isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Regenerated with perl 5.6.0 pod2man

Browse Source
This commit is contained in:
Todd C. Miller
2000-04-07 14:39:23 +00:00
parent 7e00f9c376
commit dffa5b0145
6 changed files with 982 additions and 1410 deletions
Download Patch File Download Diff File Expand all files Collapse all files

218
sudo.cat
View File

@@ -26,19 +26,19 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
time (five minutes by default).
ssssuuuuddddoooo determines who is an authorized user by consulting
the file _/_e_t_c_/_s_u_d_o_e_r_s. By giving ssssuuuuddddoooo the -v flag a user
can update the time stamp without running a _c_o_m_m_a_n_d_. The
password prompt itself will also time out if the user's
password is not entered with N minutes (again, this is
defined at configure time and defaults to 5 minutes).
the file _/_e_t_c_/_s_u_d_o_e_r_s. By giving ssssuuuuddddoooo the `-v' flag a
user can update the time stamp without running a _c_o_m_m_a_n_d_.
The password prompt itself will also time out if the
user's password is not entered with N minutes (again, this
is defined at configure time and defaults to 5 minutes).
If a user that is not listed in the _s_u_d_o_e_r_s file tries to
run a command via ssssuuuuddddoooo, mail is sent to the proper
authorities, as defined at configure time (defaults to
root). Note that the mail will not be sent if an
unauthorized user tries to run sudo with the -l or -v
flags. This allows users to determine for themselves
whether or not they are allowed to use ssssuuuuddddoooo.
run a command via ssssuuuuddddoooo, mail is sent to the proper author<6F>
ities, as defined at configure time (defaults to root).
Note that the mail will not be sent if an unauthorized
user tries to run sudo with the `-l' or `-v' flags. This
allows users to determine for themselves whether or not
they are allowed to use ssssuuuuddddoooo.
ssssuuuuddddoooo can log both successful an unsuccessful attempts (as
well as errors) to _s_y_s_l_o_g(3), a log file, or both. By
@@ -48,20 +48,20 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
OOOOPPPPTTTTIIIIOOOONNNNSSSS
ssssuuuuddddoooo accepts the following command line options:
-V The -V (_v_e_r_s_i_o_n) option causes ssssuuuuddddoooo to print the
-V The `-V' (_v_e_r_s_i_o_n) option causes ssssuuuuddddoooo to print the
version number and exit.
-l The -l (_l_i_s_t) option will list out the allowed (and
-l The `-l' (_l_i_s_t) option will list out the allowed (and
forbidden) commands for the user on the current host.
-L The -L (_l_i_s_t defaults) option will list out the
-L The `-L' (_l_i_s_t defaults) option will list out the
parameters that may be set in a _D_e_f_a_u_l_t_s line along
with a short description for each. This option is
useful in conjunction with _g_r_e_p(1).
28/Mar/2000 1.6.3 1
April 7, 2000 1.6.3 1
@@ -70,42 +70,42 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS
sudo(1m) MAINTENANCE COMMANDS sudo(1m)
-h The -h (_h_e_l_p) option causes ssssuuuuddddoooo to print a usage
-h The `-h' (_h_e_l_p) option causes ssssuuuuddddoooo to print a usage
message and exit.
-v If given the -v (_v_a_l_i_d_a_t_e) option, ssssuuuuddddoooo will update
the user's timestamp, prompting for the user's
password if necessary. This extends the ssssuuuuddddoooo timeout
to for another N minutes (where N is defined at
installation time and defaults to 5 minutes) but does
not run a command.
-v If given the `-v' (_v_a_l_i_d_a_t_e) option, ssssuuuuddddoooo will update
the user's timestamp, prompting for the user's pass<73>
word if necessary. This extends the ssssuuuuddddoooo timeout to
for another N minutes (where N is defined at installa<6C>
tion time and defaults to 5 minutes) but does not run
a command.
-k The -k (_k_i_l_l) option to ssssuuuuddddoooo invalidates the user's
-k The `-k' (_k_i_l_l) option to ssssuuuuddddoooo invalidates the user's
timestamp by setting the time on it to the epoch. The
next time ssssuuuuddddoooo is run a password will be required.
This option does not require a password and was added
to allow a user to revoke ssssuuuuddddoooo permissions from a
.logout file.
-K The -K (sure _k_i_l_l) option to ssssuuuuddddoooo removes the user's
-K The `-K' (sure _k_i_l_l) option to ssssuuuuddddoooo removes the user's
timestamp entirely. This option does not require a
password.
-b The -b (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the given
command in the background. Note that if you use the
-b option you cannot use shell job control to
-b The `-b' (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the
given command in the background. Note that if you use
the `-b' option you cannot use shell job control to
manipulate the command.
-p The -p (_p_r_o_m_p_t) option allows you to override the
-p The `-p' (_p_r_o_m_p_t) option allows you to override the
default password prompt and use a custom one. If the
password prompt contains the %u escape, %u will be
replaced with the user's login name. Similarly, %h
password prompt contains the `%u' escape, `%u' will be
replaced with the user's login name. Similarly, `%h'
will be replaced with the local hostname.
-c The -c (_c_l_a_s_s) option causes ssssuuuuddddoooo to run the specified
command with resources limited by the specified login
class. The _c_l_a_s_s argument can be either a class name
as defined in /etc/login.conf, or a single '-'
-c The `-c' (_c_l_a_s_s) option causes ssssuuuuddddoooo to run the speci<EFBFBD>
fied command with resources limited by the specified
login class. The _c_l_a_s_s argument can be either a class
name as defined in /etc/login.conf, or a single '-'
character. Specifying the _c_l_a_s_s as '-' means that the
command should be run restricted by the default login
capibilities of the user the command is run as. If
@@ -116,18 +116,18 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m)
classes where ssssuuuuddddoooo has been configured with the
--with-logincap option.
