Annotation of embedaddon/sudo/doc/sudo.cat, revision 1.1.1.2

1.1       misho       1: SUDO(1m)                     MAINTENANCE COMMANDS                     SUDO(1m)
                      2: 
                      3: 
                      4: 
                      5: NNAAMMEE
                      6:        sudo, sudoedit - execute a command as another user
                      7: 
                      8: SSYYNNOOPPSSIISS
1.1.1.2 ! misho       9:        ssuuddoo --hh | --KK | --kk | --VV
1.1       misho      10: 
1.1.1.2 ! misho      11:        ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t]
        !            12:        [--uu _u_s_e_r _n_a_m_e|_#_u_i_d]
1.1       misho      13: 
1.1.1.2 ! misho      14:        ssuuddoo --ll[[ll]] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t]
        !            15:        [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d]
1.1       misho      16: 
1.1.1.2 ! misho      17:        ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-]
1.1       misho      18:        [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e]
                     19:        [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] [--ii | --ss] [_c_o_m_m_a_n_d]
                     20: 
1.1.1.2 ! misho      21:        ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-]
1.1       misho      22:        [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] file ...
                     23: 
                     24: DDEESSCCRRIIPPTTIIOONN
                     25:        ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or
                     26:        another user, as specified by the security policy.  The real and
                     27:        effective uid and gid are set to match those of the target user, as
                     28:        specified in the password database, and the group vector is initialized
                     29:        based on the group database (unless the --PP option was specified).
                     30: 
                     31:        ssuuddoo supports a plugin architecture for security policies and
                     32:        input/output logging.  Third parties can develop and distribute their
1.1.1.2 ! misho      33:        own policy and I/O logging modules to work seamlessly with the ssuuddoo
1.1       misho      34:        front end.  The default security policy is _s_u_d_o_e_r_s, which is configured
                     35:        via the file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP.  See the PLUGINS section for
                     36:        more information.
                     37: 
                     38:        The security policy determines what privileges, if any, a user has to
                     39:        run ssuuddoo.  The policy may require that users authenticate themselves
                     40:        with a password or another authentication mechanism.  If authentication
                     41:        is required, ssuuddoo will exit if the user's password is not entered
                     42:        within a configurable time limit.  This limit is policy-specific; the
                     43:        default password prompt timeout for the _s_u_d_o_e_r_s security policy is 5
                     44:        minutes.
                     45: 
                     46:        Security policies may support credential caching to allow the user to
                     47:        run ssuuddoo again for a period of time without requiring authentication.
                     48:        The _s_u_d_o_e_r_s policy caches credentials for 5 minutes, unless overridden
                     49:        in _s_u_d_o_e_r_s(4).  By running ssuuddoo with the --vv option, a user can update
                     50:        the cached credentials without running a _c_o_m_m_a_n_d.
                     51: 
                     52:        When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied.
                     53: 
                     54:        Security policies may log successful and failed attempts to use ssuuddoo.
                     55:        If an I/O plugin is configured, the running command's input and output
                     56:        may be logged as well.
                     57: 
                     58: OOPPTTIIOONNSS
                     59:        ssuuddoo accepts the following command line options:
                     60: 
                     61:        -A          Normally, if ssuuddoo requires a password, it will read it from
                     62:                    the user's terminal.  If the --AA (_a_s_k_p_a_s_s) option is
                     63:                    specified, a (possibly graphical) helper program is
                     64:                    executed to read the user's password and output the
                     65:                    password to the standard output.  If the SUDO_ASKPASS
                     66:                    environment variable is set, it specifies the path to the
                     67:                    helper program.  Otherwise, if _/_e_t_c_/_s_u_d_o_._c_o_n_f contains a
                     68:                    line specifying the askpass program, that value will be
                     69:                    used.  For example:
                     70: 
                     71:                        # Path to askpass helper program
                     72:                        Path askpass /usr/X11R6/bin/ssh-askpass
                     73: 
                     74:                    If no askpass program is available, sudo will exit with an
                     75:                    error.
                     76: 
                     77:        -a _t_y_p_e     The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the
                     78:                    specified authentication type when validating the user, as
                     79:                    allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f.  The system administrator may
                     80:                    specify a list of sudo-specific authentication methods by
                     81:                    adding an "auth-sudo" entry in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f.  This
                     82:                    option is only available on systems that support BSD
                     83:                    authentication.
