Annotation of embedaddon/sudo/doc/sudo.cat, revision 1.1.1.1
1.1 misho 1: SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
2:
3:
4:
5: NNAAMMEE
6: sudo, sudoedit - execute a command as another user
7:
8: SSYYNNOOPPSSIISS
9: ssuuddoo [--DD _l_e_v_e_l] --hh | --KK | --kk | --VV
10:
11: ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d]
12: [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d]
13:
14: ssuuddoo --ll[[ll]] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d]
15: [--pp _p_r_o_m_p_t] [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d]
16:
17: ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--DD _l_e_v_e_l] [--cc _c_l_a_s_s|_-]
18: [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e]
19: [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] [--ii | --ss] [_c_o_m_m_a_n_d]
20:
21: ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--DD _l_e_v_e_l]
22: [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] file ...
23:
24: DDEESSCCRRIIPPTTIIOONN
25: ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or
26: another user, as specified by the security policy. The real and
27: effective uid and gid are set to match those of the target user, as
28: specified in the password database, and the group vector is initialized
29: based on the group database (unless the --PP option was specified).
30:
31: ssuuddoo supports a plugin architecture for security policies and
32: input/output logging. Third parties can develop and distribute their
33: own policy and I/O logging modules to work seemlessly with the ssuuddoo
34: front end. The default security policy is _s_u_d_o_e_r_s, which is configured
35: via the file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP. See the PLUGINS section for
36: more information.
37:
38: The security policy determines what privileges, if any, a user has to
39: run ssuuddoo. The policy may require that users authenticate themselves
40: with a password or another authentication mechanism. If authentication
41: is required, ssuuddoo will exit if the user's password is not entered
42: within a configurable time limit. This limit is policy-specific; the
43: default password prompt timeout for the _s_u_d_o_e_r_s security policy is 5
44: minutes.
45:
46: Security policies may support credential caching to allow the user to
47: run ssuuddoo again for a period of time without requiring authentication.
48: The _s_u_d_o_e_r_s policy caches credentials for 5 minutes, unless overridden
49: in _s_u_d_o_e_r_s(4). By running ssuuddoo with the --vv option, a user can update
50: the cached credentials without running a _c_o_m_m_a_n_d.
51:
52: When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied.
53:
54: Security policies may log successful and failed attempts to use ssuuddoo.
55: If an I/O plugin is configured, the running command's input and output
56: may be logged as well.
57:
58: OOPPTTIIOONNSS
59: ssuuddoo accepts the following command line options:
60:
61: -A Normally, if ssuuddoo requires a password, it will read it from
62: the user's terminal. If the --AA (_a_s_k_p_a_s_s) option is
63: specified, a (possibly graphical) helper program is
64: executed to read the user's password and output the
65: password to the standard output. If the SUDO_ASKPASS
66: environment variable is set, it specifies the path to the
67: helper program. Otherwise, if _/_e_t_c_/_s_u_d_o_._c_o_n_f contains a
68: line specifying the askpass program, that value will be
69: used. For example:
70:
71: # Path to askpass helper program
72: Path askpass /usr/X11R6/bin/ssh-askpass
73:
74: If no askpass program is available, sudo will exit with an
75: error.
76:
77: -a _t_y_p_e The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the
78: specified authentication type when validating the user, as
79: allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system administrator may
80: specify a list of sudo-specific authentication methods by
81: adding an "auth-sudo" entry in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. This
82: option is only available on systems that support BSD
83: authentication.
84:
85: -b The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given
86: command in the background. Note that if you use the --bb
87: option you cannot use shell job control to manipulate the
88: process. Most interactive commands will fail to work
89: properly in background mode.
90:
91: -C _f_d Normally, ssuuddoo will close all open file descriptors other
92: than standard input, standard output and standard error.
93: The --CC (_c_l_o_s_e _f_r_o_m) option allows the user to specify a
94: starting point above the standard error (file descriptor
95: three). Values less than three are not permitted. The
96: security policy may restrict the user's ability to use the
97: --CC option. The _s_u_d_o_e_r_s policy only permits use of the --CC
98: option when the administrator has enabled the
99: _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option.
100:
101: -c _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified
102: command with resources limited by the specified login
103: class. The _c_l_a_s_s argument can be either a class name as
104: defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single '-' character.
105: Specifying a _c_l_a_s_s of - indicates that the command should
106: be run restricted by the default login capabilities for the
107: user the command is run as. If the _c_l_a_s_s argument
108: specifies an existing user class, the command must be run
109: as root, or the ssuuddoo command must be run from a shell that
110: is already root. This option is only available on systems
111: with BSD login classes.
