Diff for /embedaddon/sudo/doc/sudo.cat between versions 1.1 and 1.1.1.6

version 1.1, 2012/02/21 16:23:02 version 1.1.1.6, 2014/06/15 16:12:54
Line 1 Line 1
SUDO(1m)                     MAINTENANCE COMMANDS                     SUDO(1m)SUDO(1m)                     System Manager's Manual                    SUDO(1m)
   
   
   
 NNAAMMEE  NNAAMMEE
       sudo, sudoedit - execute a command as another user     ssuuddoo, ssuuddooeeddiitt - execute a command as another user
   
 SSYYNNOOPPSSIISS  SSYYNNOOPPSSIISS
       ssuuddoo [--DD _l_e_v_e_l] --hh | --KK | --kk | --VV     ssuuddoo --hh | --KK | --kk | --VV
      ssuuddoo --vv [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r]
      ssuuddoo --ll [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--UU _u_s_e_r]
           [--uu _u_s_e_r] [_c_o_m_m_a_n_d]
      ssuuddoo [--AAbbEEHHnnPPSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t]
           [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--uu _u_s_e_r] [_V_A_R=_v_a_l_u_e] [--ii | --ss]
           [_c_o_m_m_a_n_d]
      ssuuddooeeddiitt [--AAkknnSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t]
               [--pp _p_r_o_m_p_t] [--uu _u_s_e_r] _f_i_l_e _._._.
   
        ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d]  
        [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d]  
   
        ssuuddoo --ll[[ll]] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d]  
        [--pp _p_r_o_m_p_t] [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d]  
   
        ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--DD _l_e_v_e_l] [--cc _c_l_a_s_s|_-]  
        [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e]  
        [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] [--ii | --ss] [_c_o_m_m_a_n_d]  
   
        ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--DD _l_e_v_e_l]  
        [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] file ...  
   
 DDEESSCCRRIIPPTTIIOONN  DDEESSCCRRIIPPTTIIOONN
       ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or     ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or
       another user, as specified by the security policy.  The real and     another user, as specified by the security policy.
       effective uid and gid are set to match those of the target user, as 
       specified in the password database, and the group vector is initialized 
       based on the group database (unless the --PP option was specified). 
   
       ssuuddoo supports a plugin architecture for security policies and     ssuuddoo supports a plugin architecture for security policies and
       input/output logging.  Third parties can develop and distribute their     input/output logging.  Third parties can develop and distribute their own
       own policy and I/O logging modules to work seemlessly with the ssuuddoo     policy and I/O logging plugins to work seamlessly with the ssuuddoo front
       front end.  The default security policy is _s_u_d_o_e_r_s, which is configured     end.  The default security policy is _s_u_d_o_e_r_s, which is configured via the
       via the file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP.  See the PLUGINS section for     file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP.  See the _P_l_u_g_i_n_s section for more
       more information.     information.
   
       The security policy determines what privileges, if any, a user has to     The security policy determines what privileges, if any, a user has to run
       run ssuuddoo.  The policy may require that users authenticate themselves     ssuuddoo.  The policy may require that users authenticate themselves with a
       with a password or another authentication mechanism.  If authentication     password or another authentication mechanism.  If authentication is
       is required, ssuuddoo will exit if the user's password is not entered     required, ssuuddoo will exit if the user's password is not entered within a
       within a configurable time limit.  This limit is policy-specific; the     configurable time limit.  This limit is policy-specific; the default
       default password prompt timeout for the _s_u_d_o_e_r_s security policy is 5     password prompt timeout for the _s_u_d_o_e_r_s security policy is 5 minutes.
       minutes. 
   
       Security policies may support credential caching to allow the user to     Security policies may support credential caching to allow the user to run
       run ssuuddoo again for a period of time without requiring authentication.     ssuuddoo again for a period of time without requiring authentication.  The
       The _s_u_d_o_e_r_s policy caches credentials for 5 minutes, unless overridden     _s_u_d_o_e_r_s policy caches credentials for 5 minutes, unless overridden in
       in _s_u_d_o_e_r_s(4).  By running ssuuddoo with the --vv option, a user can update     sudoers(4).  By running ssuuddoo with the --vv option, a user can update the
       the cached credentials without running a _c_o_m_m_a_n_d.     cached credentials without running a _c_o_m_m_a_n_d.
   
       When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied.     When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied.
   
       Security policies may log successful and failed attempts to use ssuuddoo.     Security policies may log successful and failed attempts to use ssuuddoo.  If
       If an I/O plugin is configured, the running command's input and output     an I/O plugin is configured, the running command's input and output may
       may be logged as well.     be logged as well.
   
OOPPTTIIOONNSS     The options are as follows:
       ssuuddoo accepts the following command line options: 
   
       -A          Normally, if ssuuddoo requires a password, it will read it from     --AA, ----aasskkppaassss
                   the user's terminal.  If the --AA (_a_s_k_p_a_s_s) option is                 Normally, if ssuuddoo requires a password, it will read it from
                   specified, a (possibly graphical) helper program is                 the user's terminal.  If the --AA (_a_s_k_p_a_s_s) option is
                   executed to read the user's password and output the                 specified, a (possibly graphical) helper program is executed
                   password to the standard output.  If the SUDO_ASKPASS                 to read the user's password and output the password to the
                   environment variable is set, it specifies the path to the                 standard output.  If the SUDO_ASKPASS environment variable is
                   helper program.  Otherwise, if _/_e_t_c_/_s_u_d_o_._c_o_n_f contains a                 set, it specifies the path to the helper program.  Otherwise,
                   line specifying the askpass program, that value will be                 if sudo.conf(4) contains a line specifying the askpass
                   used.  For example:                 program, that value will be used.  For example:
   
                       # Path to askpass helper program                     # Path to askpass helper program
                       Path askpass /usr/X11R6/bin/ssh-askpass                     Path askpass /usr/X11R6/bin/ssh-askpass
   
                   If no askpass program is available, sudo will exit with an                 If no askpass program is available, ssuuddoo will exit with an
                   error.                 error.
   
       -a _t_y_p_e     The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the     --aa _t_y_p_e, ----aauutthh--ttyyppee=_t_y_p_e
                   specified authentication type when validating the user, as                 Use the specified BSD authentication _t_y_p_e when validating the
                   allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f.  The system administrator may                 user, if allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f.  The system
                   specify a list of sudo-specific authentication methods by                 administrator may specify a list of sudo-specific
                   adding an "auth-sudo" entry in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f.  This                 authentication methods by adding an ``auth-sudo'' entry in
                   option is only available on systems that support BSD                 _/_e_t_c_/_l_o_g_i_n_._c_o_n_f.  This option is only available on systems
                   authentication.                 that support BSD authentication.
   
       -b          The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given     --bb, ----bbaacckkggrroouunndd
                   command in the background.  Note that if you use the --bb                 Run the given command in the background.  Note that it is not
                   option you cannot use shell job control to manipulate the                 possible to use shell job control to manipulate background
                   process.  Most interactive commands will fail to work                 processes started by ssuuddoo.  Most interactive commands will
                   properly in background mode.                 fail to work properly in background mode.
   
       -C _f_d       Normally, ssuuddoo will close all open file descriptors other     --CC _n_u_m, ----cclloossee--ffrroomm=_n_u_m
                   than standard input, standard output and standard error.                 Close all file descriptors greater than or equal to _n_u_m
                   The --CC (_c_l_o_s_e _f_r_o_m) option allows the user to specify a                 before executing a command.  Values less than three are not
                   starting point above the standard error (file descriptor                 permitted.  By default, ssuuddoo will close all open file
                   three).  Values less than three are not permitted.  The                 descriptors other than standard input, standard output and
                   security policy may restrict the user's ability to use the                 standard error when executing a command.  The security policy
                   --CC option.  The _s_u_d_o_e_r_s policy only permits use of the --CC                 may restrict the user's ability to use this option.  The
                   option when the administrator has enabled the                 _s_u_d_o_e_r_s policy only permits use of the --CC option when the
                   _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option.                 administrator has enabled the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option.
   
       -c _c_l_a_s_s    The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified     --cc _c_l_a_s_s, ----llooggiinn--ccllaassss=_c_l_a_s_s
                   command with resources limited by the specified login                 Run the command with resource limits and scheduling priority
                   class.  The _c_l_a_s_s argument can be either a class name as                 of the specified login _c_l_a_s_s.  The _c_l_a_s_s argument can be
                   defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single '-' character.                 either a class name as defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a
                   Specifying a _c_l_a_s_s of - indicates that the command should                 single `-' character.  If _c_l_a_s_s is --, the default login class
                   be run restricted by the default login capabilities for the                 of the target user will be used.  Otherwise, the command must
                   user the command is run as.  If the _c_l_a_s_s argument                 be run as the superuser (user ID 0), or ssuuddoo must be run from
                   specifies an existing user class, the command must be run                 a shell that is already running as the superuser.  If the
                   as root, or the ssuuddoo command must be run from a shell that                 command is being run as a login shell, additional
                   is already root.  This option is only available on systems                 _/_e_t_c_/_l_o_g_i_n_._c_o_n_f settings, such as the umask and environment
                   with BSD login classes.                 variables, will be applied, if present.  This option is only
                  available on systems with BSD login classes.
   
       -D _l_e_v_e_l    Enable debugging of ssuuddoo plugins and ssuuddoo itself.  The     --EE, ----pprreesseerrvvee--eennvv
                   _l_e_v_e_l may be a value from 1 through 9.                 Indicates to the security policy that the user wishes to
                  preserve their existing environment variables.  The security
                  policy may return an error if the user does not have
                  permission to preserve the environment.
   
       -E          The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option indicates to the     --ee, ----eeddiitt  Edit one or more files instead of running a command.  In lieu
                   security policy that the user wishes to preserve their                 of a path name, the string "sudoedit" is used when consulting
                   existing environment variables.  The security policy may                 the security policy.  If the user is authorized by the
                   return an error if the --EE option is specified and the user                 policy, the following steps are taken:
                   does not have permission to preserve the environment. 
   
       -e          The --ee (_e_d_i_t) option indicates that, instead of running a                  1.   Temporary copies are made of the files to be edited
                   command, the user wishes to edit one or more files.  In 
                   lieu of a command, the string "sudoedit" is used when 
                   consulting the security policy.  If the user is authorized 
                   by the policy, the following steps are taken: 
 
                   1.  Temporary copies are made of the files to be edited 
                        with the owner set to the invoking user.                         with the owner set to the invoking user.
   
                   2.  The editor specified by the policy is run to edit the                  2.   The editor specified by the policy is run to edit the
                        temporary files.  The _s_u_d_o_e_r_s policy uses the                         temporary files.  The _s_u_d_o_e_r_s policy uses the
                        SUDO_EDITOR, VISUAL and EDITOR environment variables                         SUDO_EDITOR, VISUAL and EDITOR environment variables
                        (in that order).  If none of SUDO_EDITOR, VISUAL or                         (in that order).  If none of SUDO_EDITOR, VISUAL or
                        EDITOR are set, the first program listed in the _e_d_i_t_o_r                         EDITOR are set, the first program listed in the _e_d_i_t_o_r
                       _s_u_d_o_e_r_s(4) option is used.                       sudoers(4) option is used.
   
                   3.  If they have been modified, the temporary files are                  3.   If they have been modified, the temporary files are
                        copied back to their original location and the                         copied back to their original location and the
                        temporary versions are removed.                         temporary versions are removed.
   
                   If the specified file does not exist, it will be created.                 If the specified file does not exist, it will be created.
                   Note that unlike most commands run by ssuuddoo, the editor is                 Note that unlike most commands run by _s_u_d_o, the editor is run
                   run with the invoking user's environment unmodified.  If,                 with the invoking user's environment unmodified.  If, for
                   for some reason, ssuuddoo is unable to update a file with its                 some reason, ssuuddoo is unable to update a file with its edited
                   edited version, the user will receive a warning and the                 version, the user will receive a warning and the edited copy
                   edited copy will remain in a temporary file.                 will remain in a temporary file.
   
       -g _g_r_o_u_p    Normally, ssuuddoo runs a command with the primary group set to     --gg _g_r_o_u_p, ----ggrroouupp=_g_r_o_u_p
                   the one specified by the password database for the user the                 Run the command with the primary group set to _g_r_o_u_p instead
                   command is being run as (by default, root).  The --gg (_g_r_o_u_p)                 of the primary group specified by the target user's password
                   option causes ssuuddoo to run the command with the primary                 database entry.  The _g_r_o_u_p may be either a group name or a
                   group set to _g_r_o_u_p instead.  To specify a _g_i_d instead of a                 numeric group ID (GID) prefixed with the `#' character (e.g.
                   _g_r_o_u_p _n_a_m_e, use _#_g_i_d.  When running commands as a _g_i_d, many                 #0 for GID 0).  When running a command as a GID, many shells
                   shells require that the '#' be escaped with a backslash                 require that the `#' be escaped with a backslash (`\').  If
                   ('\').  If no --uu option is specified, the command will be                 no --uu option is specified, the command will be run as the
                   run as the invoking user (not root).  In either case, the                 invoking user.  In either case, the primary group will be set
                   primary group will be set to _g_r_o_u_p.                 to _g_r_o_u_p.
   
       -H          The --HH (_H_O_M_E) option requests that the security policy set     --HH, ----sseett--hhoommee
                   the HOME environment variable to the home directory of the                 Request that the security policy set the HOME environment
                   target user (root by default) as specified by the password                 variable to the home directory specified by the target user's
                   database.  Depending on the policy, this may be the default                 password database entry.  Depending on the policy, this may
                   behavior.                 be the default behavior.
   
       -h          The --hh (_h_e_l_p) option causes ssuuddoo to print a short help     --hh, ----hheellpp  Display a short help message to the standard output and exit.
                   message to the standard output and exit. 
   
       -i [command]     --hh _h_o_s_t, ----hhoosstt=_h_o_s_t
                   The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell                 Run the command on the specified _h_o_s_t if the security policy
                   specified by the password database entry of the target user                 plugin supports remote commands.  Note that the _s_u_d_o_e_r_s
                   as a login shell.  This means that login-specific resource                 plugin does not currently support running remote commands.
                   files such as .profile or .login will be read by the shell.                 This may also be used in conjunction with the --ll option to
                   If a command is specified, it is passed to the shell for                 list a user's privileges for the remote host.
                   execution via the shell's --cc option.  If no command is 
                   specified, an interactive shell is executed.  ssuuddoo attempts 
                   to change to that user's home directory before running the 
                   shell.  The security policy shall initialize the 
                   environment to a minimal set of variables, similar to what 
                   is present when a user logs in.  The _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t 
                   section in the _s_u_d_o_e_r_s(4) manual documents how the --ii 
                   option affects the environment in which a command is run 
                   when the _s_u_d_o_e_r_s policy is in use. 
   
       -K          The --KK (sure _k_i_l_l) option is like --kk except that it removes     --ii, ----llooggiinn
                   the user's cached credentials entirely and may not be used                 Run the shell specified by the target user's password
                   in conjunction with a command or other option.  This option                 database entry as a login shell.  This means that login-
                   does not require a password.  Not all security policies                 specific resource files such as _._p_r_o_f_i_l_e or _._l_o_g_i_n will be
                   support credential caching.                 read by the shell.  If a command is specified, it is passed
                  to the shell for execution via the shell's --cc option.  If no
                  command is specified, an interactive shell is executed.  ssuuddoo
                  attempts to change to that user's home directory before
                  running the shell.  The command is run with an environment
                  similar to the one a user would receive at log in.  The
                  _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t section in the sudoers(4) manual
                  documents how the --ii option affects the environment in which
                  a command is run when the _s_u_d_o_e_r_s policy is in use.
   
       -k [command]     --KK, ----rreemmoovvee--ttiimmeessttaammpp
                   When used alone, the --kk (_k_i_l_l) option to ssuuddoo invalidates                 Similar to the --kk option, except that it removes the user's
                   the user's cached credentials.  The next time ssuuddoo is run a                 cached credentials entirely and may not be used in
                   password will be required.  This option does not require a                 conjunction with a command or other option.  This option does
                   password and was added to allow a user to revoke ssuuddoo                 not require a password.  Not all security policies support
                   permissions from a .logout file.  Not all security policies                 credential caching.
                   support credential caching. 
   
                   When used in conjunction with a command or an option that     --kk, ----rreesseett--ttiimmeessttaammpp
                   may require a password, the --kk option will cause ssuuddoo to                 When used without a command, invalidates the user's cached
                   ignore the user's cached credentials.  As a result, ssuuddoo                 credentials.  In other words, the next time ssuuddoo is run a
                   will prompt for a password (if one is required by the                 password will be required.  This option does not require a
                   security policy) and will not update the user's cached                 password and was added to allow a user to revoke ssuuddoo
                   credentials.                 permissions from a _._l_o_g_o_u_t file.
   
       -l[l] [_c_o_m_m_a_n_d]                 When used in conjunction with a command or an option that may
                   If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list                 require a password, this option will cause ssuuddoo to ignore the
                   the allowed (and forbidden) commands for the invoking user                 user's cached credentials.  As a result, ssuuddoo will prompt for
                   (or the user specified by the --UU option) on the current                 a password (if one is required by the security policy) and
                   host.  If a _c_o_m_m_a_n_d is specified and is permitted by the                 will not update the user's cached credentials.
                   security policy, the fully-qualified path to the command is 
                   displayed along with any command line arguments.  If 
                   _c_o_m_m_a_n_d is specified but not allowed, ssuuddoo will exit with a 
                   status value of 1.  If the --ll option is specified with an ll 
                   argument (i.e. --llll), or if --ll is specified multiple times, 
                   a longer list format is used. 
   
       -n          The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from                 Not all security policies support credential caching.
                   prompting the user for a password.  If a password is 
                   required for the command to run, ssuuddoo will display an error 
                   messages and exit. 
   
       -P          The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to     --ll, ----lliisstt  If no _c_o_m_m_a_n_d is specified, list the allowed (and forbidden)
                   preserve the invoking user's group vector unaltered.  By                 commands for the invoking user (or the user specified by the
                   default, the _s_u_d_o_e_r_s policy will initialize the group                 --UU option) on the current host.  A longer list format is used
                   vector to the list of groups the target user is in.  The                 if this option is specified multiple times and the security
                   real and effective group IDs, however, are still set to                 policy supports a verbose output format.
                   match the target user. 
   
       -p _p_r_o_m_p_t   The --pp (_p_r_o_m_p_t) option allows you to override the default                 If a _c_o_m_m_a_n_d is specified and is permitted by the security
                   password prompt and use a custom one.  The following                 policy, the fully-qualified path to the command is displayed
                   percent (`%') escapes are supported by the _s_u_d_o_e_r_s policy:                 along with any command line arguments.  If _c_o_m_m_a_n_d is
                  specified but not allowed, ssuuddoo will exit with a status value
                  of 1.
   
                   %H  expanded to the host name including the domain name (on     --nn, ----nnoonn--iinntteerraaccttiivvee
                       if the machine's host name is fully qualified or the                 Avoid prompting the user for input of any kind.  If a
                       _f_q_d_n option is set in _s_u_d_o_e_r_s(4))                 password is required for the command to run, ssuuddoo will
                  display an error message and exit.
   
                   %h  expanded to the local host name without the domain name     --PP, ----pprreesseerrvvee--ggrroouuppss
                  Preserve the invoking user's group vector unaltered.  By
                  default, the _s_u_d_o_e_r_s policy will initialize the group vector
                  to the list of groups the target user is a member of.  The
                  real and effective group IDs, however, are still set to match
                  the target user.
   
                   %p  expanded to the name of the user whose password is     --pp _p_r_o_m_p_t, ----pprroommpptt=_p_r_o_m_p_t
                       being requested (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and                 Use a custom password prompt with optional escape sequences.
                       _r_u_n_a_s_p_w flags in _s_u_d_o_e_r_s(4))                 The following percent (`%') escape sequences are supported by
                  the _s_u_d_o_e_r_s policy:
   
                   %U  expanded to the login name of the user the command will                 %H  expanded to the host name including the domain name (on
                       be run as (defaults to root unless the -u option is                     if the machine's host name is fully qualified or the _f_q_d_n
                       also specified)                     option is set in sudoers(4))
   
                   %u  expanded to the invoking user's login name                 %h  expanded to the local host name without the domain name
   
                   %%  two consecutive % characters are collapsed into a                 %p  expanded to the name of the user whose password is being
                       single % character                     requested (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w, and _r_u_n_a_s_p_w
                      flags in sudoers(4))
   
                   The prompt specified by the --pp option will override the                 %U  expanded to the login name of the user the command will
                   system password prompt on systems that support PAM unless                     be run as (defaults to root unless the --uu option is also
                   the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s.                     specified)
   
       -r _r_o_l_e     The --rr (_r_o_l_e) option causes the new (SELinux) security                 %u  expanded to the invoking user's login name
                   context to have the role specified by _r_o_l_e. 
   
       -S          The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from                 %%  two consecutive `%' characters are collapsed into a
                   the standard input instead of the terminal device.  The                     single `%' character
                   password must be followed by a newline character. 
   
       -s [command]                 The custom prompt will override the system password prompt on
                   The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L                 systems that support PAM unless the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag
                   environment variable if it is set or the shell as specified                 is disabled in _s_u_d_o_e_r_s.
                   in the password database.  If a command is specified, it is 
                   passed to the shell for execution via the shell's --cc 
                   option.  If no command is specified, an interactive shell 
                   is executed. 
   
       -t _t_y_p_e     The --tt (_t_y_p_e) option causes the new (SELinux) security     --rr _r_o_l_e, ----rroollee=_r_o_l_e
                   context to have the type specified by _t_y_p_e.  If no type is                 Run the command with an SELinux security context that
                   specified, the default type is derived from the specified                 includes the specified _r_o_l_e.
                   role. 
   
       -U _u_s_e_r     The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the     --SS, ----ssttddiinn
                   --ll option to specify the user whose privileges should be                 Write the prompt to the standard error and read the password
                   listed.  The security policy may restrict listing other                 from the standard input instead of using the terminal device.
                   users' privileges.  The _s_u_d_o_e_r_s policy only allows root or                 The password must be followed by a newline character.
                   a user with the ALL privilege on the current host to use 
                   this option. 
   
       -u _u_s_e_r     The --uu (_u_s_e_r) option causes ssuuddoo to run the specified     --ss, ----sshheellll
                   command as a user other than _r_o_o_t.  To specify a _u_i_d                 Run the shell specified by the SHELL environment variable if
                   instead of a _u_s_e_r _n_a_m_e, use _#_u_i_d.  When running commands as                 it is set or the shell specified by the invoking user's
                   a _u_i_d, many shells require that the '#' be escaped with a                 password database entry.  If a command is specified, it is
                   backslash ('\').  Security policies may restrict _u_i_ds to                 passed to the shell for execution via the shell's --cc option.
                   those listed in the password database.  The _s_u_d_o_e_r_s policy                 If no command is specified, an interactive shell is executed.
                   allows _u_i_ds that are not in the password database as long 
                   as the _t_a_r_g_e_t_p_w option is not set.  Other security policies 
                   may not support this. 
   
       -V          The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print its version     --tt _t_y_p_e, ----ttyyppee=_t_y_p_e
                   string and the version string of the security policy plugin                 Run the command with an SELinux security context that
                   and any I/O plugins.  If the invoking user is already root                 includes the specified _t_y_p_e.  If no _t_y_p_e is specified, the
                   the --VV option will display the arguments passed to                 default type is derived from the role.
                   configure when _s_u_d_o was built and plugins may display more 
                   verbose information such as default options. 
   
       -v          When given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the     --UU _u_s_e_r, ----ootthheerr--uusseerr=_u_s_e_r
                   user's cached credentials, authenticating the user's                 Used in conjunction with the --ll option to list the privileges
                   password if necessary.  For the _s_u_d_o_e_r_s plugin, this                 for _u_s_e_r instead of for the invoking user.  The security
                   extends the ssuuddoo timeout for another 5 minutes (or whatever                 policy may restrict listing other users' privileges.  The
                   the timeout is set to in _s_u_d_o_e_r_s) but does not run a                 _s_u_d_o_e_r_s policy only allows root or a user with the ALL
                   command.  Not all security policies support cached                 privilege on the current host to use this option.
                   credentials. 
   
       --          The ---- option indicates that ssuuddoo should stop processing     --uu _u_s_e_r, ----uusseerr=_u_s_e_r
                   command line arguments.                 Run the command as a user other than the default target user
                  (usually _r_o_o_t _)_. The _u_s_e_r may be either a user name or a
                  numeric user ID (UID) prefixed with the `#' character (e.g.
                  #0 for UID 0).  When running commands as a UID, many shells
                  require that the `#' be escaped with a backslash (`\').  Some
                  security policies may restrict UIDs to those listed in the
                  password database.  The _s_u_d_o_e_r_s policy allows UIDs that are
                  not in the password database as long as the _t_a_r_g_e_t_p_w option
                  is not set.  Other security policies may not support this.
   
       Environment variables to be set for the command may also be passed on     --VV, ----vveerrssiioonn
       the command line in the form of VVAARR=_v_a_l_u_e, e.g.                 Print the ssuuddoo version string as well as the version string
       LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b.  Variables passed on the command                 of the security policy plugin and any I/O plugins.  If the
       line are subject to the same restrictions as normal environment                 invoking user is already root the --VV option will display the
       variables with one important exception.  If the _s_e_t_e_n_v option is set in                 arguments passed to configure when ssuuddoo was built and plugins
       _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command                 may display more verbose information such as default options.
       matched is ALL, the user may set variables that would overwise be 
       forbidden.  See _s_u_d_o_e_r_s(4) for more information. 
   
PPLLUUGGIINNSS     --vv, ----vvaalliiddaattee
       Plugins are dynamically loaded based on the contents of the                 Update the user's cached credentials, authenticating the user
       _/_e_t_c_/_s_u_d_o_._c_o_n_f file.  If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, or it                 if necessary.  For the _s_u_d_o_e_r_s plugin, this extends the ssuuddoo
       contains no Plugin lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s                 timeout for another 5 minutes by default, but does not run a
       security policy and I/O logging, which corresponds to the following                 command.  Not all security policies support cached
       _/_e_t_c_/_s_u_d_o_._c_o_n_f file.                 credentials.
   
        #     ----          The ---- option indicates that ssuuddoo should stop processing
        # Default /etc/sudo.conf file                 command line arguments.
        # 
        # Format: 
        #   Plugin plugin_name plugin_path 
        #   Path askpass /path/to/askpass 
        #   Path noexec /path/to/noexec.so 
        # 
        # The plugin_path is relative to /usr/local/libexec unless 
        #   fully qualified. 
        # The plugin_name corresponds to a global symbol in the plugin 
        #   that contains the plugin interface structure. 
        # 
        Plugin policy_plugin sudoers.so 
        Plugin io_plugin sudoers.so 
   
       A Plugin line consists of the Plugin keyword, followed by the     Environment variables to be set for the command may also be passed on the
       _s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin.     command line in the form of _V_A_R=_v_a_l_u_e, e.g.
       The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct     LD_LIBRARY_PATH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b.  Variables passed on the command line
       io_plugin in the plugin shared object.  The _p_a_t_h may be fully qualified     are subject to restrictions imposed by the security policy plugin.  The
       or relative.  If not fully qualified it is relative to the     _s_u_d_o_e_r_s policy subjects variables passed on the command line to the same
       _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory.  Any additional parameters after the _p_a_t_h     restrictions as normal environment variables with one important
       are ignored.  Lines that don't begin with Plugin or Path are silently     exception.  If the _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s, the command to be run
       ignored     has the SETENV tag set or the command matched is ALL, the user may set
      variables that would otherwise be forbidden.  See sudoers(4) for more
      information.
   
       For more information, see the _s_u_d_o___p_l_u_g_i_n(1m) manual.CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
      When ssuuddoo executes a command, the security policy specifies the execution
      environment for the command.  Typically, the real and effective user and
      group and IDs are set to match those of the target user, as specified in
      the password database, and the group vector is initialized based on the
      group database (unless the --PP option was specified).
   
PPAATTHHSS     The following parameters may be specified by security policy:
       A Path line consists of the Path keyword, followed by the name of the 
       path to set and its value.  E.g. 
   
        Path noexec /usr/local/libexec/sudo_noexec.so     oo   real and effective user ID
        Path askpass /usr/X11R6/bin/ssh-askpass 
   
       The following plugin-agnostic paths may be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f     oo   real and effective group ID
       file. 
   
       askpass         The fully qualified path to a helper program used to     oo   supplementary group IDs
                       read the user's password when no terminal is available. 
                       This may be the case when ssuuddoo is executed from a 
                       graphical (as opposed to text-based) application.  The 
                       program specified by _a_s_k_p_a_s_s should display the 
                       argument passed to it as the prompt and write the 
                       user's password to the standard output.  The value of 
                       _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS 
                       environment variable. 
   
       noexec          The fully-qualified path to a shared library containing     oo   the environment list
                       dummy versions of the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and _f_e_x_e_c_v_e_(_) 
                       library functions that just return an error.  This is 
                       used to implement the _n_o_e_x_e_c functionality on systems 
                       that support LD_PRELOAD or its equivalent.  Defaults to 
                       _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o. 
   
RREETTUURRNN VVAALLUUEESS     oo   current working directory
       Upon successful execution of a program, the exit status from ssuuddoo will 
       simply be the exit status of the program that was executed. 
   
       Otherwise, ssuuddoo exits with a value of 1 if there is a     oo   file creation mode mask (umask)
       configuration/permission problem or if ssuuddoo cannot execute the given 
       command.  In the latter case the error string is printed to the 
       standard error.  If ssuuddoo cannot _s_t_a_t(2) one or more entries in the 
       user's PATH, an error is printed on stderr.  (If the directory does not 
       exist or if it is not really a directory, the entry is ignored and no 
       error is printed.)  This should not happen under normal circumstances. 
       The most common reason for _s_t_a_t(2) to return "permission denied" is if 
       you are running an automounter and one of the directories in your PATH 
       is on a machine that is currently unreachable. 
   
        oo   SELinux role and type
   
        oo   Solaris project
   
        oo   Solaris privileges
   
        oo   BSD login class
   
        oo   scheduling priority (aka nice value)
   
      PPrroocceessss mmooddeell
        When ssuuddoo runs a command, it calls fork(2), sets up the execution
        environment as described above, and calls the execve system call in the
        child process.  The main ssuuddoo process waits until the command has
        completed, then passes the command's exit status to the security policy's
        close function and exits.  If an I/O logging plugin is configured or if
        the security policy explicitly requests it, a new  pseudo-terminal
        (``pty'') is created and a second ssuuddoo process is used to relay job
        control signals between the user's existing pty and the new pty the
        command is being run in.  This extra process makes it possible to, for
        example, suspend and resume the command.  Without it, the command would
        be in what POSIX terms an ``orphaned process group'' and it would not
        receive any job control signals.  As a special case, if the policy plugin
        does not define a close function and no pty is required, ssuuddoo will
        execute the command directly instead of calling fork(2) first.  The
        _s_u_d_o_e_r_s policy plugin will only define a close function when I/O logging
        is enabled, a pty is required, or the _p_a_m___s_e_s_s_i_o_n or _p_a_m___s_e_t_c_r_e_d options
        are enabled.  Note that _p_a_m___s_e_s_s_i_o_n and _p_a_m___s_e_t_c_r_e_d are enabled by
        default on systems using PAM.
   
      SSiiggnnaall hhaannddlliinngg
        When the command is run as a child of the ssuuddoo process, ssuuddoo will relay
        signals it receives to the command.  Unless the command is being run in a
        new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed unless
        they are sent by a user process, not the kernel.  Otherwise, the command
        would receive SIGINT twice every time the user entered control-C.  Some
        signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will not
        be relayed to the command.  As a general rule, SIGTSTP should be used
        instead of SIGSTOP when you wish to suspend a command being run by ssuuddoo.
   
        As a special case, ssuuddoo will not relay signals that were sent by the
        command it is running.  This prevents the command from accidentally
        killing itself.  On some systems, the reboot(1m) command sends SIGTERM to
        all non-system processes other than itself before rebooting the system.
        This prevents ssuuddoo from relaying the SIGTERM signal it received back to
        reboot(1m), which might then exit before the system was actually rebooted,
        leaving it in a half-dead state similar to single user mode.  Note,
        however, that this check only applies to the command run by ssuuddoo and not
        any other processes that the command may create.  As a result, running a
        script that calls reboot(1m) or shutdown(1m) via ssuuddoo may cause the system
        to end up in this undefined state unless the reboot(1m) or shutdown(1m) are
        run using the eexxeecc() family of functions instead of ssyysstteemm() (which
        interposes a shell between the command and the calling process).
   
        If no I/O logging plugins are loaded and the policy plugin has not
        defined a cclloossee() function, set a command timeout or required that the
        command be run in a new pty, ssuuddoo may execute the command directly
        instead of running it as a child process.
   
      PPlluuggiinnss
        Plugins may be specified via Plugin directives in the sudo.conf(4) file.
        They may be loaded as dynamic shared objects (on systems that support
        them), or compiled directly into the ssuuddoo binary.  If no sudo.conf(4)
        file is present, or it contains no Plugin lines, ssuuddoo will use the
        traditional _s_u_d_o_e_r_s security policy and I/O logging.  See the
        sudo.conf(4) manual for details of the _/_e_t_c_/_s_u_d_o_._c_o_n_f file and the
        sudo_plugin(1m) manual for more information about the ssuuddoo plugin
        architecture.
   
   EEXXIITT VVAALLUUEE
        Upon successful execution of a program, the exit status from _s_u_d_o will
        simply be the exit status of the program that was executed.
   
        Otherwise, ssuuddoo exits with a value of 1 if there is a
        configuration/permission problem or if ssuuddoo cannot execute the given
        command.  In the latter case the error string is printed to the standard
        error.  If ssuuddoo cannot stat(2) one or more entries in the user's PATH, an
        error is printed on stderr.  (If the directory does not exist or if it is
        not really a directory, the entry is ignored and no error is printed.)
        This should not happen under normal circumstances.  The most common
        reason for stat(2) to return ``permission denied'' is if you are running
        an automounter and one of the directories in your PATH is on a machine
        that is currently unreachable.
   
 SSEECCUURRIITTYY NNOOTTEESS  SSEECCUURRIITTYY NNOOTTEESS
       ssuuddoo tries to be safe when executing external commands.     ssuuddoo tries to be safe when executing external commands.
   
       To prevent command spoofing, ssuuddoo checks "." and "" (both denoting     To prevent command spoofing, ssuuddoo checks "." and "" (both denoting
       current directory) last when searching for a command in the user's PATH     current directory) last when searching for a command in the user's PATH
       (if one or both are in the PATH).  Note, however, that the actual PATH     (if one or both are in the PATH).  Note, however, that the actual PATH
       environment variable is _n_o_t modified and is passed unchanged to the     environment variable is _n_o_t modified and is passed unchanged to the
       program that ssuuddoo executes.     program that ssuuddoo executes.
   
       Please note that ssuuddoo will normally only log the command it explicitly     Please note that ssuuddoo will normally only log the command it explicitly
       runs.  If a user runs a command such as sudo su or sudo sh, subsequent     runs.  If a user runs a command such as sudo su or sudo sh, subsequent
       commands run from that shell are not subject to ssuuddoo's security policy.     commands run from that shell are not subject to ssuuddoo's security policy.
       The same is true for commands that offer shell escapes (including most     The same is true for commands that offer shell escapes (including most
       editors).  If I/O logging is enabled, subsequent commands will have     editors).  If I/O logging is enabled, subsequent commands will have their
       their input and/or output logged, but there will not be traditional     input and/or output logged, but there will not be traditional logs for
       logs for those commands.  Because of this, care must be taken when     those commands.  Because of this, care must be taken when giving users
       giving users access to commands via ssuuddoo to verify that the command     access to commands via ssuuddoo to verify that the command does not
       does not inadvertently give the user an effective root shell.  For more     inadvertently give the user an effective root shell.  For more
       information, please see the PREVENTING SHELL ESCAPES section in     information, please see the _P_R_E_V_E_N_T_I_N_G _S_H_E_L_L _E_S_C_A_P_E_S section in
       _s_u_d_o_e_r_s(4).     sudoers(4).
   
        To prevent the disclosure of potentially sensitive information, ssuuddoo
        disables core dumps by default while it is executing (they are re-enabled
        for the command that is run).  To aid in debugging ssuuddoo crashes, you may
        wish to re-enable core dumps by setting ``disable_coredump'' to false in
        the sudo.conf(4) file as follows:
   
              Set disable_coredump false
   
        See the sudo.conf(4) manual for more information.
   
 EENNVVIIRROONNMMEENNTT  EENNVVIIRROONNMMEENNTT
       ssuuddoo utilizes the following environment variables.  The security policy     ssuuddoo utilizes the following environment variables.  The security policy
       has control over the content of the command's environment.     has control over the actual content of the command's environment.
   
       EDITOR          Default editor to use in --ee (sudoedit) mode if neither     EDITOR           Default editor to use in --ee (sudoedit) mode if neither
                       SUDO_EDITOR nor VISUAL is set                      SUDO_EDITOR nor VISUAL is set.
   
       MAIL            In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set     MAIL             In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set
                       to the mail spool of the target user                      to the mail spool of the target user.
   
       HOME            Set to the home directory of the target user if --ii or     HOME             Set to the home directory of the target user if --ii or --HH
                       --HH are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set                      are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set in
                       in _s_u_d_o_e_r_s, or when the --ss option is specified and                      _s_u_d_o_e_r_s, or when the --ss option is specified and _s_e_t___h_o_m_e
                       _s_e_t___h_o_m_e is set in _s_u_d_o_e_r_s                      is set in _s_u_d_o_e_r_s.
   
       PATH            May be overridden by the security policy.     PATH             May be overridden by the security policy.
   
       SHELL           Used to determine shell to run with -s option     SHELL            Used to determine shell to run with --ss option.
   
       SUDO_ASKPASS    Specifies the path to a helper program used to read the     SUDO_ASKPASS     Specifies the path to a helper program used to read the
                       password if no terminal is available or if the -A                      password if no terminal is available or if the --AA option
                       option is specified.                      is specified.
   
       SUDO_COMMAND    Set to the command run by sudo     SUDO_COMMAND     Set to the command run by sudo.
   
       SUDO_EDITOR     Default editor to use in --ee (sudoedit) mode     SUDO_EDITOR      Default editor to use in --ee (sudoedit) mode.
   
       SUDO_GID        Set to the group ID of the user who invoked sudo     SUDO_GID         Set to the group ID of the user who invoked sudo.
   
       SUDO_PROMPT     Used as the default password prompt     SUDO_PROMPT      Used as the default password prompt.
   
       SUDO_PS1        If set, PS1 will be set to its value for the program     SUDO_PS1         If set, PS1 will be set to its value for the program
                       being run                      being run.
   
       SUDO_UID        Set to the user ID of the user who invoked sudo     SUDO_UID         Set to the user ID of the user who invoked sudo.
   
       SUDO_USER       Set to the login of the user who invoked sudo     SUDO_USER        Set to the login name of the user who invoked sudo.
   
       USER            Set to the target user (root unless the --uu option is     USER             Set to the target user (root unless the --uu option is
                       specified)                      specified).
   
       VISUAL          Default editor to use in --ee (sudoedit) mode if     VISUAL           Default editor to use in --ee (sudoedit) mode if
                       SUDO_EDITOR is not set                      SUDO_EDITOR is not set.
   
 FFIILLEESS  FFIILLEESS
       _/_e_t_c_/_s_u_d_o_._c_o_n_f          ssuuddoo plugin and path configuration     _/_e_t_c_/_s_u_d_o_._c_o_n_f            ssuuddoo front end configuration
   
 EEXXAAMMPPLLEESS  EEXXAAMMPPLLEESS
       Note: the following examples assume a properly configured security     Note: the following examples assume a properly configured security
       policy.     policy.
   
       To get a file listing of an unreadable directory:     To get a file listing of an unreadable directory:
   
        $ sudo ls /usr/local/protected           $ sudo ls /usr/local/protected
   
       To list the home directory of user yaz on a machine where the file     To list the home directory of user yaz on a machine where the file system
       system holding ~yaz is not exported as root:     holding ~yaz is not exported as root:
   
        $ sudo -u yaz ls ~yaz           $ sudo -u yaz ls ~yaz
   
       To edit the _i_n_d_e_x_._h_t_m_l file as user www:     To edit the _i_n_d_e_x_._h_t_m_l file as user www:
   
        $ sudo -u www vi ~www/htdocs/index.html           $ sudo -u www vi ~www/htdocs/index.html
   
       To view system logs only accessible to root and users in the adm group:     To view system logs only accessible to root and users in the adm group:
   
        $ sudo -g adm view /var/log/syslog           $ sudo -g adm view /var/log/syslog
   
       To run an editor as jim with a different primary group:     To run an editor as jim with a different primary group:
   
        $ sudo -u jim -g audio vi ~jim/sound.txt           $ sudo -u jim -g audio vi ~jim/sound.txt
   
       To shutdown a machine:     To shut down a machine:
   
        $ sudo shutdown -r +15 "quick reboot"           $ sudo shutdown -r +15 "quick reboot"
   
       To make a usage listing of the directories in the /home partition.     To make a usage listing of the directories in the /home partition.  Note
       Note that this runs the commands in a sub-shell to make the cd and file     that this runs the commands in a sub-shell to make the cd and file
       redirection work.     redirection work.
   
        $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"           $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
   
 SSEEEE AALLSSOO  SSEEEE AALLSSOO
       _g_r_e_p(1), _s_u(1)_s_t_a_t(2)_l_o_g_i_n___c_a_p(3)_p_a_s_s_w_d(4)_s_u_d_o_e_r_s(4),     su(1)stat(2)login_cap(3)passwd(4)sudo.conf(4), sudoers(4),
       _s_u_d_o___p_l_u_g_i_n(1m), _s_u_d_o_r_e_p_l_a_y(1m), _v_i_s_u_d_o(1m)     sudo_plugin(1m), sudoreplay(1m), visudo(1m)
   
   HHIISSTTOORRYY
        See the HISTORY file in the ssuuddoo distribution
        (http://www.sudo.ws/sudo/history.html) for a brief history of sudo.
   
 AAUUTTHHOORRSS  AAUUTTHHOORRSS
       Many people have worked on ssuuddoo over the years; this version consists     Many people have worked on ssuuddoo over the years; this version consists of
       of code written primarily by:     code written primarily by:
   
               Todd C. Miller           Todd C. Miller
   
       See the HISTORY file in the ssuuddoo distribution or visit     See the CONTRIBUTORS file in the ssuuddoo distribution
       http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo.     (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
      people who have contributed to ssuuddoo.
   
 CCAAVVEEAATTSS  CCAAVVEEAATTSS
       There is no easy way to prevent a user from gaining a root shell if     There is no easy way to prevent a user from gaining a root shell if that
       that user is allowed to run arbitrary commands via ssuuddoo.  Also, many     user is allowed to run arbitrary commands via ssuuddoo.  Also, many programs
       programs (such as editors) allow the user to run commands via shell     (such as editors) allow the user to run commands via shell escapes, thus
       escapes, thus avoiding ssuuddoo's checks.  However, on most systems it is     avoiding ssuuddoo's checks.  However, on most systems it is possible to
       possible to prevent shell escapes with the _s_u_d_o_e_r_s(4) module's _n_o_e_x_e_c     prevent shell escapes with the sudoers(4) plugin's _n_o_e_x_e_c functionality.
       functionality. 
   
       It is not meaningful to run the cd command directly via sudo, e.g.,     It is not meaningful to run the cd command directly via sudo, e.g.,
   
        $ sudo cd /usr/local/protected           $ sudo cd /usr/local/protected
   
       since when the command exits the parent process (your shell) will still     since when the command exits the parent process (your shell) will still
       be the same.  Please see the EXAMPLES section for more information.     be the same.  Please see the _E_X_A_M_P_L_E_S section for more information.
   
       Running shell scripts via ssuuddoo can expose the same kernel bugs that     Running shell scripts via ssuuddoo can expose the same kernel bugs that make
       make setuid shell scripts unsafe on some operating systems (if your OS     setuid shell scripts unsafe on some operating systems (if your OS has a
       has a /dev/fd/ directory, setuid shell scripts are generally safe).     /dev/fd/ directory, setuid shell scripts are generally safe).
   
 BBUUGGSS  BBUUGGSS
       If you feel you have found a bug in ssuuddoo, please submit a bug report at     If you feel you have found a bug in ssuuddoo, please submit a bug report at
       http://www.sudo.ws/sudo/bugs/     http://www.sudo.ws/sudo/bugs/
   
 SSUUPPPPOORRTT  SSUUPPPPOORRTT
       Limited free support is available via the sudo-users mailing list, see     Limited free support is available via the sudo-users mailing list, see
       http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search     http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
       the archives.     archives.
   
 DDIISSCCLLAAIIMMEERR  DDIISSCCLLAAIIMMEERR
       ssuuddoo is provided ``AS IS'' and any express or implied warranties,     ssuuddoo is provided ``AS IS'' and any express or implied warranties,
       including, but not limited to, the implied warranties of     including, but not limited to, the implied warranties of merchantability
       merchantability and fitness for a particular purpose are disclaimed.     and fitness for a particular purpose are disclaimed.  See the LICENSE
       See the LICENSE file distributed with ssuuddoo or     file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
       http://www.sudo.ws/sudo/license.html for complete details.     complete details.
   
Sudo 1.8.10                    February 15, 2014                   Sudo 1.8.10
 
1.8.3                         September 16, 2011                      SUDO(1m) 

Removed from v.1.1  
changed lines
  Added in v.1.1.1.6


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>