embedaddon/sudo/doc/sudo.cat - diff

Return to sudo.cat CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc

Diff for /embedaddon/sudo/doc/sudo.cat between versions 1.1.1.1 and 1.1.1.5

version 1.1.1.1, 2012/02/21 16:23:02	version 1.1.1.5, 2013/10/14 07:56:34
Line 1	Line 1
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)	SUDO(1m) System Manager's Manual SUDO(1m)



NNAAMMEE	NNAAMMEE
sudo, sudoedit - execute a command as another user	ssuuddoo, ssuuddooeeddiitt - execute a command as another user

SSYYNNOOPPSSIISS	SSYYNNOOPPSSIISS
ssuuddoo [--DD _l_e_v_e_l] --hh \| --KK \| --kk \| --VV	ssuuddoo --hh \| --KK \| --kk \| --VV
	ssuuddoo --vv [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r]
	ssuuddoo --ll [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--UU _u_s_e_r]
	[--uu _u_s_e_r] [_c_o_m_m_a_n_d]
	ssuuddoo [--AAbbEEHHnnPPSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t]
	[--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--uu _u_s_e_r] [VVAARR=_v_a_l_u_e] [--ii \| --ss]
	[_c_o_m_m_a_n_d]
	ssuuddooeeddiitt [--AAkknnSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t]
	[--pp _p_r_o_m_p_t] [--uu _u_s_e_r] file ...

ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e\|_#_g_i_d]
[--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e\|_#_u_i_d]

ssuuddoo --ll[[ll]] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e\|_#_g_i_d]
[--pp _p_r_o_m_p_t] [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e\|_#_u_i_d] [_c_o_m_m_a_n_d]

ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--DD _l_e_v_e_l] [--cc _c_l_a_s_s\|_-]
[--gg _g_r_o_u_p _n_a_m_e\|_#_g_i_d] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e]
[--uu _u_s_e_r _n_a_m_e\|_#_u_i_d] [VVAARR=_v_a_l_u_e] [--ii \| --ss] [_c_o_m_m_a_n_d]

ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s\|_-] [--DD _l_e_v_e_l]
[--gg _g_r_o_u_p _n_a_m_e\|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e\|_#_u_i_d] file ...

DDEESSCCRRIIPPTTIIOONN	DDEESSCCRRIIPPTTIIOONN
ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or	ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or
another user, as specified by the security policy. The real and	another user, as specified by the security policy.
effective uid and gid are set to match those of the target user, as
specified in the password database, and the group vector is initialized
based on the group database (unless the --PP option was specified).

ssuuddoo supports a plugin architecture for security policies and	ssuuddoo supports a plugin architecture for security policies and
input/output logging. Third parties can develop and distribute their	input/output logging. Third parties can develop and distribute their own
own policy and I/O logging modules to work seemlessly with the ssuuddoo	policy and I/O logging plugins to work seamlessly with the ssuuddoo front
front end. The default security policy is _s_u_d_o_e_r_s, which is configured	end. The default security policy is _s_u_d_o_e_r_s, which is configured via the
via the file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP. See the PLUGINS section for	file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP. See the _P_l_u_g_i_n_s section for more
more information.	information.

The security policy determines what privileges, if any, a user has to	The security policy determines what privileges, if any, a user has to run
run ssuuddoo. The policy may require that users authenticate themselves	ssuuddoo. The policy may require that users authenticate themselves with a
with a password or another authentication mechanism. If authentication	password or another authentication mechanism. If authentication is
is required, ssuuddoo will exit if the user's password is not entered	required, ssuuddoo will exit if the user's password is not entered within a
within a configurable time limit. This limit is policy-specific; the	configurable time limit. This limit is policy-specific; the default
default password prompt timeout for the _s_u_d_o_e_r_s security policy is 5	password prompt timeout for the _s_u_d_o_e_r_s security policy is 5 minutes.
minutes.

Security policies may support credential caching to allow the user to	Security policies may support credential caching to allow the user to run
run ssuuddoo again for a period of time without requiring authentication.	ssuuddoo again for a period of time without requiring authentication. The
The _s_u_d_o_e_r_s policy caches credentials for 5 minutes, unless overridden	_s_u_d_o_e_r_s policy caches credentials for 5 minutes, unless overridden in
in _s_u_d_o_e_r_s(4). By running ssuuddoo with the --vv option, a user can update	sudoers(4). By running ssuuddoo with the --vv option, a user can update the
the cached credentials without running a _c_o_m_m_a_n_d.	cached credentials without running a _c_o_m_m_a_n_d.

When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied.	When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied.

Security policies may log successful and failed attempts to use ssuuddoo.	Security policies may log successful and failed attempts to use ssuuddoo. If
If an I/O plugin is configured, the running command's input and output	an I/O plugin is configured, the running command's input and output may
may be logged as well.	be logged as well.

