isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for long options and fix inclusion of sudo_usage.h with

Browse Source 
modern gcc broken in 8597:1fcb7ba13018.
This commit is contained in:
Todd C. Miller
2013-07-18 16:51:56 -06:00
parent fbfd0ad630
commit 6e56e6d8c8
7 changed files with 264 additions and 217 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
doc/sudo.cat
View File

@@ -5,15 +5,15 @@ NNAAMMEE
SSYYNNOOPPSSIISS SSYYNNOOPPSSIISS
ssuuddoo --hh | --KK | --kk | --VV ssuuddoo --hh | --KK | --kk | --VV
ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--pp _p_r_o_m_p_t] ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--hh _r_e_m_o_t_e _h_o_s_t]
[--uu _u_s_e_r _n_a_m_e | _#_u_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e | _#_u_i_d]
ssuuddoo --ll[_l] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--hh _h_o_s_t _n_a_m_e] ssuuddoo --ll[_l] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--hh _r_e_m_o_t_e _h_o_s_t]
[--pp _p_r_o_m_p_t] [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] [_c_o_m_m_a_n_d] [--pp _p_r_o_m_p_t] [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] [_c_o_m_m_a_n_d]
ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s | _-] ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s | _-]
[--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--hh _h_o_s_t _n_a_m_e] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--hh _r_e_m_o_t_e _h_o_s_t] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e]
[--tt _t_y_p_e] [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] [VVAARR=_v_a_l_u_e] --ii | --ss [_c_o_m_m_a_n_d] [--tt _t_y_p_e] [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] [VVAARR=_v_a_l_u_e] --ii | --ss [_c_o_m_m_a_n_d]
ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s | _-] ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s | _-]
[--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--hh _h_o_s_t _n_a_m_e] [--pp _p_r_o_m_p_t] [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--hh _r_e_m_o_t_e _h_o_s_t] [--pp _p_r_o_m_p_t]
[--uu _u_s_e_r _n_a_m_e | _#_u_i_d] file ... [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] file ...
DDEESSCCRRIIPPTTIIOONN DDEESSCCRRIIPPTTIIOONN
@@ -48,7 +48,8 @@ DDEESSCCRRIIPPTTIIOONN
The options are as follows: The options are as follows:
--AA Normally, if ssuuddoo requires a password, it will read it from --AA, ----aasskkppaassss
Normally, if ssuuddoo requires a password, it will read it from
the user's terminal. If the --AA (_a_s_k_p_a_s_s) option is the user's terminal. If the --AA (_a_s_k_p_a_s_s) option is
specified, a (possibly graphical) helper program is executed specified, a (possibly graphical) helper program is executed
to read the user's password and output the password to the to read the user's password and output the password to the
@@ -63,7 +64,8 @@ DDEESSCCRRIIPPTTIIOONN
If no askpass program is available, ssuuddoo will exit with an If no askpass program is available, ssuuddoo will exit with an
error. error.
--aa _t_y_p_e The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the --aa, ----aauutthh--ttyyppee _a_u_t_h___t_y_p_e
The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the
specified authentication type when validating the user, as specified authentication type when validating the user, as
allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system administrator may allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system administrator may
specify a list of sudo-specific authentication methods by specify a list of sudo-specific authentication methods by
@@ -71,13 +73,15 @@ DDEESSCCRRIIPPTTIIOONN
option is only available on systems that support BSD option is only available on systems that support BSD
authentication. authentication.
--bb The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given --bb, ----bbaacckkggrroouunndd
The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given
command in the background. Note that if you use the --bb command in the background. Note that if you use the --bb
option you cannot use shell job control to manipulate the option you cannot use shell job control to manipulate the
process. Most interactive commands will fail to work process. Most interactive commands will fail to work
properly in background mode. properly in background mode.
--CC _f_d Normally, ssuuddoo will close all open file descriptors other --CC, ----cclloossee--ffrroomm _f_d
Normally, ssuuddoo will close all open file descriptors other
than standard input, standard output and standard error. The than standard input, standard output and standard error. The
--CC (_c_l_o_s_e _f_r_o_m) option allows the user to specify a starting --CC (_c_l_o_s_e _f_r_o_m) option allows the user to specify a starting
point above the standard error (file descriptor three). point above the standard error (file descriptor three).
@@ -86,7 +90,8 @@ DDEESSCCRRIIPPTTIIOONN
The _s_u_d_o_e_r_s policy only permits use of the --CC option when the The _s_u_d_o_e_r_s policy only permits use of the --CC option when the
administrator has enabled the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option. administrator has enabled the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option.
--cc _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified --cc, ----llooggiinn--ccllaassss _c_l_a_s_s
The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified
command with resources limited by the specified login class. command with resources limited by the specified login class.
The _c_l_a_s_s argument can be either a class name as defined in The _c_l_a_s_s argument can be either a class name as defined in
_/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single `-' character. Specifying a _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single `-' character. Specifying a
@@ -98,13 +103,14 @@ DDEESSCCRRIIPPTTIIOONN
This option is only available on systems with BSD login This option is only available on systems with BSD login
classes. classes.
--EE The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option indicates to the --EE, ----pprreesseerrvvee--eennvv
The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option indicates to the
security policy that the user wishes to preserve their security policy that the user wishes to preserve their
existing environment variables. The security policy may existing environment variables. The security policy may
return an error if the --EE option is specified and the user return an error if the --EE option is specified and the user
does not have permission to preserve the environment. does not have permission to preserve the environment.
--ee The --ee (_e_d_i_t) option indicates that, instead of running a --ee, ----eeddiitt The --ee (_e_d_i_t) option indicates that, instead of running a
command, the user wishes to edit one or more files. In lieu command, the user wishes to edit one or more files. In lieu
of a command, the string "sudoedit" is used when consulting of a command, the string "sudoedit" is used when consulting
the security policy. If the user is authorized by the the security policy. If the user is authorized by the
@@ -131,32 +137,35 @@ DDEESSCCRRIIPPTTIIOONN
version, the user will receive a warning and the edited copy version, the user will receive a warning and the edited copy
will remain in a temporary file. will remain in a temporary file.
--gg _g_r_o_u_p Normally, ssuuddoo runs a command with the primary group set to --gg, ----ggrroouupp _g_r_o_u_p
Normally, ssuuddoo runs a command with the primary group set to
the one specified by the password database for the user the the one specified by the password database for the user the
command is being run as (by default, root). The --gg (_g_r_o_u_p) command is being run as (by default, root). The --gg (_g_r_o_u_p)
option causes ssuuddoo to run the command with the primary group option causes ssuuddoo to run the command with the primary group
set to _g_r_o_u_p instead. To specify a _g_i_d instead of a _g_r_o_u_p set to _g_r_o_u_p instead. To specify a numeric group ID (gid)
_n_a_m_e, use _#_g_i_d. When running commands as a _g_i_d, many shells instead of a group name, use _#_g_i_d. When running commands as
require that the `#' be escaped with a backslash (`\'). If a gid, many shells require that the `#' be escaped with a
no --uu option is specified, the command will be run as the backslash (`\'). If no --uu option is specified, the command
invoking user (not root). In either case, the primary group will be run as the invoking user (not root). In either case,
will be set to _g_r_o_u_p. the primary group will be set to _g_r_o_u_p.
--HH The --HH (_H_O_M_E) option requests that the security policy set --HH, ----sseett--hhoommee
The --HH (_H_O_M_E) option requests that the security policy set
the HOME environment variable to the home directory of the the HOME environment variable to the home directory of the
target user (root by default) as specified by the password target user (root by default) as specified by the password
database. Depending on the policy, this may be the default database. Depending on the policy, this may be the default
behavior. behavior.
