|
version 1.1.1.3, 2012/10/09 09:29:52
|
version 1.1.1.5, 2013/10/14 07:56:34
|
|
Line 5 N�NA�AM�ME�E
|
Line 5 N�NA�AM�ME�E
|
| |
|
| S�SY�YN�NO�OP�PS�SI�IS�S |
S�SY�YN�NO�OP�PS�SI�IS�S |
| s�su�ud�do�o -�-h�h | -�-K�K | -�-k�k | -�-V�V |
s�su�ud�do�o -�-h�h | -�-K�K | -�-k�k | -�-V�V |
| s�su�ud�do�o -�-v�v [-�-A�Ak�kn�nS�S] [-�-a�a _�a_�u_�t_�h_�__�t_�y_�p_�e] [-�-g�g _�g_�r_�o_�u_�p _�n_�a_�m_�e | _�#_�g_�i_�d] [-�-p�p _�p_�r_�o_�m_�p_�t] | s�su�ud�do�o -�-v�v [-�-A�Ak�kn�nS�S] [-�-a�a _�t_�y_�p_�e] [-�-g�g _�g_�r_�o_�u_�p] [-�-h�h _�h_�o_�s_�t] [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-u�u _�u_�s_�e_�r] |
| [-�-u�u _�u_�s_�e_�r _�n_�a_�m_�e | _�#_�u_�i_�d] | s�su�ud�do�o -�-l�l [-�-A�Ak�kn�nS�S] [-�-a�a _�t_�y_�p_�e] [-�-g�g _�g_�r_�o_�u_�p] [-�-h�h _�h_�o_�s_�t] [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-U�U _�u_�s_�e_�r] |
| s�su�ud�do�o -�-l�l[_�l] [-�-A�Ak�kn�nS�S] [-�-a�a _�a_�u_�t_�h_�__�t_�y_�p_�e] [-�-g�g _�g_�r_�o_�u_�p _�n_�a_�m_�e | _�#_�g_�i_�d] [-�-p�p _�p_�r_�o_�m_�p_�t] | [-�-u�u _�u_�s_�e_�r] [_�c_�o_�m_�m_�a_�n_�d] |
| [-�-U�U _�u_�s_�e_�r _�n_�a_�m_�e] [-�-u�u _�u_�s_�e_�r _�n_�a_�m_�e | _�#_�u_�i_�d] [_�c_�o_�m_�m_�a_�n_�d] | s�su�ud�do�o [-�-A�Ab�bE�EH�Hn�nP�PS�S] [-�-a�a _�t_�y_�p_�e] [-�-C�C _�n_�u_�m] [-�-c�c _�c_�l_�a_�s_�s] [-�-g�g _�g_�r_�o_�u_�p] [-�-h�h _�h_�o_�s_�t] |
| s�su�ud�do�o [-�-A�Ab�bE�EH�Hn�nP�PS�S] [-�-a�a _�a_�u_�t_�h_�__�t_�y_�p_�e] [-�-C�C _�f_�d] [-�-c�c _�c_�l_�a_�s_�s | _�-] | [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-r�r _�r_�o_�l_�e] [-�-t�t _�t_�y_�p_�e] [-�-u�u _�u_�s_�e_�r] [V�VA�AR�R=_�v_�a_�l_�u_�e] [-�-i�i | -�-s�s] |
| [-�-g�g _�g_�r_�o_�u_�p _�n_�a_�m_�e | _�#_�g_�i_�d] [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-r�r _�r_�o_�l_�e] [-�-t�t _�t_�y_�p_�e] | [_�c_�o_�m_�m_�a_�n_�d] |
| [-�-u�u _�u_�s_�e_�r _�n_�a_�m_�e | _�#_�u_�i_�d] [V�VA�AR�R=_�v_�a_�l_�u_�e] -�-i�i | -�-s�s [_�c_�o_�m_�m_�a_�n_�d] | s�su�ud�do�oe�ed�di�it�t [-�-A�Ak�kn�nS�S] [-�-a�a _�t_�y_�p_�e] [-�-C�C _�n_�u_�m] [-�-c�c _�c_�l_�a_�s_�s] [-�-g�g _�g_�r_�o_�u_�p] [-�-h�h _�h_�o_�s_�t] |
| s�su�ud�do�oe�ed�di�it�t [-�-A�An�nS�S] [-�-a�a _�a_�u_�t_�h_�__�t_�y_�p_�e] [-�-C�C _�f_�d] [-�-c�c _�c_�l_�a_�s_�s | _�-] | [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-u�u _�u_�s_�e_�r] file ... |
| [-�-g�g _�g_�r_�o_�u_�p _�n_�a_�m_�e | _�#_�g_�i_�d] [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-u�u _�u_�s_�e_�r _�n_�a_�m_�e | _�#_�u_�i_�d] file | |
| ... | |
| |
|
| D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N |
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N |
| s�su�ud�do�o allows a permitted user to execute a _�c_�o_�m_�m_�a_�n_�d as the superuser or |
s�su�ud�do�o allows a permitted user to execute a _�c_�o_�m_�m_�a_�n_�d as the superuser or |
|
Line 24 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
Line 22 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
| input/output logging. Third parties can develop and distribute their own |
input/output logging. Third parties can develop and distribute their own |
| policy and I/O logging plugins to work seamlessly with the s�su�ud�do�o front |
policy and I/O logging plugins to work seamlessly with the s�su�ud�do�o front |
| end. The default security policy is _�s_�u_�d_�o_�e_�r_�s, which is configured via the |
end. The default security policy is _�s_�u_�d_�o_�e_�r_�s, which is configured via the |
| file _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s, or via LDAP. See the _�P_�L_�U_�G_�I_�N_�S section for more | file _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s, or via LDAP. See the _�P_�l_�u_�g_�i_�n_�s section for more |
| information. |
information. |
| |
|
| The security policy determines what privileges, if any, a user has to run |
The security policy determines what privileges, if any, a user has to run |
|
Line 48 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
Line 46 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
| |
|
| The options are as follows: |
The options are as follows: |
| |
|
| -�-A�A Normally, if s�su�ud�do�o requires a password, it will read it from | -�-A�A, -�--�-a�as�sk�kp�pa�as�ss�s |
| | Normally, if s�su�ud�do�o requires a password, it will read it from |
| the user's terminal. If the -�-A�A (_�a_�s_�k_�p_�a_�s_�s) option is |
the user's terminal. If the -�-A�A (_�a_�s_�k_�p_�a_�s_�s) option is |
| specified, a (possibly graphical) helper program is executed |
specified, a (possibly graphical) helper program is executed |
| to read the user's password and output the password to the |
to read the user's password and output the password to the |
| standard output. If the SUDO_ASKPASS environment variable is |
standard output. If the SUDO_ASKPASS environment variable is |
| set, it specifies the path to the helper program. Otherwise, |
set, it specifies the path to the helper program. Otherwise, |
| if _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f contains a line specifying the askpass | if sudo.conf(4) contains a line specifying the askpass |
| program, that value will be used. For example: |
program, that value will be used. For example: |
| |
|
| # Path to askpass helper program |
# Path to askpass helper program |
|
Line 63 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
Line 62 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
| If no askpass program is available, s�su�ud�do�o will exit with an |
If no askpass program is available, s�su�ud�do�o will exit with an |
| error. |
error. |
| |
|
