isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove -r realm option

Browse Source
This commit is contained in:
Todd C. Miller
1999-10-13 04:18:41 +00:00
parent 3acdd5b02f
commit ea90bc54b4
4 changed files with 43 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
sudo.cat
View File

@@ -9,7 +9,7 @@ NNNNAAAAMMMMEEEE
SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
ssssuuuuddddoooo ----VVVV | ----hhhh | ----llll | ----LLLL | ----vvvv | ----kkkk | ----KKKK | ----ssss | ----HHHH | [ ----bbbb ] | ssssuuuuddddoooo ----VVVV | ----hhhh | ----llll | ----LLLL | ----vvvv | ----kkkk | ----KKKK | ----ssss | ----HHHH | [ ----bbbb ] |
[ ----rrrr realm ] | [ ----pppp prompt ] [ ----uuuu username/#uid] _c_o_m_m_a_n_d [ ----pppp prompt ] [ ----uuuu username/#uid] _c_o_m_m_a_n_d
DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
ssssuuuuddddoooo allows a permitted user to execute a _c_o_m_m_a_n_d as the ssssuuuuddddoooo allows a permitted user to execute a _c_o_m_m_a_n_d as the
@@ -61,7 +61,7 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS
11/Oct/1999 1.6 1 12/Oct/1999 1.6 1
@@ -91,12 +91,6 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8)
-b option you cannot use shell job control to -b option you cannot use shell job control to
manipulate the command. manipulate the command.
-r The -r (_r_e_a_l_m) option is only available if ssssuuuuddddoooo was
configured with KKKKeeeerrrrbbbbeeeerrrroooossss version 5 support. It allows
the user to specify a KKKKeeeerrrrbbbbeeeerrrroooossss realm other than the
system default to use when authenticating the user via
KKKKeeeerrrrbbbbeeeerrrroooossss.
-p The -p (_p_r_o_m_p_t) option allows you to override the -p The -p (_p_r_o_m_p_t) option allows you to override the
default password prompt and use a custom one. If the default password prompt and use a custom one. If the
password prompt contains the %u escape, %u will be password prompt contains the %u escape, %u will be
@@ -124,10 +118,16 @@ RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEES
ssssuuuuddddoooo quits with an exit value of 1 if there is a ssssuuuuddddoooo quits with an exit value of 1 if there is a
configuration/permission problem or if ssssuuuuddddoooo cannot execute configuration/permission problem or if ssssuuuuddddoooo cannot execute
the given command. In the latter case the error string is the given command. In the latter case the error string is
printed to stderr. If ssssuuuuddddoooo cannot _s_t_a_t(2) one or more
entries in the user's PATH an error is printed on stderr.
(If the directory does not exist or if it is not really a
directory, the entry is ignored and no error is printed.)
This should not happen under normal circumstances. The
most common reason for _s_t_a_t(2) to return "permission
11/Oct/1999 1.6 2 12/Oct/1999 1.6 2
@@ -136,12 +136,6 @@ RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEES
SUDO(8) MAINTENANCE COMMANDS SUDO(8) SUDO(8) MAINTENANCE COMMANDS SUDO(8)
printed to stderr. If ssssuuuuddddoooo cannot _s_t_a_t(2) one or more
entries in the user's PATH an error is printed on stderr.
(If the directory does not exist or if it is not really a
directory, the entry is ignored and no error is printed.)
This should not happen under normal circumstances. The
most common reason for _s_t_a_t(2) to return "permission
denied" is if you are running an automounter and one of denied" is if you are running an automounter and one of
the directories in your PATH is on a machine that is the directories in your PATH is on a machine that is
currently unreachable. currently unreachable.
@@ -190,10 +184,16 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE
(root) and permissions (0700) in the system startup files. (root) and permissions (0700) in the system startup files.
ssssuuuuddddoooo will not honor timestamps set far in the future. ssssuuuuddddoooo will not honor timestamps set far in the future.
Timestamps with a date greater than current_time + 2 *
TIMEOUT will be ignored and sudo will log and complain.
This is done to keep a user from creating his/her own
timestamp with a bogus date on system that allow users to
give away files.
11/Oct/1999 1.6 3
12/Oct/1999 1.6 3
@@ -202,12 +202,6 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE
SUDO(8) MAINTENANCE COMMANDS SUDO(8) SUDO(8) MAINTENANCE COMMANDS SUDO(8)
Timestamps with a date greater than current_time + 2 *
TIMEOUT will be ignored and sudo will log and complain.
This is done to keep a user from creating his/her own
timestamp with a bogus date on system that allow users to
give away files.
EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
Note: the following examples assume suitable _s_u_d_o_e_r_s(5) Note: the following examples assume suitable _s_u_d_o_e_r_s(5)
entries. entries.
@@ -255,11 +249,17 @@ EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT
SUDO_PS1 If set, PS1 will be set to its value SUDO_PS1 If set, PS1 will be set to its value
FFFFIIIILLLLEEEESSSS
/etc/sudoers List of who can run what
/var/run/sudo Directory containing timestamps
ssssuuuuddddoooo utilizes the following environment variables:
11/Oct/1999 1.6 4
12/Oct/1999 1.6 4
@@ -268,12 +268,6 @@ EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT
SUDO(8) MAINTENANCE COMMANDS SUDO(8) SUDO(8) MAINTENANCE COMMANDS SUDO(8)
FFFFIIIILLLLEEEESSSS
/etc/sudoers List of who can run what
/var/run/sudo Directory containing timestamps
ssssuuuuddddoooo utilizes the following environment variables:
PATH Set to a sane value if SECURE_PATH is set PATH Set to a sane value if SECURE_PATH is set
SHELL Used to determine shell to run with -s option SHELL Used to determine shell to run with -s option
USER Set to the target user (root unless the -u option USER Set to the target user (root unless the -u option
@@ -322,10 +316,16 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
shell if that user has access to commands allowing shell shell if that user has access to commands allowing shell
escapes. escapes.
If users have sudo ALL there is nothing to prevent them
from creating their own program that gives them a root
shell regardless of any '!' elements in the user
specification.
Running shell scripts via ssssuuuuddddoooo can expose the same kernel
11/Oct/1999 1.6 5 12/Oct/1999 1.6 5
@@ -334,12 +334,6 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
SUDO(8) MAINTENANCE COMMANDS SUDO(8) SUDO(8) MAINTENANCE COMMANDS SUDO(8)
If users have sudo ALL there is nothing to prevent them
from creating their own program that gives them a root
shell regardless of any '!' elements in the user
specification.
Running shell scripts via ssssuuuuddddoooo can expose the same kernel
bugs that make setuid shell scripts unsafe on some bugs that make setuid shell scripts unsafe on some
operating systems (if your OS supports the /dev/fd/ operating systems (if your OS supports the /dev/fd/
directory, setuid shell scripts are generally safe). directory, setuid shell scripts are generally safe).
@@ -391,6 +385,12 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO
11/Oct/1999 1.6 6
12/Oct/1999 1.6 6