--hh [_h_o_s_t _n_a_m_e] --hh, ----hheellpp The --hh (_h_e_l_p) option causes ssuuddoo will print a short help
If a _h_o_s_t _n_a_m_e is specified and the policy plugin supports message to the standard output and exit.
--hh, ----hhoosstt _r_e_m_o_t_e _h_o_s_t
If a _r_e_m_o_t_e _h_o_s_t is specified and the policy plugin supports
it, the command will be run on the specified remote host. it, the command will be run on the specified remote host.
Note that the _s_u_d_o_e_r_s plugin does not currently support Note that the _s_u_d_o_e_r_s plugin does not currently support
running remote commands. If no _h_o_s_t _n_a_m_e is specified, ssuuddoo running remote commands.
will print a short help message to the standard output and
exit.
--ii [_c_o_m_m_a_n_d] --ii, ----llooggiinn [_c_o_m_m_a_n_d]
The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell
specified by the password database entry of the target user specified by the password database entry of the target user
as a login shell. This means that login-specific resource as a login shell. This means that login-specific resource
@@ -172,13 +181,14 @@ DDEESSCCRRIIPPTTIIOONN
environment in which a command is run when the _s_u_d_o_e_r_s policy environment in which a command is run when the _s_u_d_o_e_r_s policy
is in use. is in use.
--KK The --KK (sure _k_i_l_l) option is like --kk except that it removes --KK, ----rreemmoovvee--ttiimmeessttaammpp
The --KK (sure _k_i_l_l) option is like --kk except that it removes
the user's cached credentials entirely and may not be used in the user's cached credentials entirely and may not be used in
conjunction with a command or other option. This option does conjunction with a command or other option. This option does
not require a password. Not all security policies support not require a password. Not all security policies support
credential caching. credential caching.
--kk [_c_o_m_m_a_n_d] --kk, ----rreesseett--ttiimmeessttaammpp [_c_o_m_m_a_n_d]
When used alone, the --kk (_k_i_l_l) option to ssuuddoo invalidates the When used alone, the --kk (_k_i_l_l) option to ssuuddoo invalidates the
user's cached credentials. The next time ssuuddoo is run a user's cached credentials. The next time ssuuddoo is run a
password will be required. This option does not require a password will be required. This option does not require a
@@ -192,7 +202,7 @@ DDEESSCCRRIIPPTTIIOONN
for a password (if one is required by the security policy) for a password (if one is required by the security policy)
and will not update the user's cached credentials. and will not update the user's cached credentials.
--ll[ll] [_c_o_m_m_a_n_d] --ll[ll], ----lliisstt [_c_o_m_m_a_n_d]
If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list
the allowed (and forbidden) commands for the invoking user the allowed (and forbidden) commands for the invoking user
(or the user specified by the --UU option) on the current host. (or the user specified by the --UU option) on the current host.
@@ -204,17 +214,20 @@ DDEESSCCRRIIPPTTIIOONN
--llll), or if --ll is specified multiple times, a longer list --llll), or if --ll is specified multiple times, a longer list
format is used. format is used.
--nn The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from prompting --nn, ----nnoonn--iinntteerraaccttiivvee
The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from prompting
the user for a password. If a password is required for the the user for a password. If a password is required for the
command to run, ssuuddoo will display an error message and exit. command to run, ssuuddoo will display an error message and exit.
--PP The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to preserve --PP, ----pprreesseerrvvee--ggrroouuppss
The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to preserve
the invoking user's group vector unaltered. By default, the the invoking user's group vector unaltered. By default, the
_s_u_d_o_e_r_s policy will initialize the group vector to the list _s_u_d_o_e_r_s policy will initialize the group vector to the list
of groups the target user is in. The real and effective of groups the target user is in. The real and effective
group IDs, however, are still set to match the target user. group IDs, however, are still set to match the target user.
--pp _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default --pp, ----pprroommpptt _p_r_o_m_p_t
The --pp (_p_r_o_m_p_t) option allows you to override the default
password prompt and use a custom one. The following percent password prompt and use a custom one. The following percent
(`%') escapes are supported by the _s_u_d_o_e_r_s policy: (`%') escapes are supported by the _s_u_d_o_e_r_s policy:
@@ -241,49 +254,56 @@ DDEESSCCRRIIPPTTIIOONN
system password prompt on systems that support PAM unless the system password prompt on systems that support PAM unless the
_p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s. _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s.
--rr _r_o_l_e The --rr (_r_o_l_e) option causes the new (SELinux) security --rr, ----rroollee _r_o_l_e
context to have the role specified by _r_o_l_e. The --rr (_r_o_l_e) option causes the new SELinux security context
to have the role specified by _r_o_l_e.
--SS The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from --SS, ----ssttddiinn
The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from
the standard input instead of the terminal device. The the standard input instead of the terminal device. The
password must be followed by a newline character. password must be followed by a newline character.
--ss [_c_o_m_m_a_n_d] --ss, ----sshheellll [_c_o_m_m_a_n_d]
The --ss (_s_h_e_l_l) option runs the shell specified by the SHELL The --ss (_s_h_e_l_l) option runs the shell specified by the SHELL
environment variable if it is set or the shell as specified environment variable if it is set or the shell as specified
in the password database. If a command is specified, it is in the password database. If a command is specified, it is
passed to the shell for execution via the shell's --cc option. passed to the shell for execution via the shell's --cc option.
If no command is specified, an interactive shell is executed. If no command is specified, an interactive shell is executed.
--tt _t_y_p_e The --tt (_t_y_p_e) option causes the new (SELinux) security --tt, ----ttyyppee _t_y_p_e
context to have the type specified by _t_y_p_e. If no type is The --tt (_t_y_p_e) option causes the new SELinux security context
specified, the default type is derived from the specified to have the type specified by _t_y_p_e. If no type is specified,
role. the default type is derived from the specified role.
--UU _u_s_e_r The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the --ll --UU, ----ootthheerr--uusseerr _u_s_e_r
The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the --ll
option to specify the user whose privileges should be listed. option to specify the user whose privileges should be listed.
The security policy may restrict listing other users' The security policy may restrict listing other users'
privileges. The _s_u_d_o_e_r_s policy only allows root or a user privileges. The _s_u_d_o_e_r_s policy only allows root or a user
with the ALL privilege on the current host to use this with the ALL privilege on the current host to use this
option. option.
--uu _u_s_e_r The --uu (_u_s_e_r) option causes ssuuddoo to run the specified command --uu, ----uusseerr _u_s_e_r
as a user other than _r_o_o_t. To specify a _u_i_d instead of a The --uu (_u_s_e_r) option causes ssuuddoo to run the specified command
_u_s_e_r _n_a_m_e, _#_u_i_d. When running commands as a _u_i_d, many shells as a user other than _r_o_o_t. To specify a numeric user ID
require that the `#' be escaped with a backslash (`\'). (uid) instead of a user name, use _#_u_i_d. When running
Security policies may restrict _u_i_ds to those listed in the commands as a uid, many shells require that the `#' be
password database. The _s_u_d_o_e_r_s policy allows _u_i_ds that are escaped with a backslash (`\'). Some security policies may
not in the password database as long as the _t_a_r_g_e_t_p_w option restrict uids to those listed in the password database. The
is not set. Other security policies may not support this. _s_u_d_o_e_r_s policy allows uids that are not in the password
database as long as the _t_a_r_g_e_t_p_w option is not set. Other
security policies may not support this.
