dir. This is unlikely to happen since once the timestamp dir. This is unlikely to happen since once
the timestamp dir is owned by root and inaccessible by any the timestamp dir is owned by root and inaccessible by any
other user the user placing files there would be unable to other user the user placing files there would be unable to
@@ -366,32 +372,26 @@ EEXXAAMMPPLLEESS
To get a file listing of an unreadable directory: To get a file listing of an unreadable directory:
% sudo ls /usr/local/protected $ sudo ls /usr/local/protected
To list the home directory of user yazza on a machine To list the home directory of user yazza on a machine
where the file system holding ~yazza is not exported as where the file system holding ~yazza is not exported as
root: root:
% sudo -u yazza ls ~yazza $ sudo -u yazza ls ~yazza
To edit the _i_n_d_e_x_._h_t_m_l file as user www: To edit the _i_n_d_e_x_._h_t_m_l file as user www:
% sudo -u www vi ~www/htdocs/index.html $ sudo -u www vi ~www/htdocs/index.html
To shutdown a machine: To shutdown a machine:
% sudo shutdown -r +15 "quick reboot" $ sudo shutdown -r +15 "quick reboot"
To make a usage listing of the directories in the /home
partition. Note that this runs the commands in a sub-
shell to make the cd and file redirection work.
% sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
1.6.8 May 17, 2004 6 1.6.8 June 10, 2004 6
@@ -400,6 +400,12 @@ EEXXAAMMPPLLEESS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
To make a usage listing of the directories in the /home
partition. Note that this runs the commands in a sub-
shell to make the cd and file redirection work.
$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
EENNVVIIRROONNMMEENNTT EENNVVIIRROONNMMEENNTT
ssuuddoo utilizes the following environment variables: ssuuddoo utilizes the following environment variables:
@@ -448,16 +454,10 @@ AAUUTTHHOORRSS
BBUUGGSS BBUUGGSS
If you feel you have found a bug in sudo, please submit a If you feel you have found a bug in sudo, please submit a
bug report at http://www.sudo.ws/sudo/bugs/
DDIISSCCLLAAIIMMEERR
SSuuddoo is provided ``AS IS'' and any express or implied war<61>
ranties, including, but not limited to, the implied war<61>
ranties of merchantability and fitness for a particular
1.6.8 May 17, 2004 7 1.6.8 June 10, 2004 7
@@ -466,6 +466,12 @@ DDIISSCCLLAAIIMMEERR
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
bug report at http://www.sudo.ws/sudo/bugs/
DDIISSCCLLAAIIMMEERR
SSuuddoo is provided ``AS IS'' and any express or implied war<61>
ranties, including, but not limited to, the implied war<61>
ranties of merchantability and fitness for a particular
purpose are disclaimed. See the LICENSE file distributed purpose are disclaimed. See the LICENSE file distributed
with ssuuddoo for complete details. with ssuuddoo for complete details.
@@ -478,9 +484,18 @@ CCAAVVEEAATTSS
prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality. prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality.
See the sudoers(4) manual for details. See the sudoers(4) manual for details.
It is not meaningful to run the cd command directly via
sudo, e.g.
$ sudo cd /usr/local/protected
since when whe command exits the parent process (your
shell) will still be the same. Please see the EXAMPLES
section for more information.
If users have sudo ALL there is nothing to prevent them If users have sudo ALL there is nothing to prevent them
from creating their own program that gives them a root from creating their own program that gives them a root
shell regardless of any '!' elements in the user specifi<66> shell regardless of any '!' elements in the user specifi<66>
cation. cation.
Running shell scripts via ssuuddoo can expose the same kernel Running shell scripts via ssuuddoo can expose the same kernel
@@ -508,21 +523,6 @@ SSEEEE AALLSSOO
1.6.8 June 10, 2004 8
1.6.8 May 17, 2004 8

87
sudo.man.in
View File

@@ -149,7 +149,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDO @mansectsu@" .IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "May 17, 2004" "1.6.8" "MAINTENANCE COMMANDS" .TH SUDO @mansectsu@ "June 10, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.SH "NAME" .SH "NAME"
sudo, sudoedit \- execute a command as another user sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS" .SH "SYNOPSIS"
@@ -168,13 +168,16 @@ file [...]
\&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the \&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
superuser or another user, as specified in the \fIsudoers\fR file. superuser or another user, as specified in the \fIsudoers\fR file.