| -�-a�a _�t_�y_�p_�e The -�-a�a (_�a_�u_�t_�h_�e_�n_�t_�i_�c_�a_�t_�i_�o_�n _�t_�y_�p_�e) option causes s�su�ud�do�o to use the | -�-a�a _�t_�y_�p_�e, -�--�-a�au�ut�th�h-�-t�ty�yp�pe�e=_�t_�y_�p_�e |
| specified authentication type when validating the user, as | Use the specified BSD authentication _�t_�y_�p_�e when validating the |
| allowed by _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f. The system administrator may | user, if allowed by _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f. The system |
| specify a list of sudo-specific authentication methods by | administrator may specify a list of sudo-specific |
| adding an ``auth-sudo'' entry in _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f. This | authentication methods by adding an ``auth-sudo'' entry in |
| option is only available on systems that support BSD | _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f. This option is only available on systems |
| authentication. | that support BSD authentication. |
| |
|
| -�-b�b The -�-b�b (_�b_�a_�c_�k_�g_�r_�o_�u_�n_�d) option tells s�su�ud�do�o to run the given | -�-b�b, -�--�-b�ba�ac�ck�kg�gr�ro�ou�un�nd�d |
| command in the background. Note that if you use the -�-b�b | Run the given command in the background. Note that it is not |
| option you cannot use shell job control to manipulate the | possible to use shell job control to manipulate background |
| process. Most interactive commands will fail to work | processes started by s�su�ud�do�o. Most interactive commands will |
| properly in background mode. | fail to work properly in background mode. |
| |
|
| -�-C�C _�f_�d Normally, s�su�ud�do�o will close all open file descriptors other | -�-C�C _�n_�u_�m, -�--�-c�cl�lo�os�se�e-�-f�fr�ro�om�m=_�n_�u_�m |
| than standard input, standard output and standard error. The | Close all file descriptors greater than or equal to _�n_�u_�m |
| -�-C�C (_�c_�l_�o_�s_�e _�f_�r_�o_�m) option allows the user to specify a starting | before executing a command. Values less than three are not |
| point above the standard error (file descriptor three). | permitted. By default, s�su�ud�do�o will close all open file |
| Values less than three are not permitted. The security | descriptors other than standard input, standard output and |
| policy may restrict the user's ability to use the -�-C�C option. | standard error when executing a command. The security policy |
| The _�s_�u_�d_�o_�e_�r_�s policy only permits use of the -�-C�C option when the | may restrict the user's ability to use this option. The |
| | _�s_�u_�d_�o_�e_�r_�s policy only permits use of the -�-C�C option when the |
| administrator has enabled the _�c_�l_�o_�s_�e_�f_�r_�o_�m_�__�o_�v_�e_�r_�r_�i_�d_�e option. |
administrator has enabled the _�c_�l_�o_�s_�e_�f_�r_�o_�m_�__�o_�v_�e_�r_�r_�i_�d_�e option. |
| |
|
| -�-c�c _�c_�l_�a_�s_�s The -�-c�c (_�c_�l_�a_�s_�s) option causes s�su�ud�do�o to run the specified | -�-c�c _�c_�l_�a_�s_�s, -�--�-l�lo�og�gi�in�n-�-c�cl�la�as�ss�s=_�c_�l_�a_�s_�s |
| command with resources limited by the specified login class. | Run the command with resource limits and scheduling priority |
| The _�c_�l_�a_�s_�s argument can be either a class name as defined in | of the specified login _�c_�l_�a_�s_�s. The _�c_�l_�a_�s_�s argument can be |
| _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f, or a single `-' character. Specifying a | either a class name as defined in _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f, or a |
| _�c_�l_�a_�s_�s of - indicates that the command should be run | single `-' character. If _�c_�l_�a_�s_�s is -, the default login class |
| restricted by the default login capabilities for the user the | of the target user will be used. Otherwise, the command must |
| command is run as. If the _�c_�l_�a_�s_�s argument specifies an | be run as root, or s�su�ud�do�o must be run from a shell that is |
| existing user class, the command must be run as root, or the | already root. If the command is being run as a login shell, |
| s�su�ud�do�o command must be run from a shell that is already root. | additional _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f settings, such as the umask and |
| This option is only available on systems with BSD login | environment variables, will be applied if present. This |
| classes. | option is only available on systems with BSD login classes. |
| |
|
| -�-E�E The -�-E�E (_�p_�r_�e_�s_�e_�r_�v_�e _�e_�n_�v_�i_�r_�o_�n_�m_�e_�n_�t) option indicates to the | -�-E�E, -�--�-p�pr�re�es�se�er�rv�ve�e-�-e�en�nv�v |
| security policy that the user wishes to preserve their | Indicates to the security policy that the user wishes to |
| existing environment variables. The security policy may | preserve their existing environment variables. The security |
| return an error if the -�-E�E option is specified and the user | policy may return an error if the user does not have |
| does not have permission to preserve the environment. | permission to preserve the environment. |
| |
|
| -�-e�e The -�-e�e (_�e_�d_�i_�t) option indicates that, instead of running a | -�-e�e, -�--�-e�ed�di�it�t Edit one or more files instead of running a command. In lieu |
| command, the user wishes to edit one or more files. In lieu | of a path name, the string "sudoedit" is used when consulting |
| of a command, the string "sudoedit" is used when consulting | |
| the security policy. If the user is authorized by the |
the security policy. If the user is authorized by the |
| policy, the following steps are taken: |
policy, the following steps are taken: |
| |
|
|