--VV The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print its version --VV, ----vveerrssiioonn
The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print its version
string and the version string of the security policy plugin string and the version string of the security policy plugin
and any I/O plugins. If the invoking user is already root and any I/O plugins. If the invoking user is already root
the --VV option will display the arguments passed to configure the --VV option will display the arguments passed to configure
when ssuuddoo was built and plugins may display more verbose when ssuuddoo was built and plugins may display more verbose
information such as default options. information such as default options.
--vv When given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the --vv, ----vvaalliiddaattee
When given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the
user's cached credentials, authenticating the user's password user's cached credentials, authenticating the user's password
if necessary. For the _s_u_d_o_e_r_s plugin, this extends the ssuuddoo if necessary. For the _s_u_d_o_e_r_s plugin, this extends the ssuuddoo
timeout for another 5 minutes (or whatever the timeout is set timeout for another 5 minutes (or whatever the timeout is set
@@ -304,10 +324,10 @@ DDEESSCCRRIIPPTTIIOONN
CCOOMMMMAANNDD EEXXEECCUUTTIIOONN CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
When ssuuddoo executes a command, the security policy specifies the execution When ssuuddoo executes a command, the security policy specifies the execution
environment for the command. Typically, the real and effective uid and environment for the command. Typically, the real and effective user and
gid are set to match those of the target user, as specified in the group and IDs are set to match those of the target user, as specified in
password database, and the group vector is initialized based on the group the password database, and the group vector is initialized based on the
database (unless the --PP option was specified). group database (unless the --PP option was specified).
The following parameters may be specified by security policy: The following parameters may be specified by security policy:

107
doc/sudo.man.in
View File

@@ -39,6 +39,7 @@
[\fB\-AknS\fR] [\fB\-AknS\fR]
[\fB\-a\fR\ \fIauth_type\fR] [\fB\-a\fR\ \fIauth_type\fR]
[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR] [\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
[\fB\-h\fR\ \fIremote\ host\fR]
[\fB\-p\fR\ \fIprompt\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR] [\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
.br .br
@@ -48,7 +49,7 @@
[\fB\-AknS\fR] [\fB\-AknS\fR]
[\fB\-a\fR\ \fIauth_type\fR] [\fB\-a\fR\ \fIauth_type\fR]
[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR] [\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
[\fB\-h\fR\ \fIhost\ name\fR] [\fB\-h\fR\ \fIremote\ host\fR]
[\fB\-p\fR\ \fIprompt\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-U\fR\ \fIuser\ name\fR] [\fB\-U\fR\ \fIuser\ name\fR]
[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR] [\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
@@ -61,7 +62,7 @@
[\fB\-C\fR\ \fIfd\fR] [\fB\-C\fR\ \fIfd\fR]
[\fB\-c\fR\ \fIclass\fR\ |\ \fI-\fR] [\fB\-c\fR\ \fIclass\fR\ |\ \fI-\fR]
[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR] [\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
[\fB\-h\fR\ \fIhost\ name\fR] [\fB\-h\fR\ \fIremote\ host\fR]
[\fB\-p\fR\ \fIprompt\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-r\fR\ \fIrole\fR] [\fB\-r\fR\ \fIrole\fR]
[\fB\-t\fR\ \fItype\fR] [\fB\-t\fR\ \fItype\fR]
@@ -77,7 +78,7 @@
[\fB\-C\fR\ \fIfd\fR] [\fB\-C\fR\ \fIfd\fR]
[\fB\-c\fR\ \fIclass\fR\ |\ \fI-\fR] [\fB\-c\fR\ \fIclass\fR\ |\ \fI-\fR]
[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR] [\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
[\fB\-h\fR\ \fIhost\ name\fR] [\fB\-h\fR\ \fIremote\ host\fR]
[\fB\-p\fR\ \fIprompt\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR] [\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
file ... file ...
@@ -151,7 +152,7 @@ output may be logged as well.
.PP .PP
The options are as follows: The options are as follows:
.TP 12n .TP 12n
\fB\-A\fR \fB\-A\fR, \fB\--askpass\fR
Normally, if Normally, if
\fBsudo\fR \fBsudo\fR
requires a password, it will read it from the user's terminal. requires a password, it will read it from the user's terminal.
@@ -183,7 +184,7 @@ If no askpass program is available,
will exit with an error. will exit with an error.
.RE .RE
.TP 12n .TP 12n
\fB\-a\fR \fItype\fR \fB\-a\fR, \fB\--auth-type\fR \fIauth_type\fR
The The
\fB\-a\fR (\fIauthentication type\fR) \fB\-a\fR (\fIauthentication type\fR)
option causes option causes
@@ -198,7 +199,7 @@ entry in
\fI/etc/login.conf\fR. \fI/etc/login.conf\fR.
This option is only available on systems that support BSD authentication. This option is only available on systems that support BSD authentication.
.TP 12n .TP 12n
\fB\-b\fR \fB\-b\fR, \fB\--background\fR
The The
\fB\-b\fR (\fIbackground\fR) \fB\-b\fR (\fIbackground\fR)
option tells option tells
@@ -210,7 +211,7 @@ option you cannot use shell job control to manipulate the process.
Most interactive commands will fail to work properly in background Most interactive commands will fail to work properly in background
mode. mode.
.TP 12n .TP 12n
\fB\-C\fR \fIfd\fR \fB\-C\fR, \fB\--close-from\fR \fIfd\fR
Normally, Normally,
\fBsudo\fR \fBsudo\fR
will close all open file descriptors other than standard input, will close all open file descriptors other than standard input,
@@ -231,7 +232,7 @@ option when the administrator has enabled the
\fIclosefrom_override\fR \fIclosefrom_override\fR
option. option.
.TP 12n .TP 12n
\fB\-c\fR \fIclass\fR \fB\-c\fR, \fB\--login-class\fR \fIclass\fR
The The
\fB\-c\fR (\fIclass\fR) \fB\-c\fR (\fIclass\fR)
option causes option causes
@@ -259,7 +260,7 @@ as root, or the
command must be run from a shell that is already root. command must be run from a shell that is already root.
This option is only available on systems with BSD login classes. This option is only available on systems with BSD login classes.
.TP 12n .TP 12n
\fB\-E\fR \fB\-E\fR, \fB\--preserve-env\fR
The The
\fB\-E\fR (\fIpreserve environment\fR) \fB\-E\fR (\fIpreserve environment\fR)
option indicates to the security policy that the user wishes to option indicates to the security policy that the user wishes to
@@ -269,7 +270,7 @@ The security policy may return an error if the
option is specified and the user does not have permission to preserve option is specified and the user does not have permission to preserve
the environment. the environment.
.TP 12n .TP 12n
\fB\-e\fR \fB\-e\fR, \fB\--edit\fR
The The
\fB\-e\fR (\fIedit\fR) \fB\-e\fR (\fIedit\fR)
option indicates that, instead of running a command, the user wishes option indicates that, instead of running a command, the user wishes
@@ -322,7 +323,7 @@ receive a warning and the edited copy will remain in a temporary
file. file.
.RE .RE
.TP 12n .TP 12n
\fB\-g\fR \fIgroup\fR \fB\-g\fR, \fB\--group\fR \fIgroup\fR
Normally, Normally,
\fBsudo\fR \fBsudo\fR
runs a command with the primary group set to the one specified by runs a command with the primary group set to the one specified by
@@ -335,15 +336,11 @@ option causes
to run the command with the primary group set to to run the command with the primary group set to
\fIgroup\fR \fIgroup\fR
instead. instead.