OOPPTTIIOONNSS	The options are as follows:
ssuuddoo accepts the following command line options:

-A Normally, if ssuuddoo requires a password, it will read it from	--AA, ----aasskkppaassss
the user's terminal. If the --AA (_a_s_k_p_a_s_s) option is	Normally, if ssuuddoo requires a password, it will read it from
specified, a (possibly graphical) helper program is	the user's terminal. If the --AA (_a_s_k_p_a_s_s) option is
executed to read the user's password and output the	specified, a (possibly graphical) helper program is executed
password to the standard output. If the SUDO_ASKPASS	to read the user's password and output the password to the
environment variable is set, it specifies the path to the	standard output. If the SUDO_ASKPASS environment variable is
helper program. Otherwise, if _/_e_t_c_/_s_u_d_o_._c_o_n_f contains a	set, it specifies the path to the helper program. Otherwise,
line specifying the askpass program, that value will be	if sudo.conf(4) contains a line specifying the askpass
used. For example:	program, that value will be used. For example:

# Path to askpass helper program	# Path to askpass helper program
Path askpass /usr/X11R6/bin/ssh-askpass	Path askpass /usr/X11R6/bin/ssh-askpass

If no askpass program is available, sudo will exit with an	If no askpass program is available, ssuuddoo will exit with an
error.	error.

-a _t_y_p_e The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the	--aa _t_y_p_e, ----aauutthh--ttyyppee=_t_y_p_e
specified authentication type when validating the user, as	Use the specified BSD authentication _t_y_p_e when validating the
allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system administrator may	user, if allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system
specify a list of sudo-specific authentication methods by	administrator may specify a list of sudo-specific
adding an "auth-sudo" entry in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. This	authentication methods by adding an ``auth-sudo'' entry in
option is only available on systems that support BSD	_/_e_t_c_/_l_o_g_i_n_._c_o_n_f. This option is only available on systems
authentication.	that support BSD authentication.

-b The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given	--bb, ----bbaacckkggrroouunndd
command in the background. Note that if you use the --bb	Run the given command in the background. Note that it is not
option you cannot use shell job control to manipulate the	possible to use shell job control to manipulate background
process. Most interactive commands will fail to work	processes started by ssuuddoo. Most interactive commands will
properly in background mode.	fail to work properly in background mode.

-C _f_d Normally, ssuuddoo will close all open file descriptors other	--CC _n_u_m, ----cclloossee--ffrroomm=_n_u_m
than standard input, standard output and standard error.	Close all file descriptors greater than or equal to _n_u_m
The --CC (_c_l_o_s_e _f_r_o_m) option allows the user to specify a	before executing a command. Values less than three are not
starting point above the standard error (file descriptor	permitted. By default, ssuuddoo will close all open file
three). Values less than three are not permitted. The	descriptors other than standard input, standard output and
security policy may restrict the user's ability to use the	standard error when executing a command. The security policy
--CC option. The _s_u_d_o_e_r_s policy only permits use of the --CC	may restrict the user's ability to use this option. The
option when the administrator has enabled the	_s_u_d_o_e_r_s policy only permits use of the --CC option when the
_c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option.	administrator has enabled the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option.

-c _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified	--cc _c_l_a_s_s, ----llooggiinn--ccllaassss=_c_l_a_s_s
command with resources limited by the specified login	Run the command with resource limits and scheduling priority
class. The _c_l_a_s_s argument can be either a class name as	of the specified login _c_l_a_s_s. The _c_l_a_s_s argument can be
defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single '-' character.	either a class name as defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a
Specifying a _c_l_a_s_s of - indicates that the command should	single `-' character. If _c_l_a_s_s is -, the default login class
be run restricted by the default login capabilities for the	of the target user will be used. Otherwise, the command must
user the command is run as. If the _c_l_a_s_s argument	be run as root, or ssuuddoo must be run from a shell that is
specifies an existing user class, the command must be run	already root. If the command is being run as a login shell,
as root, or the ssuuddoo command must be run from a shell that	additional _/_e_t_c_/_l_o_g_i_n_._c_o_n_f settings, such as the umask and
is already root. This option is only available on systems	environment variables, will be applied if present. This
with BSD login classes.	option is only available on systems with BSD login classes.

-D _l_e_v_e_l Enable debugging of ssuuddoo plugins and ssuuddoo itself. The	--EE, ----pprreesseerrvvee--eennvv
_l_e_v_e_l may be a value from 1 through 9.	Indicates to the security policy that the user wishes to
	preserve their existing environment variables. The security
	policy may return an error if the user does not have
	permission to preserve the environment.

-E The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option indicates to the	--ee, ----eeddiitt Edit one or more files instead of running a command. In lieu
security policy that the user wishes to preserve their	of a path name, the string "sudoedit" is used when consulting
existing environment variables. The security policy may	the security policy. If the user is authorized by the
return an error if the --EE option is specified and the user	policy, the following steps are taken:
does not have permission to preserve the environment.

-e The --ee (_e_d_i_t) option indicates that, instead of running a	1. Temporary copies are made of the files to be edited
command, the user wishes to edit one or more files. In
lieu of a command, the string "sudoedit" is used when
consulting the security policy. If the user is authorized
by the policy, the following steps are taken:

1. Temporary copies are made of the files to be edited
with the owner set to the invoking user.	with the owner set to the invoking user.

2. The editor specified by the policy is run to edit the	2. The editor specified by the policy is run to edit the
temporary files. The _s_u_d_o_e_r_s policy uses the	temporary files. The _s_u_d_o_e_r_s policy uses the
SUDO_EDITOR, VISUAL and EDITOR environment variables	SUDO_EDITOR, VISUAL and EDITOR environment variables
(in that order). If none of SUDO_EDITOR, VISUAL or	(in that order). If none of SUDO_EDITOR, VISUAL or
EDITOR are set, the first program listed in the _e_d_i_t_o_r	EDITOR are set, the first program listed in the _e_d_i_t_o_r
_s_u_d_o_e_r_s(4) option is used.	sudoers(4) option is used.