112:
113: -D _l_e_v_e_l Enable debugging of ssuuddoo plugins and ssuuddoo itself. The
114: _l_e_v_e_l may be a value from 1 through 9.
115:
116: -E The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option indicates to the
117: security policy that the user wishes to preserve their
118: existing environment variables. The security policy may
119: return an error if the --EE option is specified and the user
120: does not have permission to preserve the environment.
121:
122: -e The --ee (_e_d_i_t) option indicates that, instead of running a
123: command, the user wishes to edit one or more files. In
124: lieu of a command, the string "sudoedit" is used when
125: consulting the security policy. If the user is authorized
126: by the policy, the following steps are taken:
127:
128: 1. Temporary copies are made of the files to be edited
129: with the owner set to the invoking user.
130:
131: 2. The editor specified by the policy is run to edit the
132: temporary files. The _s_u_d_o_e_r_s policy uses the
133: SUDO_EDITOR, VISUAL and EDITOR environment variables
134: (in that order). If none of SUDO_EDITOR, VISUAL or
135: EDITOR are set, the first program listed in the _e_d_i_t_o_r
136: _s_u_d_o_e_r_s(4) option is used.
137:
138: 3. If they have been modified, the temporary files are
139: copied back to their original location and the
140: temporary versions are removed.
141:
142: If the specified file does not exist, it will be created.
143: Note that unlike most commands run by ssuuddoo, the editor is
144: run with the invoking user's environment unmodified. If,
145: for some reason, ssuuddoo is unable to update a file with its
146: edited version, the user will receive a warning and the
147: edited copy will remain in a temporary file.
148:
149: -g _g_r_o_u_p Normally, ssuuddoo runs a command with the primary group set to
150: the one specified by the password database for the user the
151: command is being run as (by default, root). The --gg (_g_r_o_u_p)
152: option causes ssuuddoo to run the command with the primary
153: group set to _g_r_o_u_p instead. To specify a _g_i_d instead of a
154: _g_r_o_u_p _n_a_m_e, use _#_g_i_d. When running commands as a _g_i_d, many
155: shells require that the '#' be escaped with a backslash
156: ('\'). If no --uu option is specified, the command will be
157: run as the invoking user (not root). In either case, the
158: primary group will be set to _g_r_o_u_p.
159:
160: -H The --HH (_H_O_M_E) option requests that the security policy set
161: the HOME environment variable to the home directory of the
162: target user (root by default) as specified by the password
163: database. Depending on the policy, this may be the default
164: behavior.
165:
166: -h The --hh (_h_e_l_p) option causes ssuuddoo to print a short help
167: message to the standard output and exit.
168:
169: -i [command]
170: The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell
171: specified by the password database entry of the target user
172: as a login shell. This means that login-specific resource
173: files such as .profile or .login will be read by the shell.
174: If a command is specified, it is passed to the shell for
175: execution via the shell's --cc option. If no command is
176: specified, an interactive shell is executed. ssuuddoo attempts
177: to change to that user's home directory before running the
178: shell. The security policy shall initialize the
179: environment to a minimal set of variables, similar to what
180: is present when a user logs in. The _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t
181: section in the _s_u_d_o_e_r_s(4) manual documents how the --ii
182: option affects the environment in which a command is run
183: when the _s_u_d_o_e_r_s policy is in use.
184:
185: -K The --KK (sure _k_i_l_l) option is like --kk except that it removes
186: the user's cached credentials entirely and may not be used
187: in conjunction with a command or other option. This option
188: does not require a password. Not all security policies
189: support credential caching.
190:
191: -k [command]
192: When used alone, the --kk (_k_i_l_l) option to ssuuddoo invalidates
193: the user's cached credentials. The next time ssuuddoo is run a
194: password will be required. This option does not require a
195: password and was added to allow a user to revoke ssuuddoo
196: permissions from a .logout file. Not all security policies
197: support credential caching.
198:
199: When used in conjunction with a command or an option that
200: may require a password, the --kk option will cause ssuuddoo to
201: ignore the user's cached credentials. As a result, ssuuddoo
202: will prompt for a password (if one is required by the
203: security policy) and will not update the user's cached
204: credentials.
