isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document per-command Defaults.

Browse Source
This commit is contained in:
Todd C. Miller
2004-11-19 22:09:10 +00:00
parent fe869025c4
commit 9c954d803f
4 changed files with 168 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
sample.sudoers
View File

@@ -7,6 +7,16 @@
# #
# $Sudo$ # $Sudo$
##
# Override built-in defaults
##
Defaults syslog=auth
Defaults>root !set_logname
Defaults:FULLTIMERS !lecture
Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log
Defaults!PAGERS noexec
## ##
# User alias specification # User alias specification
## ##
@@ -48,15 +58,7 @@ Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
Cmnd_Alias SU = /usr/bin/su Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \ Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
/usr/bin/chfn /usr/bin/chfn
Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
##
# Override built-in defaults
##
Defaults syslog=auth
Defaults>root !set_logname
Defaults:FULLTIMERS !lecture
Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log
## ##
# User specification # User specification

266
sudoers.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.6.9 November 12, 2004 1 1.6.9 November 19, 2004 1
@@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 November 12, 2004 2 1.6.9 November 19, 2004 2
@@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 November 12, 2004 3 1.6.9 November 19, 2004 3
@@ -221,12 +221,16 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Certain configuration options may be changed from their Certain configuration options may be changed from their
default values at runtime via one or more Default_Entry default values at runtime via one or more Default_Entry
lines. These may affect all users on any host, all users lines. These may affect all users on any host, all users
on a specific host, a specific user, or commands being run on a specific host, a specific user, a specific command,
as a specific user. or commands being run as a specific user. Note that per-
command entries may not include command line arguments.
If you need to specify arguments, define a Cmnd_Alias and
reference that instead.
Default_Type ::= 'Defaults' | Default_Type ::= 'Defaults' |
'Defaults' '@' Host | 'Defaults' '@' Host |
'Defaults' ':' User | 'Defaults' ':' User |
'Defaults' '!' Cmnd |
'Defaults' '>' RunasUser 'Defaults' '>' RunasUser
Default_Entry ::= Default_Type Parameter_List Default_Entry ::= Default_Type Parameter_List
@@ -252,14 +256,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
respectively. It is not an error to use the -= operator respectively. It is not an error to use the -= operator
to remove an element that does not exist in a list. to remove an element that does not exist in a list.
FFllaaggss:
long_otp_prompt
When validating with a One Time Password
1.6.9 November 12, 2004 4 1.6.9 November 19, 2004 4
@@ -268,6 +268,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
FFllaaggss:
long_otp_prompt
When validating with a One Time Password
scheme (SS//KKeeyy or OOPPIIEE), a two-line prompt is scheme (SS//KKeeyy or OOPPIIEE), a two-line prompt is
used to make it easier to cut and paste the used to make it easier to cut and paste the
challenge to a local window. It's not as challenge to a local window. It's not as
@@ -276,7 +280,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
ignore_dot If set, ssuuddoo will ignore '.' or '' (current ignore_dot If set, ssuuddoo will ignore '.' or '' (current
dir) in the PATH environment variable; the dir) in the PATH environment variable; the
PATH itself is not modified. This flag is _o_n PATH itself is not modified. This flag is _o_f_f
by default. by default.
mail_always Send mail to the _m_a_i_l_t_o user every time a mail_always Send mail to the _m_a_i_l_t_o user every time a
@@ -318,14 +322,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
If set, users must authenticate themselves via If set, users must authenticate themselves via
a password (or other means of authentication) a password (or other means of authentication)
before they may run commands. This default before they may run commands. This default
may be overridden via the PASSWD and NOPASSWD
tags. This flag is _o_n by default.
root_sudo If set, root is allowed to run ssuuddoo too.