Line 131 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
Line 130 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
| version, the user will receive a warning and the edited copy |
version, the user will receive a warning and the edited copy |
| will remain in a temporary file. |
will remain in a temporary file. |
| |
|
| -�-g�g _�g_�r_�o_�u_�p Normally, s�su�ud�do�o runs a command with the primary group set to | -�-g�g _�g_�r_�o_�u_�p, -�--�-g�gr�ro�ou�up�p=_�g_�r_�o_�u_�p |
| the one specified by the password database for the user the | Run the command with the primary group set to _�g_�r_�o_�u_�p instead |
| command is being run as (by default, root). The -�-g�g (_�g_�r_�o_�u_�p) | of the primary group specified by the target user's password |
| option causes s�su�ud�do�o to run the command with the primary group | database entry. The _�g_�r_�o_�u_�p may be either a group name or a |
| set to _�g_�r_�o_�u_�p instead. To specify a _�g_�i_�d instead of a _�g_�r_�o_�u_�p | numeric group ID (GID) prefixed with the `#' character (e.g. |
| _�n_�a_�m_�e, use _�#_�g_�i_�d. When running commands as a _�g_�i_�d, many shells | #0 for GID 0). When running a command as a GID, many shells |
| require that the `#' be escaped with a backslash (`\'). If |
require that the `#' be escaped with a backslash (`\'). If |
| no -�-u�u option is specified, the command will be run as the |
no -�-u�u option is specified, the command will be run as the |
| invoking user (not root). In either case, the primary group | invoking user. In either case, the primary group will be set |
| will be set to _�g_�r_�o_�u_�p. | to _�g_�r_�o_�u_�p. |
| |
|
| -�-H�H The -�-H�H (_�H_�O_�M_�E) option requests that the security policy set | -�-H�H, -�--�-s�se�et�t-�-h�ho�om�me�e |
| the HOME environment variable to the home directory of the | Request that the security policy set the HOME environment |
| target user (root by default) as specified by the password | variable to the home directory specified by the target user's |
| database. Depending on the policy, this may be the default | password database entry. Depending on the policy, this may |
| behavior. | be the default behavior. |
| |
|
| -�-h�h The -�-h�h (_�h_�e_�l_�p) option causes s�su�ud�do�o to print a short help | -�-h�h, -�--�-h�he�el�lp�p Display a short help message to the standard output and exit. |
| message to the standard output and exit. | |
| |
|
| -�-i�i [_�c_�o_�m_�m_�a_�n_�d] | -�-h�h _�h_�o_�s_�t, -�--�-h�ho�os�st�t=_�h_�o_�s_�t |
| The -�-i�i (_�s_�i_�m_�u_�l_�a_�t_�e _�i_�n_�i_�t_�i_�a_�l _�l_�o_�g_�i_�n) option runs the shell | Run the command on the specified _�h_�o_�s_�t if the security policy |
| specified by the password database entry of the target user | plugin supports remote commands. Note that the _�s_�u_�d_�o_�e_�r_�s |
| as a login shell. This means that login-specific resource | plugin does not currently support running remote commands. |
| files such as _�._�p_�r_�o_�f_�i_�l_�e or _�._�l_�o_�g_�i_�n will be read by the shell. | This may also be used in conjunction with the -�-l�l option to |
| If a command is specified, it is passed to the shell for | list a user's privileges for the remote host. |
| execution via the shell's -�-c�c option. If no command is | |
| specified, an interactive shell is executed. s�su�ud�do�o attempts | |
| to change to that user's home directory before running the | |
| shell. The security policy shall initialize the environment | |
| to a minimal set of variables, similar to what is present | |
| when a user logs in. The _�C_�o_�m_�m_�a_�n_�d _�E_�n_�v_�i_�r_�o_�n_�m_�e_�n_�t section in the | |
| sudoers(4) manual documents how the -�-i�i option affects the | |
| environment in which a command is run when the _�s_�u_�d_�o_�e_�r_�s policy | |
| is in use. | |
| |
|
| -�-K�K The -�-K�K (sure _�k_�i_�l_�l) option is like -�-k�k except that it removes | -�-i�i, -�--�-l�lo�og�gi�in�n |
| the user's cached credentials entirely and may not be used in | Run the shell specified by the target user's password |
| | database entry as a login shell. This means that login- |
| | specific resource files such as _�._�p_�r_�o_�f_�i_�l_�e or _�._�l_�o_�g_�i_�n will be |
| | read by the shell. If a command is specified, it is passed |
| | to the shell for execution via the shell's -�-c�c option. If no |
| | command is specified, an interactive shell is executed. s�su�ud�do�o |
| | attempts to change to that user's home directory before |
| | running the shell. The command is run with an environment |
| | similar to the one a user would receive at log in. The |
| | _�C_�o_�m_�m_�a_�n_�d _�E_�n_�v_�i_�r_�o_�n_�m_�e_�n_�t section in the sudoers(4) manual |
| | documents how the -�-i�i option affects the environment in which |
| | a command is run when the _�s_�u_�d_�o_�e_�r_�s policy is in use. |
| | |
| | -�-K�K, -�--�-r�re�em�mo�ov�ve�e-�-t�ti�im�me�es�st�ta�am�mp�p |
| | Similar to the -�-k�k option, except that it removes the user's |
| | cached credentials entirely and may not be used in |
| conjunction with a command or other option. This option does |
conjunction with a command or other option. This option does |
| not require a password. Not all security policies support |
not require a password. Not all security policies support |
| credential caching. |
credential caching. |
| |
|
| -�-k�k [_�c_�o_�m_�m_�a_�n_�d] | -�-k�k, -�--�-r�re�es�se�et�t-�-t�ti�im�me�es�st�ta�am�mp�p |
| When used alone, the -�-k�k (_�k_�i_�l_�l) option to s�su�ud�do�o invalidates the | When used without a command, invalidates the user's cached |