                     84: 
                     85:        -b          The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given
                     86:                    command in the background.  Note that if you use the --bb
                     87:                    option you cannot use shell job control to manipulate the
                     88:                    process.  Most interactive commands will fail to work
                     89:                    properly in background mode.
                     90: 
                     91:        -C _f_d       Normally, ssuuddoo will close all open file descriptors other
                     92:                    than standard input, standard output and standard error.
                     93:                    The --CC (_c_l_o_s_e _f_r_o_m) option allows the user to specify a
                     94:                    starting point above the standard error (file descriptor
                     95:                    three).  Values less than three are not permitted.  The
                     96:                    security policy may restrict the user's ability to use the
                     97:                    --CC option.  The _s_u_d_o_e_r_s policy only permits use of the --CC
                     98:                    option when the administrator has enabled the
                     99:                    _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option.
                    100: 
                    101:        -c _c_l_a_s_s    The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified
                    102:                    command with resources limited by the specified login
                    103:                    class.  The _c_l_a_s_s argument can be either a class name as
                    104:                    defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single '-' character.
                    105:                    Specifying a _c_l_a_s_s of - indicates that the command should
                    106:                    be run restricted by the default login capabilities for the
                    107:                    user the command is run as.  If the _c_l_a_s_s argument
                    108:                    specifies an existing user class, the command must be run
                    109:                    as root, or the ssuuddoo command must be run from a shell that
                    110:                    is already root.  This option is only available on systems
                    111:                    with BSD login classes.
                    112: 
                    113:        -E          The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option indicates to the
                    114:                    security policy that the user wishes to preserve their
                    115:                    existing environment variables.  The security policy may
                    116:                    return an error if the --EE option is specified and the user
                    117:                    does not have permission to preserve the environment.
                    118: 
                    119:        -e          The --ee (_e_d_i_t) option indicates that, instead of running a
                    120:                    command, the user wishes to edit one or more files.  In
                    121:                    lieu of a command, the string "sudoedit" is used when
                    122:                    consulting the security policy.  If the user is authorized
                    123:                    by the policy, the following steps are taken:
                    124: 
                    125:                    1.  Temporary copies are made of the files to be edited
                    126:                        with the owner set to the invoking user.
                    127: 
                    128:                    2.  The editor specified by the policy is run to edit the
                    129:                        temporary files.  The _s_u_d_o_e_r_s policy uses the
                    130:                        SUDO_EDITOR, VISUAL and EDITOR environment variables
                    131:                        (in that order).  If none of SUDO_EDITOR, VISUAL or
                    132:                        EDITOR are set, the first program listed in the _e_d_i_t_o_r
                    133:                        _s_u_d_o_e_r_s(4) option is used.
                    134: 
                    135:                    3.  If they have been modified, the temporary files are
                    136:                        copied back to their original location and the
                    137:                        temporary versions are removed.
                    138: 
                    139:                    If the specified file does not exist, it will be created.
                    140:                    Note that unlike most commands run by ssuuddoo, the editor is
                    141:                    run with the invoking user's environment unmodified.  If,
                    142:                    for some reason, ssuuddoo is unable to update a file with its
                    143:                    edited version, the user will receive a warning and the
                    144:                    edited copy will remain in a temporary file.
                    145: 
                    146:        -g _g_r_o_u_p    Normally, ssuuddoo runs a command with the primary group set to
                    147:                    the one specified by the password database for the user the
                    148:                    command is being run as (by default, root).  The --gg (_g_r_o_u_p)
                    149:                    option causes ssuuddoo to run the command with the primary
                    150:                    group set to _g_r_o_u_p instead.  To specify a _g_i_d instead of a
                    151:                    _g_r_o_u_p _n_a_m_e, use _#_g_i_d.  When running commands as a _g_i_d, many
                    152:                    shells require that the '#' be escaped with a backslash
                    153:                    ('\').  If no --uu option is specified, the command will be
                    154:                    run as the invoking user (not root).  In either case, the
                    155:                    primary group will be set to _g_r_o_u_p.
                    156: 
                    157:        -H          The --HH (_H_O_M_E) option requests that the security policy set
                    158:                    the HOME environment variable to the home directory of the
                    159:                    target user (root by default) as specified by the password
                    160:                    database.  Depending on the policy, this may be the default
                    161:                    behavior.