1.6.9 November 12, 2004 5 1.6.9 November 19, 2004 5
@@ -334,7 +334,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Disabling this prevents users from "chaining" may be overridden via the PASSWD and NOPASSWD
tags. This flag is _o_n by default.
root_sudo If set, root is allowed to run ssuuddoo too. Dis<69>
abling this prevents users from "chaining"
ssuuddoo commands to get a root shell by doing ssuuddoo commands to get a root shell by doing
something like "sudo sudo /bin/sh". Note, something like "sudo sudo /bin/sh". Note,
however, that turning off _r_o_o_t___s_u_d_o will also however, that turning off _r_o_o_t___s_u_d_o will also
@@ -384,14 +388,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
tage is that if the executable is simply not tage is that if the executable is simply not
in the user's PATH, ssuuddoo will tell the user in the user's PATH, ssuuddoo will tell the user
that they are not allowed to run it, which can that they are not allowed to run it, which can
be confusing. This flag is _o_f_f by default.
preserve_groups
By default ssuuddoo will initialize the group
1.6.9 November 12, 2004 6 1.6.9 November 19, 2004 6
@@ -400,12 +400,16 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
vector to the list of groups the target user be confusing. This flag is _o_f_f by default.
is in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the
user's existing group vector is left unal<61> preserve_groups
tered. The real and effective group IDs, how<EFBFBD> By default ssuuddoo will initialize the group vec<EFBFBD>
ever, are still set to match the target user. tor to the list of groups the target user is
This flag is _o_f_f by default. in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's
existing group vector is left unaltered. The
real and effective group IDs, however, are
still set to match the target user. This flag
is _o_f_f by default.
fqdn Set this flag if you want to put fully quali<6C> fqdn Set this flag if you want to put fully quali<6C>
fied hostnames in the _s_u_d_o_e_r_s file. I.e., fied hostnames in the _s_u_d_o_e_r_s file. I.e.,
@@ -426,7 +430,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
set _f_q_d_n. This flag is _o_f_f by default. set _f_q_d_n. This flag is _o_f_f by default.
insults If set, ssuuddoo will insult users when they enter insults If set, ssuuddoo will insult users when they enter
an incorrect password. This flag is _o_n by an incorrect password. This flag is _o_f_f by
default. default.
requiretty If set, ssuuddoo will only run when the user is requiretty If set, ssuuddoo will only run when the user is
@@ -447,17 +451,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
is to place a colon-separated list of editors is to place a colon-separated list of editors
in the editor variable. vviissuuddoo will then only in the editor variable. vviissuuddoo will then only
use the EDITOR or VISUAL if they match a value use the EDITOR or VISUAL if they match a value
specified in editor. This flag is on by specified in editor. This flag is off by
default. default.
rootpw If set, ssuuddoo will prompt for the root password
instead of the password of the invoking user.
This flag is _o_f_f by default.
1.6.9 November 19, 2004 7
1.6.9 November 12, 2004 7
@@ -466,6 +466,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
rootpw If set, ssuuddoo will prompt for the root password
instead of the password of the invoking user.
This flag is _o_f_f by default.
runaspw If set, ssuuddoo will prompt for the password of runaspw If set, ssuuddoo will prompt for the password of
the user defined by the _r_u_n_a_s___d_e_f_a_u_l_t option the user defined by the _r_u_n_a_s___d_e_f_a_u_l_t option
(defaults to root) instead of the password of (defaults to root) instead of the password of
@@ -516,14 +520,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
use_loginclass use_loginclass
If set, ssuuddoo will apply the defaults specified If set, ssuuddoo will apply the defaults specified
for the target user's login class if one
exists. Only available if ssuuddoo is configured
with the --with-logincap option. This flag is
_o_f_f by default.
1.6.9 November 12, 2004 8 1.6.9 November 19, 2004 8
@@ -532,6 +532,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
for the target user's login class if one
exists. Only available if ssuuddoo is configured
with the --with-logincap option. This flag is
_o_f_f by default.
noexec If set, all commands run via ssuuddoo will behave noexec If set, all commands run via ssuuddoo will behave
as if the NOEXEC tag has been set, unless as if the NOEXEC tag has been set, unless
overridden by a EXEC tag. See the description overridden by a EXEC tag. See the description
@@ -581,15 +586,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
log. The default is 80 (use 0 or negate the log. The default is 80 (use 0 or negate the
option to disable word wrap). option to disable word wrap).