| user's cached credentials. The next time s�su�ud�do�o is run a | credentials. In other words, the next time s�su�ud�do�o is run a |
| password will be required. This option does not require a |
password will be required. This option does not require a |
| password and was added to allow a user to revoke s�su�ud�do�o |
password and was added to allow a user to revoke s�su�ud�do�o |
| permissions from a _�._�l_�o_�g_�o_�u_�t file. Not all security policies | permissions from a _�._�l_�o_�g_�o_�u_�t file. |
| support credential caching. | |
| |
|
| When used in conjunction with a command or an option that may |
When used in conjunction with a command or an option that may |
| require a password, the -�-k�k option will cause s�su�ud�do�o to ignore | require a password, this option will cause s�su�ud�do�o to ignore the |
| the user's cached credentials. As a result, s�su�ud�do�o will prompt | user's cached credentials. As a result, s�su�ud�do�o will prompt for |
| for a password (if one is required by the security policy) | a password (if one is required by the security policy) and |
| and will not update the user's cached credentials. | will not update the user's cached credentials. |
| |
|
| -�-l�l[l�l] [_�c_�o_�m_�m_�a_�n_�d] | Not all security policies support credential caching. |
| If no _�c_�o_�m_�m_�a_�n_�d is specified, the -�-l�l (_�l_�i_�s_�t) option will list | |
| the allowed (and forbidden) commands for the invoking user | -�-l�l, -�--�-l�li�is�st�t If no _�c_�o_�m_�m_�a_�n_�d is specified, list the allowed (and forbidden) |
| (or the user specified by the -�-U�U option) on the current host. | commands for the invoking user (or the user specified by the |
| | -�-U�U option) on the current host. A longer list format is used |
| | if this option is specified multiple times and the security |
| | policy supports a verbose output format. |
| | |
| If a _�c_�o_�m_�m_�a_�n_�d is specified and is permitted by the security |
If a _�c_�o_�m_�m_�a_�n_�d is specified and is permitted by the security |
| policy, the fully-qualified path to the command is displayed |
policy, the fully-qualified path to the command is displayed |
| along with any command line arguments. If _�c_�o_�m_�m_�a_�n_�d is |
along with any command line arguments. If _�c_�o_�m_�m_�a_�n_�d is |
| specified but not allowed, s�su�ud�do�o will exit with a status value |
specified but not allowed, s�su�ud�do�o will exit with a status value |
| of 1. If the -�-l�l option is specified with an _�l argument (i.e. | of 1. |
| -�-l�ll�l), or if -�-l�l is specified multiple times, a longer list | |
| format is used. | |
| |
|
| -�-n�n The -�-n�n (_�n_�o_�n_�-_�i_�n_�t_�e_�r_�a_�c_�t_�i_�v_�e) option prevents s�su�ud�do�o from prompting | -�-n�n, -�--�-n�no�on�n-�-i�in�nt�te�er�ra�ac�ct�ti�iv�ve�e |
| the user for a password. If a password is required for the | Avoid prompting the user for input of any kind. If a |
| command to run, s�su�ud�do�o will display an error message and exit. | password is required for the command to run, s�su�ud�do�o will |
| | display an error message and exit. |
| |
|
| -�-P�P The -�-P�P (_�p_�r_�e_�s_�e_�r_�v_�e _�g_�r_�o_�u_�p _�v_�e_�c_�t_�o_�r) option causes s�su�ud�do�o to preserve | -�-P�P, -�--�-p�pr�re�es�se�er�rv�ve�e-�-g�gr�ro�ou�up�ps�s |
| the invoking user's group vector unaltered. By default, the | Preserve the invoking user's group vector unaltered. By |
| _�s_�u_�d_�o_�e_�r_�s policy will initialize the group vector to the list | default, the _�s_�u_�d_�o_�e_�r_�s policy will initialize the group vector |
| of groups the target user is in. The real and effective | to the list of groups the target user is a member of. The |
| group IDs, however, are still set to match the target user. | real and effective group IDs, however, are still set to match |
| | the target user. |
| |
|
| -�-p�p _�p_�r_�o_�m_�p_�t The -�-p�p (_�p_�r_�o_�m_�p_�t) option allows you to override the default | -�-p�p _�p_�r_�o_�m_�p_�t, -�--�-p�pr�ro�om�mp�pt�t=_�p_�r_�o_�m_�p_�t |
| password prompt and use a custom one. The following percent | Use a custom password prompt with optional escape sequences. |
| (`%') escapes are supported by the _�s_�u_�d_�o_�e_�r_�s policy: | The following percent (`%') escape sequences are supported by |
| | the _�s_�u_�d_�o_�e_�r_�s policy: |
| |
|
| %H expanded to the host name including the domain name (on |
%H expanded to the host name including the domain name (on |
| if the machine's host name is fully qualified or the _�f_�q_�d_�n |
if the machine's host name is fully qualified or the _�f_�q_�d_�n |
|
Line 232 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
Line 240 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
| %% two consecutive `%' characters are collapsed into a |
%% two consecutive `%' characters are collapsed into a |
| single `%' character |
single `%' character |
| |
|
| The prompt specified by the -�-p�p option will override the | The custom prompt will override the system password prompt on |
| system password prompt on systems that support PAM unless the | systems that support PAM unless the _�p_�a_�s_�s_�p_�r_�o_�m_�p_�t_�__�o_�v_�e_�r_�r_�i_�d_�e flag |
| _�p_�a_�s_�s_�p_�r_�o_�m_�p_�t_�__�o_�v_�e_�r_�r_�i_�d_�e flag is disabled in _�s_�u_�d_�o_�e_�r_�s. | is disabled in _�s_�u_�d_�o_�e_�r_�s. |
| |
|
| -�-r�r _�r_�o_�l_�e The -�-r�r (_�r_�o_�l_�e) option causes the new (SELinux) security | -�-r�r _�r_�o_�l_�e, -�--�-r�ro�ol�le�e=_�r_�o_�l_�e |
| context to have the role specified by _�r_�o_�l_�e. | Run the command with an SELinux security context that |