7
sudo.html
View File

@@ -39,7 +39,7 @@ sudo - execute a command as another user
<HR> <HR>
<H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1> <H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1>
<P> <P>
<STRONG>sudo</STRONG> <STRONG>-V</STRONG> | <STRONG>-h</STRONG> | <STRONG>-l</STRONG> | <STRONG>-L</STRONG> | <STRONG>-v</STRONG> | <STRONG>-k</STRONG> | <STRONG>-K</STRONG> | <STRONG>-s</STRONG> | <STRONG>-H</STRONG> | [ <STRONG>-b</STRONG> ] | [ <STRONG>-r</STRONG> realm ] | [ <STRONG>-p</STRONG> prompt ] [ <STRONG>-u</STRONG> username/#uid] <EM>command</EM> <STRONG>sudo</STRONG> <STRONG>-V</STRONG> | <STRONG>-h</STRONG> | <STRONG>-l</STRONG> | <STRONG>-L</STRONG> | <STRONG>-v</STRONG> | <STRONG>-k</STRONG> | <STRONG>-K</STRONG> | <STRONG>-s</STRONG> | <STRONG>-H</STRONG> | [ <STRONG>-b</STRONG> ] | [ <STRONG>-p</STRONG> prompt ] [ <STRONG>-u</STRONG> username/#uid] <EM>command</EM>
@@ -117,11 +117,6 @@ password.
The <CODE>-b</CODE> (<EM>background</EM>) option tells <STRONG>sudo</STRONG> to run the given command in the background. Note that if you use the <CODE>-b</CODE> The <CODE>-b</CODE> (<EM>background</EM>) option tells <STRONG>sudo</STRONG> to run the given command in the background. Note that if you use the <CODE>-b</CODE>
option you cannot use shell job control to manipulate the command. option you cannot use shell job control to manipulate the command.
<DT><STRONG><A NAME="item__r">-r</A></STRONG><DD>
<P>
The <CODE>-r</CODE> (<EM>realm</EM>) option is only available if <STRONG>sudo</STRONG> was configured with <STRONG>Kerberos</STRONG> version 5 support. It allows the user to specify a
<STRONG>Kerberos</STRONG> realm other than the system default to use when authenticating the user via <STRONG>Kerberos</STRONG>.
<DT><STRONG><A NAME="item__p">-p</A></STRONG><DD> <DT><STRONG><A NAME="item__p">-p</A></STRONG><DD>
<P> <P>
The <CODE>-p</CODE> (<EM>prompt</EM>) option allows you to override the default password prompt and use a The <CODE>-p</CODE> (<EM>prompt</EM>) option allows you to override the default password prompt and use a