3. If they have been modified, the temporary files are	3. If they have been modified, the temporary files are
copied back to their original location and the	copied back to their original location and the
temporary versions are removed.	temporary versions are removed.

If the specified file does not exist, it will be created.	If the specified file does not exist, it will be created.
Note that unlike most commands run by ssuuddoo, the editor is	Note that unlike most commands run by _s_u_d_o, the editor is run
run with the invoking user's environment unmodified. If,	with the invoking user's environment unmodified. If, for
for some reason, ssuuddoo is unable to update a file with its	some reason, ssuuddoo is unable to update a file with its edited
edited version, the user will receive a warning and the	version, the user will receive a warning and the edited copy
edited copy will remain in a temporary file.	will remain in a temporary file.

-g _g_r_o_u_p Normally, ssuuddoo runs a command with the primary group set to	--gg _g_r_o_u_p, ----ggrroouupp=_g_r_o_u_p
the one specified by the password database for the user the	Run the command with the primary group set to _g_r_o_u_p instead
command is being run as (by default, root). The --gg (_g_r_o_u_p)	of the primary group specified by the target user's password
option causes ssuuddoo to run the command with the primary	database entry. The _g_r_o_u_p may be either a group name or a
group set to _g_r_o_u_p instead. To specify a _g_i_d instead of a	numeric group ID (GID) prefixed with the `#' character (e.g.
_g_r_o_u_p _n_a_m_e, use _#_g_i_d. When running commands as a _g_i_d, many	#0 for GID 0). When running a command as a GID, many shells
shells require that the '#' be escaped with a backslash	require that the `#' be escaped with a backslash (`\'). If
('\'). If no --uu option is specified, the command will be	no --uu option is specified, the command will be run as the
run as the invoking user (not root). In either case, the	invoking user. In either case, the primary group will be set
primary group will be set to _g_r_o_u_p.	to _g_r_o_u_p.

-H The --HH (_H_O_M_E) option requests that the security policy set	--HH, ----sseett--hhoommee
the HOME environment variable to the home directory of the	Request that the security policy set the HOME environment
target user (root by default) as specified by the password	variable to the home directory specified by the target user's
database. Depending on the policy, this may be the default	password database entry. Depending on the policy, this may
behavior.	be the default behavior.

-h The --hh (_h_e_l_p) option causes ssuuddoo to print a short help	--hh, ----hheellpp Display a short help message to the standard output and exit.
message to the standard output and exit.

-i [command]	--hh _h_o_s_t, ----hhoosstt=_h_o_s_t
The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell	Run the command on the specified _h_o_s_t if the security policy
specified by the password database entry of the target user	plugin supports remote commands. Note that the _s_u_d_o_e_r_s
as a login shell. This means that login-specific resource	plugin does not currently support running remote commands.
files such as .profile or .login will be read by the shell.	This may also be used in conjunction with the --ll option to
If a command is specified, it is passed to the shell for	list a user's privileges for the remote host.
execution via the shell's --cc option. If no command is
specified, an interactive shell is executed. ssuuddoo attempts
to change to that user's home directory before running the
shell. The security policy shall initialize the
environment to a minimal set of variables, similar to what
is present when a user logs in. The _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t
section in the _s_u_d_o_e_r_s(4) manual documents how the --ii
option affects the environment in which a command is run
when the _s_u_d_o_e_r_s policy is in use.

-K The --KK (sure _k_i_l_l) option is like --kk except that it removes	--ii, ----llooggiinn
the user's cached credentials entirely and may not be used	Run the shell specified by the target user's password
in conjunction with a command or other option. This option	database entry as a login shell. This means that login-
does not require a password. Not all security policies	specific resource files such as _._p_r_o_f_i_l_e or _._l_o_g_i_n will be
support credential caching.	read by the shell. If a command is specified, it is passed
	to the shell for execution via the shell's --cc option. If no
	command is specified, an interactive shell is executed. ssuuddoo
	attempts to change to that user's home directory before
	running the shell. The command is run with an environment
	similar to the one a user would receive at log in. The
	_C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t section in the sudoers(4) manual
	documents how the --ii option affects the environment in which
	a command is run when the _s_u_d_o_e_r_s policy is in use.

-k [command]	--KK, ----rreemmoovvee--ttiimmeessttaammpp
When used alone, the --kk (_k_i_l_l) option to ssuuddoo invalidates	Similar to the --kk option, except that it removes the user's
the user's cached credentials. The next time ssuuddoo is run a	cached credentials entirely and may not be used in
password will be required. This option does not require a	conjunction with a command or other option. This option does
password and was added to allow a user to revoke ssuuddoo	not require a password. Not all security policies support
permissions from a .logout file. Not all security policies	credential caching.
support credential caching.

When used in conjunction with a command or an option that	--kk, ----rreesseett--ttiimmeessttaammpp
may require a password, the --kk option will cause ssuuddoo to	When used without a command, invalidates the user's cached
ignore the user's cached credentials. As a result, ssuuddoo	credentials. In other words, the next time ssuuddoo is run a
will prompt for a password (if one is required by the	password will be required. This option does not require a
security policy) and will not update the user's cached	password and was added to allow a user to revoke ssuuddoo
credentials.	permissions from a _._l_o_g_o_u_t file.

-l[l] [_c_o_m_m_a_n_d]	When used in conjunction with a command or an option that may
If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list	require a password, this option will cause ssuuddoo to ignore the
the allowed (and forbidden) commands for the invoking user	user's cached credentials. As a result, ssuuddoo will prompt for
(or the user specified by the --UU option) on the current	a password (if one is required by the security policy) and
host. If a _c_o_m_m_a_n_d is specified and is permitted by the	will not update the user's cached credentials.
security policy, the fully-qualified path to the command is
displayed along with any command line arguments. If
_c_o_m_m_a_n_d is specified but not allowed, ssuuddoo will exit with a
status value of 1. If the --ll option is specified with an ll
argument (i.e. --llll), or if --ll is specified multiple times,
a longer list format is used.

-n The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from	Not all security policies support credential caching.
prompting the user for a password. If a password is
required for the command to run, ssuuddoo will display an error
messages and exit.

-P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to	--ll, ----lliisstt If no _c_o_m_m_a_n_d is specified, list the allowed (and forbidden)
preserve the invoking user's group vector unaltered. By	commands for the invoking user (or the user specified by the
default, the _s_u_d_o_e_r_s policy will initialize the group	--UU option) on the current host. A longer list format is used
vector to the list of groups the target user is in. The	if this option is specified multiple times and the security
real and effective group IDs, however, are still set to	policy supports a verbose output format.
match the target user.

-p _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default	If a _c_o_m_m_a_n_d is specified and is permitted by the security
password prompt and use a custom one. The following	policy, the fully-qualified path to the command is displayed
percent (`%') escapes are supported by the _s_u_d_o_e_r_s policy:	along with any command line arguments. If _c_o_m_m_a_n_d is
	specified but not allowed, ssuuddoo will exit with a status value
	of 1.

%H expanded to the host name including the domain name (on	--nn, ----nnoonn--iinntteerraaccttiivvee
if the machine's host name is fully qualified or the	Avoid prompting the user for input of any kind. If a
_f_q_d_n option is set in _s_u_d_o_e_r_s(4))	password is required for the command to run, ssuuddoo will
	display an error message and exit.

%h expanded to the local host name without the domain name	--PP, ----pprreesseerrvvee--ggrroouuppss
	Preserve the invoking user's group vector unaltered. By
	default, the _s_u_d_o_e_r_s policy will initialize the group vector
	to the list of groups the target user is a member of. The
	real and effective group IDs, however, are still set to match
	the target user.

%p expanded to the name of the user whose password is	--pp _p_r_o_m_p_t, ----pprroommpptt=_p_r_o_m_p_t
being requested (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and	Use a custom password prompt with optional escape sequences.
_r_u_n_a_s_p_w flags in _s_u_d_o_e_r_s(4))	The following percent (`%') escape sequences are supported by
	the _s_u_d_o_e_r_s policy:

%U expanded to the login name of the user the command will	%H expanded to the host name including the domain name (on
be run as (defaults to root unless the -u option is	if the machine's host name is fully qualified or the _f_q_d_n
also specified)	option is set in sudoers(4))

%u expanded to the invoking user's login name	%h expanded to the local host name without the domain name

%% two consecutive % characters are collapsed into a	%p expanded to the name of the user whose password is being
single % character	requested (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w, and _r_u_n_a_s_p_w
	flags in sudoers(4))

The prompt specified by the --pp option will override the	%U expanded to the login name of the user the command will
system password prompt on systems that support PAM unless	be run as (defaults to root unless the --uu option is also
the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s.	specified)

-r _r_o_l_e The --rr (_r_o_l_e) option causes the new (SELinux) security	%u expanded to the invoking user's login name
context to have the role specified by _r_o_l_e.

-S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from	%% two consecutive `%' characters are collapsed into a
the standard input instead of the terminal device. The	single `%' character
password must be followed by a newline character.

-s [command]	The custom prompt will override the system password prompt on
The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L	systems that support PAM unless the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag
environment variable if it is set or the shell as specified	is disabled in _s_u_d_o_e_r_s.
in the password database. If a command is specified, it is
passed to the shell for execution via the shell's --cc
option. If no command is specified, an interactive shell
is executed.

-t _t_y_p_e The --tt (_t_y_p_e) option causes the new (SELinux) security	--rr _r_o_l_e, ----rroollee=_r_o_l_e
context to have the type specified by _t_y_p_e. If no type is	Run the command with an SELinux security context that
specified, the default type is derived from the specified	includes the specified _r_o_l_e.
role.

-U _u_s_e_r The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the	--SS, ----ssttddiinn
--ll option to specify the user whose privileges should be	Write the prompt to the standard error and read the password
listed. The security policy may restrict listing other	from the standard input instead of using the terminal device.
users' privileges. The _s_u_d_o_e_r_s policy only allows root or	The password must be followed by a newline character.
a user with the ALL privilege on the current host to use
this option.

-u _u_s_e_r The --uu (_u_s_e_r) option causes ssuuddoo to run the specified	--ss, ----sshheellll
command as a user other than _r_o_o_t. To specify a _u_i_d	Run the shell specified by the SHELL environment variable if
instead of a _u_s_e_r _n_a_m_e, use _#_u_i_d. When running commands as	it is set or the shell specified by the invoking user's
a _u_i_d, many shells require that the '#' be escaped with a	password database entry. If a command is specified, it is
backslash ('\'). Security policies may restrict _u_i_ds to	passed to the shell for execution via the shell's --cc option.
those listed in the password database. The _s_u_d_o_e_r_s policy	If no command is specified, an interactive shell is executed.
allows _u_i_ds that are not in the password database as long
as the _t_a_r_g_e_t_p_w option is not set. Other security policies
may not support this.

-V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print its version	--tt _t_y_p_e, ----ttyyppee=_t_y_p_e
string and the version string of the security policy plugin	Run the command with an SELinux security context that
and any I/O plugins. If the invoking user is already root	includes the specified _t_y_p_e. If no _t_y_p_e is specified, the
the --VV option will display the arguments passed to	default type is derived from the role.
configure when _s_u_d_o was built and plugins may display more
verbose information such as default options.

-v When given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the	--UU _u_s_e_r, ----ootthheerr--uusseerr=_u_s_e_r
user's cached credentials, authenticating the user's	Used in conjunction with the --ll option to list the privileges
password if necessary. For the _s_u_d_o_e_r_s plugin, this	for _u_s_e_r instead of for the invoking user. The security
extends the ssuuddoo timeout for another 5 minutes (or whatever	policy may restrict listing other users' privileges. The
the timeout is set to in _s_u_d_o_e_r_s) but does not run a	_s_u_d_o_e_r_s policy only allows root or a user with the ALL
command. Not all security policies support cached	privilege on the current host to use this option.
credentials.

-- The ---- option indicates that ssuuddoo should stop processing	--uu _u_s_e_r, ----uusseerr=_u_s_e_r
command line arguments.	Run the command as a user other than the default target user
	(usually _r_o_o_t _)_. The _u_s_e_r may be either a user name or a
	numeric user ID (UID) prefixed with the `#' character (e.g.
	#0 for UID 0). When running commands as a UID, many shells
	require that the `#' be escaped with a backslash (`\'). Some
	security policies may restrict UIDs to those listed in the
	password database. The _s_u_d_o_e_r_s policy allows UIDs that are
	not in the password database as long as the _t_a_r_g_e_t_p_w option
	is not set. Other security policies may not support this.

Environment variables to be set for the command may also be passed on	--VV, ----vveerrssiioonn
the command line in the form of VVAARR=_v_a_l_u_e, e.g.	Print the ssuuddoo version string as well as the version string
LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b. Variables passed on the command	of the security policy plugin and any I/O plugins. If the
line are subject to the same restrictions as normal environment	invoking user is already root the --VV option will display the
variables with one important exception. If the _s_e_t_e_n_v option is set in	arguments passed to configure when ssuuddoo was built and plugins
_s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command	may display more verbose information such as default options.
matched is ALL, the user may set variables that would overwise be
forbidden. See _s_u_d_o_e_r_s(4) for more information.

PPLLUUGGIINNSS	--vv, ----vvaalliiddaattee
Plugins are dynamically loaded based on the contents of the	Update the user's cached credentials, authenticating the user
_/_e_t_c_/_s_u_d_o_._c_o_n_f file. If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, or it	if necessary. For the _s_u_d_o_e_r_s plugin, this extends the ssuuddoo
contains no Plugin lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s	timeout for another 5 minutes by default, but does not run a
security policy and I/O logging, which corresponds to the following	command. Not all security policies support cached
_/_e_t_c_/_s_u_d_o_._c_o_n_f file.	credentials.

#	---- The ---- option indicates that ssuuddoo should stop processing
# Default /etc/sudo.conf file	command line arguments.
#
# Format:
# Plugin plugin_name plugin_path
# Path askpass /path/to/askpass
# Path noexec /path/to/noexec.so
#
# The plugin_path is relative to /usr/local/libexec unless
# fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
# that contains the plugin interface structure.
#
Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so

A Plugin line consists of the Plugin keyword, followed by the	Environment variables to be set for the command may also be passed on the
_s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin.	command line in the form of VVAARR=_v_a_l_u_e, e.g.
The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct	LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b. Variables passed on the command line
io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified	are subject to restrictions imposed by the security policy plugin. The
or relative. If not fully qualified it is relative to the	_s_u_d_o_e_r_s policy subjects variables passed on the command line to the same
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any additional parameters after the _p_a_t_h	restrictions as normal environment variables with one important
are ignored. Lines that don't begin with Plugin or Path are silently	exception. If the _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s, the command to be run
ignored	has the SETENV tag set or the command matched is ALL, the user may set
	variables that would otherwise be forbidden. See sudoers(4) for more
	information.

For more information, see the _s_u_d_o___p_l_u_g_i_n(1m) manual.	CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
	When ssuuddoo executes a command, the security policy specifies the execution
	environment for the command. Typically, the real and effective user and
	group and IDs are set to match those of the target user, as specified in
	the password database, and the group vector is initialized based on the
	group database (unless the --PP option was specified).

PPAATTHHSS	The following parameters may be specified by security policy:
A Path line consists of the Path keyword, followed by the name of the
path to set and its value. E.g.

Path noexec /usr/local/libexec/sudo_noexec.so	oo real and effective user ID
Path askpass /usr/X11R6/bin/ssh-askpass

The following plugin-agnostic paths may be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f	oo real and effective group ID
file.

askpass The fully qualified path to a helper program used to	oo supplementary group IDs
read the user's password when no terminal is available.
This may be the case when ssuuddoo is executed from a
graphical (as opposed to text-based) application. The
program specified by _a_s_k_p_a_s_s should display the
argument passed to it as the prompt and write the
user's password to the standard output. The value of
_a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS
environment variable.

noexec The fully-qualified path to a shared library containing	oo the environment list
dummy versions of the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and _f_e_x_e_c_v_e_(_)
library functions that just return an error. This is
used to implement the _n_o_e_x_e_c functionality on systems
that support LD_PRELOAD or its equivalent. Defaults to
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o.

RREETTUURRNN VVAALLUUEESS	oo current working directory
Upon successful execution of a program, the exit status from ssuuddoo will
simply be the exit status of the program that was executed.

Otherwise, ssuuddoo exits with a value of 1 if there is a	oo file creation mode mask (umask)
configuration/permission problem or if ssuuddoo cannot execute the given
command. In the latter case the error string is printed to the
standard error. If ssuuddoo cannot _s_t_a_t(2) one or more entries in the
user's PATH, an error is printed on stderr. (If the directory does not
exist or if it is not really a directory, the entry is ignored and no
error is printed.) This should not happen under normal circumstances.
The most common reason for _s_t_a_t(2) to return "permission denied" is if
you are running an automounter and one of the directories in your PATH
is on a machine that is currently unreachable.

	oo SELinux role and type

	oo Solaris project

	oo Solaris privileges

	oo BSD login class

	oo scheduling priority (aka nice value)

	PPrroocceessss mmooddeell
	When ssuuddoo runs a command, it calls fork(2), sets up the execution
	environment as described above, and calls the execve system call in the
	child process. The main ssuuddoo process waits until the command has
	completed, then passes the command's exit status to the security policy's
	close function and exits. If an I/O logging plugin is configured or if
	the security policy explicitly requests it, a new pseudo-terminal
	(``pty'') is created and a second ssuuddoo process is used to relay job
	control signals between the user's existing pty and the new pty the
	command is being run in. This extra process makes it possible to, for
	example, suspend and resume the command. Without it, the command would
	be in what POSIX terms an ``orphaned process group'' and it would not
	receive any job control signals. As a special case, if the policy plugin
	does not define a close function and no pty is required, ssuuddoo will
	execute the command directly instead of calling fork(2) first. The
	_s_u_d_o_e_r_s policy plugin will only define a close function when I/O logging
	is enabled, a pty is required, or the _p_a_m___s_e_s_s_i_o_n or _p_a_m___s_e_t_c_r_e_d options
	are enabled. Note that _p_a_m___s_e_s_s_i_o_n and _p_a_m___s_e_t_c_r_e_d are enabled by
	default on systems using PAM.

	SSiiggnnaall hhaannddlliinngg
	When the command is run as a child of the ssuuddoo process, ssuuddoo will relay
	signals it receives to the command. Unless the command is being run in a
	new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed unless
	they are sent by a user process, not the kernel. Otherwise, the command
	would receive SIGINT twice every time the user entered control-C. Some
	signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will not
	be relayed to the command. As a general rule, SIGTSTP should be used
	instead of SIGSTOP when you wish to suspend a command being run by ssuuddoo.

	As a special case, ssuuddoo will not relay signals that were sent by the
	command it is running. This prevents the command from accidentally
	killing itself. On some systems, the reboot(1m) command sends SIGTERM to
	all non-system processes other than itself before rebooting the system.
	This prevents ssuuddoo from relaying the SIGTERM signal it received back to
	reboot(1m), which might then exit before the system was actually rebooted,
	leaving it in a half-dead state similar to single user mode. Note,
	however, that this check only applies to the command run by ssuuddoo and not
	any other processes that the command may create. As a result, running a
	script that calls reboot(1m) or shutdown(1m) via ssuuddoo may cause the system
	to end up in this undefined state unless the reboot(1m) or shutdown(1m) are
	run using the eexxeecc() family of functions instead of ssyysstteemm() (which
	interposes a shell between the command and the calling process).

	If no I/O logging plugins are loaded and the policy plugin has not
	defined a cclloossee() function, set a command timeout or required that the
	command be run in a new pty, ssuuddoo may execute the command directly
	instead of running it as a child process.

	PPlluuggiinnss
	Plugins are dynamically loaded based on the contents of the sudo.conf(4)
	file. If no sudo.conf(4) file is present, or it contains no Plugin
	lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s security policy and I/O
	logging. See the sudo.conf(4) manual for details of the _/_e_t_c_/_s_u_d_o_._c_o_n_f
	file and the sudo_plugin(1m) manual for more information about the ssuuddoo
	plugin architecture.

	EEXXIITT VVAALLUUEE
	Upon successful execution of a program, the exit status from _s_u_d_o will
	simply be the exit status of the program that was executed.

	Otherwise, ssuuddoo exits with a value of 1 if there is a
	configuration/permission problem or if ssuuddoo cannot execute the given
	command. In the latter case the error string is printed to the standard
	error. If ssuuddoo cannot stat(2) one or more entries in the user's PATH, an
	error is printed on stderr. (If the directory does not exist or if it is
	not really a directory, the entry is ignored and no error is printed.)
	This should not happen under normal circumstances. The most common
	reason for stat(2) to return ``permission denied'' is if you are running
	an automounter and one of the directories in your PATH is on a machine
	that is currently unreachable.

SSEECCUURRIITTYY NNOOTTEESS	SSEECCUURRIITTYY NNOOTTEESS
ssuuddoo tries to be safe when executing external commands.	ssuuddoo tries to be safe when executing external commands.

To prevent command spoofing, ssuuddoo checks "." and "" (both denoting	To prevent command spoofing, ssuuddoo checks "." and "" (both denoting
current directory) last when searching for a command in the user's PATH	current directory) last when searching for a command in the user's PATH
(if one or both are in the PATH). Note, however, that the actual PATH	(if one or both are in the PATH). Note, however, that the actual PATH
environment variable is _n_o_t modified and is passed unchanged to the	environment variable is _n_o_t modified and is passed unchanged to the
program that ssuuddoo executes.	program that ssuuddoo executes.

Please note that ssuuddoo will normally only log the command it explicitly	Please note that ssuuddoo will normally only log the command it explicitly
runs. If a user runs a command such as sudo su or sudo sh, subsequent	runs. If a user runs a command such as sudo su or sudo sh, subsequent
commands run from that shell are not subject to ssuuddoo's security policy.	commands run from that shell are not subject to ssuuddoo's security policy.
The same is true for commands that offer shell escapes (including most	The same is true for commands that offer shell escapes (including most
editors). If I/O logging is enabled, subsequent commands will have	editors). If I/O logging is enabled, subsequent commands will have their
their input and/or output logged, but there will not be traditional	input and/or output logged, but there will not be traditional logs for
logs for those commands. Because of this, care must be taken when	those commands. Because of this, care must be taken when giving users
giving users access to commands via ssuuddoo to verify that the command	access to commands via ssuuddoo to verify that the command does not
does not inadvertently give the user an effective root shell. For more	inadvertently give the user an effective root shell. For more
information, please see the PREVENTING SHELL ESCAPES section in	information, please see the _P_R_E_V_E_N_T_I_N_G _S_H_E_L_L _E_S_C_A_P_E_S section in
_s_u_d_o_e_r_s(4).	sudoers(4).

	To prevent the disclosure of potentially sensitive information, ssuuddoo
	disables core dumps by default while it is executing (they are re-enabled
	for the command that is run). To aid in debugging ssuuddoo crashes, you may
	wish to re-enable core dumps by setting ``disable_coredump'' to false in
	the sudo.conf(4) file as follows:

	Set disable_coredump false

	See the sudo.conf(4) manual for more information.

EENNVVIIRROONNMMEENNTT	EENNVVIIRROONNMMEENNTT
ssuuddoo utilizes the following environment variables. The security policy	ssuuddoo utilizes the following environment variables. The security policy
has control over the content of the command's environment.	has control over the actual content of the command's environment.

EDITOR Default editor to use in --ee (sudoedit) mode if neither	EDITOR Default editor to use in --ee (sudoedit) mode if neither
SUDO_EDITOR nor VISUAL is set	SUDO_EDITOR nor VISUAL is set.

MAIL In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set	MAIL In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set
to the mail spool of the target user	to the mail spool of the target user.

HOME Set to the home directory of the target user if --ii or	HOME Set to the home directory of the target user if --ii or --HH
--HH are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set	are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set in
in _s_u_d_o_e_r_s, or when the --ss option is specified and	_s_u_d_o_e_r_s, or when the --ss option is specified and _s_e_t___h_o_m_e
_s_e_t___h_o_m_e is set in _s_u_d_o_e_r_s	is set in _s_u_d_o_e_r_s.

PATH May be overridden by the security policy.	PATH May be overridden by the security policy.

SHELL Used to determine shell to run with -s option	SHELL Used to determine shell to run with --ss option.

SUDO_ASKPASS Specifies the path to a helper program used to read the	SUDO_ASKPASS Specifies the path to a helper program used to read the
password if no terminal is available or if the -A	password if no terminal is available or if the --AA option
option is specified.	is specified.

SUDO_COMMAND Set to the command run by sudo	SUDO_COMMAND Set to the command run by sudo.

SUDO_EDITOR Default editor to use in --ee (sudoedit) mode	SUDO_EDITOR Default editor to use in --ee (sudoedit) mode.

SUDO_GID Set to the group ID of the user who invoked sudo	SUDO_GID Set to the group ID of the user who invoked sudo.

SUDO_PROMPT Used as the default password prompt	SUDO_PROMPT Used as the default password prompt.

SUDO_PS1 If set, PS1 will be set to its value for the program	SUDO_PS1 If set, PS1 will be set to its value for the program
being run	being run.

SUDO_UID Set to the user ID of the user who invoked sudo	SUDO_UID Set to the user ID of the user who invoked sudo.

SUDO_USER Set to the login of the user who invoked sudo	SUDO_USER Set to the login name of the user who invoked sudo.

USER Set to the target user (root unless the --uu option is	USER Set to the target user (root unless the --uu option is
specified)	specified).

VISUAL Default editor to use in --ee (sudoedit) mode if	VISUAL Default editor to use in --ee (sudoedit) mode if
SUDO_EDITOR is not set	SUDO_EDITOR is not set.

FFIILLEESS	FFIILLEESS
_/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo plugin and path configuration	_/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo front end configuration

EEXXAAMMPPLLEESS	EEXXAAMMPPLLEESS
Note: the following examples assume a properly configured security	Note: the following examples assume a properly configured security
policy.	policy.

To get a file listing of an unreadable directory:	To get a file listing of an unreadable directory:

$ sudo ls /usr/local/protected	$ sudo ls /usr/local/protected

To list the home directory of user yaz on a machine where the file	To list the home directory of user yaz on a machine where the file system
system holding ~yaz is not exported as root:	holding ~yaz is not exported as root:

$ sudo -u yaz ls ~yaz	$ sudo -u yaz ls ~yaz

To edit the _i_n_d_e_x_._h_t_m_l file as user www:	To edit the _i_n_d_e_x_._h_t_m_l file as user www:

$ sudo -u www vi ~www/htdocs/index.html	$ sudo -u www vi ~www/htdocs/index.html

To view system logs only accessible to root and users in the adm group:	To view system logs only accessible to root and users in the adm group:

$ sudo -g adm view /var/log/syslog	$ sudo -g adm view /var/log/syslog

To run an editor as jim with a different primary group:	To run an editor as jim with a different primary group:

$ sudo -u jim -g audio vi ~jim/sound.txt	$ sudo -u jim -g audio vi ~jim/sound.txt

To shutdown a machine:	To shut down a machine:

$ sudo shutdown -r +15 "quick reboot"	$ sudo shutdown -r +15 "quick reboot"

To make a usage listing of the directories in the /home partition.	To make a usage listing of the directories in the /home partition. Note
Note that this runs the commands in a sub-shell to make the cd and file	that this runs the commands in a sub-shell to make the cd and file
redirection work.	redirection work.

$ sudo sh -c "cd /home ; du -s * \| sort -rn > USAGE"	$ sudo sh -c "cd /home ; du -s * \| sort -rn > USAGE"

SSEEEE AALLSSOO	SSEEEE AALLSSOO
_g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(4),	su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudoers(4),
_s_u_d_o___p_l_u_g_i_n(1m), _s_u_d_o_r_e_p_l_a_y(1m), _v_i_s_u_d_o(1m)	sudo_plugin(1m), sudoreplay(1m), visudo(1m)

	HHIISSTTOORRYY
	See the HISTORY file in the ssuuddoo distribution
	(http://www.sudo.ws/sudo/history.html) for a brief history of sudo.

AAUUTTHHOORRSS	AAUUTTHHOORRSS
Many people have worked on ssuuddoo over the years; this version consists	Many people have worked on ssuuddoo over the years; this version consists of
of code written primarily by:	code written primarily by:

Todd C. Miller	Todd C. Miller

See the HISTORY file in the ssuuddoo distribution or visit	See the CONTRIBUTORS file in the ssuuddoo distribution
http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo.	(http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
	people who have contributed to ssuuddoo.

CCAAVVEEAATTSS	CCAAVVEEAATTSS
There is no easy way to prevent a user from gaining a root shell if	There is no easy way to prevent a user from gaining a root shell if that
that user is allowed to run arbitrary commands via ssuuddoo. Also, many	user is allowed to run arbitrary commands via ssuuddoo. Also, many programs
programs (such as editors) allow the user to run commands via shell	(such as editors) allow the user to run commands via shell escapes, thus
escapes, thus avoiding ssuuddoo's checks. However, on most systems it is	avoiding ssuuddoo's checks. However, on most systems it is possible to
possible to prevent shell escapes with the _s_u_d_o_e_r_s(4) module's _n_o_e_x_e_c	prevent shell escapes with the sudoers(4) plugin's _n_o_e_x_e_c functionality.
functionality.

It is not meaningful to run the cd command directly via sudo, e.g.,	It is not meaningful to run the cd command directly via sudo, e.g.,

$ sudo cd /usr/local/protected	$ sudo cd /usr/local/protected

since when the command exits the parent process (your shell) will still	since when the command exits the parent process (your shell) will still
be the same. Please see the EXAMPLES section for more information.	be the same. Please see the _E_X_A_M_P_L_E_S section for more information.

Running shell scripts via ssuuddoo can expose the same kernel bugs that	Running shell scripts via ssuuddoo can expose the same kernel bugs that make
make setuid shell scripts unsafe on some operating systems (if your OS	setuid shell scripts unsafe on some operating systems (if your OS has a
has a /dev/fd/ directory, setuid shell scripts are generally safe).	/dev/fd/ directory, setuid shell scripts are generally safe).

BBUUGGSS	BBUUGGSS
If you feel you have found a bug in ssuuddoo, please submit a bug report at	If you feel you have found a bug in ssuuddoo, please submit a bug report at
http://www.sudo.ws/sudo/bugs/	http://www.sudo.ws/sudo/bugs/

SSUUPPPPOORRTT	SSUUPPPPOORRTT
Limited free support is available via the sudo-users mailing list, see	Limited free support is available via the sudo-users mailing list, see
http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search	http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
the archives.	archives.

DDIISSCCLLAAIIMMEERR	DDIISSCCLLAAIIMMEERR
ssuuddoo is provided ``AS IS'' and any express or implied warranties,	ssuuddoo is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of	including, but not limited to, the implied warranties of merchantability
merchantability and fitness for a particular purpose are disclaimed.	and fitness for a particular purpose are disclaimed. See the LICENSE
See the LICENSE file distributed with ssuuddoo or	file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
http://www.sudo.ws/sudo/license.html for complete details.	complete details.

	Sudo 1.8.8 August 14, 2013 Sudo 1.8.8

1.8.3 September 16, 2011 SUDO(1m)

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1.1.1
changed lines
	Added in v.1.1.1.5