| | includes the specified _�r_�o_�l_�e. |
| |
|
| -�-S�S The -�-S�S (_�s_�t_�d_�i_�n) option causes s�su�ud�do�o to read the password from | -�-S�S, -�--�-s�st�td�di�in�n |
| the standard input instead of the terminal device. The | Write the prompt to the standard error and read the password |
| password must be followed by a newline character. | from the standard input instead of using the terminal device. |
| | The password must be followed by a newline character. |
| |
|
| -�-s�s [_�c_�o_�m_�m_�a_�n_�d] | -�-s�s, -�--�-s�sh�he�el�ll�l |
| The -�-s�s (_�s_�h_�e_�l_�l) option runs the shell specified by the SHELL | Run the shell specified by the SHELL environment variable if |
| environment variable if it is set or the shell as specified | it is set or the shell specified by the invoking user's |
| in the password database. If a command is specified, it is | password database entry. If a command is specified, it is |
| passed to the shell for execution via the shell's -�-c�c option. |
passed to the shell for execution via the shell's -�-c�c option. |
| If no command is specified, an interactive shell is executed. |
If no command is specified, an interactive shell is executed. |
| |
|
| -�-t�t _�t_�y_�p_�e The -�-t�t (_�t_�y_�p_�e) option causes the new (SELinux) security | -�-t�t _�t_�y_�p_�e, -�--�-t�ty�yp�pe�e=_�t_�y_�p_�e |
| context to have the type specified by _�t_�y_�p_�e. If no type is | Run the command with an SELinux security context that |
| specified, the default type is derived from the specified | includes the specified _�t_�y_�p_�e. If no _�t_�y_�p_�e is specified, the |
| role. | default type is derived from the role. |
| |
|
| -�-U�U _�u_�s_�e_�r The -�-U�U (_�o_�t_�h_�e_�r _�u_�s_�e_�r) option is used in conjunction with the -�-l�l | -�-U�U _�u_�s_�e_�r, -�--�-o�ot�th�he�er�r-�-u�us�se�er�r=_�u_�s_�e_�r |
| option to specify the user whose privileges should be listed. | Used in conjunction with the -�-l�l option to list the privileges |
| The security policy may restrict listing other users' | for _�u_�s_�e_�r instead of for the invoking user. The security |
| privileges. The _�s_�u_�d_�o_�e_�r_�s policy only allows root or a user | policy may restrict listing other users' privileges. The |
| with the ALL privilege on the current host to use this | _�s_�u_�d_�o_�e_�r_�s policy only allows root or a user with the ALL |
| option. | privilege on the current host to use this option. |
| |
|
| -�-u�u _�u_�s_�e_�r The -�-u�u (_�u_�s_�e_�r) option causes s�su�ud�do�o to run the specified command | -�-u�u _�u_�s_�e_�r, -�--�-u�us�se�er�r=_�u_�s_�e_�r |
| as a user other than _�r_�o_�o_�t. To specify a _�u_�i_�d instead of a | Run the command as a user other than the default target user |
| _�u_�s_�e_�r _�n_�a_�m_�e, _�#_�u_�i_�d. When running commands as a _�u_�i_�d, many shells | (usually _�r_�o_�o_�t _�)_�. The _�u_�s_�e_�r may be either a user name or a |
| require that the `#' be escaped with a backslash (`\'). | numeric user ID (UID) prefixed with the `#' character (e.g. |
| Security policies may restrict _�u_�i_�ds to those listed in the | #0 for UID 0). When running commands as a UID, many shells |
| password database. The _�s_�u_�d_�o_�e_�r_�s policy allows _�u_�i_�ds that are | require that the `#' be escaped with a backslash (`\'). Some |
| | security policies may restrict UIDs to those listed in the |
| | password database. The _�s_�u_�d_�o_�e_�r_�s policy allows UIDs that are |
| not in the password database as long as the _�t_�a_�r_�g_�e_�t_�p_�w option |
not in the password database as long as the _�t_�a_�r_�g_�e_�t_�p_�w option |
| is not set. Other security policies may not support this. |
is not set. Other security policies may not support this. |
| |
|
| -�-V�V The -�-V�V (_�v_�e_�r_�s_�i_�o_�n) option causes s�su�ud�do�o to print its version | -�-V�V, -�--�-v�ve�er�rs�si�io�on�n |
| string and the version string of the security policy plugin | Print the s�su�ud�do�o version string as well as the version string |
| and any I/O plugins. If the invoking user is already root | of the security policy plugin and any I/O plugins. If the |
| the -�-V�V option will display the arguments passed to configure | invoking user is already root the -�-V�V option will display the |
| when s�su�ud�do�o was built and plugins may display more verbose | arguments passed to configure when s�su�ud�do�o was built and plugins |
| information such as default options. | may display more verbose information such as default options. |
| |
|
| -�-v�v When given the -�-v�v (_�v_�a_�l_�i_�d_�a_�t_�e) option, s�su�ud�do�o will update the | -�-v�v, -�--�-v�va�al�li�id�da�at�te�e |
| user's cached credentials, authenticating the user's password | Update the user's cached credentials, authenticating the user |
| if necessary. For the _�s_�u_�d_�o_�e_�r_�s plugin, this extends the s�su�ud�do�o |
if necessary. For the _�s_�u_�d_�o_�e_�r_�s plugin, this extends the s�su�ud�do�o |
| timeout for another 5 minutes (or whatever the timeout is set | timeout for another 5 minutes by default, but does not run a |
| to by the security policy) but does not run a command. Not | command. Not all security policies support cached |
| all security policies support cached credentials. | credentials. |
| |
|
| -�--�- The -�--�- option indicates that s�su�ud�do�o should stop processing |
-�--�- The -�--�- option indicates that s�su�ud�do�o should stop processing |
| command line arguments. |
command line arguments. |
|
Line 291 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