The real and effective uid and gid are set to match those of the The real and effective uid and gid are set to match those of the
target user as specified in the passwd file (the group vector is target user as specified in the passwd file and the group vector
also initialized when the target user is not root). By default, is initialized based on the group file (unless the \fB\-P\fR option was
specified). If the invoking user is root or if the target user is
the same as the invoking user, no password is required. Otherwise,
\&\fBsudo\fR requires that users authenticate themselves with a password \&\fBsudo\fR requires that users authenticate themselves with a password
(\s-1NOTE:\s0 by default this is the user's password, not the root password). by default (\s-1NOTE:\s0 in the default configuration this is the user's
Once a user has been authenticated, a timestamp is updated and the password, not the root password). Once a user has been authenticated,
user may then use sudo without a password for a short period of a timestamp is updated and the user may then use sudo without a
time (\f(CW\*(C`@timeout@\*(C'\fR minutes unless overridden in \fIsudoers\fR). password for a short period of time (\f(CW\*(C`@timeout@\*(C'\fR minutes unless
overridden in \fIsudoers\fR).
.PP .PP
When invoked as \fBsudoedit\fR, the \fB\-e\fR option (described below), When invoked as \fBsudoedit\fR, the \fB\-e\fR option (described below),
is implied. is implied.
@@ -188,11 +191,11 @@ entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden v
.PP .PP
If a user who is not listed in the \fIsudoers\fR file tries to run a If a user who is not listed in the \fIsudoers\fR file tries to run a
command via \fBsudo\fR, mail is sent to the proper authorities, as command via \fBsudo\fR, mail is sent to the proper authorities, as
defined at configure time or the \fIsudoers\fR file (defaults to root). defined at configure time or in the \fIsudoers\fR file (defaults to
Note that the mail will not be sent if an unauthorized user tries \&\f(CW\*(C`@mailto@\*(C'\fR). Note that the mail will not be sent if an unauthorized
to run sudo with the \fB\-l\fR or \fB\-v\fR flags. This allows users to user tries to run sudo with the \fB\-l\fR or \fB\-v\fR flags. This allows
determine for themselves whether or not they are allowed to use users to determine for themselves whether or not they are allowed
\&\fBsudo\fR. to use \fBsudo\fR.
.PP .PP
If \fBsudo\fR is run by root and the \f(CW\*(C`SUDO_USER\*(C'\fR environment variable If \fBsudo\fR is run by root and the \f(CW\*(C`SUDO_USER\*(C'\fR environment variable
is set, \fBsudo\fR will use this value to determine who the actual is set, \fBsudo\fR will use this value to determine who the actual
@@ -213,11 +216,13 @@ or via the \fIsudoers\fR file.
.IX Item "-H" .IX Item "-H"
The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable
to the homedir of the target user (root by default) as specified to the homedir of the target user (root by default) as specified
in passwd(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR. in passwd(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR
(see \fIset_home\fR and \fIalways_set_home\fR in sudoers(@mansectform@)).
.IP "\-K" 4 .IP "\-K" 4
.IX Item "-K" .IX Item "-K"
The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp The \fB\-K\fR (sure \fIkill\fR) option is like \fB\-k\fR except that it removes
entirely. Likewise, this option does not require a password. the user's timestamp entirely. Like \fB\-k\fR, this option does not
require a password.
.IP "\-L" 4 .IP "\-L" 4
.IX Item "-L" .IX Item "-L"
The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters
@@ -225,21 +230,21 @@ that may be set in a \fIDefaults\fR line along with a short description
for each. This option is useful in conjunction with \fIgrep\fR\|(1). for each. This option is useful in conjunction with \fIgrep\fR\|(1).
.IP "\-P" 4 .IP "\-P" 4
.IX Item "-P" .IX Item "-P"
The \fB\-P\fR (\fIpreserve group vector\fR) option causes \fBsudo\fR to preserve The \fB\-P\fR (\fIpreserve group vector\fR) option causes \fBsudo\fR to
the user's group vector unaltered. By default, \fBsudo\fR will initialize preserve the invoking user's group vector unaltered. By default,
the group vector to the list of groups the target user is in. \&\fBsudo\fR will initialize the group vector to the list of groups the
The real and effective group IDs, however, are still set to match target user is in. The real and effective group IDs, however, are
the target user. still set to match the target user.
.IP "\-S" 4 .IP "\-S" 4
.IX Item "-S" .IX Item "-S"
The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
standard input instead of the terminal device. the standard input instead of the terminal device.