To specify a To specify a numeric group ID
\fIgid\fR (gid)
instead of a instead of a group name, use
\fIgroup name\fR,
use
\fI#gid\fR. \fI#gid\fR.
When running commands as a When running commands as a gid, many shells require that the
\fIgid\fR,
many shells require that the
\(oq#\(cq \(oq#\(cq
be escaped with a backslash be escaped with a backslash
(\(oq\e\(cq). (\(oq\e\(cq).
@@ -354,7 +351,7 @@ option is specified, the command will be run as the invoking user
In either case, the primary group will be set to In either case, the primary group will be set to
\fIgroup\fR. \fIgroup\fR.
.TP 12n .TP 12n
\fB\-H\fR \fB\-H\fR, \fB\--set-home\fR
The The
\fB\-H\fR (\fIHOME\fR) \fB\-H\fR (\fIHOME\fR)
option requests that the security policy set the option requests that the security policy set the
@@ -363,21 +360,23 @@ environment variable to the home directory of the target user (root
by default) as specified by the password database. by default) as specified by the password database.
Depending on the policy, this may be the default behavior. Depending on the policy, this may be the default behavior.
.TP 12n .TP 12n
\fB\-h\fR [\fIhost name\fR] \fB\-h\fR, \fB\--help\fR
The
\fB\-h\fR (\fIhelp\fR)
option causes
\fBsudo\fR
will print a short help message to the standard output and exit.
.TP 12n
\fB\-h\fR, \fB\--host\fR \fIremote host\fR
If a If a
\fIhost name\fR \fIremote host\fR
is specified and the policy plugin supports it, the command will be run is specified and the policy plugin supports it, the command will be run
on the specified remote host. on the specified remote host.
Note that the Note that the
\fIsudoers\fR \fIsudoers\fR
plugin does not currently support running remote commands. plugin does not currently support running remote commands.
If no
\fIhost name\fR
is specified,
\fBsudo\fR
will print a short help message to the standard output and exit.
.TP 12n .TP 12n
\fB\-i\fR [\fIcommand\fR] \fB\-i\fR, \fB\--login\fR [\fIcommand\fR]
The The
\fB\-i\fR (\fIsimulate initial login\fR) \fB\-i\fR (\fIsimulate initial login\fR)
option runs the shell specified by the password database entry of option runs the shell specified by the password database entry of
@@ -407,7 +406,7 @@ option affects the environment in which a command is run when the
\fIsudoers\fR \fIsudoers\fR
policy is in use. policy is in use.
.TP 12n .TP 12n
\fB\-K\fR \fB\-K\fR, \fB\--remove-timestamp\fR
The The
\fB\-K\fR (sure \fIkill\fR) \fB\-K\fR (sure \fIkill\fR)
option is like option is like
@@ -417,7 +416,7 @@ may not be used in conjunction with a command or other option.
This option does not require a password. This option does not require a password.
Not all security policies support credential caching. Not all security policies support credential caching.
.TP 12n .TP 12n
\fB\-k\fR [\fIcommand\fR] \fB\-k\fR, \fB\--reset-timestamp\fR [\fIcommand\fR]
When used alone, the When used alone, the
\fB\-k\fR (\fIkill\fR) \fB\-k\fR (\fIkill\fR)
option to option to
@@ -445,7 +444,7 @@ As a result,
will prompt for a password (if one is required by the security will prompt for a password (if one is required by the security
policy) and will not update the user's cached credentials. policy) and will not update the user's cached credentials.
.TP 12n .TP 12n
\fB\-l\fR[\fBl\fR] [\fIcommand\fR] \fB\-l\fR[\fBl\fR], \fB\--list\fR [\fIcommand\fR]
If no If no
\fIcommand\fR \fIcommand\fR
is specified, the is specified, the
@@ -474,7 +473,7 @@ or if
\fB\-l\fR \fB\-l\fR
is specified multiple times, a longer list format is used. is specified multiple times, a longer list format is used.
.TP 12n .TP 12n
\fB\-n\fR \fB\-n\fR, \fB\--non-interactive\fR
The The
\fB\-n\fR (\fInon-interactive\fR) \fB\-n\fR (\fInon-interactive\fR)
option prevents option prevents
@@ -484,7 +483,7 @@ If a password is required for the command to run,
\fBsudo\fR \fBsudo\fR
will display an error message and exit. will display an error message and exit.
.TP 12n .TP 12n
\fB\-P\fR \fB\-P\fR, \fB\--preserve-groups\fR
The The
\fB\-P\fR (\fIpreserve group vector\fR) \fB\-P\fR (\fIpreserve group vector\fR)
option causes option causes
@@ -497,7 +496,7 @@ target user is in.
The real and effective group IDs, however, are still set to match The real and effective group IDs, however, are still set to match
the target user. the target user.
.TP 12n .TP 12n
\fB\-p\fR \fIprompt\fR \fB\-p\fR, \fB\--prompt\fR \fIprompt\fR
The The
\fB\-p\fR (\fIprompt\fR) \fB\-p\fR (\fIprompt\fR)
option allows you to override the default password prompt and use option allows you to override the default password prompt and use
@@ -557,14 +556,14 @@ flag is disabled in
\fIsudoers\fR. \fIsudoers\fR.
.RE .RE
.TP 12n .TP 12n
\fB\-r\fR \fIrole\fR \fB\-r\fR, \fB\--role\fR \fIrole\fR
The The
\fB\-r\fR (\fIrole\fR) \fB\-r\fR (\fIrole\fR)
option causes the new (SELinux) security context to have the role option causes the new SELinux security context to have the role
specified by specified by
\fIrole\fR. \fIrole\fR.
.TP 12n .TP 12n
\fB\-S\fR \fB\-S\fR, \fB\--stdin\fR
The The
\fB\-S\fR (\fIstdin\fR) \fB\-S\fR (\fIstdin\fR)
option causes option causes
@@ -573,7 +572,7 @@ to read the password from the standard input instead of the terminal
device. device.
The password must be followed by a newline character. The password must be followed by a newline character.
.TP 12n .TP 12n
\fB\-s\fR [\fIcommand\fR] \fB\-s\fR, \fB\--shell\fR [\fIcommand\fR]
The The
\fB\-s\fR (\fIshell\fR) \fB\-s\fR (\fIshell\fR)
option runs the shell specified by the option runs the shell specified by the
@@ -586,16 +585,16 @@ via the shell's
option. option.
If no command is specified, an interactive shell is executed. If no command is specified, an interactive shell is executed.
.TP 12n .TP 12n
\fB\-t\fR \fItype\fR \fB\-t\fR, \fB\--type\fR \fItype\fR
The The
\fB\-t\fR (\fItype\fR) \fB\-t\fR (\fItype\fR)
option causes the new (SELinux) security context to have the type option causes the new SELinux security context to have the type
specified by specified by
\fItype\fR. \fItype\fR.
If no type is specified, the default type is derived from the If no type is specified, the default type is derived from the
specified role. specified role.
.TP 12n .TP 12n
\fB\-U\fR \fIuser\fR \fB\-U\fR, \fB\--other-user\fR \fIuser\fR
The The
\fB\-U\fR (\fIother user\fR) \fB\-U\fR (\fIother user\fR)
option is used in conjunction with the option is used in conjunction with the
@@ -608,37 +607,31 @@ policy only allows root or a user with the
\fRALL\fR \fRALL\fR
privilege on the current host to use this option. privilege on the current host to use this option.