                    162: 
                    163:        -h          The --hh (_h_e_l_p) option causes ssuuddoo to print a short help
                    164:                    message to the standard output and exit.
                    165: 
                    166:        -i [command]
                    167:                    The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell
                    168:                    specified by the password database entry of the target user
                    169:                    as a login shell.  This means that login-specific resource
                    170:                    files such as .profile or .login will be read by the shell.
                    171:                    If a command is specified, it is passed to the shell for
                    172:                    execution via the shell's --cc option.  If no command is
                    173:                    specified, an interactive shell is executed.  ssuuddoo attempts
                    174:                    to change to that user's home directory before running the
                    175:                    shell.  The security policy shall initialize the
                    176:                    environment to a minimal set of variables, similar to what
                    177:                    is present when a user logs in.  The _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t
                    178:                    section in the _s_u_d_o_e_r_s(4) manual documents how the --ii
                    179:                    option affects the environment in which a command is run
                    180:                    when the _s_u_d_o_e_r_s policy is in use.
                    181: 
                    182:        -K          The --KK (sure _k_i_l_l) option is like --kk except that it removes
                    183:                    the user's cached credentials entirely and may not be used
                    184:                    in conjunction with a command or other option.  This option
                    185:                    does not require a password.  Not all security policies
                    186:                    support credential caching.
                    187: 
                    188:        -k [command]
                    189:                    When used alone, the --kk (_k_i_l_l) option to ssuuddoo invalidates
                    190:                    the user's cached credentials.  The next time ssuuddoo is run a
                    191:                    password will be required.  This option does not require a
                    192:                    password and was added to allow a user to revoke ssuuddoo
                    193:                    permissions from a .logout file.  Not all security policies
                    194:                    support credential caching.
                    195: 
                    196:                    When used in conjunction with a command or an option that
                    197:                    may require a password, the --kk option will cause ssuuddoo to
                    198:                    ignore the user's cached credentials.  As a result, ssuuddoo
                    199:                    will prompt for a password (if one is required by the
                    200:                    security policy) and will not update the user's cached
                    201:                    credentials.
                    202: 
                    203:        -l[l] [_c_o_m_m_a_n_d]
                    204:                    If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list
                    205:                    the allowed (and forbidden) commands for the invoking user
                    206:                    (or the user specified by the --UU option) on the current
                    207:                    host.  If a _c_o_m_m_a_n_d is specified and is permitted by the
                    208:                    security policy, the fully-qualified path to the command is
                    209:                    displayed along with any command line arguments.  If
                    210:                    _c_o_m_m_a_n_d is specified but not allowed, ssuuddoo will exit with a
                    211:                    status value of 1.  If the --ll option is specified with an ll
                    212:                    argument (i.e. --llll), or if --ll is specified multiple times,
                    213:                    a longer list format is used.
                    214: 
                    215:        -n          The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from
                    216:                    prompting the user for a password.  If a password is
                    217:                    required for the command to run, ssuuddoo will display an error
                    218:                    messages and exit.
                    219: 
                    220:        -P          The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to
                    221:                    preserve the invoking user's group vector unaltered.  By
                    222:                    default, the _s_u_d_o_e_r_s policy will initialize the group
                    223:                    vector to the list of groups the target user is in.  The
                    224:                    real and effective group IDs, however, are still set to
                    225:                    match the target user.
                    226: 
                    227:        -p _p_r_o_m_p_t   The --pp (_p_r_o_m_p_t) option allows you to override the default
                    228:                    password prompt and use a custom one.  The following
                    229:                    percent (`%') escapes are supported by the _s_u_d_o_e_r_s policy:
                    230: 
                    231:                    %H  expanded to the host name including the domain name (on
                    232:                        if the machine's host name is fully qualified or the
                    233:                        _f_q_d_n option is set in _s_u_d_o_e_r_s(4))
                    234: 
                    235:                    %h  expanded to the local host name without the domain name
                    236: 
                    237:                    %p  expanded to the name of the user whose password is
                    238:                        being requested (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and
                    239:                        _r_u_n_a_s_p_w flags in _s_u_d_o_e_r_s(4))
                    240: 
                    241:                    %U  expanded to the login name of the user the command will
                    242:                        be run as (defaults to root unless the -u option is
                    243:                        also specified)
                    244: 
                    245:                    %u  expanded to the invoking user's login name
                    246: 
                    247:                    %%  two consecutive % characters are collapsed into a
                    248:                        single % character
                    249: 
                    250:                    The prompt specified by the --pp option will override the
                    251:                    system password prompt on systems that support PAM unless
                    252:                    the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s.