timestamp_timeout
Number of minutes that can elapse before ssuuddoo
will ask for a passwd again. The default is
5. Set this to 0 to always prompt for a pass<73>
word. If set to a value less than 0 the
1.6.9 November 12, 2004 9 1.6.9 November 19, 2004 9
@@ -598,6 +598,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
timestamp_timeout
Number of minutes that can elapse before ssuuddoo
will ask for a passwd again. The default is
5. Set this to 0 to always prompt for a pass<73>
word. If set to a value less than 0 the
user's timestamp will never expire. This can user's timestamp will never expire. This can
be used to allow users to create or delete be used to allow users to create or delete
their own timestamps via sudo -v and sudo -k their own timestamps via sudo -v and sudo -k
@@ -648,14 +653,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
%h expanded to the local hostname without %h expanded to the local hostname without
the domain name the domain name
%H expanded to the local hostname includ<75>
ing the domain name (on if the
machine's hostname is fully qualified
or the _f_q_d_n option is set)
1.6.9 November 19, 2004 10
1.6.9 November 12, 2004 10
@@ -664,6 +664,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
%H expanded to the local hostname includ<75>
ing the domain name (on if the
machine's hostname is fully qualified
or the _f_q_d_n option is set)
%% two consecutive % characters are col<6F> %% two consecutive % characters are col<6F>
laped into a single % character laped into a single % character
@@ -713,15 +718,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
always Always lecture the user. always Always lecture the user.
The default value is _o_n_c_e.
lecture_file
Path to a file containing an alternate ssuuddoo
lecture that will be used in place of the
1.6.9 November 12, 2004 11 1.6.9 November 19, 2004 11
@@ -730,6 +730,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The default value is _o_n_c_e.
lecture_file
Path to a file containing an alternate ssuuddoo
lecture that will be used in place of the
standard lecture if the named file exists. standard lecture if the named file exists.
logfile Path to the ssuuddoo log file (not the syslog log logfile Path to the ssuuddoo log file (not the syslog log
@@ -738,7 +743,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
syslog Syslog facility if syslog is being used for syslog Syslog facility if syslog is being used for
logging (negate to disable syslog logging). logging (negate to disable syslog logging).
Defaults to authpriv. Defaults to local2.
mailerpath Path to mail program used to send warning mailerpath Path to mail program used to send warning
mail. Defaults to the path to sendmail found mail. Defaults to the path to sendmail found
@@ -779,15 +784,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
the NOPASSWD flag set to avoid enter<65> the NOPASSWD flag set to avoid enter<65>
ing a password. ing a password.
never The user need never enter a password
to use the --vv flag.
always The user must always enter a password
to use the --vv flag.
1.6.9 November 12, 2004 12 1.6.9 November 19, 2004 12
@@ -796,6 +796,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
never The user need never enter a password
to use the --vv flag.
always The user must always enter a password
to use the --vv flag.
The default value is `all'. The default value is `all'.
listpw This option controls when a password will be listpw This option controls when a password will be
@@ -844,16 +850,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
respectively. The default list of environment respectively. The default list of environment
variables to remove is printed when ssuuddoo is variables to remove is printed when ssuuddoo is
run by root with the _-_V option. Note that run by root with the _-_V option. Note that
many operating systems will remove potentially
dangerous variables from the environment of
any setuid process (such as ssuuddoo).
env_keep Environment variables to be preserved in the
user's environment when the _e_n_v___r_e_s_e_t option
1.6.9 November 12, 2004 13 1.6.9 November 19, 2004 13
@@ -862,6 +862,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
many operating systems will remove potentially
dangerous variables from the environment of
any setuid process (such as ssuuddoo).
env_keep Environment variables to be preserved in the
user's environment when the _e_n_v___r_e_s_e_t option
is in effect. This allows fine-grained con<6F> is in effect. This allows fine-grained con<6F>
trol over the environment ssuuddoo-spawned pro<72> trol over the environment ssuuddoo-spawned pro<72>
cesses will receive. The argument may be a cesses will receive. The argument may be a
@@ -911,15 +917,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
commands that follow it. What this means is that for the commands that follow it. What this means is that for the
entry: entry:
dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm
The user ddggbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m
-- but only as ooppeerraattoorr. E.g.,
1.6.9 November 19, 2004 14
1.6.9 November 12, 2004 14
@@ -928,6 +928,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm
The user ddggbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m
-- but only as ooppeerraattoorr. E.g.,
$ sudo -u operator /bin/ls. $ sudo -u operator /bin/ls.
