isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Regenerated with perl 5.6.0 pod2man

Browse Source
This commit is contained in:
Todd C. Miller
2000-04-07 14:39:23 +00:00
parent 7e00f9c376
commit dffa5b0145
6 changed files with 982 additions and 1410 deletions
Download Patch File Download Diff File Expand all files Collapse all files

218
sudo.cat
View File

@@ -26,19 +26,19 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
time (five minutes by default). time (five minutes by default).
ssssuuuuddddoooo determines who is an authorized user by consulting ssssuuuuddddoooo determines who is an authorized user by consulting
the file _/_e_t_c_/_s_u_d_o_e_r_s. By giving ssssuuuuddddoooo the -v flag a user the file _/_e_t_c_/_s_u_d_o_e_r_s. By giving ssssuuuuddddoooo the `-v' flag a
can update the time stamp without running a _c_o_m_m_a_n_d_. The user can update the time stamp without running a _c_o_m_m_a_n_d_.
password prompt itself will also time out if the user's The password prompt itself will also time out if the
password is not entered with N minutes (again, this is user's password is not entered with N minutes (again, this
defined at configure time and defaults to 5 minutes). is defined at configure time and defaults to 5 minutes).
If a user that is not listed in the _s_u_d_o_e_r_s file tries to If a user that is not listed in the _s_u_d_o_e_r_s file tries to
run a command via ssssuuuuddddoooo, mail is sent to the proper run a command via ssssuuuuddddoooo, mail is sent to the proper author<6F>
authorities, as defined at configure time (defaults to ities, as defined at configure time (defaults to root).
root). Note that the mail will not be sent if an Note that the mail will not be sent if an unauthorized
unauthorized user tries to run sudo with the -l or -v user tries to run sudo with the `-l' or `-v' flags. This
flags. This allows users to determine for themselves allows users to determine for themselves whether or not
whether or not they are allowed to use ssssuuuuddddoooo. they are allowed to use ssssuuuuddddoooo.
ssssuuuuddddoooo can log both successful an unsuccessful attempts (as ssssuuuuddddoooo can log both successful an unsuccessful attempts (as
well as errors) to _s_y_s_l_o_g(3), a log file, or both. By well as errors) to _s_y_s_l_o_g(3), a log file, or both. By
@@ -48,20 +48,20 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
OOOOPPPPTTTTIIIIOOOONNNNSSSS OOOOPPPPTTTTIIIIOOOONNNNSSSS
ssssuuuuddddoooo accepts the following command line options: ssssuuuuddddoooo accepts the following command line options:
-V The -V (_v_e_r_s_i_o_n) option causes ssssuuuuddddoooo to print the -V The `-V' (_v_e_r_s_i_o_n) option causes ssssuuuuddddoooo to print the
version number and exit. version number and exit.
-l The -l (_l_i_s_t) option will list out the allowed (and -l The `-l' (_l_i_s_t) option will list out the allowed (and
forbidden) commands for the user on the current host. forbidden) commands for the user on the current host.
-L The -L (_l_i_s_t defaults) option will list out the -L The `-L' (_l_i_s_t defaults) option will list out the
parameters that may be set in a _D_e_f_a_u_l_t_s line along parameters that may be set in a _D_e_f_a_u_l_t_s line along
with a short description for each. This option is with a short description for each. This option is
useful in conjunction with _g_r_e_p(1). useful in conjunction with _g_r_e_p(1).
28/Mar/2000 1.6.3 1 April 7, 2000 1.6.3 1
@@ -70,42 +70,42 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS
sudo(1m) MAINTENANCE COMMANDS sudo(1m) sudo(1m) MAINTENANCE COMMANDS sudo(1m)
-h The -h (_h_e_l_p) option causes ssssuuuuddddoooo to print a usage -h The `-h' (_h_e_l_p) option causes ssssuuuuddddoooo to print a usage
message and exit. message and exit.
-v If given the -v (_v_a_l_i_d_a_t_e) option, ssssuuuuddddoooo will update -v If given the `-v' (_v_a_l_i_d_a_t_e) option, ssssuuuuddddoooo will update
the user's timestamp, prompting for the user's the user's timestamp, prompting for the user's pass<73>
password if necessary. This extends the ssssuuuuddddoooo timeout word if necessary. This extends the ssssuuuuddddoooo timeout to
to for another N minutes (where N is defined at for another N minutes (where N is defined at installa<6C>
installation time and defaults to 5 minutes) but does tion time and defaults to 5 minutes) but does not run
not run a command. a command.
-k The -k (_k_i_l_l) option to ssssuuuuddddoooo invalidates the user's -k The `-k' (_k_i_l_l) option to ssssuuuuddddoooo invalidates the user's
timestamp by setting the time on it to the epoch. The timestamp by setting the time on it to the epoch. The
next time ssssuuuuddddoooo is run a password will be required. next time ssssuuuuddddoooo is run a password will be required.
This option does not require a password and was added This option does not require a password and was added
to allow a user to revoke ssssuuuuddddoooo permissions from a to allow a user to revoke ssssuuuuddddoooo permissions from a
.logout file. .logout file.
-K The -K (sure _k_i_l_l) option to ssssuuuuddddoooo removes the user's -K The `-K' (sure _k_i_l_l) option to ssssuuuuddddoooo removes the user's
timestamp entirely. This option does not require a timestamp entirely. This option does not require a
password. password.
-b The -b (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the given -b The `-b' (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the
command in the background. Note that if you use the given command in the background. Note that if you use
-b option you cannot use shell job control to the `-b' option you cannot use shell job control to
manipulate the command. manipulate the command.
-p The -p (_p_r_o_m_p_t) option allows you to override the -p The `-p' (_p_r_o_m_p_t) option allows you to override the
default password prompt and use a custom one. If the default password prompt and use a custom one. If the
password prompt contains the %u escape, %u will be password prompt contains the `%u' escape, `%u' will be
replaced with the user's login name. Similarly, %h replaced with the user's login name. Similarly, `%h'
will be replaced with the local hostname. will be replaced with the local hostname.
-c The -c (_c_l_a_s_s) option causes ssssuuuuddddoooo to run the specified -c The `-c' (_c_l_a_s_s) option causes ssssuuuuddddoooo to run the speci<EFBFBD>
command with resources limited by the specified login fied command with resources limited by the specified
class. The _c_l_a_s_s argument can be either a class name login class. The _c_l_a_s_s argument can be either a class
as defined in /etc/login.conf, or a single '-' name as defined in /etc/login.conf, or a single '-'
character. Specifying the _c_l_a_s_s as '-' means that the character. Specifying the _c_l_a_s_s as '-' means that the
command should be run restricted by the default login command should be run restricted by the default login
capibilities of the user the command is run as. If capibilities of the user the command is run as. If
@@ -116,18 +116,18 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m)
classes where ssssuuuuddddoooo has been configured with the classes where ssssuuuuddddoooo has been configured with the
--with-logincap option. --with-logincap option.
-u The -u (_u_s_e_r) option causes ssssuuuuddddoooo to run the specified -u The `-u' (_u_s_e_r) option causes ssssuuuuddddoooo to run the speci<EFBFBD>
command as a user other than _r_o_o_t. To specify a _u_i_d fied command as a user other than _r_o_o_t. To specify a
instead of a _u_s_e_r_n_a_m_e, use "#uid". _u_i_d instead of a _u_s_e_r_n_a_m_e, use "#uid".
-s The -s (_s_h_e_l_l) option runs the shell specified by the -s The `-s' (_s_h_e_l_l) option runs the shell specified by
_S_H_E_L_L environment variable if it is set or the shell the _S_H_E_L_L environment variable if it is set or the
as specified in _p_a_s_s_w_d(4). shell as specified in _p_a_s_s_w_d(4).
