isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mention plugins in the sudo manual and add some missing path

Browse Source 
substitution in the sudo_plugin manual.
This commit is contained in:
Todd C. Miller
2010-06-09 12:26:37 -04:00
parent 474392821e
commit 9d09966aad
6 changed files with 248 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
doc/sudo.cat
View File

@@ -11,7 +11,7 @@ SSYYNNOOPPSSIISS
ssuuddoo [--DD _l_e_v_e_l] --hh | --KK | --kk | --VV
ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d]
[--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d]
[--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d]
ssuuddoo --ll[[ll]] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d]
[--pp _p_r_o_m_p_t] [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d]
@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.8.0a2 June 3, 2010 1
1.8.0a2 June 9, 2010 1
@@ -127,7 +127,7 @@ OOPPTTIIOONNSS
1.8.0a2 June 3, 2010 2
1.8.0a2 June 9, 2010 2
@@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0a2 June 3, 2010 3
1.8.0a2 June 9, 2010 3
@@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0a2 June 3, 2010 4
1.8.0a2 June 9, 2010 4
@@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0a2 June 3, 2010 5
1.8.0a2 June 9, 2010 5
@@ -351,8 +351,55 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
matched is ALL, the user may set variables that would overwise be
forbidden. See _s_u_d_o_e_r_s(4) for more information.
PPLLUUGGIINNSS
ssuuddoo supports a plugin architecture for security policies and
input/output logging. Third parties can develop and distribute their
own policy and I/O logging modules to work seemlessly with the ssuuddoo
front end.
Plugins are dynamically loaded based on the contents of the
_/_e_t_c_/_s_u_d_o_._c_o_n_f file. If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, ssuuddoo will
use the traditional _s_u_d_o_e_r_s security policy and I/O logging, which
corresponds to the following _/_e_t_c_/_s_u_d_o_._c_o_n_f file.
#
# Default /etc/sudo.conf file
#
# Format:
# Plugin plugin_name plugin_path
#
# The plugin_path is relative to /usr/local/libexec unless
# fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
# that contains the plugin interface structure.
#
Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so
A Plugin line consists of the Plugin keyword, followed by the
_s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin.
The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct
io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified
or relative. If not fully qualified it is relative to the
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any additional parameters after the _p_a_t_h
are ignored.
For more information, see the "_s_u_d_o___p_l_u_g_i_n(1m) manual."
RREETTUURRNN VVAALLUUEESS
Upon successful execution of a program, the exit status from ssuuddoo will
1.8.0a2 June 9, 2010 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
simply be the exit status of the program that was executed.
Otherwise, ssuuddoo quits with an exit value of 1 if there is a
@@ -388,18 +435,6 @@ SSEECCUURRIITTYY NNOOTTEESS
environment variables that ssuuddoo allows or denies is contained in the
output of sudo -V when run as root.
1.8.0a2 June 3, 2010 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Note that the dynamic linker on most operating systems will remove
variables that can control dynamic linking from the environment of
setuid executables, including ssuuddoo. Depending on the operating system
@@ -419,6 +454,18 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
not owned by root or if it is writable by a user other than root. On
systems that allow non-root users to give away files via _c_h_o_w_n(2), if
the time stamp directory is located in a directory writable by anyone
1.8.0a2 June 9, 2010 7
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
(e.g., _/_t_m_p), it is possible for a user to create the time stamp
directory before ssuuddoo is run. However, because ssuuddoo checks the
ownership and mode of the directory and its contents, the only damage
@@ -431,9 +478,9 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
appropriate owner (root) and permissions (0700) in the system startup
files.
ssuuddoo will not honor time stamps set far in the future. Timestamps with
a date greater than current_time + 2 * TIMEOUT will be ignored and sudo
will log and complain. This is done to keep a user from creating
ssuuddoo will not honor time stamps set far in the future. Time stamps
with a date greater than current_time + 2 * TIMEOUT will be ignored and
sudo will log and complain. This is done to keep a user from creating
his/her own time stamp with a bogus date on systems that allow users to
give away files.
@@ -455,17 +502,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Administrators should not rely on this feature as it is not universally
available.
1.8.0a2 June 3, 2010 7
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Please note that ssuuddoo will normally only log the command it explicitly
runs. If a user runs a command such as sudo su or sudo sh, subsequent
commands run from that shell will _n_o_t be logged, nor will ssuuddoo's access
@@ -484,6 +520,18 @@ EENNVVIIRROONNMMEENNTT
HOME In --ss or --HH mode (or if sudo was configured with the
--enable-shell-sets-home option), set to homedir of the
1.8.0a2 June 9, 2010 8
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
target user
PATH Set to a sane value if the _s_e_c_u_r_e___p_a_t_h sudoers option
@@ -517,21 +565,12 @@ EENNVVIIRROONNMMEENNTT
SUDO_EDITOR is not set
FFIILLEESS
_/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo plugin configuration
_/_e_t_c_/_s_u_d_o_e_r_s List of who can run what
_/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing time stamps
1.8.0a2 June 3, 2010 8
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
_/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mode on Linux and
AIX
@@ -547,6 +586,18 @@ EEXXAAMMPPLLEESS
$ sudo -u yaz ls ~yaz
1.8.0a2 June 9, 2010 9
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
To edit the _i_n_d_e_x_._h_t_m_l file as user www:
$ sudo -u www vi ~www/htdocs/index.html
@@ -571,7 +622,7 @@ EEXXAAMMPPLLEESS
SSEEEE AALLSSOO
_g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(4),
_v_i_s_u_d_o(1m)
"_s_u_d_o___p_l_u_g_i_n(1m), "_s_u_d_o_r_e_p_l_a_y(1m), _v_i_s_u_d_o(1m)""
AAUUTTHHOORRSS
Many people have worked on ssuuddoo over the years; this version consists
@@ -586,18 +637,6 @@ CCAAVVEEAATTSS
There is no easy way to prevent a user from gaining a root shell if
that user is allowed to run arbitrary commands via ssuuddoo. Also, many
programs (such as editors) allow the user to run commands via shell
1.8.0a2 June 3, 2010 9
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
escapes, thus avoiding ssuuddoo's checks. However, on most systems it is
possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality.
See the _s_u_d_o_e_r_s(4) manual for details.
@@ -613,6 +652,18 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
their own program that gives them a root shell regardless of any '!'
elements in the user specification.
1.8.0a2 June 9, 2010 10
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Running shell scripts via ssuuddoo can expose the same kernel bugs that
make setuid shell scripts unsafe on some operating systems (if your OS
has a /dev/fd/ directory, setuid shell scripts are generally safe).
@@ -633,6 +684,15 @@ DDIISSCCLLAAIIMMEERR
See the LICENSE file distributed with ssuuddoo or
http://www.sudo.ws/sudo/license.html for complete details.
PPOODD EERRRROORRSS
Hey! TThhee aabboovvee ddooccuummeenntt hhaadd ssoommee ccooddiinngg eerrrroorrss,, wwhhiicchh aarree eexxppllaaiinneedd
bbeellooww::
Around line 442:
Unterminated L<...> sequence
Around line 678:
Unterminated L<L<...>> sequence
@@ -655,6 +715,12 @@ DDIISSCCLLAAIIMMEERR
1.8.0a2 June 3, 2010 10
1.8.0a2 June 9, 2010 11