-u The -u (_u_s_e_r) option causes ssssuuuuddddoooo to run the specified
command as a user other than _r_o_o_t. To specify a _u_i_d
instead of a _u_s_e_r_n_a_m_e, use "#uid".
-u The `-u' (_u_s_e_r) option causes ssssuuuuddddoooo to run the speci<EFBFBD>
fied command as a user other than _r_o_o_t. To specify a
_u_i_d instead of a _u_s_e_r_n_a_m_e, use "#uid".
-s The -s (_s_h_e_l_l) option runs the shell specified by the
_S_H_E_L_L environment variable if it is set or the shell
as specified in _p_a_s_s_w_d(4).
-s The `-s' (_s_h_e_l_l) option runs the shell specified by
the _S_H_E_L_L environment variable if it is set or the
shell as specified in _p_a_s_s_w_d(4).
28/Mar/2000 1.6.3 2
April 7, 2000 1.6.3 2
@@ -136,17 +136,18 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m)
sudo(1m) MAINTENANCE COMMANDS sudo(1m)
-H The -H (_H_O_M_E) option sets the _H_O_M_E environment
variable to the homedir of the target user (root by
-H The `-H' (_H_O_M_E) option sets the _H_O_M_E environment vari<72>
able to the homedir of the target user (root by
default) as specified in _p_a_s_s_w_d(4). By default, ssssuuuuddddoooo
does not modify _H_O_M_E.
-S The -S (_s_t_d_i_n) option causes ssssuuuuddddoooo to read the password
from standard input instead of the terminal device.
-S The `-S' (_s_t_d_i_n) option causes ssssuuuuddddoooo to read the pass<EFBFBD>
word from standard input instead of the terminal
device.
-- The -- flag indicates that ssssuuuuddddoooo should stop processing
command line arguments. It is most useful in
conjunction with the -s flag.
-- The `--' flag indicates that ssssuuuuddddoooo should stop process<EFBFBD>
ing command line arguments. It is most useful in con<6F>
junction with the `-s' flag.
RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEESSSS
Upon successful execution of a program, the return value
@@ -154,46 +155,45 @@ RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEES
that was executed.
Otherwise, ssssuuuuddddoooo quits with an exit value of 1 if there is
a configuration/permission problem or if ssssuuuuddddoooo cannot
execute the given command. In the latter case the error
a configuration/permission problem or if ssssuuuuddddoooo cannot exe<78>
cute the given command. In the latter case the error
string is printed to stderr. If ssssuuuuddddoooo cannot _s_t_a_t(2) one
or more entries in the user's PATH an error is printed on
stderr. (If the directory does not exist or if it is not
really a directory, the entry is ignored and no error is
printed.) This should not happen under normal
circumstances. The most common reason for _s_t_a_t(2) to
return "permission denied" is if you are running an
automounter and one of the directories in your PATH is on
a machine that is currently unreachable.
or more entries in the user's `PATH' an error is printed
on stderr. (If the directory does not exist or if it is
not really a directory, the entry is ignored and no error
is printed.) This should not happen under normal circum<75>
stances. The most common reason for _s_t_a_t(2) to return
"permission denied" is if you are running an automounter
and one of the directories in your `PATH' is on a machine
that is currently unreachable.
SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTEEEESSSS
ssssuuuuddddoooo tries to be safe when executing external commands.
Variables that control how dynamic loading and binding is
done can be used to subvert the program that ssssuuuuddddoooo runs.
To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only),
and LIBPATH (AIX only) environment variables are removed
from the environment passed on to all commands executed.
ssssuuuuddddoooo will also remove the IFS, ENV, BASH_ENV, KRB_CONF,
KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS and HOSTALIASES
variables as they too can pose a threat.
To combat this the `LD_*', `_RLD_*', `SHLIB_PATH' (HP-UX
only), and `LIBPATH' (AIX only) environment variables are
removed from the environment passed on to all commands
executed. ssssuuuuddddoooo will also remove the `IFS', `ENV',
`BASH_ENV', `KRB_CONF', `KRB5_CONFIG', `LOCALDOMAIN',
`RES_OPTIONS' and `HOSTALIASES' variables as they too can
pose a threat.
To prevent command spoofing, ssssuuuuddddoooo checks "." and "" (both
denoting current directory) last when searching for a
command in the user's PATH (if one or both are in the
PATH). Note, however, that the actual PATH environment
variable is _n_o_t modified and is passed unchanged to the
program that ssssuuuuddddoooo executes.
denoting current directory) last when searching for a com<6F>
mand in the user's PATH (if one or both are in the PATH).
Note, however, that the actual `PATH' environment variable
is _n_o_t modified and is passed unchanged to the program
that ssssuuuuddddoooo executes.
For security reasons, if your OS supports shared libraries
and does not disable user-defined library search paths for
setuid programs (most do), you should either use a linker
option that disables this behavior or link ssssuuuuddddoooo
statically.
