isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove -r realm option

Browse Source
This commit is contained in:
Todd C. Miller
1999-10-13 04:18:41 +00:00
parent 3acdd5b02f
commit ea90bc54b4
4 changed files with 43 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
sudo.cat
View File

@@ -9,7 +9,7 @@ NNNNAAAAMMMMEEEE
SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
ssssuuuuddddoooo ----VVVV | ----hhhh | ----llll | ----LLLL | ----vvvv | ----kkkk | ----KKKK | ----ssss | ----HHHH | [ ----bbbb ] |
[ ----rrrr realm ] | [ ----pppp prompt ] [ ----uuuu username/#uid] _c_o_m_m_a_n_d
[ ----pppp prompt ] [ ----uuuu username/#uid] _c_o_m_m_a_n_d
DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
ssssuuuuddddoooo allows a permitted user to execute a _c_o_m_m_a_n_d as the
@@ -61,7 +61,7 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS
11/Oct/1999 1.6 1
12/Oct/1999 1.6 1
@@ -91,12 +91,6 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8)
-b option you cannot use shell job control to
manipulate the command.
-r The -r (_r_e_a_l_m) option is only available if ssssuuuuddddoooo was
configured with KKKKeeeerrrrbbbbeeeerrrroooossss version 5 support. It allows
the user to specify a KKKKeeeerrrrbbbbeeeerrrroooossss realm other than the
system default to use when authenticating the user via
KKKKeeeerrrrbbbbeeeerrrroooossss.
-p The -p (_p_r_o_m_p_t) option allows you to override the
default password prompt and use a custom one. If the
password prompt contains the %u escape, %u will be
@@ -124,10 +118,16 @@ RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEES
ssssuuuuddddoooo quits with an exit value of 1 if there is a
configuration/permission problem or if ssssuuuuddddoooo cannot execute
the given command. In the latter case the error string is
printed to stderr. If ssssuuuuddddoooo cannot _s_t_a_t(2) one or more
entries in the user's PATH an error is printed on stderr.
(If the directory does not exist or if it is not really a
directory, the entry is ignored and no error is printed.)
This should not happen under normal circumstances. The
most common reason for _s_t_a_t(2) to return "permission
11/Oct/1999 1.6 2
12/Oct/1999 1.6 2
@@ -136,12 +136,6 @@ RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEES
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
printed to stderr. If ssssuuuuddddoooo cannot _s_t_a_t(2) one or more
entries in the user's PATH an error is printed on stderr.
(If the directory does not exist or if it is not really a
directory, the entry is ignored and no error is printed.)
This should not happen under normal circumstances. The
most common reason for _s_t_a_t(2) to return "permission
denied" is if you are running an automounter and one of
the directories in your PATH is on a machine that is
currently unreachable.
@@ -190,10 +184,16 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE
(root) and permissions (0700) in the system startup files.
ssssuuuuddddoooo will not honor timestamps set far in the future.
Timestamps with a date greater than current_time + 2 *
TIMEOUT will be ignored and sudo will log and complain.
This is done to keep a user from creating his/her own
timestamp with a bogus date on system that allow users to
give away files.
11/Oct/1999 1.6 3
12/Oct/1999 1.6 3
@@ -202,12 +202,6 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
Timestamps with a date greater than current_time + 2 *
TIMEOUT will be ignored and sudo will log and complain.
This is done to keep a user from creating his/her own
timestamp with a bogus date on system that allow users to
give away files.
EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
Note: the following examples assume suitable _s_u_d_o_e_r_s(5)
entries.
@@ -255,11 +249,17 @@ EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT
SUDO_PS1 If set, PS1 will be set to its value
FFFFIIIILLLLEEEESSSS
/etc/sudoers List of who can run what
/var/run/sudo Directory containing timestamps
ssssuuuuddddoooo utilizes the following environment variables:
11/Oct/1999 1.6 4
12/Oct/1999 1.6 4
@@ -268,12 +268,6 @@ EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
FFFFIIIILLLLEEEESSSS
/etc/sudoers List of who can run what
/var/run/sudo Directory containing timestamps
ssssuuuuddddoooo utilizes the following environment variables:
PATH Set to a sane value if SECURE_PATH is set
SHELL Used to determine shell to run with -s option
USER Set to the target user (root unless the -u option
@@ -322,10 +316,16 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
shell if that user has access to commands allowing shell
escapes.
If users have sudo ALL there is nothing to prevent them
from creating their own program that gives them a root
shell regardless of any '!' elements in the user
specification.
Running shell scripts via ssssuuuuddddoooo can expose the same kernel
11/Oct/1999 1.6 5
12/Oct/1999 1.6 5
@@ -334,12 +334,6 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
If users have sudo ALL there is nothing to prevent them
from creating their own program that gives them a root
shell regardless of any '!' elements in the user
specification.
Running shell scripts via ssssuuuuddddoooo can expose the same kernel
bugs that make setuid shell scripts unsafe on some
operating systems (if your OS supports the /dev/fd/
directory, setuid shell scripts are generally safe).
@@ -391,6 +385,12 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO
11/Oct/1999 1.6 6
12/Oct/1999 1.6 6