.TP 12n .TP 12n
\fB\-u\fR \fIuser\fR \fB\-u\fR, \fB\--user\fR \fIuser\fR
The The
\fB\-u\fR (\fIuser\fR) \fB\-u\fR (\fIuser\fR)
option causes option causes
\fBsudo\fR \fBsudo\fR
to run the specified command as a user other than to run the specified command as a user other than
\fIroot\fR. \fIroot\fR.
To specify a To specify a numeric user ID
\fIuid\fR (uid)
instead of a instead of a user name, use
\fIuser name\fR,
\fI#uid\fR. \fI#uid\fR.
When running commands as a When running commands as a uid, many shells require that the
\fIuid\fR,
many shells require that the
\(oq#\(cq \(oq#\(cq
be escaped with a backslash be escaped with a backslash
(\(oq\e\(cq). (\(oq\e\(cq).
Security policies may restrict Some security policies may restrict uids
\fIuid\fRs
to those listed in the password database. to those listed in the password database.
The The
\fIsudoers\fR \fIsudoers\fR
policy allows policy allows uids that are not in the password database as long as the
\fIuid\fRs
that are not in the password database as long as the
\fItargetpw\fR \fItargetpw\fR
option is not set. option is not set.
Other security policies may not support this. Other security policies may not support this.
.TP 12n .TP 12n
\fB\-V\fR \fB\-V\fR, \fB\--version\fR
The The
\fB\-V\fR (\fIversion\fR) \fB\-V\fR (\fIversion\fR)
option causes option causes
@@ -652,7 +645,7 @@ option will display the arguments passed to configure when
was built and plugins may display more verbose information such as was built and plugins may display more verbose information such as
default options. default options.
.TP 12n .TP 12n
\fB\-v\fR \fB\-v\fR, \fB\--validate\fR
When given the When given the
\fB\-v\fR (\fIvalidate\fR) \fB\-v\fR (\fIvalidate\fR)
option, option,
@@ -701,7 +694,7 @@ When
\fBsudo\fR \fBsudo\fR
executes a command, the security policy specifies the execution executes a command, the security policy specifies the execution
environment for the command. environment for the command.
Typically, the real and effective uid and gid are set to Typically, the real and effective user and group and IDs are set to
match those of the target user, as specified in the password database, match those of the target user, as specified in the password database,
and the group vector is initialized based on the group database and the group vector is initialized based on the group database
(unless the (unless the

114
doc/sudo.mdoc.in
View File

@@ -39,6 +39,9 @@
.Op Fl g Ar group name No | Ar #gid .Op Fl g Ar group name No | Ar #gid
.Ek .Ek
.Bk -words .Bk -words
.Op Fl h Ar remote host
.Ek
.Bk -words
.Op Fl p Ar prompt .Op Fl p Ar prompt
.Ek .Ek
.Bk -words .Bk -words
@@ -54,7 +57,7 @@
.Op Fl g Ar group name No | Ar #gid .Op Fl g Ar group name No | Ar #gid
.Ek .Ek
.Bk -words .Bk -words
.Op Fl h Ar host name .Op Fl h Ar remote host
.Ek .Ek
.Bk -words .Bk -words
.Op Fl p Ar prompt .Op Fl p Ar prompt
@@ -81,7 +84,7 @@
.Op Fl g Ar group name No | Ar #gid .Op Fl g Ar group name No | Ar #gid
.Ek .Ek
.Bk -words .Bk -words
.Op Fl h Ar host name .Op Fl h Ar remote host
.Ek .Ek
.Bk -words .Bk -words
.Op Fl p Ar prompt .Op Fl p Ar prompt
@@ -117,7 +120,7 @@
.Op Fl g Ar group name No | Ar #gid .Op Fl g Ar group name No | Ar #gid
.Ek .Ek
.Bk -words .Bk -words
.Op Fl h Ar host name .Op Fl h Ar remote host
.Ek .Ek
.Bk -words .Bk -words
.Op Fl p Ar prompt .Op Fl p Ar prompt
@@ -197,7 +200,7 @@ output may be logged as well.
.Pp .Pp
The options are as follows: The options are as follows:
.Bl -tag -width Fl .Bl -tag -width Fl
.It Fl A .It Fl A , -askpass
Normally, if Normally, if
.Nm sudo .Nm sudo
requires a password, it will read it from the user's terminal. requires a password, it will read it from the user's terminal.
@@ -223,7 +226,7 @@ Path askpass /usr/X11R6/bin/ssh-askpass
If no askpass program is available, If no askpass program is available,
.Nm sudo .Nm sudo
will exit with an error. will exit with an error.
.It Fl a Ar type .It Fl a , -auth-type Ar auth_type
The The
.Fl a No ( Em "authentication type" Ns No ) .Fl a No ( Em "authentication type" Ns No )
option causes option causes
@@ -237,7 +240,7 @@ authentication methods by adding an
entry in entry in
.Pa /etc/login.conf . .Pa /etc/login.conf .
This option is only available on systems that support BSD authentication. This option is only available on systems that support BSD authentication.
.It Fl b .It Fl b , -background
The The
.Fl b No ( Em background Ns No ) .Fl b No ( Em background Ns No )
option tells option tells
@@ -248,7 +251,7 @@ Note that if you use the
option you cannot use shell job control to manipulate the process. option you cannot use shell job control to manipulate the process.
Most interactive commands will fail to work properly in background Most interactive commands will fail to work properly in background
mode. mode.
.It Fl C Ar fd .It Fl C , -close-from Ar fd
Normally, Normally,
.Nm sudo .Nm sudo
will close all open file descriptors other than standard input, will close all open file descriptors other than standard input,
@@ -268,7 +271,7 @@ policy only permits use of the
option when the administrator has enabled the option when the administrator has enabled the
.Em closefrom_override .Em closefrom_override
option. option.
.It Fl c Ar class .It Fl c , -login-class Ar class
The The
.Fl c No ( Em class Ns No ) .Fl c No ( Em class Ns No )
option causes option causes
@@ -295,7 +298,7 @@ as root, or the
.Nm sudo .Nm sudo
command must be run from a shell that is already root. command must be run from a shell that is already root.
This option is only available on systems with BSD login classes. This option is only available on systems with BSD login classes.
.It Fl E .It Fl E , -preserve-env
The The
.Fl E No ( Em preserve environment Ns No ) .Fl E No ( Em preserve environment Ns No )
option indicates to the security policy that the user wishes to option indicates to the security policy that the user wishes to
@@ -304,7 +307,7 @@ The security policy may return an error if the
.Fl E .Fl E
option is specified and the user does not have permission to preserve option is specified and the user does not have permission to preserve
the environment. the environment.
.It Fl e .It Fl e , -edit
The The
.Fl e No ( Em edit Ns No ) .Fl e No ( Em edit Ns No )
option indicates that, instead of running a command, the user wishes option indicates that, instead of running a command, the user wishes
@@ -351,7 +354,7 @@ If, for some reason,
is unable to update a file with its edited version, the user will is unable to update a file with its edited version, the user will
receive a warning and the edited copy will remain in a temporary receive a warning and the edited copy will remain in a temporary
file. file.
.It Fl g Ar group .It Fl g , -group Ar group
Normally, Normally,
.Nm sudo .Nm sudo
runs a command with the primary group set to the one specified by runs a command with the primary group set to the one specified by
@@ -364,15 +367,11 @@ option causes
to run the command with the primary group set to to run the command with the primary group set to
.Ar group .Ar group
instead. instead.