28/Mar/2000 1.6.3 3
April 7, 2000 1.6.3 3
@@ -202,28 +202,30 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE
sudo(1m) MAINTENANCE COMMANDS sudo(1m)
statically.
ssssuuuuddddoooo will check the ownership of its timestamp directory
(_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's
contents if it is not owned by root and only writable by
(_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's con<6F>
tents if it is not owned by root and only writable by
root. On systems that allow non-root users to give away
files via _c_h_o_w_n(2), if the timestamp directory is located
in a directory writable by anyone (eg: _/_t_m_p), it is
possible for a user to create the timestamp directory
before ssssuuuuddddoooo is run. However, because ssssuuuuddddoooo checks the
ownership and mode of the directory and its contents, the
only damage that can be done is to "hide" files by putting
them in the timestamp dir. This is unlikely to happen
since once the timestamp dir is owned by root and
inaccessible by any other user the user placing files
there would be unable to get them back out. To get around
this issue you can use a directory that is not world-
writable for the timestamps (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance)
or create _/_v_a_r_/_r_u_n_/_s_u_d_o with the appropriate owner (root)
and permissions (0700) in the system startup files.
in a directory writable by anyone (eg: _/_t_m_p), it is possi<73>
ble for a user to create the timestamp directory before
ssssuuuuddddoooo is run. However, because ssssuuuuddddoooo checks the ownership
and mode of the directory and its contents, the only dam<61>
age that can be done is to "hide" files by putting them in
the timestamp dir. This is unlikely to happen since once
the timestamp dir is owned by root and inaccessible by any
other user the user placing files there would be unable to
get them back out. To get around this issue you can use a
directory that is not world-writable for the timestamps
(_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) or create _/_v_a_r_/_r_u_n_/_s_u_d_o with
the appropriate owner (root) and permissions (0700) in the
system startup files.
ssssuuuuddddoooo will not honor timestamps set far in the future.
Timestamps with a date greater than current_time + 2 *
TIMEOUT will be ignored and sudo will log and complain.
`TIMEOUT' will be ignored and sudo will log and complain.
This is done to keep a user from creating his/her own
timestamp with a bogus date on system that allow users to
give away files.
@@ -252,14 +254,12 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
To make a usage listing of the directories in the /home
partition. Note that this runs the commands in a sub-
shell to make the cd and file redirection work.
% sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
shell to make the `cd' and file redirection work.
28/Mar/2000 1.6.3 4
April 7, 2000 1.6.3 4
@@ -268,6 +268,9 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
sudo(1m) MAINTENANCE COMMANDS sudo(1m)
% sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT
ssssuuuuddddoooo utilizes the following environment variables:
@@ -292,8 +295,8 @@ FFFFIIIILLLLEEEESSSS
AAAAUUUUTTTTHHHHOOOORRRRSSSS
Many people have worked on ssssuuuuddddoooo over the years, this
version consists of code written primarily by:
Many people have worked on ssssuuuuddddoooo over the years, this ver<65>
sion consists of code written primarily by:
Todd Miller
Chris Jepeway
@@ -306,9 +309,9 @@ BBBBUUUUGGGGSSSS
bug report at http://www.courtesan.com/sudo/bugs/
DDDDIIIISSSSCCCCLLLLAAAAIIIIMMMMEEEERRRR
SSSSuuuuddddoooo is provided ``AS IS'' and any express or implied
warranties, including, but not limited to, the implied
warranties of merchantability and fitness for a particular
SSSSuuuuddddoooo is provided ``AS IS'' and any express or implied war<61>
ranties, including, but not limited to, the implied war<61>
ranties of merchantability and fitness for a particular
purpose are disclaimed. See the LICENSE file distributed
with ssssuuuuddddoooo for complete details.
@@ -317,15 +320,12 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
shell if that user has access to commands allowing shell
escapes.
If users have sudo ALL there is nothing to prevent them
If users have sudo `ALL' there is nothing to prevent them
from creating their own program that gives them a root
shell regardless of any '!' elements in the user
specification.
28/Mar/2000 1.6.3 5
April 7, 2000 1.6.3 5
@@ -334,10 +334,13 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
sudo(1m) MAINTENANCE COMMANDS sudo(1m)
shell regardless of any '!' elements in the user specifi<66>
cation.
Running shell scripts via ssssuuuuddddoooo can expose the same kernel
bugs that make setuid shell scripts unsafe on some
operating systems (if your OS supports the /dev/fd/
directory, setuid shell scripts are generally safe).
bugs that make setuid shell scripts unsafe on some operat<61>
ing systems (if your OS supports the /dev/fd/ directory,
setuid shell scripts are generally safe).
SSSSEEEEEEEE AAAALLLLSSSSOOOO
_l_o_g_i_n___c_a_p(3), _s_u_d_o_e_r_s(4), _v_i_s_u_d_o(1m), _s_u(1).
@@ -388,9 +391,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO
28/Mar/2000 1.6.3 6
April 7, 2000 1.6.3 6

447
sudo.man.in
View File

@@ -1,12 +1,9 @@
.rn '' }`
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
''' Revision 1.4 2000/04/01 21:22:11 millert
''' Clear up confusion wrt sudo's return value.
'''
'''
.de Sh
.\" Automatically generated by Pod::Man version 1.02
.\" Fri Apr 7 08:37:05 2000
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
@@ -14,150 +11,106 @@
\fB\\$1\fR
.PP
..
.de Sp
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve
.de Ve \" End verbatim text
.ft R
.fi
..
'''
'''
''' Set up \*(-- to give an unbreakable dash;
''' string Tr holds user defined translation string.
''' Bell System Logo is used as a dummy character.
'''
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.ds -- \(*W-
.ds PI pi
.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
.ds L" ""
.ds R" ""
''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
''' \*(L" and \*(R", except that they are used on ".xx" lines,
''' such as .IP and .SH, which do another additional levels of
''' double-quote interpretation
.ds M" """
.ds S" """
.ds N" """""
.ds T" """""
.ds L' '
.ds R' '
.ds M' '
.ds S' '
.ds N' '
.ds T' '
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` `
. ds C' '
'br\}
.el\{\
.ds -- \(em\|
.tr \*(Tr
.ds L" ``
.ds R" ''
.ds M" ``
.ds S" ''
.ds N" ``
.ds T" ''
.ds L' `
.ds R' '
.ds M' `
.ds S' '
.ds N' `
.ds T' '
.ds PI \(*p
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\" If the F register is turned on, we'll generate
.\" index entries out stderr for the following things:
.\" TH Title
.\" SH Header
.\" Sh Subsection
.\" Ip Item
.\" X<> Xref (embedded
.\" Of course, you have to process the output yourself
.\" in some meaninful fashion.