It is also possible to override a Runas_Spec later on in It is also possible to override a Runas_Spec later on in
@@ -978,14 +983,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
tain to the current host. This behavior may be overridden tain to the current host. This behavior may be overridden
via the verifypw and listpw options. via the verifypw and listpw options.
_N_O_E_X_E_C _a_n_d _E_X_E_C
If ssuuddoo has been compiled with _n_o_e_x_e_c support and the
underlying operating system supports it, the NOEXEC tag
1.6.9 November 19, 2004 15
1.6.9 November 12, 2004 15
@@ -994,6 +994,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
_N_O_E_X_E_C _a_n_d _E_X_E_C
If ssuuddoo has been compiled with _n_o_e_x_e_c support and the
underlying operating system supports it, the NOEXEC tag
can be used to prevent a dynamically-linked executable can be used to prevent a dynamically-linked executable
from running further commands itself. from running further commands itself.
@@ -1045,13 +1049,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
used to escape special characters such as: "*", used to escape special characters such as: "*",
"?", "[", and "}". "?", "[", and "}".
Note that a forward slash ('/') will nnoott be matched by
wildcards used in the pathname. When matching the command
line arguments, however, a slash ddooeess get matched by
1.6.9 November 19, 2004 16
1.6.9 November 12, 2004 16
@@ -1060,7 +1060,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
wildcards. This is to make a path like: Note that a forward slash ('/') will nnoott be matched by
wildcards used in the pathname. When matching the command
line arguments, however, a slash ddooeess get matched by wild<6C>
cards. This is to make a path like:
/usr/bin/* /usr/bin/*
@@ -1111,13 +1114,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
or Host_Alias. You should not try to define your own or Host_Alias. You should not try to define your own
_a_l_i_a_s called AALLLL as the built-in alias will be used in _a_l_i_a_s called AALLLL as the built-in alias will be used in
preference to your own. Please note that using AALLLL can be preference to your own. Please note that using AALLLL can be
dangerous since in a command context, it allows the user
to run aannyy command on the system.
1.6.9 November 19, 2004 17
1.6.9 November 12, 2004 17
@@ -1126,6 +1126,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
dangerous since in a command context, it allows the user
to run aannyy command on the system.
An exclamation point ('!') can be used as a logical _n_o_t An exclamation point ('!') can be used as a logical _n_o_t
operator both in an _a_l_i_a_s and in front of a Cmnd. This operator both in an _a_l_i_a_s and in front of a Cmnd. This
allows one to exclude certain values. Note, however, that allows one to exclude certain values. Note, however, that
@@ -1180,10 +1183,7 @@ EEXXAAMMPPLLEESS
1.6.9 November 19, 2004 18
1.6.9 November 12, 2004 18
@@ -1204,6 +1204,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
/usr/local/bin/tcsh, /usr/bin/rsh, \ /usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh /usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
Here we override some of the compiled in default values. Here we override some of the compiled in default values.
We want ssuuddoo to log via _s_y_s_l_o_g(3) using the _a_u_t_h facility We want ssuuddoo to log via _s_y_s_l_o_g(3) using the _a_u_t_h facility
@@ -1214,7 +1215,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Additionally, on the machines in the _S_E_R_V_E_R_S Host_Alias, Additionally, on the machines in the _S_E_R_V_E_R_S Host_Alias,
we keep an additional local log file and make sure we log we keep an additional local log file and make sure we log
the year in each log line since the log entries will be the year in each log line since the log entries will be
kept around for several years. kept around for several years. Lastly, we disable shell
escapes for the commands in the PAGERS Cmnd_Alias
(/usr/bin/more, /usr/bin/pg and /usr/bin/less).