205:
206: -l[l] [_c_o_m_m_a_n_d]
207: If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list
208: the allowed (and forbidden) commands for the invoking user
209: (or the user specified by the --UU option) on the current
210: host. If a _c_o_m_m_a_n_d is specified and is permitted by the
211: security policy, the fully-qualified path to the command is
212: displayed along with any command line arguments. If
213: _c_o_m_m_a_n_d is specified but not allowed, ssuuddoo will exit with a
214: status value of 1. If the --ll option is specified with an ll
215: argument (i.e. --llll), or if --ll is specified multiple times,
216: a longer list format is used.
217:
218: -n The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from
219: prompting the user for a password. If a password is
220: required for the command to run, ssuuddoo will display an error
221: messages and exit.
222:
223: -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to
224: preserve the invoking user's group vector unaltered. By
225: default, the _s_u_d_o_e_r_s policy will initialize the group
226: vector to the list of groups the target user is in. The
227: real and effective group IDs, however, are still set to
228: match the target user.
229:
230: -p _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default
231: password prompt and use a custom one. The following
232: percent (`%') escapes are supported by the _s_u_d_o_e_r_s policy:
233:
234: %H expanded to the host name including the domain name (on
235: if the machine's host name is fully qualified or the
236: _f_q_d_n option is set in _s_u_d_o_e_r_s(4))
237:
238: %h expanded to the local host name without the domain name
239:
240: %p expanded to the name of the user whose password is
241: being requested (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and
242: _r_u_n_a_s_p_w flags in _s_u_d_o_e_r_s(4))
243:
244: %U expanded to the login name of the user the command will
245: be run as (defaults to root unless the -u option is
246: also specified)
247:
248: %u expanded to the invoking user's login name
249:
250: %% two consecutive % characters are collapsed into a
251: single % character
252:
253: The prompt specified by the --pp option will override the
254: system password prompt on systems that support PAM unless
255: the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s.
256:
257: -r _r_o_l_e The --rr (_r_o_l_e) option causes the new (SELinux) security
258: context to have the role specified by _r_o_l_e.
259:
260: -S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from
261: the standard input instead of the terminal device. The
262: password must be followed by a newline character.
263:
264: -s [command]
265: The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L
266: environment variable if it is set or the shell as specified
267: in the password database. If a command is specified, it is
268: passed to the shell for execution via the shell's --cc
269: option. If no command is specified, an interactive shell
270: is executed.
271:
272: -t _t_y_p_e The --tt (_t_y_p_e) option causes the new (SELinux) security
273: context to have the type specified by _t_y_p_e. If no type is
274: specified, the default type is derived from the specified
275: role.
276:
277: -U _u_s_e_r The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the
278: --ll option to specify the user whose privileges should be
279: listed. The security policy may restrict listing other
280: users' privileges. The _s_u_d_o_e_r_s policy only allows root or
281: a user with the ALL privilege on the current host to use
282: this option.
283:
284: -u _u_s_e_r The --uu (_u_s_e_r) option causes ssuuddoo to run the specified
285: command as a user other than _r_o_o_t. To specify a _u_i_d
286: instead of a _u_s_e_r _n_a_m_e, use _#_u_i_d. When running commands as
287: a _u_i_d, many shells require that the '#' be escaped with a
288: backslash ('\'). Security policies may restrict _u_i_ds to
289: those listed in the password database. The _s_u_d_o_e_r_s policy
290: allows _u_i_ds that are not in the password database as long
291: as the _t_a_r_g_e_t_p_w option is not set. Other security policies
292: may not support this.
293:
294: -V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print its version
295: string and the version string of the security policy plugin
296: and any I/O plugins. If the invoking user is already root
297: the --VV option will display the arguments passed to
298: configure when _s_u_d_o was built and plugins may display more
299: verbose information such as default options.
300:
301: -v When given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the
302: user's cached credentials, authenticating the user's
303: password if necessary. For the _s_u_d_o_e_r_s plugin, this
304: extends the ssuuddoo timeout for another 5 minutes (or whatever
305: the timeout is set to in _s_u_d_o_e_r_s) but does not run a
306: command. Not all security policies support cached
307: credentials.
308:
309: -- The ---- option indicates that ssuuddoo should stop processing
310: command line arguments.
311:
312: Environment variables to be set for the command may also be passed on
313: the command line in the form of VVAARR=_v_a_l_u_e, e.g.
314: LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b. Variables passed on the command
315: line are subject to the same restrictions as normal environment
316: variables with one important exception. If the _s_e_t_e_n_v option is set in
317: _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command
318: matched is ALL, the user may set variables that would overwise be
319: forbidden. See _s_u_d_o_e_r_s(4) for more information.