.if \nF \{
.de IX
.tm Index:\\$1\t\\n%\t"\\$2"
..
.nr % 0
.rr F
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
. .
. nr % 0
. rr F
.\}
.TH sudo @mansectsu@ "1.6.3" "28/Mar/2000" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.de CQ \" put $1 in typewriter font
.ft CW
'if n "\c
'if t \\&\\$1\c
'if n \\&\\$1\c
'if n \&"
\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
'.ft R
..
.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
. \" AM - accent mark definitions
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds ? ?
. ds ! !
. ds /
. ds q
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
@@ -165,39 +118,38 @@
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.ds oe o\h'-(\w'o'u*4/10)'e
.ds Oe O\h'-(\w'O'u*4/10)'E
. \" corrections for vroff
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds v \h'-1'\o'\(aa\(ga'
. ds _ \h'-1'^
. ds . \h'-1'.
. ds 3 3
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
. ds oe oe
. ds Oe OE
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "sudo @mansectsu@"
.TH sudo @mansectsu@ "1.6.3" "April 7, 2000" "MAINTENANCE COMMANDS"
.UC
.SH "NAME"
sudo \- execute a command as another user
.SH "SYNOPSIS"
\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR |
.IX Header "SYNOPSIS"
\&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR |
[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-c\fR class|\- ]
[ \fB\-u\fR username/#uid ] \fIcommand\fR
.SH "DESCRIPTION"
\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
.IX Header "DESCRIPTION"
\&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
superuser or another user, as specified in the sudoers file. The
real and effective uid and gid are set to match those of the target
user as specified in the passwd file (the group vector is also
@@ -208,8 +160,8 @@ a user has been authenticated, a timestamp is updated and the
user may then use sudo without a password for a short period of time
(five minutes by default).
.PP
\fBsudo\fR determines who is an authorized user by consulting the
file \fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user
\&\fBsudo\fR determines who is an authorized user by consulting the
file \fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \f(CW\*(C`\-v\*(C'\fR flag a user
can update the time stamp without running a \fIcommand.\fR
The password prompt itself will also time out if the user's password is
not entered with N minutes (again, this is defined at configure
@@ -219,81 +171,97 @@ If a user that is not listed in the \fIsudoers\fR file tries to run
a command via \fBsudo\fR, mail is sent to the proper authorities,
as defined at configure time (defaults to root). Note that the
mail will not be sent if an unauthorized user tries to run sudo
with the \f(CW-l\fR or \f(CW-v\fR flags. This allows users to determine
with the \f(CW\*(C`\-l\*(C'\fR or \f(CW\*(C`\-v\*(C'\fR flags. This allows users to determine
for themselves whether or not they are allowed to use \fBsudo\fR.
.PP
\fBsudo\fR can log both successful an unsuccessful attempts (as well
\&\fBsudo\fR can log both successful an unsuccessful attempts (as well
as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR
will log via \fIsyslog\fR\|(3) but this is changeable at configure time.
.SH "OPTIONS"
\fBsudo\fR accepts the following command line options:
.Ip "-V" 4
The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the
.IX Header "OPTIONS"
\&\fBsudo\fR accepts the following command line options:
.Ip "\-V" 4
.IX Item "-V"
The \f(CW\*(C`\-V\*(C'\fR (\fIversion\fR) option causes \fBsudo\fR to print the
version number and exit.
.Ip "-l" 4
The \f(CW-l\fR (\fIlist\fR) option will list out the allowed (and
.Ip "\-l" 4
.IX Item "-l"
The \f(CW\*(C`\-l\*(C'\fR (\fIlist\fR) option will list out the allowed (and
forbidden) commands for the user on the current host.
.Ip "-L" 4
The \f(CW-L\fR (\fIlist\fR defaults) option will list out the parameters
.Ip "\-L" 4
.IX Item "-L"
The \f(CW\*(C`\-L\*(C'\fR (\fIlist\fR defaults) option will list out the parameters
that may be set in a \fIDefaults\fR line along with a short description
for each. This option is useful in conjunction with \fIgrep\fR\|(1).
.Ip "-h" 4
The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
.Ip "-v" 4
If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
.Ip "\-h" 4
.IX Item "-h"
The \f(CW\*(C`\-h\*(C'\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
.Ip "\-v" 4
.IX Item "-v"
If given the \f(CW\*(C`\-v\*(C'\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
user's timestamp, prompting for the user's password if necessary.
This extends the \fBsudo\fR timeout to for another N minutes
(where N is defined at installation time and defaults to 5
minutes) but does not run a command.
.Ip "-k" 4
The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
.Ip "\-k" 4
.IX Item "-k"
The \f(CW\*(C`\-k\*(C'\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
by setting the time on it to the epoch. The next time \fBsudo\fR is
run a password will be required. This option does not require a password
and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
file.
.Ip "-K" 4
The \f(CW-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
.Ip "\-K" 4
.IX Item "-K"
The \f(CW\*(C`\-K\*(C'\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
entirely. This option does not require a password.
.Ip "-b" 4
The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
command in the background. Note that if you use the \f(CW-b\fR
.Ip "\-b" 4
.IX Item "-b"
The \f(CW\*(C`\-b\*(C'\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
command in the background. Note that if you use the \f(CW\*(C`\-b\*(C'\fR
option you cannot use shell job control to manipulate the command.