# Override built-in defaults # Override built-in defaults
Defaults syslog=auth Defaults syslog=auth
@@ -1222,6 +1225,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Defaults:FULLTIMERS !lecture Defaults:FULLTIMERS !lecture
Defaults:millert !authenticate Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log Defaults@SERVERS log_year, logfile=/var/log/sudo.log
Defaults!PAGERS noexec
The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually deter<65> The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually deter<65>
mines who may run what. mines who may run what.
@@ -1243,13 +1247,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
any command on any host but they must authenticate them<65> any command on any host but they must authenticate them<65>
selves first (since the entry lacks the NOPASSWD tag). selves first (since the entry lacks the NOPASSWD tag).
jack CSNETS = ALL
The user jjaacckk may run any command on the machines in the
1.6.9 November 19, 2004 19
1.6.9 November 12, 2004 19
@@ -1258,6 +1258,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
jack CSNETS = ALL
The user jjaacckk may run any command on the machines in the
_C_S_N_E_T_S alias (the networks 128.138.243.0, 128.138.204.0, _C_S_N_E_T_S alias (the networks 128.138.243.0, 128.138.204.0,
and 128.138.242.0). Of those networks, only 128.138.204.0 and 128.138.242.0). Of those networks, only 128.138.204.0
has an explicit netmask (in CIDR notation) indicating it has an explicit netmask (in CIDR notation) indicating it
@@ -1309,13 +1312,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
fred ALL = (DB) NOPASSWD: ALL fred ALL = (DB) NOPASSWD: ALL
The user ffrreedd can run commands as any user in the _D_B The user ffrreedd can run commands as any user in the _D_B
Runas_Alias (oorraaccllee or ssyybbaassee) without giving a password.
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
1.6.9 November 12, 2004 20 1.6.9 November 19, 2004 20
@@ -1324,6 +1324,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Runas_Alias (oorraaccllee or ssyybbaassee) without giving a password.
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except
root but he is not allowed to give _s_u(1) any flags. root but he is not allowed to give _s_u(1) any flags.
@@ -1373,15 +1377,11 @@ SSEECCUURRIITTYY NNOOTTEESS
bill ALL = ALL, !SU, !SHELLS bill ALL = ALL, !SU, !SHELLS
Doesn't really prevent bbiillll from running the commands Doesn't really prevent bbiillll from running the commands
listed in _S_U or _S_H_E_L_L_S since he can simply copy those com<6F> listed in _S_U or _S_H_E_L_L_S since he can simply copy those
mands to a different name, or use a shell escape from an
editor or other program. Therefore, these kind of
restrictions should be considered advisory at best (and
reinforced by policy).
1.6.9 November 12, 2004 21 1.6.9 November 19, 2004 21
@@ -1390,6 +1390,11 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
commands to a different name, or use a shell escape from
an editor or other program. Therefore, these kind of
restrictions should be considered advisory at best (and
reinforced by policy).
PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
Once ssuuddoo executes a program, that program is free to do Once ssuuddoo executes a program, that program is free to do
whatever it pleases, including run other programs. This whatever it pleases, including run other programs. This
@@ -1439,15 +1444,10 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
_n_o_e_x_e_c will work at compile-time. _N_o_e_x_e_c should _n_o_e_x_e_c will work at compile-time. _N_o_e_x_e_c should
work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64
UNIX, MacOS X, and HP-UX 11.x. It is known nnoott UNIX, MacOS X, and HP-UX 11.x. It is known nnoott
to work on AIX and UnixWare. _N_o_e_x_e_c is expected
to work on most operating systems that support
the LD_PRELOAD environment variable. Check your
operating system's manual pages for the dynamic
linker (usually ld.so, ld.so.1, dyld, dld.sl,
1.6.9 November 12, 2004 22 1.6.9 November 19, 2004 22
@@ -1456,6 +1456,11 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
to work on AIX and UnixWare. _N_o_e_x_e_c is expected
to work on most operating systems that support
the LD_PRELOAD environment variable. Check your
operating system's manual pages for the dynamic
linker (usually ld.so, ld.so.1, dyld, dld.sl,
rld, or loader) to see if LD_PRELOAD is sup<75> rld, or loader) to see if LD_PRELOAD is sup<75>
ported. ported.
@@ -1505,15 +1510,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
tially hazardous operations (such as changing or overwrit<69> tially hazardous operations (such as changing or overwrit<69>
ing files) that could lead to unintended privilege escala<6C> ing files) that could lead to unintended privilege escala<6C>
tion. In the specific case of an editor, a safer approach tion. In the specific case of an editor, a safer approach
is to give the user permission to run ssuuddooeeddiitt.
SSEEEE AALLSSOO
_r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), sudo(1m), visudo(1m)
1.6.9 November 19, 2004 23
1.6.9 November 12, 2004 23
@@ -1522,6 +1522,11 @@ SSEEEE AALLSSOO
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
is to give the user permission to run ssuuddooeeddiitt.
SSEEEE AALLSSOO
_r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), sudo(1m), visudo(1m)
CCAAVVEEAATTSS CCAAVVEEAATTSS
The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo
command which locks the file and does grammatical check<63> command which locks the file and does grammatical check<63>
@@ -1574,11 +1579,6 @@ DDIISSCCLLAAIIMMEERR
1.6.9 November 19, 2004 24
1.6.9 November 12, 2004 24

20
sudoers.man.in
View File

@@ -149,7 +149,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDOERS @mansectform@" .IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "November 12, 2004" "1.6.9" "MAINTENANCE COMMANDS" .TH SUDOERS @mansectform@ "November 19, 2004" "1.6.9" "MAINTENANCE COMMANDS"
.SH "NAME" .SH "NAME"
sudoers \- list of which users may execute what sudoers \- list of which users may execute what
.SH "DESCRIPTION" .SH "DESCRIPTION"
@@ -354,12 +354,16 @@ a normal command does.
Certain configuration options may be changed from their default Certain configuration options may be changed from their default
values at runtime via one or more \f(CW\*(C`Default_Entry\*(C'\fR lines. These values at runtime via one or more \f(CW\*(C`Default_Entry\*(C'\fR lines. These
may affect all users on any host, all users on a specific host, a may affect all users on any host, all users on a specific host, a
specific user, or commands being run as a specific user. specific user, a specific command, or commands being run as a specific user.
Note that per-command entries may not include command line arguments.
If you need to specify arguments, define a \f(CW\*(C`Cmnd_Alias\*(C'\fR and reference
that instead.
.PP .PP
.Vb 4 .Vb 5
\& Default_Type ::= 'Defaults' | \& Default_Type ::= 'Defaults' |
\& 'Defaults' '@' Host | \& 'Defaults' '@' Host |
\& 'Defaults' ':' User | \& 'Defaults' ':' User |
\& 'Defaults' '!' Cmnd |
\& 'Defaults' '>' RunasUser \& 'Defaults' '>' RunasUser
.Ve .Ve
.PP .PP
@@ -1131,7 +1135,7 @@ these are a bit contrived. First, we define our \fIaliases\fR:
\& Host_Alias CDROM = orion, perseus, hercules \& Host_Alias CDROM = orion, perseus, hercules
.Ve .Ve
.PP .PP
.Vb 12 .Vb 13
\& # Cmnd alias specification \& # Cmnd alias specification
\& Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e \& Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
\& /usr/sbin/restore, /usr/sbin/rrestore \& /usr/sbin/restore, /usr/sbin/rrestore
@@ -1144,6 +1148,7 @@ these are a bit contrived. First, we define our \fIaliases\fR:
\& /usr/local/bin/tcsh, /usr/bin/rsh, \e \& /usr/local/bin/tcsh, /usr/bin/rsh, \e
\& /usr/local/bin/zsh \& /usr/local/bin/zsh
\& Cmnd_Alias SU = /usr/bin/su \& Cmnd_Alias SU = /usr/bin/su
\& Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
.Ve .Ve
.PP .PP
Here we override some of the compiled in default values. We want Here we override some of the compiled in default values. We want
@@ -1154,15 +1159,18 @@ want to reset the \f(CW\*(C`LOGNAME\*(C'\fR or \f(CW\*(C`USER\*(C'\fR environmen
running commands as root. Additionally, on the machines in the running commands as root. Additionally, on the machines in the
\&\fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, we keep an additional local log file and \&\fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, we keep an additional local log file and
make sure we log the year in each log line since the log entries make sure we log the year in each log line since the log entries
will be kept around for several years. will be kept around for several years. Lastly, we disable shell
escapes for the commands in the \s-1PAGERS\s0 \f(CW\*(C`Cmnd_Alias\*(C'\fR (/usr/bin/more,
/usr/bin/pg and /usr/bin/less).