                    253: 
                    254:        -r _r_o_l_e     The --rr (_r_o_l_e) option causes the new (SELinux) security
                    255:                    context to have the role specified by _r_o_l_e.
                    256: 
                    257:        -S          The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from
                    258:                    the standard input instead of the terminal device.  The
                    259:                    password must be followed by a newline character.
                    260: 
                    261:        -s [command]
                    262:                    The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L
                    263:                    environment variable if it is set or the shell as specified
                    264:                    in the password database.  If a command is specified, it is
                    265:                    passed to the shell for execution via the shell's --cc
                    266:                    option.  If no command is specified, an interactive shell
                    267:                    is executed.
                    268: 
                    269:        -t _t_y_p_e     The --tt (_t_y_p_e) option causes the new (SELinux) security
                    270:                    context to have the type specified by _t_y_p_e.  If no type is
                    271:                    specified, the default type is derived from the specified
                    272:                    role.
                    273: 
                    274:        -U _u_s_e_r     The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the
                    275:                    --ll option to specify the user whose privileges should be
                    276:                    listed.  The security policy may restrict listing other
                    277:                    users' privileges.  The _s_u_d_o_e_r_s policy only allows root or
                    278:                    a user with the ALL privilege on the current host to use
                    279:                    this option.
                    280: 
                    281:        -u _u_s_e_r     The --uu (_u_s_e_r) option causes ssuuddoo to run the specified
                    282:                    command as a user other than _r_o_o_t.  To specify a _u_i_d
                    283:                    instead of a _u_s_e_r _n_a_m_e, use _#_u_i_d.  When running commands as
                    284:                    a _u_i_d, many shells require that the '#' be escaped with a
                    285:                    backslash ('\').  Security policies may restrict _u_i_ds to
                    286:                    those listed in the password database.  The _s_u_d_o_e_r_s policy
                    287:                    allows _u_i_ds that are not in the password database as long
                    288:                    as the _t_a_r_g_e_t_p_w option is not set.  Other security policies
                    289:                    may not support this.
                    290: 
                    291:        -V          The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print its version
                    292:                    string and the version string of the security policy plugin
                    293:                    and any I/O plugins.  If the invoking user is already root
                    294:                    the --VV option will display the arguments passed to
                    295:                    configure when _s_u_d_o was built and plugins may display more
                    296:                    verbose information such as default options.
                    297: 
                    298:        -v          When given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the
                    299:                    user's cached credentials, authenticating the user's
                    300:                    password if necessary.  For the _s_u_d_o_e_r_s plugin, this
                    301:                    extends the ssuuddoo timeout for another 5 minutes (or whatever
                    302:                    the timeout is set to in _s_u_d_o_e_r_s) but does not run a
                    303:                    command.  Not all security policies support cached
                    304:                    credentials.
                    305: 
                    306:        --          The ---- option indicates that ssuuddoo should stop processing
                    307:                    command line arguments.
                    308: 
                    309:        Environment variables to be set for the command may also be passed on
                    310:        the command line in the form of VVAARR=_v_a_l_u_e, e.g.
                    311:        LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b.  Variables passed on the command
                    312:        line are subject to the same restrictions as normal environment
                    313:        variables with one important exception.  If the _s_e_t_e_n_v option is set in
                    314:        _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command
1.1.1.2 ! misho     315:        matched is ALL, the user may set variables that would otherwise be
1.1       misho     316:        forbidden.  See _s_u_d_o_e_r_s(4) for more information.
                    317: 
                    318: PPLLUUGGIINNSS
                    319:        Plugins are dynamically loaded based on the contents of the
                    320:        _/_e_t_c_/_s_u_d_o_._c_o_n_f file.  If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, or it
                    321:        contains no Plugin lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s
                    322:        security policy and I/O logging, which corresponds to the following
                    323:        _/_e_t_c_/_s_u_d_o_._c_o_n_f file.
                    324: 
                    325:         #
                    326:         # Default /etc/sudo.conf file
                    327:         #
                    328:         # Format:
1.1.1.2 ! misho     329:         #   Plugin plugin_name plugin_path plugin_options ...