7
sudo.html
View File

@@ -39,7 +39,7 @@ sudo - execute a command as another user
<HR>
<H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1>
<P>
<STRONG>sudo</STRONG> <STRONG>-V</STRONG> | <STRONG>-h</STRONG> | <STRONG>-l</STRONG> | <STRONG>-L</STRONG> | <STRONG>-v</STRONG> | <STRONG>-k</STRONG> | <STRONG>-K</STRONG> | <STRONG>-s</STRONG> | <STRONG>-H</STRONG> | [ <STRONG>-b</STRONG> ] | [ <STRONG>-r</STRONG> realm ] | [ <STRONG>-p</STRONG> prompt ] [ <STRONG>-u</STRONG> username/#uid] <EM>command</EM>
<STRONG>sudo</STRONG> <STRONG>-V</STRONG> | <STRONG>-h</STRONG> | <STRONG>-l</STRONG> | <STRONG>-L</STRONG> | <STRONG>-v</STRONG> | <STRONG>-k</STRONG> | <STRONG>-K</STRONG> | <STRONG>-s</STRONG> | <STRONG>-H</STRONG> | [ <STRONG>-b</STRONG> ] | [ <STRONG>-p</STRONG> prompt ] [ <STRONG>-u</STRONG> username/#uid] <EM>command</EM>
@@ -117,11 +117,6 @@ password.
The <CODE>-b</CODE> (<EM>background</EM>) option tells <STRONG>sudo</STRONG> to run the given command in the background. Note that if you use the <CODE>-b</CODE>
option you cannot use shell job control to manipulate the command.
<DT><STRONG><A NAME="item__r">-r</A></STRONG><DD>
<P>
The <CODE>-r</CODE> (<EM>realm</EM>) option is only available if <STRONG>sudo</STRONG> was configured with <STRONG>Kerberos</STRONG> version 5 support. It allows the user to specify a
<STRONG>Kerberos</STRONG> realm other than the system default to use when authenticating the user via <STRONG>Kerberos</STRONG>.
<DT><STRONG><A NAME="item__p">-p</A></STRONG><DD>
<P>
The <CODE>-p</CODE> (<EM>prompt</EM>) option allows you to override the default password prompt and use a

15
sudo.man
View File

@@ -2,8 +2,8 @@
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
''' Revision 1.37 1999/10/12 00:05:39 millert
''' document -L flag
''' Revision 1.38 1999/10/13 04:18:40 millert
''' Remove -r realm option
'''
'''
.de Sh
@@ -96,7 +96,7 @@
.nr % 0
.rr F
.\}
.TH SUDO 8 "1.6" "11/Oct/1999" "MAINTENANCE COMMANDS"
.TH SUDO 8 "1.6" "12/Oct/1999" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.if n .na
@@ -194,7 +194,7 @@
sudo \- execute a command as another user
.SH "SYNOPSIS"
\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \fB\-H\fR |
[ \fB\-b\fR ] | [ \fB\-r\fR realm ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
[ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
.SH "DESCRIPTION"
\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
superuser or another user, as specified in the sudoers file. The
@@ -252,11 +252,6 @@ entirely. This option does not require a password.
The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
command in the background. Note that if you use the \f(CW-b\fR
option you cannot use shell job control to manipulate the command.
.Ip "-r" 4
The \f(CW-r\fR (\fIrealm\fR) option is only available if \fBsudo\fR was configured
with \fBKerberos\fR version 5 support. It allows the user to specify a
\fBKerberos\fR realm other than the system default to use when authenticating
the user via \fBKerberos\fR.
.Ip "-p" 4
The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default
password prompt and use a custom one. If the password prompt
@@ -475,8 +470,6 @@ are generally safe).
.IX Item "-b"
.IX Item "-r"
.IX Item "-p"
.IX Item "-u"

9
sudo.pod
View File

@@ -42,7 +42,7 @@ sudo - execute a command as another user
=head1 SYNOPSIS
B<sudo> B<-V> | B<-h> | B<-l> | B<-L> | B<-v> | B<-k> | B<-K> | B<-s> | B<-H> |
[ B<-b> ] | [ B<-r> realm ] | [ B<-p> prompt ] [ B<-u> username/#uid] I<command>
[ B<-b> ] | [ B<-p> prompt ] [ B<-u> username/#uid] I<command>
=head1 DESCRIPTION
@@ -123,13 +123,6 @@ The C<-b> (I<background>) option tells B<sudo> to run the given
command in the background. Note that if you use the C<-b>
option you cannot use shell job control to manipulate the command.
=item -r
The C<-r> (I<realm>) option is only available if B<sudo> was configured
with B<Kerberos> version 5 support. It allows the user to specify a
B<Kerberos> realm other than the system default to use when authenticating
the user via B<Kerberos>.
=item -p
The C<-p> (I<prompt>) option allows you to override the default