.PP .PP
.Vb 6 .Vb 7
\& # Override built-in defaults \& # Override built-in defaults
\& Defaults syslog=auth \& Defaults syslog=auth
\& Defaults>root !set_logname \& Defaults>root !set_logname
\& Defaults:FULLTIMERS !lecture \& Defaults:FULLTIMERS !lecture
\& Defaults:millert !authenticate \& Defaults:millert !authenticate
\& Defaults@SERVERS log_year, logfile=/var/log/sudo.log \& Defaults@SERVERS log_year, logfile=/var/log/sudo.log
\& Defaults!PAGERS noexec
.Ve .Ve
.PP .PP
The \fIUser specification\fR is the part that actually determines who may The \fIUser specification\fR is the part that actually determines who may

12
sudoers.pod
View File

@@ -198,11 +198,15 @@ a normal command does.
Certain configuration options may be changed from their default Certain configuration options may be changed from their default
values at runtime via one or more C<Default_Entry> lines. These values at runtime via one or more C<Default_Entry> lines. These
may affect all users on any host, all users on a specific host, a may affect all users on any host, all users on a specific host, a
specific user, or commands being run as a specific user. specific user, a specific command, or commands being run as a specific user.
Note that per-command entries may not include command line arguments.
If you need to specify arguments, define a C<Cmnd_Alias> and reference
that instead.
Default_Type ::= 'Defaults' | Default_Type ::= 'Defaults' |
'Defaults' '@' Host | 'Defaults' '@' Host |
'Defaults' ':' User | 'Defaults' ':' User |
'Defaults' '!' Cmnd |
'Defaults' '>' RunasUser 'Defaults' '>' RunasUser
Default_Entry ::= Default_Type Parameter_List Default_Entry ::= Default_Type Parameter_List
@@ -1054,6 +1058,7 @@ these are a bit contrived. First, we define our I<aliases>:
/usr/local/bin/tcsh, /usr/bin/rsh, \ /usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh /usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
Here we override some of the compiled in default values. We want Here we override some of the compiled in default values. We want
B<sudo> to log via L<syslog(3)> using the I<auth> facility in all B<sudo> to log via L<syslog(3)> using the I<auth> facility in all
@@ -1063,7 +1068,9 @@ want to reset the C<LOGNAME> or C<USER> environment variables when
running commands as root. Additionally, on the machines in the running commands as root. Additionally, on the machines in the
I<SERVERS> C<Host_Alias>, we keep an additional local log file and I<SERVERS> C<Host_Alias>, we keep an additional local log file and
make sure we log the year in each log line since the log entries make sure we log the year in each log line since the log entries
will be kept around for several years. will be kept around for several years. Lastly, we disable shell
escapes for the commands in the PAGERS C<Cmnd_Alias> (/usr/bin/more,
/usr/bin/pg and /usr/bin/less).
# Override built-in defaults # Override built-in defaults
Defaults syslog=auth Defaults syslog=auth
@@ -1071,6 +1078,7 @@ will be kept around for several years.
Defaults:FULLTIMERS !lecture Defaults:FULLTIMERS !lecture
Defaults:millert !authenticate Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log Defaults@SERVERS log_year, logfile=/var/log/sudo.log
Defaults!PAGERS noexec
The I<User specification> is the part that actually determines who may The I<User specification> is the part that actually determines who may
run what. run what.