1.1       misho     330:         #   Path askpass /path/to/askpass
1.1.1.2 ! misho     331:         #   Path noexec /path/to/sudo_noexec.so
        !           332:         #   Debug sudo /var/log/sudo_debug all@warn
        !           333:         #   Set disable_coredump true
1.1       misho     334:         #
                    335:         # The plugin_path is relative to /usr/local/libexec unless
                    336:         #   fully qualified.
                    337:         # The plugin_name corresponds to a global symbol in the plugin
                    338:         #   that contains the plugin interface structure.
1.1.1.2 ! misho     339:         # The plugin_options are optional.
1.1       misho     340:         #
                    341:         Plugin policy_plugin sudoers.so
                    342:         Plugin io_plugin sudoers.so
                    343: 
                    344:        A Plugin line consists of the Plugin keyword, followed by the
                    345:        _s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin.
                    346:        The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct
                    347:        io_plugin in the plugin shared object.  The _p_a_t_h may be fully qualified
                    348:        or relative.  If not fully qualified it is relative to the
                    349:        _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory.  Any additional parameters after the _p_a_t_h
1.1.1.2 ! misho     350:        are passed as arguments to the plugin's _o_p_e_n function.  Lines that
        !           351:        don't begin with Plugin, Path, Debug or Set are silently ignored.
1.1       misho     352: 
                    353:        For more information, see the _s_u_d_o___p_l_u_g_i_n(1m) manual.
                    354: 
                    355: PPAATTHHSS
                    356:        A Path line consists of the Path keyword, followed by the name of the
                    357:        path to set and its value.  E.g.
                    358: 
                    359:         Path noexec /usr/local/libexec/sudo_noexec.so
                    360:         Path askpass /usr/X11R6/bin/ssh-askpass
                    361: 
                    362:        The following plugin-agnostic paths may be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
                    363:        file.
                    364: 
                    365:        askpass         The fully qualified path to a helper program used to
                    366:                        read the user's password when no terminal is available.
                    367:                        This may be the case when ssuuddoo is executed from a
                    368:                        graphical (as opposed to text-based) application.  The
                    369:                        program specified by _a_s_k_p_a_s_s should display the
                    370:                        argument passed to it as the prompt and write the
                    371:                        user's password to the standard output.  The value of
                    372:                        _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS
                    373:                        environment variable.
                    374: 
                    375:        noexec          The fully-qualified path to a shared library containing
                    376:                        dummy versions of the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and _f_e_x_e_c_v_e_(_)
                    377:                        library functions that just return an error.  This is
                    378:                        used to implement the _n_o_e_x_e_c functionality on systems
                    379:                        that support LD_PRELOAD or its equivalent.  Defaults to
                    380:                        _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o.
                    381: 
1.1.1.2 ! misho     382: DDEEBBUUGG FFLLAAGGSS
        !           383:        ssuuddoo versions 1.8.4 and higher support a flexible debugging framework
        !           384:        that can help track down what ssuuddoo is doing internally if there is a
        !           385:        problem.
        !           386: 
        !           387:        A Debug line consists of the Debug keyword, followed by the name of the
        !           388:        program to debug (ssuuddoo, vviissuuddoo, ssuuddoorreeppllaayy), the debug file name and a
        !           389:        comma-separated list of debug flags.  The debug flag syntax used by
        !           390:        ssuuddoo and the _s_u_d_o_e_r_s plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but the plugin is
        !           391:        free to use a different format so long as it does not include a command
        !           392:        ,.
        !           393: 
        !           394:        For instance:
        !           395: 
        !           396:         Debug sudo /var/log/sudo_debug all@warn,plugin@info
        !           397: 
        !           398:        would log all debugging statements at the _w_a_r_n level and higher in
        !           399:        addition to those at the _i_n_f_o level for the plugin subsystem.
        !           400: 
        !           401:        Currently, only one Debug entry per program is supported.  The sudo
        !           402:        Debug entry is shared by the ssuuddoo front end, ssuuddooeeddiitt and the plugins.
        !           403:        A future release may add support for per-plugin Debug lines and/or
        !           404:        support for multiple debugging files for a single program.
        !           405: 
        !           406:        The priorities used by the ssuuddoo front end, in order of decreasing
        !           407:        severity, are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g.