320:
321: PPLLUUGGIINNSS
322: Plugins are dynamically loaded based on the contents of the
323: _/_e_t_c_/_s_u_d_o_._c_o_n_f file. If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, or it
324: contains no Plugin lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s
325: security policy and I/O logging, which corresponds to the following
326: _/_e_t_c_/_s_u_d_o_._c_o_n_f file.
327:
328: #
329: # Default /etc/sudo.conf file
330: #
331: # Format:
332: # Plugin plugin_name plugin_path
333: # Path askpass /path/to/askpass
334: # Path noexec /path/to/noexec.so
335: #
336: # The plugin_path is relative to /usr/local/libexec unless
337: # fully qualified.
338: # The plugin_name corresponds to a global symbol in the plugin
339: # that contains the plugin interface structure.
340: #
341: Plugin policy_plugin sudoers.so
342: Plugin io_plugin sudoers.so
343:
344: A Plugin line consists of the Plugin keyword, followed by the
345: _s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin.
346: The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct
347: io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified
348: or relative. If not fully qualified it is relative to the
349: _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any additional parameters after the _p_a_t_h
350: are ignored. Lines that don't begin with Plugin or Path are silently
351: ignored
352:
353: For more information, see the _s_u_d_o___p_l_u_g_i_n(1m) manual.
354:
355: PPAATTHHSS
356: A Path line consists of the Path keyword, followed by the name of the
357: path to set and its value. E.g.
358:
359: Path noexec /usr/local/libexec/sudo_noexec.so
360: Path askpass /usr/X11R6/bin/ssh-askpass
361:
362: The following plugin-agnostic paths may be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
363: file.
364:
365: askpass The fully qualified path to a helper program used to
366: read the user's password when no terminal is available.
367: This may be the case when ssuuddoo is executed from a
368: graphical (as opposed to text-based) application. The
369: program specified by _a_s_k_p_a_s_s should display the
370: argument passed to it as the prompt and write the
371: user's password to the standard output. The value of
372: _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS
373: environment variable.
374:
375: noexec The fully-qualified path to a shared library containing
376: dummy versions of the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and _f_e_x_e_c_v_e_(_)
377: library functions that just return an error. This is
378: used to implement the _n_o_e_x_e_c functionality on systems
379: that support LD_PRELOAD or its equivalent. Defaults to
380: _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o.
381:
382: RREETTUURRNN VVAALLUUEESS
383: Upon successful execution of a program, the exit status from ssuuddoo will
384: simply be the exit status of the program that was executed.
385:
386: Otherwise, ssuuddoo exits with a value of 1 if there is a
387: configuration/permission problem or if ssuuddoo cannot execute the given
388: command. In the latter case the error string is printed to the
389: standard error. If ssuuddoo cannot _s_t_a_t(2) one or more entries in the
390: user's PATH, an error is printed on stderr. (If the directory does not
391: exist or if it is not really a directory, the entry is ignored and no
392: error is printed.) This should not happen under normal circumstances.
393: The most common reason for _s_t_a_t(2) to return "permission denied" is if
394: you are running an automounter and one of the directories in your PATH
395: is on a machine that is currently unreachable.
396:
397: SSEECCUURRIITTYY NNOOTTEESS
398: ssuuddoo tries to be safe when executing external commands.
399:
400: To prevent command spoofing, ssuuddoo checks "." and "" (both denoting
401: current directory) last when searching for a command in the user's PATH
402: (if one or both are in the PATH). Note, however, that the actual PATH
403: environment variable is _n_o_t modified and is passed unchanged to the
404: program that ssuuddoo executes.
405:
406: Please note that ssuuddoo will normally only log the command it explicitly
407: runs. If a user runs a command such as sudo su or sudo sh, subsequent
408: commands run from that shell are not subject to ssuuddoo's security policy.
409: The same is true for commands that offer shell escapes (including most
410: editors). If I/O logging is enabled, subsequent commands will have
411: their input and/or output logged, but there will not be traditional
412: logs for those commands. Because of this, care must be taken when
413: giving users access to commands via ssuuddoo to verify that the command
414: does not inadvertently give the user an effective root shell. For more
415: information, please see the PREVENTING SHELL ESCAPES section in
416: _s_u_d_o_e_r_s(4).
417:
418: EENNVVIIRROONNMMEENNTT
419: ssuuddoo utilizes the following environment variables. The security policy
420: has control over the content of the command's environment.