.Ip "-p" 4
The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default
.Ip "\-p" 4
.IX Item "-p"
The \f(CW\*(C`\-p\*(C'\fR (\fIprompt\fR) option allows you to override the default
password prompt and use a custom one. If the password prompt
contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced with the user's
login name. Similarly, \f(CW%h\fR will be replaced with the local
contains the \f(CW\*(C`%u\*(C'\fR escape, \f(CW\*(C`%u\*(C'\fR will be replaced with the user's
login name. Similarly, \f(CW\*(C`%h\*(C'\fR will be replaced with the local
hostname.
.Ip "-c" 4
The \f(CW-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
.Ip "\-c" 4
.IX Item "-c"
The \f(CW\*(C`\-c\*(C'\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
with resources limited by the specified login class. The \fIclass\fR
argument can be either a class name as defined in /etc/login.conf,
or a single \*(L'\-\*(R' character. Specifying the \fIclass\fR as \*(L'\-\*(R' means
or a single '\-' character. Specifying the \fIclass\fR as '\-' means
that the command should be run restricted by the default login
capibilities of the user the command is run as. If the \fIclass\fR
argument specifies an existing user class, the command must be run
as root, or the \fBsudo\fR command must be run from a shell that is already
root. This option is only available on systems with \s-1BSD\s0 login classes
where \fBsudo\fR has been configured with the --with-logincap option.
.Ip "-u" 4
The \f(CW-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
root. This option is only available on systems with BSD login classes
where \fBsudo\fR has been configured with the \-\-with-logincap option.
.Ip "\-u" 4
.IX Item "-u"
The \f(CW\*(C`\-u\*(C'\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a
\fIusername\fR, use \*(L"#uid\*(R".
.Ip "-s" 4
The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
\&\fIusername\fR, use \*(L"#uid\*(R".
.Ip "\-s" 4
.IX Item "-s"
The \f(CW\*(C`\-s\*(C'\fR (\fIshell\fR) option runs the shell specified by the \fISHELL\fR
environment variable if it is set or the shell as specified
in \fIpasswd\fR\|(@mansectform@).
.Ip "-H" 4
The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable
.Ip "\-H" 4
.IX Item "-H"
The \f(CW\*(C`\-H\*(C'\fR (\fIHOME\fR) option sets the \fIHOME\fR environment variable
to the homedir of the target user (root by default) as specified
in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR.
.Ip "-S" 4
The \f(CW-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \fIHOME\fR.
.Ip "\-S" 4
.IX Item "-S"
The \f(CW\*(C`\-S\*(C'\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
standard input instead of the terminal device.
.Ip "--" 4
The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command
line arguments. It is most useful in conjunction with the \f(CW-s\fR flag.
.Ip "\-\-" 4
The \f(CW\*(C`\-\-\*(C'\fR flag indicates that \fBsudo\fR should stop processing command
line arguments. It is most useful in conjunction with the \f(CW\*(C`\-s\*(C'\fR flag.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Upon successful execution of a program, the return value from \fBsudo\fR
will simply be the return value of the program that was executed.
.PP
@@ -301,28 +269,29 @@ Otherwise, \fBsudo\fR quits with an exit value of 1 if there is a
configuration/permission problem or if \fBsudo\fR cannot execute the
given command. In the latter case the error string is printed to
stderr. If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's
\f(CWPATH\fR an error is printed on stderr. (If the directory does not
\&\f(CW\*(C`PATH\*(C'\fR an error is printed on stderr. (If the directory does not
exist or if it is not really a directory, the entry is ignored and
no error is printed.) This should not happen under normal
circumstances. The most common reason for \fIstat\fR\|(2) to return
\*(L"permission denied\*(R" is if you are running an automounter and one
of the directories in your \f(CWPATH\fR is on a machine that is currently
\&\*(L"permission denied\*(R" is if you are running an automounter and one
of the directories in your \f(CW\*(C`PATH\*(C'\fR is on a machine that is currently
unreachable.
.SH "SECURITY NOTES"
\fBsudo\fR tries to be safe when executing external commands. Variables
.IX Header "SECURITY NOTES"
\&\fBsudo\fR tries to be safe when executing external commands. Variables
that control how dynamic loading and binding is done can be used
to subvert the program that \fBsudo\fR runs. To combat this the
\f(CWLD_*\fR, \f(CW_RLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), and \f(CWLIBPATH\fR (AIX
\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (HP-UX only), and \f(CW\*(C`LIBPATH\*(C'\fR (AIX
only) environment variables are removed from the environment passed
on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR,
\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR, \f(CWKRB5_CONFIG\fR, \f(CWLOCALDOMAIN\fR,
\f(CWRES_OPTIONS\fR and \f(CWHOSTALIASES\fR variables as they too can pose a
on to all commands executed. \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR,
\&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRB5_CONFIG\*(C'\fR, \f(CW\*(C`LOCALDOMAIN\*(C'\fR,
\&\f(CW\*(C`RES_OPTIONS\*(C'\fR and \f(CW\*(C`HOSTALIASES\*(C'\fR variables as they too can pose a
threat.
.PP
To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting
To prevent command spoofing, \fBsudo\fR checks \*(L".\*(R" and "" (both denoting
current directory) last when searching for a command in the user's
PATH (if one or both are in the PATH). Note, however, that the
actual \f(CWPATH\fR environment variable is \fInot\fR modified and is passed
actual \f(CW\*(C`PATH\*(C'\fR environment variable is \fInot\fR modified and is passed
unchanged to the program that \fBsudo\fR executes.
.PP
For security reasons, if your OS supports shared libraries and does
@@ -330,13 +299,13 @@ not disable user-defined library search paths for setuid programs
(most do), you should either use a linker option that disables this
behavior or link \fBsudo\fR statically.