To specify a To specify a numeric group ID
.Em gid .Pq gid
instead of a instead of a group name, use
.Em "group name" , .Ar #gid .
use When running commands as a gid, many shells require that the
.Em #gid .
When running commands as a
.Em gid ,
many shells require that the
.Ql # .Ql #
be escaped with a backslash be escaped with a backslash
.Pq Ql \e . .Pq Ql \e .
@@ -381,8 +380,8 @@ If no
option is specified, the command will be run as the invoking user option is specified, the command will be run as the invoking user
(not root). (not root).
In either case, the primary group will be set to In either case, the primary group will be set to
.Em group . .Ar group .
.It Fl H .It Fl H , -set-home
The The
.Fl H No ( Em HOME Ns No ) .Fl H No ( Em HOME Ns No )
option requests that the security policy set the option requests that the security policy set the
@@ -390,20 +389,21 @@ option requests that the security policy set the
environment variable to the home directory of the target user (root environment variable to the home directory of the target user (root
by default) as specified by the password database. by default) as specified by the password database.
Depending on the policy, this may be the default behavior. Depending on the policy, this may be the default behavior.
.It Fl h Op Ar host name .It Fl h , -help
The
.Fl h No ( Em help Ns No )
option causes
.Nm sudo
will print a short help message to the standard output and exit.
.It Fl h , -host Ar remote host
If a If a
.Ar host name .Ar remote host
is specified and the policy plugin supports it, the command will be run is specified and the policy plugin supports it, the command will be run
on the specified remote host. on the specified remote host.
Note that the Note that the
.Em sudoers .Em sudoers
plugin does not currently support running remote commands. plugin does not currently support running remote commands.
If no .It Fl i , -login Op Ar command
.Ar host name
is specified,
.Nm sudo
will print a short help message to the standard output and exit.
.It Fl i Op Ar command
The The
.Fl i No ( Em simulate initial login Ns No ) .Fl i No ( Em simulate initial login Ns No )
option runs the shell specified by the password database entry of option runs the shell specified by the password database entry of
@@ -432,7 +432,7 @@ manual documents how the
option affects the environment in which a command is run when the option affects the environment in which a command is run when the
.Em sudoers .Em sudoers
policy is in use. policy is in use.
.It Fl K .It Fl K , -remove-timestamp
The The
.Fl K No ( sure Em kill Ns No ) .Fl K No ( sure Em kill Ns No )
option is like option is like
@@ -441,7 +441,7 @@ except that it removes the user's cached credentials entirely and
may not be used in conjunction with a command or other option. may not be used in conjunction with a command or other option.
This option does not require a password. This option does not require a password.
Not all security policies support credential caching. Not all security policies support credential caching.
.It Fl k Op Ar command .It Fl k , -reset-timestamp Op Ar command
When used alone, the When used alone, the
.Fl k No ( Em kill Ns No ) .Fl k No ( Em kill Ns No )
option to option to
@@ -468,7 +468,7 @@ As a result,
.Nm sudo .Nm sudo
will prompt for a password (if one is required by the security will prompt for a password (if one is required by the security
policy) and will not update the user's cached credentials. policy) and will not update the user's cached credentials.
.It Fl l Ns Oo Sy l Oc Op Ar command .It Fl l Ns Oo Sy l Oc , Fl -list Op Ar command
If no If no
.Ar command .Ar command
is specified, the is specified, the
@@ -496,7 +496,7 @@ argument
or if or if
.Fl l .Fl l
is specified multiple times, a longer list format is used. is specified multiple times, a longer list format is used.
.It Fl n .It Fl n , -non-interactive
The The
.Fl n No ( Em non-interactive Ns No ) .Fl n No ( Em non-interactive Ns No )
option prevents option prevents
@@ -505,7 +505,7 @@ from prompting the user for a password.
If a password is required for the command to run, If a password is required for the command to run,
.Nm sudo .Nm sudo
will display an error message and exit. will display an error message and exit.
.It Fl P .It Fl P , -preserve-groups
The The
.Fl P No ( Em preserve group vector Ns No ) .Fl P No ( Em preserve group vector Ns No )
option causes option causes
@@ -517,7 +517,7 @@ policy will initialize the group vector to the list of groups the
target user is in. target user is in.
The real and effective group IDs, however, are still set to match The real and effective group IDs, however, are still set to match
the target user. the target user.
.It Fl p Ar prompt .It Fl p , -prompt Ar prompt
The The
.Fl p No ( Em prompt Ns No ) .Fl p No ( Em prompt Ns No )
option allows you to override the default password prompt and use option allows you to override the default password prompt and use
@@ -567,13 +567,13 @@ support PAM unless the
.Em passprompt_override .Em passprompt_override
flag is disabled in flag is disabled in
.Em sudoers . .Em sudoers .
.It Fl r Ar role .It Fl r , -role Ar role
The The
.Fl r No ( Em role Ns No ) .Fl r No ( Em role Ns No )
option causes the new (SELinux) security context to have the role option causes the new SELinux security context to have the role
specified by specified by
.Ar role . .Ar role .
.It Fl S .It Fl S , -stdin
The The
.Fl S ( Em stdin Ns No ) .Fl S ( Em stdin Ns No )
option causes option causes
@@ -581,7 +581,7 @@ option causes
to read the password from the standard input instead of the terminal to read the password from the standard input instead of the terminal
device. device.
The password must be followed by a newline character. The password must be followed by a newline character.
.It Fl s Op Ar command .It Fl s , -shell Op Ar command
The The
.Fl s ( Em shell Ns No ) .Fl s ( Em shell Ns No )
option runs the shell specified by the option runs the shell specified by the
@@ -593,15 +593,15 @@ via the shell's
.Fl c .Fl c
option. option.
If no command is specified, an interactive shell is executed. If no command is specified, an interactive shell is executed.
.It Fl t Ar type .It Fl t , -type Ar type
The The
.Fl t ( Em type Ns No ) .Fl t ( Em type Ns No )
option causes the new (SELinux) security context to have the type option causes the new SELinux security context to have the type
specified by specified by
.Ar type . .Ar type .
If no type is specified, the default type is derived from the If no type is specified, the default type is derived from the
specified role. specified role.
.It Fl U Ar user .It Fl U , -other-user Ar user
The The
.Fl U ( Em other user Ns No ) .Fl U ( Em other user Ns No )
option is used in conjunction with the option is used in conjunction with the
@@ -613,36 +613,30 @@ The
policy only allows root or a user with the policy only allows root or a user with the
.Li ALL .Li ALL
privilege on the current host to use this option. privilege on the current host to use this option.
.It Fl u Ar user .It Fl u , -user Ar user
The The
.Fl u ( Em user Ns No ) .Fl u ( Em user Ns No )
option causes option causes
.Nm sudo .Nm sudo
to run the specified command as a user other than to run the specified command as a user other than
.Em root . .Em root .
To specify a To specify a numeric user ID
.Em uid .Pq uid
instead of a instead of a user name, use
.Em user name , .Ar #uid .
.Em #uid . When running commands as a uid, many shells require that the
When running commands as a
.Em uid ,
many shells require that the
.Ql # .Ql #
be escaped with a backslash be escaped with a backslash
.Pq Ql \e . .Pq Ql \e .
Security policies may restrict Some security policies may restrict uids
.Em uid Ns No s
to those listed in the password database. to those listed in the password database.