Line 303 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
| Environment variables to be set for the command may also be passed on the |
Environment variables to be set for the command may also be passed on the |
| command line in the form of V�VA�AR�R=_�v_�a_�l_�u_�e, e.g. |
command line in the form of V�VA�AR�R=_�v_�a_�l_�u_�e, e.g. |
| L�LD�D_�_L�LI�IB�BR�RA�AR�RY�Y_�_P�PA�AT�TH�H=_�/_�u_�s_�r_�/_�l_�o_�c_�a_�l_�/_�p_�k_�g_�/_�l_�i_�b. Variables passed on the command line |
L�LD�D_�_L�LI�IB�BR�RA�AR�RY�Y_�_P�PA�AT�TH�H=_�/_�u_�s_�r_�/_�l_�o_�c_�a_�l_�/_�p_�k_�g_�/_�l_�i_�b. Variables passed on the command line |
| are subject to the same restrictions as normal environment variables with | are subject to restrictions imposed by the security policy plugin. The |
| one important exception. If the _�s_�e_�t_�e_�n_�v option is set in _�s_�u_�d_�o_�e_�r_�s, the | _�s_�u_�d_�o_�e_�r_�s policy subjects variables passed on the command line to the same |
| command to be run has the SETENV tag set or the command matched is ALL, | restrictions as normal environment variables with one important |
| the user may set variables that would otherwise be forbidden. See | exception. If the _�s_�e_�t_�e_�n_�v option is set in _�s_�u_�d_�o_�e_�r_�s, the command to be run |
| sudoers(4) for more information. | has the SETENV tag set or the command matched is ALL, the user may set |
| | variables that would otherwise be forbidden. See sudoers(4) for more |
| | information. |
| |
|
| C�CO�OM�MM�MA�AN�ND�D E�EX�XE�EC�CU�UT�TI�IO�ON�N |
C�CO�OM�MM�MA�AN�ND�D E�EX�XE�EC�CU�UT�TI�IO�ON�N |
| When s�su�ud�do�o executes a command, the security policy specifies the execution |
When s�su�ud�do�o executes a command, the security policy specifies the execution |
| envionment for the command. Typically, the real and effective uid and | environment for the command. Typically, the real and effective user and |
| gid are set to match those of the target user, as specified in the | group and IDs are set to match those of the target user, as specified in |
| password database, and the group vector is initialized based on the group | the password database, and the group vector is initialized based on the |
| database (unless the -�-P�P option was specified). | group database (unless the -�-P�P option was specified). |
| |
|
| The following parameters may be specified by security policy: |
The following parameters may be specified by security policy: |
| |
|
|
Line 333 C�CO�OM�MM�MA�AN�ND�D E�EX�XE�EC�CU�UT�TI�IO�ON�N
|
Line 347 C�CO�OM�MM�MA�AN�ND�D E�EX�XE�EC�CU�UT�TI�IO�ON�N
|
| environment as described above, and calls the execve system call in the |
environment as described above, and calls the execve system call in the |
| child process. The main s�su�ud�do�o process waits until the command has |
child process. The main s�su�ud�do�o process waits until the command has |
| completed, then passes the command's exit status to the security policy's |
completed, then passes the command's exit status to the security policy's |
| close method and exits. If an I/O logging plugin is configured, a new | close function and exits. If an I/O logging plugin is configured or if |
| pseudo-terminal (``pty'') is created and a second s�su�ud�do�o process is used to | the security policy explicitly requests it, a new pseudo-terminal |
| relay job control signals between the user's existing pty and the new pty | (``pty'') is created and a second s�su�ud�do�o process is used to relay job |
| the command is being run in. This extra process makes it possible to, | control signals between the user's existing pty and the new pty the |
| for example, suspend and resume the command. Without it, the command | command is being run in. This extra process makes it possible to, for |
| would be in what POSIX terms an ``orphaned process group'' and it would | example, suspend and resume the command. Without it, the command would |
| not receive any job control signals. | be in what POSIX terms an ``orphaned process group'' and it would not |
| | receive any job control signals. As a special case, if the policy plugin |
| | does not define a close function and no pty is required, s�su�ud�do�o will |
| | execute the command directly instead of calling fork(2) first. The |
| | _�s_�u_�d_�o_�e_�r_�s policy plugin will only define a close function when I/O logging |
| | is enabled, a pty is required, or the _�p_�a_�m_�__�s_�e_�s_�s_�i_�o_�n or _�p_�a_�m_�__�s_�e_�t_�c_�r_�e_�d options |
| | are enabled. Note that _�p_�a_�m_�__�s_�e_�s_�s_�i_�o_�n and _�p_�a_�m_�__�s_�e_�t_�c_�r_�e_�d are enabled by |
| | default on systems using PAM. |
| |
|
| S�Si�ig�gn�na�al�l h�ha�an�nd�dl�li�in�ng�g |
S�Si�ig�gn�na�al�l h�ha�an�nd�dl�li�in�ng�g |
| Because the command is run as a child of the s�su�ud�do�o process, s�su�ud�do�o will | When the command is run as a child of the s�su�ud�do�o process, s�su�ud�do�o will relay |
| relay signals it receives to the command. Unless the command is being | signals it receives to the command. Unless the command is being run in a |
| run in a new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed | new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed unless |
| unless they are sent by a user process, not the kernel. Otherwise, the | they are sent by a user process, not the kernel. Otherwise, the command |
| command would receive SIGINT twice every time the user entered control-C. | would receive SIGINT twice every time the user entered control-C. Some |