.PP
\fBsudo\fR will check the ownership of its timestamp directory
\&\fBsudo\fR will check the ownership of its timestamp directory
(\fI@TIMEDIR@\fR by default) and ignore the directory's contents if
it is not owned by root and only writable by root. On systems that
allow non-root users to give away files via \fIchown\fR\|(2), if the timestamp
directory is located in a directory writable by anyone (eg: \fI/tmp\fR),
it is possible for a user to create the timestamp directory before
\fBsudo\fR is run. However, because \fBsudo\fR checks the ownership and
\&\fBsudo\fR is run. However, because \fBsudo\fR checks the ownership and
mode of the directory and its contents, the only damage that can
be done is to \*(L"hide\*(R" files by putting them in the timestamp dir.
This is unlikely to happen since once the timestamp dir is owned
@@ -347,12 +316,13 @@ timestamps (\fI/var/adm/sudo\fR for instance) or create \fI@TIMEDIR@\fR
with the appropriate owner (root) and permissions (0700) in the
system startup files.
.PP
\fBsudo\fR will not honor timestamps set far in the future.
Timestamps with a date greater than current_time + 2 * \f(CWTIMEOUT\fR
\&\fBsudo\fR will not honor timestamps set far in the future.
Timestamps with a date greater than current_time + 2 * \f(CW\*(C`TIMEOUT\*(C'\fR
will be ignored and sudo will log and complain. This is done to
keep a user from creating his/her own timestamp with a bogus
date on system that allow users to give away files.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Note: the following examples assume suitable \fIsudoers\fR\|(@mansectform@) entries.
.PP
To get a file listing of an unreadable directory:
@@ -378,13 +348,14 @@ To shutdown a machine:
.Ve
To make a usage listing of the directories in the /home
partition. Note that this runs the commands in a sub-shell
to make the \f(CWcd\fR and file redirection work.
to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
.PP
.Vb 1
\& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
.Ve
.SH "ENVIRONMENT"
\fBsudo\fR utilizes the following environment variables:
.IX Header "ENVIRONMENT"
\&\fBsudo\fR utilizes the following environment variables:
.PP
.Vb 13
\& PATH Set to a sane value if SECURE_PATH is set
@@ -402,12 +373,13 @@ to make the \f(CWcd\fR and file redirection work.
\& SUDO_PS1 If set, PS1 will be set to its value
.Ve
.SH "FILES"
.PP
.IX Header "FILES"
.Vb 2
\& @sysconfdir@/sudoers List of who can run what
\& @TIMEDIR@ Directory containing timestamps
.Ve
.SH "AUTHORS"
.IX Header "AUTHORS"
Many people have worked on \fBsudo\fR over the years, this
version consists of code written primarily by:
.PP
@@ -418,19 +390,22 @@ version consists of code written primarily by:
See the HISTORY file in the \fBsudo\fR distribution for a short history
of \fBsudo\fR.
.SH "BUGS"
.IX Header "BUGS"
If you feel you have found a bug in sudo, please submit a bug report
at http://www.courtesan.com/sudo/bugs/
.SH "DISCLAIMER"
\fBSudo\fR is provided ``AS IS'\*(R' and any express or implied warranties,
.IX Header "DISCLAIMER"
\&\fBSudo\fR is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed.
See the LICENSE file distributed with \fBsudo\fR for complete details.
.SH "CAVEATS"
.IX Header "CAVEATS"
There is no easy way to prevent a user from gaining a root shell if
that user has access to commands allowing shell escapes.
.PP
If users have sudo \f(CWALL\fR there is nothing to prevent them from creating
their own program that gives them a root shell regardless of any \*(L'!\*(R'
If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from creating
their own program that gives them a root shell regardless of any '!'
elements in the user specification.
.PP
Running shell scripts via \fBsudo\fR can expose the same kernel bugs
@@ -438,67 +413,5 @@ that make setuid shell scripts unsafe on some operating systems
(if your OS supports the /dev/fd/ directory, setuid shell scripts
are generally safe).
.SH "SEE ALSO"
\fIlogin_cap\fR\|(3), \fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@), \fIsu\fR\|(1).
.rn }` ''
.IX Title "sudo @mansectsu@"
.IX Name "sudo - execute a command as another user"
.IX Header "NAME"
.IX Header "SYNOPSIS"
.IX Header "DESCRIPTION"
.IX Header "OPTIONS"
.IX Item "-V"
.IX Item "-l"
.IX Item "-L"
.IX Item "-h"
.IX Item "-v"
.IX Item "-k"
.IX Item "-K"
.IX Item "-b"
.IX Item "-p"
.IX Item "-c"
.IX Item "-u"
.IX Item "-s"
.IX Item "-H"
.IX Item "-S"
.IX Item "--"
.IX Header "RETURN VALUES"
.IX Header "SECURITY NOTES"
.IX Header "EXAMPLES"
.IX Header "ENVIRONMENT"
.IX Header "FILES"
.IX Header "AUTHORS"
.IX Header "BUGS"
.IX Header "DISCLAIMER"
.IX Header "CAVEATS"
.IX Header "SEE ALSO"
\&\fIlogin_cap\fR\|(3), \fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@), \fIsu\fR\|(1).