421:
422: EDITOR Default editor to use in --ee (sudoedit) mode if neither
423: SUDO_EDITOR nor VISUAL is set
424:
425: MAIL In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set
426: to the mail spool of the target user
427:
428: HOME Set to the home directory of the target user if --ii or
429: --HH are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set
430: in _s_u_d_o_e_r_s, or when the --ss option is specified and
431: _s_e_t___h_o_m_e is set in _s_u_d_o_e_r_s
432:
433: PATH May be overridden by the security policy.
434:
435: SHELL Used to determine shell to run with -s option
436:
437: SUDO_ASKPASS Specifies the path to a helper program used to read the
438: password if no terminal is available or if the -A
439: option is specified.
440:
441: SUDO_COMMAND Set to the command run by sudo
442:
443: SUDO_EDITOR Default editor to use in --ee (sudoedit) mode
444:
445: SUDO_GID Set to the group ID of the user who invoked sudo
446:
447: SUDO_PROMPT Used as the default password prompt
448:
449: SUDO_PS1 If set, PS1 will be set to its value for the program
450: being run
451:
452: SUDO_UID Set to the user ID of the user who invoked sudo
453:
454: SUDO_USER Set to the login of the user who invoked sudo
455:
456: USER Set to the target user (root unless the --uu option is
457: specified)
458:
459: VISUAL Default editor to use in --ee (sudoedit) mode if
460: SUDO_EDITOR is not set
461:
462: FFIILLEESS
463: _/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo plugin and path configuration
464:
465: EEXXAAMMPPLLEESS
466: Note: the following examples assume a properly configured security
467: policy.
468:
469: To get a file listing of an unreadable directory:
470:
471: $ sudo ls /usr/local/protected
472:
473: To list the home directory of user yaz on a machine where the file
474: system holding ~yaz is not exported as root:
475:
476: $ sudo -u yaz ls ~yaz
477:
478: To edit the _i_n_d_e_x_._h_t_m_l file as user www:
479:
480: $ sudo -u www vi ~www/htdocs/index.html
481:
482: To view system logs only accessible to root and users in the adm group:
483:
484: $ sudo -g adm view /var/log/syslog
485:
486: To run an editor as jim with a different primary group:
487:
488: $ sudo -u jim -g audio vi ~jim/sound.txt
489:
490: To shutdown a machine:
491:
492: $ sudo shutdown -r +15 "quick reboot"
493:
494: To make a usage listing of the directories in the /home partition.
495: Note that this runs the commands in a sub-shell to make the cd and file
496: redirection work.
497:
498: $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
499:
500: SSEEEE AALLSSOO
501: _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(4),
502: _s_u_d_o___p_l_u_g_i_n(1m), _s_u_d_o_r_e_p_l_a_y(1m), _v_i_s_u_d_o(1m)
503:
504: AAUUTTHHOORRSS
505: Many people have worked on ssuuddoo over the years; this version consists
506: of code written primarily by:
507:
508: Todd C. Miller
509:
510: See the HISTORY file in the ssuuddoo distribution or visit
511: http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo.
512:
513: CCAAVVEEAATTSS
514: There is no easy way to prevent a user from gaining a root shell if
515: that user is allowed to run arbitrary commands via ssuuddoo. Also, many
516: programs (such as editors) allow the user to run commands via shell
517: escapes, thus avoiding ssuuddoo's checks. However, on most systems it is
518: possible to prevent shell escapes with the _s_u_d_o_e_r_s(4) module's _n_o_e_x_e_c
519: functionality.
520:
521: It is not meaningful to run the cd command directly via sudo, e.g.,
522:
523: $ sudo cd /usr/local/protected
524:
525: since when the command exits the parent process (your shell) will still
526: be the same. Please see the EXAMPLES section for more information.
527:
528: Running shell scripts via ssuuddoo can expose the same kernel bugs that
529: make setuid shell scripts unsafe on some operating systems (if your OS
530: has a /dev/fd/ directory, setuid shell scripts are generally safe).
531:
532: BBUUGGSS
533: If you feel you have found a bug in ssuuddoo, please submit a bug report at
534: http://www.sudo.ws/sudo/bugs/
535:
536: SSUUPPPPOORRTT
537: Limited free support is available via the sudo-users mailing list, see
538: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
539: the archives.
540:
541: DDIISSCCLLAAIIMMEERR
542: ssuuddoo is provided ``AS IS'' and any express or implied warranties,
543: including, but not limited to, the implied warranties of
544: merchantability and fitness for a particular purpose are disclaimed.
545: See the LICENSE file distributed with ssuuddoo or
546: http://www.sudo.ws/sudo/license.html for complete details.
547:
548:
549:
550: 1.8.3 September 16, 2011 SUDO(1m)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>