| Some signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will | signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will not |
| not be relayed to the command. As a general rule, SIGTSTP should be used | be relayed to the command. As a general rule, SIGTSTP should be used |
| instead of SIGSTOP when you wish to suspend a command being run by s�su�ud�do�o. |
instead of SIGSTOP when you wish to suspend a command being run by s�su�ud�do�o. |
| |
|
| As a special case, s�su�ud�do�o will not relay signals that were sent by the |
As a special case, s�su�ud�do�o will not relay signals that were sent by the |
| command it is running. This prevents the command from accidentally |
command it is running. This prevents the command from accidentally |
| killing itself. On some systems, the reboot(1m) command sends SIGTERM to |
killing itself. On some systems, the reboot(1m) command sends SIGTERM to |
| all non-system processes other than itself before rebooting the systyem. | all non-system processes other than itself before rebooting the system. |
| This prevents s�su�ud�do�o from relaying the SIGTERM signal it received back to |
This prevents s�su�ud�do�o from relaying the SIGTERM signal it received back to |
| reboot(1m), which might then exit before the system was actually rebooted, |
reboot(1m), which might then exit before the system was actually rebooted, |
| leaving it in a half-dead state similar to single user mode. Note, |
leaving it in a half-dead state similar to single user mode. Note, |
|
Line 365 C�CO�OM�MM�MA�AN�ND�D E�EX�XE�EC�CU�UT�TI�IO�ON�N
|
Line 386 C�CO�OM�MM�MA�AN�ND�D E�EX�XE�EC�CU�UT�TI�IO�ON�N
|
| run using the e�ex�xe�ec�c() family of functions instead of s�sy�ys�st�te�em�m() (which |
run using the e�ex�xe�ec�c() family of functions instead of s�sy�ys�st�te�em�m() (which |
| interposes a shell between the command and the calling process). |
interposes a shell between the command and the calling process). |
| |
|
| P�PL�LU�UG�GI�IN�NS�S | If no I/O logging plugins are loaded and the policy plugin has not |
| Plugins are dynamically loaded based on the contents of the | defined a c�cl�lo�os�se�e() function, set a command timeout or required that the |
| _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f file. If no _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f file is present, or it | command be run in a new pty, s�su�ud�do�o may execute the command directly |
| contains no Plugin lines, s�su�ud�do�o will use the traditional _�s_�u_�d_�o_�e_�r_�s security | instead of running it as a child process. |
| policy and I/O logging, which corresponds to the following _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f | |
| file. | |
| |
|
| # | P�Pl�lu�ug�gi�in�ns�s |
| # Default /etc/sudo.conf file | Plugins are dynamically loaded based on the contents of the sudo.conf(4) |
| # | file. If no sudo.conf(4) file is present, or it contains no Plugin |
| # Format: | lines, s�su�ud�do�o will use the traditional _�s_�u_�d_�o_�e_�r_�s security policy and I/O |
| # Plugin plugin_name plugin_path plugin_options ... | logging. See the sudo.conf(4) manual for details of the _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f |
| # Path askpass /path/to/askpass | file and the sudo_plugin(1m) manual for more information about the s�su�ud�do�o |
| # Path noexec /path/to/sudo_noexec.so | plugin architecture. |
| # Debug sudo /var/log/sudo_debug all@warn | |
| # Set disable_coredump true | |
| # | |
| # The plugin_path is relative to /usr/local/libexec unless | |
| # fully qualified. | |
| # The plugin_name corresponds to a global symbol in the plugin | |
| # that contains the plugin interface structure. | |
| # The plugin_options are optional. | |
| # | |
| Plugin policy_plugin sudoers.so | |
| Plugin io_plugin sudoers.so | |
| |
|
| A Plugin line consists of the Plugin keyword, followed by the _�s_�y_�m_�b_�o_�l_�__�n_�a_�m_�e |
|
| and the _�p_�a_�t_�h to the shared object containing the plugin. The _�s_�y_�m_�b_�o_�l_�__�n_�a_�m_�e |
|
| is the name of the struct policy_plugin or struct io_plugin in the plugin |
|
| shared object. The _�p_�a_�t_�h may be fully qualified or relative. If not |
|
| fully qualified it is relative to the _�/_�u_�s_�r_�/_�l_�o_�c_�a_�l_�/_�l_�i_�b_�e_�x_�e_�c directory. Any |
|
| additional parameters after the _�p_�a_�t_�h are passed as arguments to the |
|
| plugin's _�o_�p_�e_�n function. Lines that don't begin with Plugin, Path, Debug, |
|
| or Set are silently ignored. |
|
| |
|
| For more information, see the sudo_plugin(1m) manual. |
|
| |
|
| P�PA�AT�TH�HS�S |
|
| A Path line consists of the Path keyword, followed by the name of the |
|
| path to set and its value. E.g. |
|
| |
|
| Path noexec /usr/local/libexec/sudo_noexec.so |
|
| Path askpass /usr/X11R6/bin/ssh-askpass |
|
| |
|
| The following plugin-agnostic paths may be set in the _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f |
|
| file: |
|
| |
|
| askpass The fully qualified path to a helper program used to read the |
|
| user's password when no terminal is available. This may be the |
|
| case when s�su�ud�do�o is executed from a graphical (as opposed to |
|
| text-based) application. The program specified by _�a_�s_�k_�p_�a_�s_�s |
|
| should display the argument passed to it as the prompt and |
|
| write the user's password to the standard output. The value of |
|
| _�a_�s_�k_�p_�a_�s_�s may be overridden by the SUDO_ASKPASS environment |
|
| variable. |
|
| |
|
| noexec The fully-qualified path to a shared library containing dummy |
|
| versions of the e�ex�xe�ec�cv�v(), e�ex�xe�ec�cv�ve�e() and f�fe�ex�xe�ec�cv�ve�e() library |