28/Mar/2000 1.6.3 2 April 7, 2000 1.6.3 2
@@ -136,17 +136,18 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m)
sudo(1m) MAINTENANCE COMMANDS sudo(1m) sudo(1m) MAINTENANCE COMMANDS sudo(1m)
-H The -H (_H_O_M_E) option sets the _H_O_M_E environment -H The `-H' (_H_O_M_E) option sets the _H_O_M_E environment vari<72>
variable to the homedir of the target user (root by able to the homedir of the target user (root by
default) as specified in _p_a_s_s_w_d(4). By default, ssssuuuuddddoooo default) as specified in _p_a_s_s_w_d(4). By default, ssssuuuuddddoooo
does not modify _H_O_M_E. does not modify _H_O_M_E.
-S The -S (_s_t_d_i_n) option causes ssssuuuuddddoooo to read the password -S The `-S' (_s_t_d_i_n) option causes ssssuuuuddddoooo to read the pass<EFBFBD>
from standard input instead of the terminal device. word from standard input instead of the terminal
device.
-- The -- flag indicates that ssssuuuuddddoooo should stop processing -- The `--' flag indicates that ssssuuuuddddoooo should stop process<EFBFBD>
command line arguments. It is most useful in ing command line arguments. It is most useful in con<6F>
conjunction with the -s flag. junction with the `-s' flag.
RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEESSSS RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEESSSS
Upon successful execution of a program, the return value Upon successful execution of a program, the return value
@@ -154,46 +155,45 @@ RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEES
that was executed. that was executed.
Otherwise, ssssuuuuddddoooo quits with an exit value of 1 if there is Otherwise, ssssuuuuddddoooo quits with an exit value of 1 if there is
a configuration/permission problem or if ssssuuuuddddoooo cannot a configuration/permission problem or if ssssuuuuddddoooo cannot exe<78>
execute the given command. In the latter case the error cute the given command. In the latter case the error
string is printed to stderr. If ssssuuuuddddoooo cannot _s_t_a_t(2) one string is printed to stderr. If ssssuuuuddddoooo cannot _s_t_a_t(2) one
or more entries in the user's PATH an error is printed on or more entries in the user's `PATH' an error is printed
stderr. (If the directory does not exist or if it is not on stderr. (If the directory does not exist or if it is
really a directory, the entry is ignored and no error is not really a directory, the entry is ignored and no error
printed.) This should not happen under normal is printed.) This should not happen under normal circum<75>
circumstances. The most common reason for _s_t_a_t(2) to stances. The most common reason for _s_t_a_t(2) to return
return "permission denied" is if you are running an "permission denied" is if you are running an automounter
automounter and one of the directories in your PATH is on and one of the directories in your `PATH' is on a machine
a machine that is currently unreachable. that is currently unreachable.
SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTEEEESSSS SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTEEEESSSS
ssssuuuuddddoooo tries to be safe when executing external commands. ssssuuuuddddoooo tries to be safe when executing external commands.
Variables that control how dynamic loading and binding is Variables that control how dynamic loading and binding is
done can be used to subvert the program that ssssuuuuddddoooo runs. done can be used to subvert the program that ssssuuuuddddoooo runs.
To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), To combat this the `LD_*', `_RLD_*', `SHLIB_PATH' (HP-UX
and LIBPATH (AIX only) environment variables are removed only), and `LIBPATH' (AIX only) environment variables are
from the environment passed on to all commands executed. removed from the environment passed on to all commands
ssssuuuuddddoooo will also remove the IFS, ENV, BASH_ENV, KRB_CONF, executed. ssssuuuuddddoooo will also remove the `IFS', `ENV',
KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS and HOSTALIASES `BASH_ENV', `KRB_CONF', `KRB5_CONFIG', `LOCALDOMAIN',
variables as they too can pose a threat. `RES_OPTIONS' and `HOSTALIASES' variables as they too can
pose a threat.
To prevent command spoofing, ssssuuuuddddoooo checks "." and "" (both To prevent command spoofing, ssssuuuuddddoooo checks "." and "" (both
denoting current directory) last when searching for a denoting current directory) last when searching for a com<6F>
command in the user's PATH (if one or both are in the mand in the user's PATH (if one or both are in the PATH).
PATH). Note, however, that the actual PATH environment Note, however, that the actual `PATH' environment variable
variable is _n_o_t modified and is passed unchanged to the is _n_o_t modified and is passed unchanged to the program
program that ssssuuuuddddoooo executes. that ssssuuuuddddoooo executes.
For security reasons, if your OS supports shared libraries For security reasons, if your OS supports shared libraries
and does not disable user-defined library search paths for and does not disable user-defined library search paths for
setuid programs (most do), you should either use a linker setuid programs (most do), you should either use a linker
option that disables this behavior or link ssssuuuuddddoooo option that disables this behavior or link ssssuuuuddddoooo
statically.
April 7, 2000 1.6.3 3
28/Mar/2000 1.6.3 3
@@ -202,28 +202,30 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE
sudo(1m) MAINTENANCE COMMANDS sudo(1m) sudo(1m) MAINTENANCE COMMANDS sudo(1m)
statically.
ssssuuuuddddoooo will check the ownership of its timestamp directory ssssuuuuddddoooo will check the ownership of its timestamp directory
(_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's (_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's con<6F>
contents if it is not owned by root and only writable by tents if it is not owned by root and only writable by
root. On systems that allow non-root users to give away root. On systems that allow non-root users to give away
files via _c_h_o_w_n(2), if the timestamp directory is located files via _c_h_o_w_n(2), if the timestamp directory is located
in a directory writable by anyone (eg: _/_t_m_p), it is in a directory writable by anyone (eg: _/_t_m_p), it is possi<73>
possible for a user to create the timestamp directory ble for a user to create the timestamp directory before
before ssssuuuuddddoooo is run. However, because ssssuuuuddddoooo checks the ssssuuuuddddoooo is run. However, because ssssuuuuddddoooo checks the ownership
ownership and mode of the directory and its contents, the and mode of the directory and its contents, the only dam<61>
only damage that can be done is to "hide" files by putting age that can be done is to "hide" files by putting them in
them in the timestamp dir. This is unlikely to happen the timestamp dir. This is unlikely to happen since once
since once the timestamp dir is owned by root and the timestamp dir is owned by root and inaccessible by any
inaccessible by any other user the user placing files other user the user placing files there would be unable to
there would be unable to get them back out. To get around get them back out. To get around this issue you can use a
this issue you can use a directory that is not world- directory that is not world-writable for the timestamps
writable for the timestamps (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) or create _/_v_a_r_/_r_u_n_/_s_u_d_o with
or create _/_v_a_r_/_r_u_n_/_s_u_d_o with the appropriate owner (root) the appropriate owner (root) and permissions (0700) in the
and permissions (0700) in the system startup files. system startup files.
ssssuuuuddddoooo will not honor timestamps set far in the future. ssssuuuuddddoooo will not honor timestamps set far in the future.
Timestamps with a date greater than current_time + 2 * Timestamps with a date greater than current_time + 2 *
TIMEOUT will be ignored and sudo will log and complain. `TIMEOUT' will be ignored and sudo will log and complain.
This is done to keep a user from creating his/her own This is done to keep a user from creating his/her own
timestamp with a bogus date on system that allow users to timestamp with a bogus date on system that allow users to
give away files. give away files.
@@ -252,14 +254,12 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
To make a usage listing of the directories in the /home To make a usage listing of the directories in the /home
partition. Note that this runs the commands in a sub- partition. Note that this runs the commands in a sub-
shell to make the cd and file redirection work. shell to make the `cd' and file redirection work.
% sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
28/Mar/2000 1.6.3 4 April 7, 2000 1.6.3 4
@@ -268,6 +268,9 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
sudo(1m) MAINTENANCE COMMANDS sudo(1m) sudo(1m) MAINTENANCE COMMANDS sudo(1m)
% sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT
ssssuuuuddddoooo utilizes the following environment variables: ssssuuuuddddoooo utilizes the following environment variables:
@@ -292,8 +295,8 @@ FFFFIIIILLLLEEEESSSS
AAAAUUUUTTTTHHHHOOOORRRRSSSS AAAAUUUUTTTTHHHHOOOORRRRSSSS
Many people have worked on ssssuuuuddddoooo over the years, this Many people have worked on ssssuuuuddddoooo over the years, this ver<65>
version consists of code written primarily by: sion consists of code written primarily by:
Todd Miller Todd Miller
Chris Jepeway Chris Jepeway
@@ -306,9 +309,9 @@ BBBBUUUUGGGGSSSS
bug report at http://www.courtesan.com/sudo/bugs/ bug report at http://www.courtesan.com/sudo/bugs/
DDDDIIIISSSSCCCCLLLLAAAAIIIIMMMMEEEERRRR DDDDIIIISSSSCCCCLLLLAAAAIIIIMMMMEEEERRRR
SSSSuuuuddddoooo is provided ``AS IS'' and any express or implied SSSSuuuuddddoooo is provided ``AS IS'' and any express or implied war<61>
warranties, including, but not limited to, the implied ranties, including, but not limited to, the implied war<61>
warranties of merchantability and fitness for a particular ranties of merchantability and fitness for a particular
purpose are disclaimed. See the LICENSE file distributed purpose are disclaimed. See the LICENSE file distributed
with ssssuuuuddddoooo for complete details. with ssssuuuuddddoooo for complete details.
@@ -317,15 +320,12 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
shell if that user has access to commands allowing shell shell if that user has access to commands allowing shell
escapes. escapes.
If users have sudo ALL there is nothing to prevent them If users have sudo `ALL' there is nothing to prevent them
from creating their own program that gives them a root from creating their own program that gives them a root
shell regardless of any '!' elements in the user
specification.
April 7, 2000 1.6.3 5
28/Mar/2000 1.6.3 5
@@ -334,10 +334,13 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
sudo(1m) MAINTENANCE COMMANDS sudo(1m) sudo(1m) MAINTENANCE COMMANDS sudo(1m)
shell regardless of any '!' elements in the user specifi<66>
cation.
Running shell scripts via ssssuuuuddddoooo can expose the same kernel Running shell scripts via ssssuuuuddddoooo can expose the same kernel
bugs that make setuid shell scripts unsafe on some bugs that make setuid shell scripts unsafe on some operat<61>
operating systems (if your OS supports the /dev/fd/ ing systems (if your OS supports the /dev/fd/ directory,
directory, setuid shell scripts are generally safe). setuid shell scripts are generally safe).
SSSSEEEEEEEE AAAALLLLSSSSOOOO SSSSEEEEEEEE AAAALLLLSSSSOOOO
_l_o_g_i_n___c_a_p(3), _s_u_d_o_e_r_s(4), _v_i_s_u_d_o(1m), _s_u(1). _l_o_g_i_n___c_a_p(3), _s_u_d_o_e_r_s(4), _v_i_s_u_d_o(1m), _s_u(1).
@@ -388,9 +391,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO
April 7, 2000 1.6.3 6
28/Mar/2000 1.6.3 6

349
sudo.man.in
View File

@@ -1,12 +1,9 @@
.rn '' }` .\" Automatically generated by Pod::Man version 1.02
''' $RCSfile$$Revision$$Date$ .\" Fri Apr 7 08:37:05 2000
''' .\"
''' $Log$ .\" Standard preamble:
''' Revision 1.4 2000/04/01 21:22:11 millert .\" ======================================================================
''' Clear up confusion wrt sudo's return value. .de Sh \" Subsection heading
'''
'''
.de Sh
.br .br
.if t .Sp .if t .Sp
.ne 5 .ne 5
@@ -14,33 +11,34 @@
\fB\\$1\fR \fB\\$1\fR
.PP .PP
.. ..
.de Sp .de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v .if t .sp .5v
.if n .sp .if n .sp
.. ..
.de Ip .de Ip \" List item
.br .br
.ie \\n(.$>=3 .ne \\$3 .ie \\n(.$>=3 .ne \\$3
.el .ne 3 .el .ne 3
.IP "\\$1" \\$2 .IP "\\$1" \\$2
.. ..
.de Vb .de Vb \" Begin verbatim text
.ft CW .ft CW
.nf .nf
.ne \\$1 .ne \\$1
.. ..
.de Ve .de Ve \" End verbatim text
.ft R .ft R
.fi .fi
.. ..
''' .\" Set up some character translations and predefined strings. \*(-- will
''' .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
''' Set up \*(-- to give an unbreakable dash; .\" double quote, and \*(R" will give a right double quote. | will give a
''' string Tr holds user defined translation string. .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
''' Bell System Logo is used as a dummy character. .\" to do unbreakable dashes and therefore won't be available. \*(C` and
''' .\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr .tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\ .ie n \{\
. ds -- \(*W- . ds -- \(*W-
. ds PI pi . ds PI pi
@@ -48,70 +46,35 @@
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" "" . ds L" ""
. ds R" "" . ds R" ""
''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of . ds C` `
''' \*(L" and \*(R", except that they are used on ".xx" lines, . ds C' '
''' such as .IP and .SH, which do another additional levels of
''' double-quote interpretation
.ds M" """
.ds S" """
.ds N" """""
.ds T" """""
.ds L' '
.ds R' '
.ds M' '
.ds S' '
.ds N' '
.ds T' '
'br\} 'br\}
.el\{\ .el\{\
.ds -- \(em\| . ds -- \|\(em\|
.tr \*(Tr . ds PI \(*p
. ds L" `` . ds L" ``
. ds R" '' . ds R" ''
.ds M" ``
.ds S" ''
.ds N" ``
.ds T" ''
.ds L' `
.ds R' '
.ds M' `
.ds S' '
.ds N' `
.ds T' '
.ds PI \(*p
'br\} 'br\}
.\" If the F register is turned on, we'll generate .\"
.\" index entries out stderr for the following things: .\" If the F register is turned on, we'll generate index entries on stderr
.\" TH Title .\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" SH Header .\" index entries marked with X<> in POD. Of course, you'll have to process
.\" Sh Subsection .\" the output yourself in some meaningful fashion.
.\" Ip Item .if \nF \{\
.\" X<> Xref (embedded
.\" Of course, you have to process the output yourself
.\" in some meaninful fashion.
.if \nF \{
. de IX . de IX
. tm Index:\\$1\t\\n%\t"\\$2" . tm Index:\\$1\t\\n%\t"\\$2"
. . . .
. nr % 0 . nr % 0
. rr F . rr F
.\} .\}
.TH sudo @mansectsu@ "1.6.3" "28/Mar/2000" "MAINTENANCE COMMANDS" .\"
.UC .\" For nroff, turn off justification. Always turn off hyphenation; it
.if n .hy 0 .\" makes way too many mistakes in technical documents.
.hy 0
.if n .na .if n .na
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .\"
.de CQ \" put $1 in typewriter font .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.ft CW .\" Fear. Run. Save yourself. No user-serviceable parts.
'if n "\c
'if t \\&\\$1\c
'if n \\&\\$1\c
'if n \&"
\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
'.ft R
..
.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
. \" AM - accent mark definitions
.bd B 3 .bd B 3
. \" fudge factors for nroff and troff . \" fudge factors for nroff and troff
.if n \{\ .if n \{\
@@ -135,10 +98,7 @@
. ds ^ \& . ds ^ \&
. ds , \& . ds , \&
. ds ~ ~ . ds ~ ~
. ds ? ?
. ds ! !
. ds / . ds /
. ds q
.\} .\}
.if t \{\ .if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
@@ -146,18 +106,11 @@
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
.\} .\}
. \" troff and (daisy-wheel) nroff accents . \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
@@ -165,8 +118,6 @@
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e .ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E .ds Ae A\h'-(\w'A'u*4/10)'E
.ds oe o\h'-(\w'o'u*4/10)'e
.ds Oe O\h'-(\w'O'u*4/10)'E
. \" corrections for vroff . \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
@@ -175,10 +126,6 @@
\{\ \{\
. ds : e . ds : e
. ds 8 ss . ds 8 ss
. ds v \h'-1'\o'\(aa\(ga'
. ds _ \h'-1'^
. ds . \h'-1'.
. ds 3 3
. ds o a . ds o a
. ds d- d\h'-1'\(ga . ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy . ds D- D\h'-1'\(hy
@@ -186,18 +133,23 @@
. ds Th \o'LP' . ds Th \o'LP'
. ds ae ae . ds ae ae
. ds Ae AE . ds Ae AE
. ds oe oe
. ds Oe OE
.\} .\}
.rm #[ #] #H #V #F C .rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "sudo @mansectsu@"
.TH sudo @mansectsu@ "1.6.3" "April 7, 2000" "MAINTENANCE COMMANDS"
.UC
.SH "NAME" .SH "NAME"
sudo \- execute a command as another user sudo \- execute a command as another user
.SH "SYNOPSIS" .SH "SYNOPSIS"
\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | .IX Header "SYNOPSIS"
\&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR |
[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-c\fR class|\- ] [ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-c\fR class|\- ]
[ \fB\-u\fR username/#uid ] \fIcommand\fR [ \fB\-u\fR username/#uid ] \fIcommand\fR
.SH "DESCRIPTION" .SH "DESCRIPTION"
\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the .IX Header "DESCRIPTION"
\&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
superuser or another user, as specified in the sudoers file. The superuser or another user, as specified in the sudoers file. The
real and effective uid and gid are set to match those of the target real and effective uid and gid are set to match those of the target
user as specified in the passwd file (the group vector is also user as specified in the passwd file (the group vector is also
@@ -208,8 +160,8 @@ a user has been authenticated, a timestamp is updated and the
user may then use sudo without a password for a short period of time user may then use sudo without a password for a short period of time
(five minutes by default). (five minutes by default).
.PP .PP
\fBsudo\fR determines who is an authorized user by consulting the \&\fBsudo\fR determines who is an authorized user by consulting the
file \fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user file \fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \f(CW\*(C`\-v\*(C'\fR flag a user
can update the time stamp without running a \fIcommand.\fR can update the time stamp without running a \fIcommand.\fR
The password prompt itself will also time out if the user's password is The password prompt itself will also time out if the user's password is
not entered with N minutes (again, this is defined at configure not entered with N minutes (again, this is defined at configure
@@ -219,81 +171,97 @@ If a user that is not listed in the \fIsudoers\fR file tries to run
a command via \fBsudo\fR, mail is sent to the proper authorities, a command via \fBsudo\fR, mail is sent to the proper authorities,
as defined at configure time (defaults to root). Note that the as defined at configure time (defaults to root). Note that the
mail will not be sent if an unauthorized user tries to run sudo mail will not be sent if an unauthorized user tries to run sudo
with the \f(CW-l\fR or \f(CW-v\fR flags. This allows users to determine with the \f(CW\*(C`\-l\*(C'\fR or \f(CW\*(C`\-v\*(C'\fR flags. This allows users to determine
for themselves whether or not they are allowed to use \fBsudo\fR. for themselves whether or not they are allowed to use \fBsudo\fR.
.PP .PP
\fBsudo\fR can log both successful an unsuccessful attempts (as well \&\fBsudo\fR can log both successful an unsuccessful attempts (as well
as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR
will log via \fIsyslog\fR\|(3) but this is changeable at configure time. will log via \fIsyslog\fR\|(3) but this is changeable at configure time.
.SH "OPTIONS" .SH "OPTIONS"
\fBsudo\fR accepts the following command line options: .IX Header "OPTIONS"
.Ip "-V" 4 \&\fBsudo\fR accepts the following command line options:
The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the .Ip "\-V" 4
.IX Item "-V"
The \f(CW\*(C`\-V\*(C'\fR (\fIversion\fR) option causes \fBsudo\fR to print the
version number and exit. version number and exit.
.Ip "-l" 4 .Ip "\-l" 4
The \f(CW-l\fR (\fIlist\fR) option will list out the allowed (and .IX Item "-l"
The \f(CW\*(C`\-l\*(C'\fR (\fIlist\fR) option will list out the allowed (and
forbidden) commands for the user on the current host. forbidden) commands for the user on the current host.
.Ip "-L" 4 .Ip "\-L" 4
The \f(CW-L\fR (\fIlist\fR defaults) option will list out the parameters .IX Item "-L"
The \f(CW\*(C`\-L\*(C'\fR (\fIlist\fR defaults) option will list out the parameters
that may be set in a \fIDefaults\fR line along with a short description that may be set in a \fIDefaults\fR line along with a short description
for each. This option is useful in conjunction with \fIgrep\fR\|(1). for each. This option is useful in conjunction with \fIgrep\fR\|(1).
.Ip "-h" 4 .Ip "\-h" 4
The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. .IX Item "-h"
.Ip "-v" 4 The \f(CW\*(C`\-h\*(C'\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the .Ip "\-v" 4
.IX Item "-v"
If given the \f(CW\*(C`\-v\*(C'\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
user's timestamp, prompting for the user's password if necessary. user's timestamp, prompting for the user's password if necessary.
This extends the \fBsudo\fR timeout to for another N minutes This extends the \fBsudo\fR timeout to for another N minutes
(where N is defined at installation time and defaults to 5 (where N is defined at installation time and defaults to 5
minutes) but does not run a command. minutes) but does not run a command.
.Ip "-k" 4 .Ip "\-k" 4
The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp .IX Item "-k"
The \f(CW\*(C`\-k\*(C'\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
by setting the time on it to the epoch. The next time \fBsudo\fR is by setting the time on it to the epoch. The next time \fBsudo\fR is
run a password will be required. This option does not require a password run a password will be required. This option does not require a password
and was added to allow a user to revoke \fBsudo\fR permissions from a .logout and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
file. file.
.Ip "-K" 4 .Ip "\-K" 4
The \f(CW-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp .IX Item "-K"
The \f(CW\*(C`\-K\*(C'\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
entirely. This option does not require a password. entirely. This option does not require a password.
.Ip "-b" 4 .Ip "\-b" 4
The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given .IX Item "-b"
command in the background. Note that if you use the \f(CW-b\fR The \f(CW\*(C`\-b\*(C'\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
command in the background. Note that if you use the \f(CW\*(C`\-b\*(C'\fR
option you cannot use shell job control to manipulate the command. option you cannot use shell job control to manipulate the command.
.Ip "-p" 4 .Ip "\-p" 4
The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default .IX Item "-p"
The \f(CW\*(C`\-p\*(C'\fR (\fIprompt\fR) option allows you to override the default
password prompt and use a custom one. If the password prompt password prompt and use a custom one. If the password prompt
contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced with the user's contains the \f(CW\*(C`%u\*(C'\fR escape, \f(CW\*(C`%u\*(C'\fR will be replaced with the user's
login name. Similarly, \f(CW%h\fR will be replaced with the local login name. Similarly, \f(CW\*(C`%h\*(C'\fR will be replaced with the local
hostname. hostname.
.Ip "-c" 4 .Ip "\-c" 4
The \f(CW-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command .IX Item "-c"
The \f(CW\*(C`\-c\*(C'\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
with resources limited by the specified login class. The \fIclass\fR with resources limited by the specified login class. The \fIclass\fR
argument can be either a class name as defined in /etc/login.conf, argument can be either a class name as defined in /etc/login.conf,
or a single \*(L'\-\*(R' character. Specifying the \fIclass\fR as \*(L'\-\*(R' means or a single '\-' character. Specifying the \fIclass\fR as '\-' means
that the command should be run restricted by the default login that the command should be run restricted by the default login
capibilities of the user the command is run as. If the \fIclass\fR capibilities of the user the command is run as. If the \fIclass\fR
argument specifies an existing user class, the command must be run argument specifies an existing user class, the command must be run
as root, or the \fBsudo\fR command must be run from a shell that is already as root, or the \fBsudo\fR command must be run from a shell that is already
root. This option is only available on systems with \s-1BSD\s0 login classes root. This option is only available on systems with BSD login classes
where \fBsudo\fR has been configured with the --with-logincap option. where \fBsudo\fR has been configured with the \-\-with-logincap option.
.Ip "-u" 4 .Ip "\-u" 4
The \f(CW-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command .IX Item "-u"
The \f(CW\*(C`\-u\*(C'\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a
\fIusername\fR, use \*(L"#uid\*(R". \&\fIusername\fR, use \*(L"#uid\*(R".
.Ip "-s" 4 .Ip "\-s" 4
The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR .IX Item "-s"
The \f(CW\*(C`\-s\*(C'\fR (\fIshell\fR) option runs the shell specified by the \fISHELL\fR
environment variable if it is set or the shell as specified environment variable if it is set or the shell as specified
in \fIpasswd\fR\|(@mansectform@). in \fIpasswd\fR\|(@mansectform@).
.Ip "-H" 4 .Ip "\-H" 4
The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable .IX Item "-H"
The \f(CW\*(C`\-H\*(C'\fR (\fIHOME\fR) option sets the \fIHOME\fR environment variable
to the homedir of the target user (root by default) as specified to the homedir of the target user (root by default) as specified
in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR. in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \fIHOME\fR.
.Ip "-S" 4 .Ip "\-S" 4
The \f(CW-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from .IX Item "-S"
The \f(CW\*(C`\-S\*(C'\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
standard input instead of the terminal device. standard input instead of the terminal device.
.Ip "--" 4 .Ip "\-\-" 4
The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command The \f(CW\*(C`\-\-\*(C'\fR flag indicates that \fBsudo\fR should stop processing command
line arguments. It is most useful in conjunction with the \f(CW-s\fR flag. line arguments. It is most useful in conjunction with the \f(CW\*(C`\-s\*(C'\fR flag.
.SH "RETURN VALUES" .SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Upon successful execution of a program, the return value from \fBsudo\fR Upon successful execution of a program, the return value from \fBsudo\fR
will simply be the return value of the program that was executed. will simply be the return value of the program that was executed.
.PP .PP
@@ -301,28 +269,29 @@ Otherwise, \fBsudo\fR quits with an exit value of 1 if there is a
configuration/permission problem or if \fBsudo\fR cannot execute the configuration/permission problem or if \fBsudo\fR cannot execute the
given command. In the latter case the error string is printed to given command. In the latter case the error string is printed to
stderr. If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's stderr. If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's
\f(CWPATH\fR an error is printed on stderr. (If the directory does not \&\f(CW\*(C`PATH\*(C'\fR an error is printed on stderr. (If the directory does not
exist or if it is not really a directory, the entry is ignored and exist or if it is not really a directory, the entry is ignored and
no error is printed.) This should not happen under normal no error is printed.) This should not happen under normal
circumstances. The most common reason for \fIstat\fR\|(2) to return circumstances. The most common reason for \fIstat\fR\|(2) to return
\*(L"permission denied\*(R" is if you are running an automounter and one \&\*(L"permission denied\*(R" is if you are running an automounter and one
of the directories in your \f(CWPATH\fR is on a machine that is currently of the directories in your \f(CW\*(C`PATH\*(C'\fR is on a machine that is currently
unreachable. unreachable.
.SH "SECURITY NOTES" .SH "SECURITY NOTES"
\fBsudo\fR tries to be safe when executing external commands. Variables .IX Header "SECURITY NOTES"
\&\fBsudo\fR tries to be safe when executing external commands. Variables
that control how dynamic loading and binding is done can be used that control how dynamic loading and binding is done can be used
to subvert the program that \fBsudo\fR runs. To combat this the to subvert the program that \fBsudo\fR runs. To combat this the
\f(CWLD_*\fR, \f(CW_RLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), and \f(CWLIBPATH\fR (AIX \&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (HP-UX only), and \f(CW\*(C`LIBPATH\*(C'\fR (AIX
only) environment variables are removed from the environment passed only) environment variables are removed from the environment passed
on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR, on to all commands executed. \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR,
\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR, \f(CWKRB5_CONFIG\fR, \f(CWLOCALDOMAIN\fR, \&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRB5_CONFIG\*(C'\fR, \f(CW\*(C`LOCALDOMAIN\*(C'\fR,
\f(CWRES_OPTIONS\fR and \f(CWHOSTALIASES\fR variables as they too can pose a \&\f(CW\*(C`RES_OPTIONS\*(C'\fR and \f(CW\*(C`HOSTALIASES\*(C'\fR variables as they too can pose a
threat. threat.
.PP .PP
To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting To prevent command spoofing, \fBsudo\fR checks \*(L".\*(R" and "" (both denoting
current directory) last when searching for a command in the user's current directory) last when searching for a command in the user's
PATH (if one or both are in the PATH). Note, however, that the PATH (if one or both are in the PATH). Note, however, that the
actual \f(CWPATH\fR environment variable is \fInot\fR modified and is passed actual \f(CW\*(C`PATH\*(C'\fR environment variable is \fInot\fR modified and is passed
unchanged to the program that \fBsudo\fR executes. unchanged to the program that \fBsudo\fR executes.
.PP .PP
For security reasons, if your OS supports shared libraries and does For security reasons, if your OS supports shared libraries and does
@@ -330,13 +299,13 @@ not disable user-defined library search paths for setuid programs
(most do), you should either use a linker option that disables this (most do), you should either use a linker option that disables this
behavior or link \fBsudo\fR statically. behavior or link \fBsudo\fR statically.
.PP .PP
\fBsudo\fR will check the ownership of its timestamp directory \&\fBsudo\fR will check the ownership of its timestamp directory
(\fI@TIMEDIR@\fR by default) and ignore the directory's contents if (\fI@TIMEDIR@\fR by default) and ignore the directory's contents if
it is not owned by root and only writable by root. On systems that it is not owned by root and only writable by root. On systems that
allow non-root users to give away files via \fIchown\fR\|(2), if the timestamp allow non-root users to give away files via \fIchown\fR\|(2), if the timestamp
directory is located in a directory writable by anyone (eg: \fI/tmp\fR), directory is located in a directory writable by anyone (eg: \fI/tmp\fR),
it is possible for a user to create the timestamp directory before it is possible for a user to create the timestamp directory before
\fBsudo\fR is run. However, because \fBsudo\fR checks the ownership and \&\fBsudo\fR is run. However, because \fBsudo\fR checks the ownership and
mode of the directory and its contents, the only damage that can mode of the directory and its contents, the only damage that can
be done is to \*(L"hide\*(R" files by putting them in the timestamp dir. be done is to \*(L"hide\*(R" files by putting them in the timestamp dir.
This is unlikely to happen since once the timestamp dir is owned This is unlikely to happen since once the timestamp dir is owned
@@ -347,12 +316,13 @@ timestamps (\fI/var/adm/sudo\fR for instance) or create \fI@TIMEDIR@\fR
with the appropriate owner (root) and permissions (0700) in the with the appropriate owner (root) and permissions (0700) in the
system startup files. system startup files.
.PP .PP
\fBsudo\fR will not honor timestamps set far in the future. \&\fBsudo\fR will not honor timestamps set far in the future.
Timestamps with a date greater than current_time + 2 * \f(CWTIMEOUT\fR Timestamps with a date greater than current_time + 2 * \f(CW\*(C`TIMEOUT\*(C'\fR
will be ignored and sudo will log and complain. This is done to will be ignored and sudo will log and complain. This is done to
keep a user from creating his/her own timestamp with a bogus keep a user from creating his/her own timestamp with a bogus
date on system that allow users to give away files. date on system that allow users to give away files.
.SH "EXAMPLES" .SH "EXAMPLES"
.IX Header "EXAMPLES"
Note: the following examples assume suitable \fIsudoers\fR\|(@mansectform@) entries. Note: the following examples assume suitable \fIsudoers\fR\|(@mansectform@) entries.
.PP .PP
To get a file listing of an unreadable directory: To get a file listing of an unreadable directory:
@@ -378,13 +348,14 @@ To shutdown a machine:
.Ve .Ve
To make a usage listing of the directories in the /home To make a usage listing of the directories in the /home
partition. Note that this runs the commands in a sub-shell partition. Note that this runs the commands in a sub-shell
to make the \f(CWcd\fR and file redirection work. to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
.PP .PP
.Vb 1 .Vb 1
\& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" \& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
.Ve .Ve
.SH "ENVIRONMENT" .SH "ENVIRONMENT"
\fBsudo\fR utilizes the following environment variables: .IX Header "ENVIRONMENT"
\&\fBsudo\fR utilizes the following environment variables:
.PP .PP
.Vb 13 .Vb 13
\& PATH Set to a sane value if SECURE_PATH is set \& PATH Set to a sane value if SECURE_PATH is set
@@ -402,12 +373,13 @@ to make the \f(CWcd\fR and file redirection work.
\& SUDO_PS1 If set, PS1 will be set to its value \& SUDO_PS1 If set, PS1 will be set to its value
.Ve .Ve
.SH "FILES" .SH "FILES"
.PP .IX Header "FILES"
.Vb 2 .Vb 2
\& @sysconfdir@/sudoers List of who can run what \& @sysconfdir@/sudoers List of who can run what
\& @TIMEDIR@ Directory containing timestamps \& @TIMEDIR@ Directory containing timestamps
.Ve .Ve
.SH "AUTHORS" .SH "AUTHORS"
.IX Header "AUTHORS"
Many people have worked on \fBsudo\fR over the years, this Many people have worked on \fBsudo\fR over the years, this
version consists of code written primarily by: version consists of code written primarily by:
.PP .PP
@@ -418,19 +390,22 @@ version consists of code written primarily by:
See the HISTORY file in the \fBsudo\fR distribution for a short history See the HISTORY file in the \fBsudo\fR distribution for a short history
of \fBsudo\fR. of \fBsudo\fR.
.SH "BUGS" .SH "BUGS"
.IX Header "BUGS"
If you feel you have found a bug in sudo, please submit a bug report If you feel you have found a bug in sudo, please submit a bug report
at http://www.courtesan.com/sudo/bugs/ at http://www.courtesan.com/sudo/bugs/
.SH "DISCLAIMER" .SH "DISCLAIMER"
\fBSudo\fR is provided ``AS IS'\*(R' and any express or implied warranties, .IX Header "DISCLAIMER"
\&\fBSudo\fR is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of merchantability including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed. and fitness for a particular purpose are disclaimed.
See the LICENSE file distributed with \fBsudo\fR for complete details. See the LICENSE file distributed with \fBsudo\fR for complete details.
.SH "CAVEATS" .SH "CAVEATS"
.IX Header "CAVEATS"
There is no easy way to prevent a user from gaining a root shell if There is no easy way to prevent a user from gaining a root shell if
that user has access to commands allowing shell escapes. that user has access to commands allowing shell escapes.
.PP .PP
If users have sudo \f(CWALL\fR there is nothing to prevent them from creating If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from creating
their own program that gives them a root shell regardless of any \*(L'!\*(R' their own program that gives them a root shell regardless of any '!'
elements in the user specification. elements in the user specification.
.PP .PP
Running shell scripts via \fBsudo\fR can expose the same kernel bugs Running shell scripts via \fBsudo\fR can expose the same kernel bugs
@@ -438,67 +413,5 @@ that make setuid shell scripts unsafe on some operating systems
(if your OS supports the /dev/fd/ directory, setuid shell scripts (if your OS supports the /dev/fd/ directory, setuid shell scripts
are generally safe). are generally safe).
.SH "SEE ALSO" .SH "SEE ALSO"
\fIlogin_cap\fR\|(3), \fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@), \fIsu\fR\|(1).
.rn }` ''
.IX Title "sudo @mansectsu@"
.IX Name "sudo - execute a command as another user"
.IX Header "NAME"
.IX Header "SYNOPSIS"
.IX Header "DESCRIPTION"
.IX Header "OPTIONS"
.IX Item "-V"
.IX Item "-l"
.IX Item "-L"
.IX Item "-h"
.IX Item "-v"
.IX Item "-k"
.IX Item "-K"
.IX Item "-b"
.IX Item "-p"
.IX Item "-c"
.IX Item "-u"
.IX Item "-s"
.IX Item "-H"
.IX Item "-S"
.IX Item "--"
.IX Header "RETURN VALUES"
.IX Header "SECURITY NOTES"
.IX Header "EXAMPLES"
.IX Header "ENVIRONMENT"
.IX Header "FILES"
.IX Header "AUTHORS"
.IX Header "BUGS"
.IX Header "DISCLAIMER"
.IX Header "CAVEATS"
.IX Header "SEE ALSO" .IX Header "SEE ALSO"
\&\fIlogin_cap\fR\|(3), \fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@), \fIsu\fR\|(1).

554
sudoers.cat
View File

File diff suppressed because it is too large Load Diff

656
sudoers.man.in
View File

File diff suppressed because it is too large Load Diff

106
visudo.cat
View File

@@ -12,14 +12,14 @@ SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
vvvviiiissssuuuuddddoooo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous vvvviiiissssuuuuddddoooo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous
to _v_i_p_w(1m). vvvviiiissssuuuuddddoooo locks the _s_u_d_o_e_r_s file against to _v_i_p_w(1m). vvvviiiissssuuuuddddoooo locks the _s_u_d_o_e_r_s file against multi<74>
multiple simultaneous edits, provides basic sanity checks, ple simultaneous edits, provides basic sanity checks, and
and checks for parse errors. If the _s_u_d_o_e_r_s file is checks for parse errors. If the _s_u_d_o_e_r_s file is currently
currently being edited you will receive a message to try being edited you will receive a message to try again
again later. In the default configuration, the _v_i(1) later. In the default configuration, the _v_i(1) editor is
editor is used, but there is a compile time option to used, but there is a compile time option to allow use of
allow use of whatever editor the environment variables whatever editor the environment variables `EDITOR' or
EDITOR or VISUAL are set to. `VISUAL' are set to.
vvvviiiissssuuuuddddoooo parses the _s_u_d_o_e_r_s file after the edit and will not vvvviiiissssuuuuddddoooo parses the _s_u_d_o_e_r_s file after the edit and will not
save the changes if there is a syntax error. Upon finding save the changes if there is a syntax error. Upon finding
@@ -41,14 +41,13 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS
vvvviiiissssuuuuddddoooo accepts the following command line option: vvvviiiissssuuuuddddoooo accepts the following command line option:
-s Enable ssssttttrrrriiiicccctttt checking of the _s_u_d_o_e_r_s file. If an -s Enable ssssttttrrrriiiicccctttt checking of the _s_u_d_o_e_r_s file. If an
alias is used before it is defined, vvvviiiissssuuuuddddoooo will alias is used before it is defined, vvvviiiissssuuuuddddoooo will con<6F>
consider this a parse error. Note that it is not sider this a parse error. Note that it is not possi<73>
possible to differentiate between an alias and a ble to differentiate between an alias and a hostname
hostname or username that consists solely of upper or username that consists solely of upper case let<65>
case letters, digits, and the underscore ('_') ters, digits, and the underscore ('_') character.
character.
-V The -V (version) option causes vvvviiiissssuuuuddddoooo to print the -V The `-V' (version) option causes vvvviiiissssuuuuddddoooo to print the
version number and exit. version number and exit.
EEEERRRRRRRROOOORRRRSSSS EEEERRRRRRRROOOORRRRSSSS
@@ -61,7 +60,8 @@ EEEERRRRRRRROOOORRRRSSSS
26/Mar/2000 1.6.3 1
April 7, 2000 1.6.3 1
@@ -96,8 +96,8 @@ FFFFIIIILLLLEEEESSSS
AAAAUUUUTTTTHHHHOOOORRRR AAAAUUUUTTTTHHHHOOOORRRR
Many people have worked on _s_u_d_o over the years, this Many people have worked on _s_u_d_o over the years, this ver<65>
version of vvvviiiissssuuuuddddoooo was written by: sion of vvvviiiissssuuuuddddoooo was written by:
Todd Miller <Todd.Miller@courtesan.com> Todd Miller <Todd.Miller@courtesan.com>
@@ -120,79 +120,13 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
shell if the editor used by vvvviiiissssuuuuddddoooo allows shell escapes. shell if the editor used by vvvviiiissssuuuuddddoooo allows shell escapes.
SSSSEEEEEEEE AAAALLLLSSSSOOOO SSSSEEEEEEEE AAAALLLLSSSSOOOO
_s_u_d_o(1m), _v_i_p_w(1m). _s_u_d_o(1m), _v_i_p_w(8).
26/Mar/2000 1.6.3 2 April 7, 2000 1.6.3 2
visudo(1m) MAINTENANCE COMMANDS visudo(1m)
26/Mar/2000 1.6.3 3

215
visudo.man.in
View File

@@ -1,12 +1,9 @@
.rn '' }` .\" Automatically generated by Pod::Man version 1.02
''' $RCSfile$$Revision$$Date$ .\" Fri Apr 7 08:37:07 2000
''' .\"
''' $Log$ .\" Standard preamble:
''' Revision 1.4 2000/03/27 03:26:24 millert .\" ======================================================================
''' Use @mansectsu@ and @mansectform@ in the man page bodies as well. .de Sh \" Subsection heading
'''
'''
.de Sh
.br .br
.if t .Sp .if t .Sp
.ne 5 .ne 5
@@ -14,33 +11,34 @@
\fB\\$1\fR \fB\\$1\fR
.PP .PP
.. ..
.de Sp .de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v .if t .sp .5v
.if n .sp .if n .sp
.. ..
.de Ip .de Ip \" List item
.br .br
.ie \\n(.$>=3 .ne \\$3 .ie \\n(.$>=3 .ne \\$3
.el .ne 3 .el .ne 3
.IP "\\$1" \\$2 .IP "\\$1" \\$2
.. ..
.de Vb .de Vb \" Begin verbatim text
.ft CW .ft CW
.nf .nf
.ne \\$1 .ne \\$1
.. ..
.de Ve .de Ve \" End verbatim text
.ft R .ft R
.fi .fi
.. ..
''' .\" Set up some character translations and predefined strings. \*(-- will
''' .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
''' Set up \*(-- to give an unbreakable dash; .\" double quote, and \*(R" will give a right double quote. | will give a
''' string Tr holds user defined translation string. .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
''' Bell System Logo is used as a dummy character. .\" to do unbreakable dashes and therefore won't be available. \*(C` and
''' .\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr .tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\ .ie n \{\
. ds -- \(*W- . ds -- \(*W-
. ds PI pi . ds PI pi
@@ -48,70 +46,35 @@
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" "" . ds L" ""
. ds R" "" . ds R" ""
''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of . ds C` `
''' \*(L" and \*(R", except that they are used on ".xx" lines, . ds C' '
''' such as .IP and .SH, which do another additional levels of
''' double-quote interpretation
.ds M" """
.ds S" """
.ds N" """""
.ds T" """""
.ds L' '
.ds R' '
.ds M' '
.ds S' '
.ds N' '
.ds T' '
'br\} 'br\}
.el\{\ .el\{\
.ds -- \(em\| . ds -- \|\(em\|
.tr \*(Tr . ds PI \(*p
. ds L" `` . ds L" ``
. ds R" '' . ds R" ''
.ds M" ``
.ds S" ''
.ds N" ``
.ds T" ''
.ds L' `
.ds R' '
.ds M' `
.ds S' '
.ds N' `
.ds T' '
.ds PI \(*p
'br\} 'br\}
.\" If the F register is turned on, we'll generate .\"
.\" index entries out stderr for the following things: .\" If the F register is turned on, we'll generate index entries on stderr
.\" TH Title .\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" SH Header .\" index entries marked with X<> in POD. Of course, you'll have to process
.\" Sh Subsection .\" the output yourself in some meaningful fashion.
.\" Ip Item .if \nF \{\
.\" X<> Xref (embedded
.\" Of course, you have to process the output yourself
.\" in some meaninful fashion.
.if \nF \{
. de IX . de IX
. tm Index:\\$1\t\\n%\t"\\$2" . tm Index:\\$1\t\\n%\t"\\$2"
. . . .
. nr % 0 . nr % 0
. rr F . rr F
.\} .\}
.TH visudo @mansectsu@ "1.6.3" "26/Mar/2000" "MAINTENANCE COMMANDS" .\"
.UC .\" For nroff, turn off justification. Always turn off hyphenation; it
.if n .hy 0 .\" makes way too many mistakes in technical documents.
.hy 0
.if n .na .if n .na
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .\"
.de CQ \" put $1 in typewriter font .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.ft CW .\" Fear. Run. Save yourself. No user-serviceable parts.
'if n "\c
'if t \\&\\$1\c
'if n \\&\\$1\c
'if n \&"
\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
'.ft R
..
.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
. \" AM - accent mark definitions
.bd B 3 .bd B 3
. \" fudge factors for nroff and troff . \" fudge factors for nroff and troff
.if n \{\ .if n \{\
@@ -135,10 +98,7 @@
. ds ^ \& . ds ^ \&
. ds , \& . ds , \&
. ds ~ ~ . ds ~ ~
. ds ? ?
. ds ! !
. ds / . ds /
. ds q
.\} .\}
.if t \{\ .if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
@@ -146,18 +106,11 @@
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
.\} .\}
. \" troff and (daisy-wheel) nroff accents . \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
@@ -165,8 +118,6 @@
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e .ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E .ds Ae A\h'-(\w'A'u*4/10)'E
.ds oe o\h'-(\w'o'u*4/10)'e
.ds Oe O\h'-(\w'O'u*4/10)'E
. \" corrections for vroff . \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
@@ -175,10 +126,6 @@
\{\ \{\
. ds : e . ds : e
. ds 8 ss . ds 8 ss
. ds v \h'-1'\o'\(aa\(ga'
. ds _ \h'-1'^
. ds . \h'-1'.
. ds 3 3
. ds o a . ds o a
. ds d- d\h'-1'\(ga . ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy . ds D- D\h'-1'\(hy
@@ -186,32 +133,37 @@
. ds Th \o'LP' . ds Th \o'LP'
. ds ae ae . ds ae ae
. ds Ae AE . ds Ae AE
. ds oe oe
. ds Oe OE
.\} .\}
.rm #[ #] #H #V #F C .rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "visudo @mansectsu@"
.TH visudo @mansectsu@ "1.6.3" "April 7, 2000" "MAINTENANCE COMMANDS"
.UC
.SH "NAME" .SH "NAME"
visudo \- edit the sudoers file visudo \- edit the sudoers file
.SH "SYNOPSIS" .SH "SYNOPSIS"
\fBvisudo\fR [ \fB\-s\fR ] [ \fB\-V\fR ] .IX Header "SYNOPSIS"
\&\fBvisudo\fR [ \fB\-s\fR ] [ \fB\-V\fR ]
.SH "DESCRIPTION" .SH "DESCRIPTION"
\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to .IX Header "DESCRIPTION"
\fIvipw\fR\|(@mansectsu@). \fBvisudo\fR locks the \fIsudoers\fR file against multiple \&\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
\&\fIvipw\fR\|(@mansectsu@). \fBvisudo\fR locks the \fIsudoers\fR file against multiple
simultaneous edits, provides basic sanity checks, and checks simultaneous edits, provides basic sanity checks, and checks
for parse errors. If the \fIsudoers\fR file is currently being for parse errors. If the \fIsudoers\fR file is currently being
edited you will receive a message to try again later. In the edited you will receive a message to try again later. In the
default configuration, the \fIvi\fR\|(1) editor is used, but there is default configuration, the \fIvi\fR\|(1) editor is used, but there is
a compile time option to allow use of whatever editor the a compile time option to allow use of whatever editor the
environment variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to. environment variables \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR are set to.
.PP .PP
\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will \&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
not save the changes if there is a syntax error. Upon finding not save the changes if there is a syntax error. Upon finding
an error, a message will be printed stating the line \fInumber\fR\|(s) an error, a message will be printed stating the line \fInumber\fR\|(s)
that the error occurred on and the user will receive the that the error occurred on and the user will receive the
\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R" \&\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R"
to re-edit the \fIsudoers\fR file, enter \*(L"x\*(R" to exit without to re-edit the \fIsudoers\fR file, enter \*(L"x\*(R" to exit without
saving the changes, or \*(L"Q\*(R" to quit and save changes. The saving the changes, or \*(L"Q\*(R" to quit and save changes. The
\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR \&\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR
believes there to be a parse error, so will \fBsudo\fR and no one believes there to be a parse error, so will \fBsudo\fR and no one
will be able to execute \fBsudo\fR again until the error is fixed. will be able to execute \fBsudo\fR again until the error is fixed.
Any other command at this prompt will print a short help message. Any other command at this prompt will print a short help message.
@@ -219,24 +171,32 @@ When editing the \fIsudoers\fR file after a parse error has been
detected the cursor will be placed on the line where the error detected the cursor will be placed on the line where the error
occurred (if the editor supports this feature). occurred (if the editor supports this feature).
.SH "OPTIONS" .SH "OPTIONS"
\fBvisudo\fR accepts the following command line option: .IX Header "OPTIONS"
.Ip "-s" 4 \&\fBvisudo\fR accepts the following command line option:
.Ip "\-s" 4
.IX Item "-s"
Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is
used before it is defined, \fBvisudo\fR will consider this a parse used before it is defined, \fBvisudo\fR will consider this a parse
error. Note that it is not possible to differentiate between an error. Note that it is not possible to differentiate between an
alias and a hostname or username that consists solely of upper case alias and a hostname or username that consists solely of upper case
letters, digits, and the underscore ('_') character. letters, digits, and the underscore ('_') character.
.Ip "-V" 4 .Ip "\-V" 4
The \f(CW-V\fR (version) option causes \fBvisudo\fR to print the version number .IX Item "-V"
The \f(CW\*(C`\-V\*(C'\fR (version) option causes \fBvisudo\fR to print the version number
and exit. and exit.
.SH "ERRORS" .SH "ERRORS"
.IX Header "ERRORS"
.Ip "sudoers file busy, try again later." 4 .Ip "sudoers file busy, try again later." 4
.IX Item "sudoers file busy, try again later."
Someone else is currently editing the \fIsudoers\fR file. Someone else is currently editing the \fIsudoers\fR file.
.Ip "@sysconfdir@/sudoers.tmp: Permission denied" 4 .Ip "@sysconfdir@/sudoers.tmp: Permission denied" 4
.IX Item "@sysconfdir@/sudoers.tmp: Permission denied"
You didn't run \fBvisudo\fR as root. You didn't run \fBvisudo\fR as root.
.Ip "Can't find you in the passwd database" 4 .Ip "Can't find you in the passwd database" 4
.IX Item "Can't find you in the passwd database"
Your userid does not appear in the system passwd file. Your userid does not appear in the system passwd file.
.Ip "Warning: undeclared Alias referenced near ..." 4 .Ip "Warning: undeclared Alias referenced near ..." 4
.IX Item "Warning: undeclared Alias referenced near ..."
Either you are using a {User,Runas,Host,Cmnd}_Alias before Either you are using a {User,Runas,Host,Cmnd}_Alias before
defining it or you have a user or hostname listed that defining it or you have a user or hostname listed that
consists solely of upper case letters, digits, and the consists solely of upper case letters, digits, and the
@@ -244,78 +204,43 @@ underscore ('_') character. If the latter, you can ignore
the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict) the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict)
mode these are errors not warnings. mode these are errors not warnings.
.SH "ENVIRONMENT" .SH "ENVIRONMENT"
.IX Header "ENVIRONMENT"
The following environment variables are used only if \fBvisudo\fR The following environment variables are used only if \fBvisudo\fR
was configured with the \fI--with-env-editor\fR option: was configured with the \fI\*(--with-env-editor\fR option:
.PP .PP
.Vb 2 .Vb 2
\& EDITOR Used by visudo as the editor to use \& EDITOR Used by visudo as the editor to use
\& VISUAL Used by visudo if EDITOR is not set \& VISUAL Used by visudo if EDITOR is not set
.Ve .Ve
.SH "FILES" .SH "FILES"
.PP .IX Header "FILES"
.Vb 2 .Vb 2
\& @sysconfdir@/sudoers List of who can run what \& @sysconfdir@/sudoers List of who can run what
\& @sysconfdir@/sudoers.tmp Lock file for visudo \& @sysconfdir@/sudoers.tmp Lock file for visudo
.Ve .Ve
.SH "AUTHOR" .SH "AUTHOR"
.IX Header "AUTHOR"
Many people have worked on \fIsudo\fR over the years, this version of Many people have worked on \fIsudo\fR over the years, this version of
\fBvisudo\fR was written by: \&\fBvisudo\fR was written by:
.PP .PP
.Vb 1 .Vb 1
\& Todd Miller <Todd.Miller@courtesan.com> \& Todd Miller <Todd.Miller@courtesan.com>
.Ve .Ve
See the HISTORY file in the sudo distribution for more details. See the HISTORY file in the sudo distribution for more details.
.SH "BUGS" .SH "BUGS"
.IX Header "BUGS"
If you feel you have found a bug in sudo, please submit a bug report If you feel you have found a bug in sudo, please submit a bug report
at http://www.courtesan.com/sudo/bugs/ at http://www.courtesan.com/sudo/bugs/
.SH "DISCLAIMER" .SH "DISCLAIMER"
\fBVisudo\fR is provided ``AS IS'\*(R' and any express or implied warranties, .IX Header "DISCLAIMER"
\&\fBVisudo\fR is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of merchantability including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed. and fitness for a particular purpose are disclaimed.
See the LICENSE file distributed with \fBsudo\fR for complete details. See the LICENSE file distributed with \fBsudo\fR for complete details.
.SH "CAVEATS" .SH "CAVEATS"
.IX Header "CAVEATS"
There is no easy way to prevent a user from gaining a root shell if There is no easy way to prevent a user from gaining a root shell if
the editor used by \fBvisudo\fR allows shell escapes. the editor used by \fBvisudo\fR allows shell escapes.
.SH "SEE ALSO" .SH "SEE ALSO"
\fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(@mansectsu@).
.rn }` ''
.IX Title "visudo @mansectsu@"
.IX Name "visudo - edit the sudoers file"
.IX Header "NAME"
.IX Header "SYNOPSIS"
.IX Header "DESCRIPTION"
.IX Header "OPTIONS"
.IX Item "-s"
.IX Item "-V"
.IX Header "ERRORS"
.IX Item "sudoers file busy, try again later."
.IX Item "@sysconfdir@/sudoers.tmp: Permission denied"
.IX Item "Can't find you in the passwd database"
.IX Item "Warning: undeclared Alias referenced near ..."
.IX Header "ENVIRONMENT"
.IX Header "FILES"
.IX Header "AUTHOR"
.IX Header "BUGS"
.IX Header "DISCLAIMER"
.IX Header "CAVEATS"
.IX Header "SEE ALSO" .IX Header "SEE ALSO"
\&\fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8).