15
sudo.man
View File

@@ -2,8 +2,8 @@
''' $RCSfile$$Revision$$Date$ ''' $RCSfile$$Revision$$Date$
''' '''
''' $Log$ ''' $Log$
''' Revision 1.37 1999/10/12 00:05:39 millert ''' Revision 1.38 1999/10/13 04:18:40 millert
''' document -L flag ''' Remove -r realm option
''' '''
''' '''
.de Sh .de Sh
@@ -96,7 +96,7 @@
.nr % 0 .nr % 0
.rr F .rr F
.\} .\}
.TH SUDO 8 "1.6" "11/Oct/1999" "MAINTENANCE COMMANDS" .TH SUDO 8 "1.6" "12/Oct/1999" "MAINTENANCE COMMANDS"
.UC .UC
.if n .hy 0 .if n .hy 0
.if n .na .if n .na
@@ -194,7 +194,7 @@
sudo \- execute a command as another user sudo \- execute a command as another user
.SH "SYNOPSIS" .SH "SYNOPSIS"
\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \fB\-H\fR | \fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \fB\-H\fR |
[ \fB\-b\fR ] | [ \fB\-r\fR realm ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
.SH "DESCRIPTION" .SH "DESCRIPTION"
\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the \fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
superuser or another user, as specified in the sudoers file. The superuser or another user, as specified in the sudoers file. The
@@ -252,11 +252,6 @@ entirely. This option does not require a password.
The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
command in the background. Note that if you use the \f(CW-b\fR command in the background. Note that if you use the \f(CW-b\fR
option you cannot use shell job control to manipulate the command. option you cannot use shell job control to manipulate the command.
.Ip "-r" 4
The \f(CW-r\fR (\fIrealm\fR) option is only available if \fBsudo\fR was configured
with \fBKerberos\fR version 5 support. It allows the user to specify a
\fBKerberos\fR realm other than the system default to use when authenticating
the user via \fBKerberos\fR.
.Ip "-p" 4 .Ip "-p" 4
The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default
password prompt and use a custom one. If the password prompt password prompt and use a custom one. If the password prompt
@@ -475,8 +470,6 @@ are generally safe).
.IX Item "-b" .IX Item "-b"
.IX Item "-r"
.IX Item "-p" .IX Item "-p"
.IX Item "-u" .IX Item "-u"

9
sudo.pod
View File

@@ -42,7 +42,7 @@ sudo - execute a command as another user
=head1 SYNOPSIS =head1 SYNOPSIS
B<sudo> B<-V> | B<-h> | B<-l> | B<-L> | B<-v> | B<-k> | B<-K> | B<-s> | B<-H> | B<sudo> B<-V> | B<-h> | B<-l> | B<-L> | B<-v> | B<-k> | B<-K> | B<-s> | B<-H> |
[ B<-b> ] | [ B<-r> realm ] | [ B<-p> prompt ] [ B<-u> username/#uid] I<command> [ B<-b> ] | [ B<-p> prompt ] [ B<-u> username/#uid] I<command>
=head1 DESCRIPTION =head1 DESCRIPTION
@@ -123,13 +123,6 @@ The C<-b> (I<background>) option tells B<sudo> to run the given
command in the background. Note that if you use the C<-b> command in the background. Note that if you use the C<-b>
option you cannot use shell job control to manipulate the command. option you cannot use shell job control to manipulate the command.
=item -r
The C<-r> (I<realm>) option is only available if B<sudo> was configured
with B<Kerberos> version 5 support. It allows the user to specify a
B<Kerberos> realm other than the system default to use when authenticating
the user via B<Kerberos>.
=item -p =item -p
The C<-p> (I<prompt>) option allows you to override the default The C<-p> (I<prompt>) option allows you to override the default