The The
.Em sudoers .Em sudoers
policy allows policy allows uids that are not in the password database as long as the
.Em uid Ns No s
that are not in the password database as long as the
.Em targetpw .Em targetpw
option is not set. option is not set.
Other security policies may not support this. Other security policies may not support this.
.It Fl V .It Fl V , -version
The The
.Fl V ( Em version Ns No ) .Fl V ( Em version Ns No )
option causes option causes
@@ -655,7 +649,7 @@ option will display the arguments passed to configure when
.Nm sudo .Nm sudo
was built and plugins may display more verbose information such as was built and plugins may display more verbose information such as
default options. default options.
.It Fl v .It Fl v , -validate
When given the When given the
.Fl v ( Em validate Ns No ) .Fl v ( Em validate Ns No )
option, option,
@@ -704,7 +698,7 @@ When
.Nm sudo .Nm sudo
executes a command, the security policy specifies the execution executes a command, the security policy specifies the execution
environment for the command. environment for the command.
Typically, the real and effective uid and gid are set to Typically, the real and effective user and group and IDs are set to
match those of the target user, as specified in the password database, match those of the target user, as specified in the password database,
and the group vector is initialized based on the group database and the group vector is initialized based on the group database
(unless the (unless the

2
src/Makefile.in
View File

@@ -38,7 +38,7 @@ LT_LIBS = $(top_builddir)/common/libcommon.la $(LIBOBJDIR)libreplace.la
LIBS = @LIBS@ @SUDO_LIBS@ @GETGROUPS_LIB@ @NET_LIBS@ @LIBINTL@ $(LT_LIBS) LIBS = @LIBS@ @SUDO_LIBS@ @GETGROUPS_LIB@ @NET_LIBS@ @LIBINTL@ $(LT_LIBS)
# C preprocessor flags # C preprocessor flags
CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) -I$(top_srcdir) -I. @CPPFLAGS@ CPPFLAGS = -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) -I$(top_srcdir) @CPPFLAGS@
# Usually -O and/or -g # Usually -O and/or -g
CFLAGS = @CFLAGS@ CFLAGS = @CFLAGS@

112
src/parse_args.c
View File

@@ -49,7 +49,7 @@
#include <grp.h> #include <grp.h>
#include <pwd.h> #include <pwd.h>
#include "sudo_usage.h" #include <sudo_usage.h>
#include "sudo.h" #include "sudo.h"
#include "lbuf.h" #include "lbuf.h"
@@ -123,6 +123,45 @@ static struct sudo_settings {
*/ */
#define DEFAULT_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_SHELL) #define DEFAULT_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_SHELL)
/* Option number for the --host long option due to ambiguity of the -h flag. */
#define OPT_HOSTNAME 256
/*
* Available command line options, both short and long.
* Note that we must disable arg permutation to support setting environment
* variables and to better support the optional arg of the -h flag.
*/
static const char short_opts[] = "+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:Sst:U:u:Vv";
static struct option long_opts[] = {
{ "askpass", no_argument, NULL, 'A' },
{ "auth-type", required_argument, NULL, 'a' },
{ "background", no_argument, NULL, 'b' },
{ "close-from", required_argument, NULL, 'C' },
{ "login-class", required_argument, NULL, 'c' },
{ "preserve-env", no_argument, NULL, 'E' },
{ "edit", no_argument, NULL, 'e' },
{ "group", required_argument, NULL, 'g' },
{ "set-home", no_argument, NULL, 'H' },
{ "help", no_argument, NULL, 'h' },
{ "host", required_argument, NULL, OPT_HOSTNAME },
{ "login", no_argument, NULL, 'i' },
{ "remove-timestamp", no_argument, NULL, 'K' },
{ "reset-timestamp", no_argument, NULL, 'k' },
{ "list", no_argument, NULL, 'l' },
{ "non-interactive", no_argument, NULL, 'n' },
{ "preserve-groups", no_argument, NULL, 'P' },
{ "prompt", required_argument, NULL, 'p' },
{ "role", required_argument, NULL, 'r' },
{ "stdin", no_argument, NULL, 'S' },
{ "shell", no_argument, NULL, 's' },
{ "type", required_argument, NULL, 't' },
{ "other-user", required_argument, NULL, 'U' },
{ "user", required_argument, NULL, 'u' },
{ "version", no_argument, NULL, 'V' },
{ "validate", no_argument, NULL, 'v' },
{ NULL, no_argument, NULL, '\0' },
};
/* /*
* Command line argument parsing. * Command line argument parsing.
* Sets nargc and nargv which corresponds to the argc/argv we'll use * Sets nargc and nargv which corresponds to the argc/argv we'll use
@@ -186,11 +225,10 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
/* XXX - should fill in settings at the end to avoid dupes */ /* XXX - should fill in settings at the end to avoid dupes */
for (;;) { for (;;) {
/* /*
* We disable arg permutation for GNU getopt().
* Some trickiness is required to allow environment variables * Some trickiness is required to allow environment variables
* to be interspersed with command line options. * to be interspersed with command line options.
*/ */
if ((ch = getopt_long(argc, argv, "+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:Sst:U:u:Vv", NULL, NULL)) != -1) { if ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) {
switch (ch) { switch (ch) {
case 'A': case 'A':
SET(tgetpass_flags, TGP_ASKPASS); SET(tgetpass_flags, TGP_ASKPASS);
@@ -236,16 +274,18 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
sudo_settings[ARG_SET_HOME].value = "true"; sudo_settings[ARG_SET_HOME].value = "true";
break; break;
case 'h': case 'h':
if (optarg != NULL) { if (optarg == NULL) {
sudo_settings[ARG_REMOTE_HOST].value = optarg;
} else {
if (mode && mode != MODE_HELP) { if (mode && mode != MODE_HELP) {
if (strcmp(getprogname(), "sudoedit") != 0) if (strcmp(getprogname(), "sudoedit") != 0)
usage_excl(1); usage_excl(1);
} }
mode = MODE_HELP; mode = MODE_HELP;
valid_flags = 0; valid_flags = 0;
break;
} }
/* FALLTHROUGH */
case OPT_HOSTNAME:
sudo_settings[ARG_REMOTE_HOST].value = optarg;
break; break;
case 'i': case 'i':
sudo_settings[ARG_LOGIN_SHELL].value = "true"; sudo_settings[ARG_LOGIN_SHELL].value = "true";
@@ -318,7 +358,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
default: default:
usage(1); usage(1);
} }
} else if (got_host_flag) { } else if (got_host_flag && optind < argc) {
/* /*
* Optional args only support -hhostname, not -h hostname. * Optional args only support -hhostname, not -h hostname.