554
sudoers.cat
View File

File diff suppressed because it is too large Load Diff

754
sudoers.man.in
View File

File diff suppressed because it is too large Load Diff

106
visudo.cat
View File

@@ -12,14 +12,14 @@ SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
vvvviiiissssuuuuddddoooo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous
to _v_i_p_w(1m). vvvviiiissssuuuuddddoooo locks the _s_u_d_o_e_r_s file against
multiple simultaneous edits, provides basic sanity checks,
and checks for parse errors. If the _s_u_d_o_e_r_s file is
currently being edited you will receive a message to try
again later. In the default configuration, the _v_i(1)
editor is used, but there is a compile time option to
allow use of whatever editor the environment variables
EDITOR or VISUAL are set to.
to _v_i_p_w(1m). vvvviiiissssuuuuddddoooo locks the _s_u_d_o_e_r_s file against multi<74>
ple simultaneous edits, provides basic sanity checks, and
checks for parse errors. If the _s_u_d_o_e_r_s file is currently
being edited you will receive a message to try again
later. In the default configuration, the _v_i(1) editor is
used, but there is a compile time option to allow use of
whatever editor the environment variables `EDITOR' or
`VISUAL' are set to.
vvvviiiissssuuuuddddoooo parses the _s_u_d_o_e_r_s file after the edit and will not
save the changes if there is a syntax error. Upon finding
@@ -41,14 +41,13 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS
vvvviiiissssuuuuddddoooo accepts the following command line option:
-s Enable ssssttttrrrriiiicccctttt checking of the _s_u_d_o_e_r_s file. If an
alias is used before it is defined, vvvviiiissssuuuuddddoooo will
consider this a parse error. Note that it is not
possible to differentiate between an alias and a
hostname or username that consists solely of upper
case letters, digits, and the underscore ('_')
character.
alias is used before it is defined, vvvviiiissssuuuuddddoooo will con<6F>
sider this a parse error. Note that it is not possi<73>
ble to differentiate between an alias and a hostname
or username that consists solely of upper case let<65>
ters, digits, and the underscore ('_') character.
-V The -V (version) option causes vvvviiiissssuuuuddddoooo to print the
-V The `-V' (version) option causes vvvviiiissssuuuuddddoooo to print the
version number and exit.
EEEERRRRRRRROOOORRRRSSSS
@@ -61,7 +60,8 @@ EEEERRRRRRRROOOORRRRSSSS
26/Mar/2000 1.6.3 1
April 7, 2000 1.6.3 1
@@ -96,8 +96,8 @@ FFFFIIIILLLLEEEESSSS
AAAAUUUUTTTTHHHHOOOORRRR
Many people have worked on _s_u_d_o over the years, this
version of vvvviiiissssuuuuddddoooo was written by:
Many people have worked on _s_u_d_o over the years, this ver<65>
sion of vvvviiiissssuuuuddddoooo was written by:
Todd Miller <Todd.Miller@courtesan.com>
@@ -120,79 +120,13 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
shell if the editor used by vvvviiiissssuuuuddddoooo allows shell escapes.
SSSSEEEEEEEE AAAALLLLSSSSOOOO
_s_u_d_o(1m), _v_i_p_w(1m).
_s_u_d_o(1m), _v_i_p_w(8).
26/Mar/2000 1.6.3 2
visudo(1m) MAINTENANCE COMMANDS visudo(1m)
26/Mar/2000 1.6.3 3
April 7, 2000 1.6.3 2

313
visudo.man.in
View File

@@ -1,12 +1,9 @@
.rn '' }`
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
''' Revision 1.4 2000/03/27 03:26:24 millert
''' Use @mansectsu@ and @mansectform@ in the man page bodies as well.
'''
'''
.de Sh
.\" Automatically generated by Pod::Man version 1.02
.\" Fri Apr 7 08:37:07 2000
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
@@ -14,150 +11,106 @@
\fB\\$1\fR
.PP
..
.de Sp
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve
.de Ve \" End verbatim text
.ft R
.fi
..
'''
'''
''' Set up \*(-- to give an unbreakable dash;
''' string Tr holds user defined translation string.
''' Bell System Logo is used as a dummy character.
'''
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.ds -- \(*W-
.ds PI pi
.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
.ds L" ""
.ds R" ""
''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
''' \*(L" and \*(R", except that they are used on ".xx" lines,
''' such as .IP and .SH, which do another additional levels of
''' double-quote interpretation
.ds M" """
.ds S" """
.ds N" """""
.ds T" """""
.ds L' '
.ds R' '
.ds M' '
.ds S' '
.ds N' '
.ds T' '
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` `
. ds C' '
'br\}
.el\{\
.ds -- \(em\|
.tr \*(Tr
.ds L" ``
.ds R" ''
.ds M" ``
.ds S" ''
.ds N" ``
.ds T" ''
.ds L' `
.ds R' '
.ds M' `
.ds S' '
.ds N' `
.ds T' '
.ds PI \(*p
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\" If the F register is turned on, we'll generate
.\" index entries out stderr for the following things:
.\" TH Title
.\" SH Header
.\" Sh Subsection
.\" Ip Item
.\" X<> Xref (embedded
.\" Of course, you have to process the output yourself
.\" in some meaninful fashion.
.if \nF \{
.de IX
.tm Index:\\$1\t\\n%\t"\\$2"
..
.nr % 0
.rr F
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
. .
. nr % 0
. rr F
.\}
.TH visudo @mansectsu@ "1.6.3" "26/Mar/2000" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.de CQ \" put $1 in typewriter font
.ft CW
'if n "\c
'if t \\&\\$1\c
'if n \\&\\$1\c
'if n \&"
\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
'.ft R
..
.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
. \" AM - accent mark definitions
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds ? ?
. ds ! !
. ds /
. ds q
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
@@ -165,53 +118,52 @@
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.ds oe o\h'-(\w'o'u*4/10)'e
.ds Oe O\h'-(\w'O'u*4/10)'E
. \" corrections for vroff
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds v \h'-1'\o'\(aa\(ga'
. ds _ \h'-1'^
. ds . \h'-1'.
. ds 3 3
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
. ds oe oe
. ds Oe OE
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "visudo @mansectsu@"
.TH visudo @mansectsu@ "1.6.3" "April 7, 2000" "MAINTENANCE COMMANDS"
.UC
.SH "NAME"
visudo \- edit the sudoers file
.SH "SYNOPSIS"
\fBvisudo\fR [ \fB\-s\fR ] [ \fB\-V\fR ]
.IX Header "SYNOPSIS"
\&\fBvisudo\fR [ \fB\-s\fR ] [ \fB\-V\fR ]
.SH "DESCRIPTION"
\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
\fIvipw\fR\|(@mansectsu@). \fBvisudo\fR locks the \fIsudoers\fR file against multiple
.IX Header "DESCRIPTION"
\&\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
\&\fIvipw\fR\|(@mansectsu@). \fBvisudo\fR locks the \fIsudoers\fR file against multiple
simultaneous edits, provides basic sanity checks, and checks
for parse errors. If the \fIsudoers\fR file is currently being
edited you will receive a message to try again later. In the
default configuration, the \fIvi\fR\|(1) editor is used, but there is
a compile time option to allow use of whatever editor the
environment variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to.
environment variables \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR are set to.
.PP
\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
\&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
not save the changes if there is a syntax error. Upon finding
an error, a message will be printed stating the line \fInumber\fR\|(s)
that the error occurred on and the user will receive the
\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R"
\&\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R"
to re-edit the \fIsudoers\fR file, enter \*(L"x\*(R" to exit without
saving the changes, or \*(L"Q\*(R" to quit and save changes. The
\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR
\&\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR
believes there to be a parse error, so will \fBsudo\fR and no one
will be able to execute \fBsudo\fR again until the error is fixed.
Any other command at this prompt will print a short help message.
@@ -219,24 +171,32 @@ When editing the \fIsudoers\fR file after a parse error has been
detected the cursor will be placed on the line where the error
occurred (if the editor supports this feature).
.SH "OPTIONS"
\fBvisudo\fR accepts the following command line option:
.Ip "-s" 4
.IX Header "OPTIONS"
\&\fBvisudo\fR accepts the following command line option:
.Ip "\-s" 4
.IX Item "-s"
Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is
used before it is defined, \fBvisudo\fR will consider this a parse
error. Note that it is not possible to differentiate between an
alias and a hostname or username that consists solely of upper case
letters, digits, and the underscore ('_') character.
.Ip "-V" 4
The \f(CW-V\fR (version) option causes \fBvisudo\fR to print the version number
.Ip "\-V" 4
.IX Item "-V"
The \f(CW\*(C`\-V\*(C'\fR (version) option causes \fBvisudo\fR to print the version number
and exit.
.SH "ERRORS"
.IX Header "ERRORS"
.Ip "sudoers file busy, try again later." 4
.IX Item "sudoers file busy, try again later."
Someone else is currently editing the \fIsudoers\fR file.
.Ip "@sysconfdir@/sudoers.tmp: Permission denied" 4
.IX Item "@sysconfdir@/sudoers.tmp: Permission denied"
You didn't run \fBvisudo\fR as root.
.Ip "Can't find you in the passwd database" 4
.IX Item "Can't find you in the passwd database"
Your userid does not appear in the system passwd file.
.Ip "Warning: undeclared Alias referenced near ..." 4
.IX Item "Warning: undeclared Alias referenced near ..."
Either you are using a {User,Runas,Host,Cmnd}_Alias before
defining it or you have a user or hostname listed that
consists solely of upper case letters, digits, and the
@@ -244,78 +204,43 @@ underscore ('_') character. If the latter, you can ignore
the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict)
mode these are errors not warnings.
.SH "ENVIRONMENT"
.IX Header "ENVIRONMENT"
The following environment variables are used only if \fBvisudo\fR
was configured with the \fI--with-env-editor\fR option:
was configured with the \fI\*(--with-env-editor\fR option:
.PP
.Vb 2
\& EDITOR Used by visudo as the editor to use
\& VISUAL Used by visudo if EDITOR is not set
.Ve
.SH "FILES"
.PP
.IX Header "FILES"
.Vb 2
\& @sysconfdir@/sudoers List of who can run what
\& @sysconfdir@/sudoers.tmp Lock file for visudo
.Ve
.SH "AUTHOR"
.IX Header "AUTHOR"
Many people have worked on \fIsudo\fR over the years, this version of
\fBvisudo\fR was written by:
\&\fBvisudo\fR was written by:
.PP
.Vb 1
\& Todd Miller <Todd.Miller@courtesan.com>
.Ve
See the HISTORY file in the sudo distribution for more details.
.SH "BUGS"
.IX Header "BUGS"
If you feel you have found a bug in sudo, please submit a bug report
at http://www.courtesan.com/sudo/bugs/
.SH "DISCLAIMER"
\fBVisudo\fR is provided ``AS IS'\*(R' and any express or implied warranties,
.IX Header "DISCLAIMER"
\&\fBVisudo\fR is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed.
See the LICENSE file distributed with \fBsudo\fR for complete details.
.SH "CAVEATS"
.IX Header "CAVEATS"
There is no easy way to prevent a user from gaining a root shell if
the editor used by \fBvisudo\fR allows shell escapes.
.SH "SEE ALSO"
\fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(@mansectsu@).
.rn }` ''
.IX Title "visudo @mansectsu@"
.IX Name "visudo - edit the sudoers file"
.IX Header "NAME"
.IX Header "SYNOPSIS"
.IX Header "DESCRIPTION"
.IX Header "OPTIONS"
.IX Item "-s"
.IX Item "-V"
.IX Header "ERRORS"
.IX Item "sudoers file busy, try again later."
.IX Item "@sysconfdir@/sudoers.tmp: Permission denied"
.IX Item "Can't find you in the passwd database"
.IX Item "Warning: undeclared Alias referenced near ..."
.IX Header "ENVIRONMENT"
.IX Header "FILES"
.IX Header "AUTHOR"
.IX Header "BUGS"
.IX Header "DISCLAIMER"
.IX Header "CAVEATS"
.IX Header "SEE ALSO"
\&\fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8).