.IP "\-V" 4 .IP "\-V" 4
.IX Item "-V" .IX Item "-V"
The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the version
version number and exit. If the invoking user is already root number and exit. If the invoking user is already root the \fB\-V\fR
the \fB\-V\fR option will print out a list of the defaults \fBsudo\fR option will print out a list of the defaults \fBsudo\fR was compiled
was compiled with as well as the machine's local network addresses. with as well as the machine's local network addresses.
.IP "\-a" 4 .IP "\-a" 4
.IX Item "-a" .IX Item "-a"
The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
@@ -275,8 +280,8 @@ the \fIsudoers\fR file. If the user is authorized by \fIsudoers\fR
the following steps are taken: the following steps are taken:
.RS 4 .RS 4
.IP "1." 8 .IP "1." 8
Temporary copies are made of the files to be edited, owned by the Temporary copies are made of the files to be edited with the owner
invoking user. set to the invoking user.
.IP "2." 8 .IP "2." 8
The editor specified by the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment The editor specified by the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment
variables is run to edit the temporary files. If neither \f(CW\*(C`VISUAL\*(C'\fR variables is run to edit the temporary files. If neither \f(CW\*(C`VISUAL\*(C'\fR
@@ -460,26 +465,26 @@ Note: the following examples assume suitable sudoers(@mansectform@) entries.
To get a file listing of an unreadable directory: To get a file listing of an unreadable directory:
.PP .PP
.Vb 1 .Vb 1
\& % sudo ls /usr/local/protected \& $ sudo ls /usr/local/protected
.Ve .Ve
.PP .PP
To list the home directory of user yazza on a machine where the To list the home directory of user yazza on a machine where the
file system holding ~yazza is not exported as root: file system holding ~yazza is not exported as root:
.PP .PP
.Vb 1 .Vb 1
\& % sudo -u yazza ls ~yazza \& $ sudo -u yazza ls ~yazza
.Ve .Ve
.PP .PP
To edit the \fIindex.html\fR file as user www: To edit the \fIindex.html\fR file as user www:
.PP .PP
.Vb 1 .Vb 1
\& % sudo -u www vi ~www/htdocs/index.html \& $ sudo -u www vi ~www/htdocs/index.html
.Ve .Ve
.PP .PP
To shutdown a machine: To shutdown a machine:
.PP .PP
.Vb 1 .Vb 1
\& % sudo shutdown -r +15 "quick reboot" \& $ sudo shutdown -r +15 "quick reboot"
.Ve .Ve
.PP .PP
To make a usage listing of the directories in the /home To make a usage listing of the directories in the /home
@@ -487,7 +492,7 @@ partition. Note that this runs the commands in a sub-shell
to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
.PP .PP
.Vb 1 .Vb 1
\& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" \& $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
.Ve .Ve
.SH "ENVIRONMENT" .SH "ENVIRONMENT"
.IX Header "ENVIRONMENT" .IX Header "ENVIRONMENT"
@@ -580,11 +585,21 @@ if that user is allowed to run arbitrary commands via \fBsudo\fR.
Also, many programs (such as editors) allow the user to run commands Also, many programs (such as editors) allow the user to run commands
via shell escapes, thus avoiding \fBsudo\fR's checks. However, on via shell escapes, thus avoiding \fBsudo\fR's checks. However, on
most systems it is possible to prevent shell escapes with \fBsudo\fR's most systems it is possible to prevent shell escapes with \fBsudo\fR's
\&\fInoexec\fR functionality. See the sudoers(@mansectform@) manual for details. \&\fInoexec\fR functionality. See the sudoers(@mansectform@) manual
for details.
.PP .PP
If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from creating It is not meaningful to run the \f(CW\*(C`cd\*(C'\fR command directly via sudo, e.g.
their own program that gives them a root shell regardless of any '!' .PP
elements in the user specification. .Vb 1
\& $ sudo cd /usr/local/protected
.Ve
.PP
since when whe command exits the parent process (your shell) will
still be the same. Please see the \s-1EXAMPLES\s0 section for more information.
.PP
If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from
creating their own program that gives them a root shell regardless
of any '!' elements in the user specification.
.PP .PP
Running shell scripts via \fBsudo\fR can expose the same kernel bugs Running shell scripts via \fBsudo\fR can expose the same kernel bugs
that make setuid shell scripts unsafe on some operating systems that make setuid shell scripts unsafe on some operating systems