* If we see a non-option after the -h flag, treat as * If we see a non-option after the -h flag, treat as
@@ -559,7 +599,7 @@ static void
help(void) help(void)
{ {
struct lbuf lbuf; struct lbuf lbuf;
int indent = 16; const int indent = 30;
const char *pname = getprogname(); const char *pname = getprogname();
debug_decl(help, SUDO_DEBUG_ARGS) debug_decl(help, SUDO_DEBUG_ARGS)
@@ -573,65 +613,65 @@ help(void)
usage(0); usage(0);
lbuf_append(&lbuf, _("\nOptions:\n")); lbuf_append(&lbuf, _("\nOptions:\n"));
lbuf_append(&lbuf, " -A %s", lbuf_append(&lbuf, " -A, --askpass %s",
_("use helper program for password prompting\n")); _("use helper program for password prompting\n"));
#ifdef HAVE_BSD_AUTH_H #ifdef HAVE_BSD_AUTH_H
lbuf_append(&lbuf, " -a type %s", lbuf_append(&lbuf, " -a, --auth-type auth_type %s",
_("use specified BSD authentication type\n")); _("use specified BSD authentication type\n"));
#endif #endif
lbuf_append(&lbuf, " -b %s", lbuf_append(&lbuf, " -b, --background %s",
_("run command in the background\n")); _("run command in the background\n"));
lbuf_append(&lbuf, " -C fd %s", lbuf_append(&lbuf, " -C, --close-from fd %s",
_("close all file descriptors >= fd\n")); _("close all file descriptors >= fd\n"));
#ifdef HAVE_LOGIN_CAP_H #ifdef HAVE_LOGIN_CAP_H
lbuf_append(&lbuf, " -c class %s", lbuf_append(&lbuf, " -c, --login-class class %s",
_("run command with specified login class\n")); _("run command with specified login class\n"));
#endif #endif
lbuf_append(&lbuf, " -E %s", lbuf_append(&lbuf, " -E, --preserve-env %s",
_("preserve user environment when executing command\n")); _("preserve user environment when executing command\n"));
lbuf_append(&lbuf, " -e %s", lbuf_append(&lbuf, " -e, --edit %s",
_("edit files instead of running a command\n")); _("edit files instead of running a command\n"));
lbuf_append(&lbuf, " -g group %s", lbuf_append(&lbuf, " -g, --group group name|#gid %s",
_("execute command as the specified group\n")); _("execute command as the specified group\n"));
lbuf_append(&lbuf, " -H %s", lbuf_append(&lbuf, " -H, --set-home %s",
_("set HOME variable to target user's home dir.\n")); _("set HOME variable to target user's home dir.\n"));
lbuf_append(&lbuf, " -h %s", lbuf_append(&lbuf, " -h, --help %s",
_("display help message and exit\n")); _("display help message and exit\n"));
lbuf_append(&lbuf, " -h host name %s", lbuf_append(&lbuf, " -h, --host remote host %s",
_("run command on specified host if supported\n")); _("run command on specified host (if supported)\n"));
lbuf_append(&lbuf, " -i [command] %s", lbuf_append(&lbuf, " -i, --login [command] %s",
_("run a login shell as target user\n")); _("run a login shell as target user\n"));
lbuf_append(&lbuf, " -K %s", lbuf_append(&lbuf, " -K, --remove-timestamp %s",
_("remove timestamp file completely\n")); _("remove timestamp file completely\n"));
lbuf_append(&lbuf, " -k %s", lbuf_append(&lbuf, " -k, --reset-timestamp %s",
_("invalidate timestamp file\n")); _("invalidate timestamp file\n"));
lbuf_append(&lbuf, " -l[l] command %s", lbuf_append(&lbuf, " -l[l], --list [command] %s",
_("list user's available commands\n")); _("list user's available commands\n"));
lbuf_append(&lbuf, " -n %s", lbuf_append(&lbuf, " -n, --non-interactive %s",
_("non-interactive mode, will not prompt user\n")); _("non-interactive mode, will not prompt user\n"));
lbuf_append(&lbuf, " -P %s", lbuf_append(&lbuf, " -P, --preserve-groups %s",
_("preserve group vector instead of setting to target's\n")); _("preserve group vector instead of setting to target's\n"));
lbuf_append(&lbuf, " -p prompt %s", lbuf_append(&lbuf, " -p, --prompt prompt %s",
_("use specified password prompt\n")); _("use specified password prompt\n"));
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
lbuf_append(&lbuf, " -r role %s", lbuf_append(&lbuf, " -r, --role role %s",
_("create SELinux security context with specified role\n")); _("create SELinux security context with specified role\n"));
#endif #endif
lbuf_append(&lbuf, " -S %s", lbuf_append(&lbuf, " -S, --stdin %s",
_("read password from standard input\n")); _("read password from standard input\n"));
lbuf_append(&lbuf, lbuf_append(&lbuf, " -s, --shell [command] %s",
" -s [command] %s", _("run a shell as target user\n")); _("run a shell as target user\n"));
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
lbuf_append(&lbuf, " -t type %s", lbuf_append(&lbuf, " -t, --type type %s",
_("create SELinux security context with specified role\n")); _("create SELinux security context with specified role\n"));
#endif #endif
lbuf_append(&lbuf, " -U user %s", lbuf_append(&lbuf, " -U, --other-user user name %s",
_("when listing, list specified user's privileges\n")); _("when listing, list specified user's privileges\n"));
lbuf_append(&lbuf, " -u user %s", lbuf_append(&lbuf, " -u, --user user name|#uid %s",
_("run command (or edit file) as specified user\n")); _("run command (or edit file) as specified user\n"));
lbuf_append(&lbuf, " -V %s", lbuf_append(&lbuf, " -V, --version %s",
_("display version information and exit\n")); _("display version information and exit\n"));
lbuf_append(&lbuf, " -v %s", lbuf_append(&lbuf, " -v, --validate %s",
_("update user's timestamp without running a command\n")); _("update user's timestamp without running a command\n"));
lbuf_append(&lbuf, " -- %s", lbuf_append(&lbuf, " -- %s",
_("stop processing command line arguments\n")); _("stop processing command line arguments\n"));

2
src/sudo.c
View File

@@ -83,10 +83,10 @@
# include <prot.h> # include <prot.h>
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ #endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
#include <sudo_usage.h>
#include "sudo.h" #include "sudo.h"
#include "sudo_plugin.h" #include "sudo_plugin.h"
#include "sudo_plugin_int.h" #include "sudo_plugin_int.h"
#include "sudo_usage.h"
/* /*
* Local variables * Local variables

10
src/sudo_usage.h.in
View File

@@ -23,11 +23,11 @@
* Usage strings for sudo. These are here because we * Usage strings for sudo. These are here because we
* need to be able to substitute values from configure. * need to be able to substitute values from configure.
*/ */
#define SUDO_USAGE1 " [-D level] -h | -K | -k | -V" #define SUDO_USAGE1 " -h | -K | -k | -V"
#define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-D level] [-g groupname|#gid] [-h hostname] [-p prompt] [-u user name|#uid]" #define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-g group name|#gid] [-h remote host] [-p prompt] [-u user name|#uid]"
#define SUDO_USAGE3 " -l[l] [-AknS] @BSDAUTH_USAGE@[-D level] [-g groupname|#gid] [-h hostname] [-p prompt] [-U user name] [-u user name|#uid] [command]" #define SUDO_USAGE3 " -l[l] [-AknS] @BSDAUTH_USAGE@[-g group name|#gid] [-h remote host] [-p prompt] [-U user name] [-u user name|#uid] [command]"
#define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] [-D level] @LOGINCAP_USAGE@[-g groupname|#gid] [-h hostname] [-p prompt] [-u user name|#uid] [VAR=value] [-i|-s] [<command>]" #define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g group name|#gid] [-h remote host] [-p prompt] [-u user name|#uid] [VAR=value] [-i|-s] [<command>]"
#define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] [-D level] @LOGINCAP_USAGE@[-g groupname|#gid] [-h hostname] [-p prompt] [-u user name|#uid] file ..." #define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g group name|#gid] [-h remote host] [-p prompt] [-u user name|#uid] file ..."
/* /*
* Configure script arguments used to build sudo. * Configure script arguments used to build sudo.