|
| functions that just return an error. This is used to implement |
|
| the _�n_�o_�e_�x_�e_�c functionality on systems that support LD_PRELOAD or |
|
| its equivalent. Defaults to _�/_�u_�s_�r_�/_�l_�o_�c_�a_�l_�/_�l_�i_�b_�e_�x_�e_�c_�/_�s_�u_�d_�o_�__�n_�o_�e_�x_�e_�c_�._�s_�o. |
|
| |
|
| D�DE�EB�BU�UG�G F�FL�LA�AG�GS�S |
|
| s�su�ud�do�o versions 1.8.4 and higher support a flexible debugging framework |
|
| that can help track down what s�su�ud�do�o is doing internally if there is a |
|
| problem. |
|
| |
|
| A Debug line consists of the Debug keyword, followed by the name of the |
|
| program to debug (s�su�ud�do�o, v�vi�is�su�ud�do�o, s�su�ud�do�or�re�ep�pl�la�ay�y), the debug file name and a |
|
| comma-separated list of debug flags. The debug flag syntax used by s�su�ud�do�o |
|
| and the _�s_�u_�d_�o_�e_�r_�s plugin is _�s_�u_�b_�s_�y_�s_�t_�e_�m@_�p_�r_�i_�o_�r_�i_�t_�y but the plugin is free to |
|
| use a different format so long as it does not include a comma (`,'). |
|
| |
|
| For instance: |
|
| |
|
| Debug sudo /var/log/sudo_debug all@warn,plugin@info |
|
| |
|
| would log all debugging statements at the _�w_�a_�r_�n level and higher in |
|
| addition to those at the _�i_�n_�f_�o level for the plugin subsystem. |
|
| |
|
| Currently, only one Debug entry per program is supported. The s�su�ud�do�o Debug |
|
| entry is shared by the s�su�ud�do�o front end, s�su�ud�do�oe�ed�di�it�t and the plugins. A |
|
| future release may add support for per-plugin Debug lines and/or support |
|
| for multiple debugging files for a single program. |
|
| |
|
| The priorities used by the s�su�ud�do�o front end, in order of decreasing |
|
| severity, are: _�c_�r_�i_�t, _�e_�r_�r, _�w_�a_�r_�n, _�n_�o_�t_�i_�c_�e, _�d_�i_�a_�g, _�i_�n_�f_�o, _�t_�r_�a_�c_�e and _�d_�e_�b_�u_�g. |
|
| Each priority, when specified, also includes all priorities higher than |
|
| it. For example, a priority of _�n_�o_�t_�i_�c_�e would include debug messages |
|
| logged at _�n_�o_�t_�i_�c_�e and higher. |
|
| |
|
| The following subsystems are used by the s�su�ud�do�o front-end: |
|
| |
|
| _�a_�l_�l matches every subsystem |
|
| |
|
| _�a_�r_�g_�s command line argument processing |
|
| |
|
| _�c_�o_�n_�v user conversation |
|
| |
|
| _�e_�d_�i_�t sudoedit |
|
| |
|
| _�e_�x_�e_�c command execution |
|
| |
|
| _�m_�a_�i_�n s�su�ud�do�o main function |
|
| |
|
| _�n_�e_�t_�i_�f network interface handling |
|
| |
|
| _�p_�c_�o_�m_�m communication with the plugin |
|
| |
|
| _�p_�l_�u_�g_�i_�n plugin configuration |
|
| |
|
| _�p_�t_�y pseudo-tty related code |
|
| |
|
| _�s_�e_�l_�i_�n_�u_�x SELinux-specific handling |
|
| |
|
| _�u_�t_�i_�l utility functions |
|
| |
|
| _�u_�t_�m_�p utmp handling |
|
| |
|
| E�EX�XI�IT�T V�VA�AL�LU�UE�E |
E�EX�XI�IT�T V�VA�AL�LU�UE�E |
| Upon successful execution of a program, the exit status from _�s_�u_�d_�o will |
Upon successful execution of a program, the exit status from _�s_�u_�d_�o will |
| simply be the exit status of the program that was executed. |
simply be the exit status of the program that was executed. |
|
Line 524 S�SE�EC�CU�UR�RI�IT�TY�Y N�NO�OT�TE�ES�S
|
Line 439 S�SE�EC�CU�UR�RI�IT�TY�Y N�NO�OT�TE�ES�S
|
| disables core dumps by default while it is executing (they are re-enabled |
disables core dumps by default while it is executing (they are re-enabled |
| for the command that is run). To aid in debugging s�su�ud�do�o crashes, you may |
for the command that is run). To aid in debugging s�su�ud�do�o crashes, you may |
| wish to re-enable core dumps by setting ``disable_coredump'' to false in |
wish to re-enable core dumps by setting ``disable_coredump'' to false in |
| the _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f file as follows: | the sudo.conf(4) file as follows: |
| |
|
| Set disable_coredump false |
Set disable_coredump false |
| |
|
| Note that by default, most operating systems disable core dumps from | See the sudo.conf(4) manual for more information. |
| setuid programs, which includes s�su�ud�do�o. To actually get a s�su�ud�do�o core file | |
| you may need to enable core dumps for setuid processes. On BSD and Linux | |
| systems this is accomplished via the sysctl command, on Solaris the | |
| coreadm command can be used. | |
| |
|
| E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T |
E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T |
| s�su�ud�do�o utilizes the following environment variables. The security policy |
s�su�ud�do�o utilizes the following environment variables. The security policy |
|
Line 617 E�EX�XA�AM�MP�PL�LE�ES�S
|
Line 528 E�EX�XA�AM�MP�PL�LE�ES�S
|
| $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" |
$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" |
| |
|
| S�SE�EE�E A�AL�LS�SO�O |
S�SE�EE�E A�AL�LS�SO�O |
| grep(1), su(1), stat(2), login_cap(3), passwd(4), sudoers(4), | su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudoers(4), |
| sudo_plugin(1m), sudoreplay(1m), visudo(1m) |
sudo_plugin(1m), sudoreplay(1m), visudo(1m) |
| |
|
| H�HI�IS�ST�TO�OR�RY�Y |
H�HI�IS�ST�TO�OR�RY�Y |
|
Line 668 D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
|
Line 579 D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
|
| file distributed with s�su�ud�do�o or http://www.sudo.ws/sudo/license.html for |
file distributed with s�su�ud�do�o or http://www.sudo.ws/sudo/license.html for |
| complete details. |
complete details. |
| |
|
| Sudo 1.8.6 July 10, 2012 Sudo 1.8.6 | Sudo 1.8.8 August 14, 2013 Sudo 1.8.8 |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc