--- embedaddon/sudo/doc/sudo.cat 2013/07/22 10:46:11 1.1.1.4 +++ embedaddon/sudo/doc/sudo.cat 2013/10/14 07:56:34 1.1.1.5 @@ -5,16 +5,14 @@ NNAAMMEE SSYYNNOOPPSSIISS ssuuddoo --hh | --KK | --kk | --VV - ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--pp _p_r_o_m_p_t] - [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] - ssuuddoo --ll[_l] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--pp _p_r_o_m_p_t] - [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] [_c_o_m_m_a_n_d] - ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s | _-] - [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] - [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] [VVAARR=_v_a_l_u_e] --ii | --ss [_c_o_m_m_a_n_d] - ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s | _-] - [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] file - ... + ssuuddoo --vv [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r] + ssuuddoo --ll [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--UU _u_s_e_r] + [--uu _u_s_e_r] [_c_o_m_m_a_n_d] + ssuuddoo [--AAbbEEHHnnPPSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t] + [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--uu _u_s_e_r] [VVAARR=_v_a_l_u_e] [--ii | --ss] + [_c_o_m_m_a_n_d] + ssuuddooeeddiitt [--AAkknnSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t] + [--pp _p_r_o_m_p_t] [--uu _u_s_e_r] file ... DDEESSCCRRIIPPTTIIOONN ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or @@ -48,7 +46,8 @@ DDEESSCCRRIIPPTTIIOONN The options are as follows: - --AA Normally, if ssuuddoo requires a password, it will read it from + --AA, ----aasskkppaassss + Normally, if ssuuddoo requires a password, it will read it from the user's terminal. If the --AA (_a_s_k_p_a_s_s) option is specified, a (possibly graphical) helper program is executed to read the user's password and output the password to the @@ -63,50 +62,50 @@ DDEESSCCRRIIPPTTIIOONN If no askpass program is available, ssuuddoo will exit with an error. - --aa _t_y_p_e The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the - specified authentication type when validating the user, as - allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system administrator may - specify a list of sudo-specific authentication methods by - adding an ``auth-sudo'' entry in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. This - option is only available on systems that support BSD - authentication. + --aa _t_y_p_e, ----aauutthh--ttyyppee=_t_y_p_e + Use the specified BSD authentication _t_y_p_e when validating the + user, if allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system + administrator may specify a list of sudo-specific + authentication methods by adding an ``auth-sudo'' entry in + _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. This option is only available on systems + that support BSD authentication. - --bb The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given - command in the background. Note that if you use the --bb - option you cannot use shell job control to manipulate the - process. Most interactive commands will fail to work - properly in background mode. + --bb, ----bbaacckkggrroouunndd + Run the given command in the background. Note that it is not + possible to use shell job control to manipulate background + processes started by ssuuddoo. Most interactive commands will + fail to work properly in background mode. - --CC _f_d Normally, ssuuddoo will close all open file descriptors other - than standard input, standard output and standard error. The - --CC (_c_l_o_s_e _f_r_o_m) option allows the user to specify a starting - point above the standard error (file descriptor three). - Values less than three are not permitted. The security - policy may restrict the user's ability to use the --CC option. - The _s_u_d_o_e_r_s policy only permits use of the --CC option when the + --CC _n_u_m, ----cclloossee--ffrroomm=_n_u_m + Close all file descriptors greater than or equal to _n_u_m + before executing a command. Values less than three are not + permitted. By default, ssuuddoo will close all open file + descriptors other than standard input, standard output and + standard error when executing a command. The security policy + may restrict the user's ability to use this option. The + _s_u_d_o_e_r_s policy only permits use of the --CC option when the administrator has enabled the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option. - --cc _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified - command with resources limited by the specified login class. - The _c_l_a_s_s argument can be either a class name as defined in - _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single `-' character. Specifying a - _c_l_a_s_s of - indicates that the command should be run - restricted by the default login capabilities for the user the - command is run as. If the _c_l_a_s_s argument specifies an - existing user class, the command must be run as root, or the - ssuuddoo command must be run from a shell that is already root. - This option is only available on systems with BSD login - classes. + --cc _c_l_a_s_s, ----llooggiinn--ccllaassss=_c_l_a_s_s + Run the command with resource limits and scheduling priority + of the specified login _c_l_a_s_s. The _c_l_a_s_s argument can be + either a class name as defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a + single `-' character. If _c_l_a_s_s is -, the default login class + of the target user will be used. Otherwise, the command must + be run as root, or ssuuddoo must be run from a shell that is + already root. If the command is being run as a login shell, + additional _/_e_t_c_/_l_o_g_i_n_._c_o_n_f settings, such as the umask and + environment variables, will be applied if present. This + option is only available on systems with BSD login classes. - --EE The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option indicates to the - security policy that the user wishes to preserve their - existing environment variables. The security policy may - return an error if the --EE option is specified and the user - does not have permission to preserve the environment. + --EE, ----pprreesseerrvvee--eennvv + Indicates to the security policy that the user wishes to + preserve their existing environment variables. The security + policy may return an error if the user does not have + permission to preserve the environment. - --ee The --ee (_e_d_i_t) option indicates that, instead of running a - command, the user wishes to edit one or more files. In lieu - of a command, the string "sudoedit" is used when consulting + --ee, ----eeddiitt Edit one or more files instead of running a command. In lieu + of a path name, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken: @@ -131,87 +130,96 @@ DDEESSCCRRIIPPTTIIOONN version, the user will receive a warning and the edited copy will remain in a temporary file. - --gg _g_r_o_u_p Normally, ssuuddoo runs a command with the primary group set to - the one specified by the password database for the user the - command is being run as (by default, root). The --gg (_g_r_o_u_p) - option causes ssuuddoo to run the command with the primary group - set to _g_r_o_u_p instead. To specify a _g_i_d instead of a _g_r_o_u_p - _n_a_m_e, use _#_g_i_d. When running commands as a _g_i_d, many shells + --gg _g_r_o_u_p, ----ggrroouupp=_g_r_o_u_p + Run the command with the primary group set to _g_r_o_u_p instead + of the primary group specified by the target user's password + database entry. The _g_r_o_u_p may be either a group name or a + numeric group ID (GID) prefixed with the `#' character (e.g. + #0 for GID 0). When running a command as a GID, many shells require that the `#' be escaped with a backslash (`\'). If no --uu option is specified, the command will be run as the - invoking user (not root). In either case, the primary group - will be set to _g_r_o_u_p. + invoking user. In either case, the primary group will be set + to _g_r_o_u_p. - --HH The --HH (_H_O_M_E) option requests that the security policy set - the HOME environment variable to the home directory of the - target user (root by default) as specified by the password - database. Depending on the policy, this may be the default - behavior. + --HH, ----sseett--hhoommee + Request that the security policy set the HOME environment + variable to the home directory specified by the target user's + password database entry. Depending on the policy, this may + be the default behavior. - --hh The --hh (_h_e_l_p) option causes ssuuddoo to print a short help - message to the standard output and exit. + --hh, ----hheellpp Display a short help message to the standard output and exit. - --ii [_c_o_m_m_a_n_d] - The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell - specified by the password database entry of the target user - as a login shell. This means that login-specific resource - files such as _._p_r_o_f_i_l_e or _._l_o_g_i_n will be read by the shell. - If a command is specified, it is passed to the shell for - execution via the shell's --cc option. If no command is - specified, an interactive shell is executed. ssuuddoo attempts - to change to that user's home directory before running the - shell. The security policy shall initialize the environment - to a minimal set of variables, similar to what is present - when a user logs in. The _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t section in the - sudoers(4) manual documents how the --ii option affects the - environment in which a command is run when the _s_u_d_o_e_r_s policy - is in use. + --hh _h_o_s_t, ----hhoosstt=_h_o_s_t + Run the command on the specified _h_o_s_t if the security policy + plugin supports remote commands. Note that the _s_u_d_o_e_r_s + plugin does not currently support running remote commands. + This may also be used in conjunction with the --ll option to + list a user's privileges for the remote host. - --KK The --KK (sure _k_i_l_l) option is like --kk except that it removes - the user's cached credentials entirely and may not be used in + --ii, ----llooggiinn + Run the shell specified by the target user's password + database entry as a login shell. This means that login- + specific resource files such as _._p_r_o_f_i_l_e or _._l_o_g_i_n will be + read by the shell. If a command is specified, it is passed + to the shell for execution via the shell's --cc option. If no + command is specified, an interactive shell is executed. ssuuddoo + attempts to change to that user's home directory before + running the shell. The command is run with an environment + similar to the one a user would receive at log in. The + _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t section in the sudoers(4) manual + documents how the --ii option affects the environment in which + a command is run when the _s_u_d_o_e_r_s policy is in use. + + --KK, ----rreemmoovvee--ttiimmeessttaammpp + Similar to the --kk option, except that it removes the user's + cached credentials entirely and may not be used in conjunction with a command or other option. This option does not require a password. Not all security policies support credential caching. - --kk [_c_o_m_m_a_n_d] - When used alone, the --kk (_k_i_l_l) option to ssuuddoo invalidates the - user's cached credentials. The next time ssuuddoo is run a + --kk, ----rreesseett--ttiimmeessttaammpp + When used without a command, invalidates the user's cached + credentials. In other words, the next time ssuuddoo is run a password will be required. This option does not require a password and was added to allow a user to revoke ssuuddoo - permissions from a _._l_o_g_o_u_t file. Not all security policies - support credential caching. + permissions from a _._l_o_g_o_u_t file. When used in conjunction with a command or an option that may - require a password, the --kk option will cause ssuuddoo to ignore - the user's cached credentials. As a result, ssuuddoo will prompt - for a password (if one is required by the security policy) - and will not update the user's cached credentials. + require a password, this option will cause ssuuddoo to ignore the + user's cached credentials. As a result, ssuuddoo will prompt for + a password (if one is required by the security policy) and + will not update the user's cached credentials. - --ll[ll] [_c_o_m_m_a_n_d] - If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list - the allowed (and forbidden) commands for the invoking user - (or the user specified by the --UU option) on the current host. + Not all security policies support credential caching. + + --ll, ----lliisstt If no _c_o_m_m_a_n_d is specified, list the allowed (and forbidden) + commands for the invoking user (or the user specified by the + --UU option) on the current host. A longer list format is used + if this option is specified multiple times and the security + policy supports a verbose output format. + If a _c_o_m_m_a_n_d is specified and is permitted by the security policy, the fully-qualified path to the command is displayed along with any command line arguments. If _c_o_m_m_a_n_d is specified but not allowed, ssuuddoo will exit with a status value - of 1. If the --ll option is specified with an _l argument (i.e. - --llll), or if --ll is specified multiple times, a longer list - format is used. + of 1. - --nn The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from prompting - the user for a password. If a password is required for the - command to run, ssuuddoo will display an error message and exit. + --nn, ----nnoonn--iinntteerraaccttiivvee + Avoid prompting the user for input of any kind. If a + password is required for the command to run, ssuuddoo will + display an error message and exit. - --PP The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to preserve - the invoking user's group vector unaltered. By default, the - _s_u_d_o_e_r_s policy will initialize the group vector to the list - of groups the target user is in. The real and effective - group IDs, however, are still set to match the target user. + --PP, ----pprreesseerrvvee--ggrroouuppss + Preserve the invoking user's group vector unaltered. By + default, the _s_u_d_o_e_r_s policy will initialize the group vector + to the list of groups the target user is a member of. The + real and effective group IDs, however, are still set to match + the target user. - --pp _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default - password prompt and use a custom one. The following percent - (`%') escapes are supported by the _s_u_d_o_e_r_s policy: + --pp _p_r_o_m_p_t, ----pprroommpptt=_p_r_o_m_p_t + Use a custom password prompt with optional escape sequences. + The following percent (`%') escape sequences are supported by + the _s_u_d_o_e_r_s policy: %H expanded to the host name including the domain name (on if the machine's host name is fully qualified or the _f_q_d_n @@ -232,58 +240,62 @@ DDEESSCCRRIIPPTTIIOONN %% two consecutive `%' characters are collapsed into a single `%' character - The prompt specified by the --pp option will override the - system password prompt on systems that support PAM unless the - _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s. + The custom prompt will override the system password prompt on + systems that support PAM unless the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag + is disabled in _s_u_d_o_e_r_s. - --rr _r_o_l_e The --rr (_r_o_l_e) option causes the new (SELinux) security - context to have the role specified by _r_o_l_e. + --rr _r_o_l_e, ----rroollee=_r_o_l_e + Run the command with an SELinux security context that + includes the specified _r_o_l_e. - --SS The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from - the standard input instead of the terminal device. The - password must be followed by a newline character. + --SS, ----ssttddiinn + Write the prompt to the standard error and read the password + from the standard input instead of using the terminal device. + The password must be followed by a newline character. - --ss [_c_o_m_m_a_n_d] - The --ss (_s_h_e_l_l) option runs the shell specified by the SHELL - environment variable if it is set or the shell as specified - in the password database. If a command is specified, it is + --ss, ----sshheellll + Run the shell specified by the SHELL environment variable if + it is set or the shell specified by the invoking user's + password database entry. If a command is specified, it is passed to the shell for execution via the shell's --cc option. If no command is specified, an interactive shell is executed. - --tt _t_y_p_e The --tt (_t_y_p_e) option causes the new (SELinux) security - context to have the type specified by _t_y_p_e. If no type is - specified, the default type is derived from the specified - role. + --tt _t_y_p_e, ----ttyyppee=_t_y_p_e + Run the command with an SELinux security context that + includes the specified _t_y_p_e. If no _t_y_p_e is specified, the + default type is derived from the role. - --UU _u_s_e_r The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the --ll - option to specify the user whose privileges should be listed. - The security policy may restrict listing other users' - privileges. The _s_u_d_o_e_r_s policy only allows root or a user - with the ALL privilege on the current host to use this - option. + --UU _u_s_e_r, ----ootthheerr--uusseerr=_u_s_e_r + Used in conjunction with the --ll option to list the privileges + for _u_s_e_r instead of for the invoking user. The security + policy may restrict listing other users' privileges. The + _s_u_d_o_e_r_s policy only allows root or a user with the ALL + privilege on the current host to use this option. - --uu _u_s_e_r The --uu (_u_s_e_r) option causes ssuuddoo to run the specified command - as a user other than _r_o_o_t. To specify a _u_i_d instead of a - _u_s_e_r _n_a_m_e, _#_u_i_d. When running commands as a _u_i_d, many shells - require that the `#' be escaped with a backslash (`\'). - Security policies may restrict _u_i_ds to those listed in the - password database. The _s_u_d_o_e_r_s policy allows _u_i_ds that are + --uu _u_s_e_r, ----uusseerr=_u_s_e_r + Run the command as a user other than the default target user + (usually _r_o_o_t _)_. The _u_s_e_r may be either a user name or a + numeric user ID (UID) prefixed with the `#' character (e.g. + #0 for UID 0). When running commands as a UID, many shells + require that the `#' be escaped with a backslash (`\'). Some + security policies may restrict UIDs to those listed in the + password database. The _s_u_d_o_e_r_s policy allows UIDs that are not in the password database as long as the _t_a_r_g_e_t_p_w option is not set. Other security policies may not support this. - --VV The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print its version - string and the version string of the security policy plugin - and any I/O plugins. If the invoking user is already root - the --VV option will display the arguments passed to configure - when ssuuddoo was built and plugins may display more verbose - information such as default options. + --VV, ----vveerrssiioonn + Print the ssuuddoo version string as well as the version string + of the security policy plugin and any I/O plugins. If the + invoking user is already root the --VV option will display the + arguments passed to configure when ssuuddoo was built and plugins + may display more verbose information such as default options. - --vv When given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the - user's cached credentials, authenticating the user's password + --vv, ----vvaalliiddaattee + Update the user's cached credentials, authenticating the user if necessary. For the _s_u_d_o_e_r_s plugin, this extends the ssuuddoo - timeout for another 5 minutes (or whatever the timeout is set - to by the security policy) but does not run a command. Not - all security policies support cached credentials. + timeout for another 5 minutes by default, but does not run a + command. Not all security policies support cached + credentials. ---- The ---- option indicates that ssuuddoo should stop processing command line arguments. @@ -291,18 +303,20 @@ DDEESSCCRRIIPPTTIIOONN Environment variables to be set for the command may also be passed on the command line in the form of VVAARR=_v_a_l_u_e, e.g. LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b. Variables passed on the command line - are subject to the same restrictions as normal environment variables with - one important exception. If the _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s, the - command to be run has the SETENV tag set or the command matched is ALL, - the user may set variables that would otherwise be forbidden. See - sudoers(4) for more information. + are subject to restrictions imposed by the security policy plugin. The + _s_u_d_o_e_r_s policy subjects variables passed on the command line to the same + restrictions as normal environment variables with one important + exception. If the _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s, the command to be run + has the SETENV tag set or the command matched is ALL, the user may set + variables that would otherwise be forbidden. See sudoers(4) for more + information. CCOOMMMMAANNDD EEXXEECCUUTTIIOONN When ssuuddoo executes a command, the security policy specifies the execution - environment for the command. Typically, the real and effective uid and - gid are set to match those of the target user, as specified in the - password database, and the group vector is initialized based on the group - database (unless the --PP option was specified). + environment for the command. Typically, the real and effective user and + group and IDs are set to match those of the target user, as specified in + the password database, and the group vector is initialized based on the + group database (unless the --PP option was specified). The following parameters may be specified by security policy: @@ -342,16 +356,20 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN be in what POSIX terms an ``orphaned process group'' and it would not receive any job control signals. As a special case, if the policy plugin does not define a close function and no pty is required, ssuuddoo will - execute the command directly instead of calling fork(2) first. + execute the command directly instead of calling fork(2) first. The + _s_u_d_o_e_r_s policy plugin will only define a close function when I/O logging + is enabled, a pty is required, or the _p_a_m___s_e_s_s_i_o_n or _p_a_m___s_e_t_c_r_e_d options + are enabled. Note that _p_a_m___s_e_s_s_i_o_n and _p_a_m___s_e_t_c_r_e_d are enabled by + default on systems using PAM. SSiiggnnaall hhaannddlliinngg - Because the command is run as a child of the ssuuddoo process, ssuuddoo will - relay signals it receives to the command. Unless the command is being - run in a new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed - unless they are sent by a user process, not the kernel. Otherwise, the - command would receive SIGINT twice every time the user entered control-C. - Some signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will - not be relayed to the command. As a general rule, SIGTSTP should be used + When the command is run as a child of the ssuuddoo process, ssuuddoo will relay + signals it receives to the command. Unless the command is being run in a + new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed unless + they are sent by a user process, not the kernel. Otherwise, the command + would receive SIGINT twice every time the user entered control-C. Some + signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will not + be relayed to the command. As a general rule, SIGTSTP should be used instead of SIGSTOP when you wish to suspend a command being run by ssuuddoo. As a special case, ssuuddoo will not relay signals that were sent by the @@ -561,4 +579,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. -Sudo 1.8.7 March 13, 2013 Sudo 1.8.7 +Sudo 1.8.8 August 14, 2013 Sudo 1.8.8