        !           408:        Each priority, when specified, also includes all priorities higher than
        !           409:        it.  For example, a priority of _n_o_t_i_c_e would include debug messages
        !           410:        logged at _n_o_t_i_c_e and higher.
        !           411: 
        !           412:        The following subsystems are used by ssuuddoo:
        !           413: 
        !           414:        _a_l_l       matches every subsystem
        !           415: 
        !           416:        _a_r_g_s      command line argument processing
        !           417: 
        !           418:        _c_o_n_v      user conversation
        !           419: 
        !           420:        _e_d_i_t      sudoedit
        !           421: 
        !           422:        _e_x_e_c      command execution
        !           423: 
        !           424:        _m_a_i_n      ssuuddoo main function
        !           425: 
        !           426:        _n_e_t_i_f     network interface handling
        !           427: 
        !           428:        _p_c_o_m_m     communication with the plugin
        !           429: 
        !           430:        _p_l_u_g_i_n    plugin configuration
        !           431: 
        !           432:        _p_t_y       pseudo-tty related code
        !           433: 
        !           434:        _s_e_l_i_n_u_x   SELinux-specific handling
        !           435: 
        !           436:        _u_t_i_l      utility functions
        !           437: 
        !           438:        _u_t_m_p      utmp handling
        !           439: 
1.1       misho     440: RREETTUURRNN VVAALLUUEESS
                    441:        Upon successful execution of a program, the exit status from ssuuddoo will
                    442:        simply be the exit status of the program that was executed.
                    443: 
                    444:        Otherwise, ssuuddoo exits with a value of 1 if there is a
                    445:        configuration/permission problem or if ssuuddoo cannot execute the given
                    446:        command.  In the latter case the error string is printed to the
                    447:        standard error.  If ssuuddoo cannot _s_t_a_t(2) one or more entries in the
                    448:        user's PATH, an error is printed on stderr.  (If the directory does not
                    449:        exist or if it is not really a directory, the entry is ignored and no
                    450:        error is printed.)  This should not happen under normal circumstances.
                    451:        The most common reason for _s_t_a_t(2) to return "permission denied" is if
                    452:        you are running an automounter and one of the directories in your PATH
                    453:        is on a machine that is currently unreachable.
                    454: 
                    455: SSEECCUURRIITTYY NNOOTTEESS
                    456:        ssuuddoo tries to be safe when executing external commands.
                    457: 
                    458:        To prevent command spoofing, ssuuddoo checks "." and "" (both denoting
                    459:        current directory) last when searching for a command in the user's PATH
                    460:        (if one or both are in the PATH).  Note, however, that the actual PATH
                    461:        environment variable is _n_o_t modified and is passed unchanged to the
                    462:        program that ssuuddoo executes.
                    463: 
                    464:        Please note that ssuuddoo will normally only log the command it explicitly
                    465:        runs.  If a user runs a command such as sudo su or sudo sh, subsequent
                    466:        commands run from that shell are not subject to ssuuddoo's security policy.
                    467:        The same is true for commands that offer shell escapes (including most
                    468:        editors).  If I/O logging is enabled, subsequent commands will have
                    469:        their input and/or output logged, but there will not be traditional
                    470:        logs for those commands.  Because of this, care must be taken when
                    471:        giving users access to commands via ssuuddoo to verify that the command
                    472:        does not inadvertently give the user an effective root shell.  For more
                    473:        information, please see the PREVENTING SHELL ESCAPES section in
                    474:        _s_u_d_o_e_r_s(4).
                    475: 
1.1.1.2 ! misho     476:        To prevent the disclosure of potentially sensitive information, ssuuddoo
        !           477:        disables core dumps by default while it is executing (they are re-
        !           478:        enabled for the command that is run).  To aid in debugging ssuuddoo
        !           479:        crashes, you may wish to re-enable core dumps by setting
        !           480:        "disable_coredump" to false in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file.
        !           481: 
        !           482:         Set disable_coredump false
        !           483: 
        !           484:        Note that by default, most operating systems disable core dumps from
        !           485:        setuid programs, which includes ssuuddoo.  To actually get a ssuuddoo core file
        !           486:        you may need to enable core dumps for setuid processes.  On BSD and
        !           487:        Linux systems this is accomplished via the sysctl command, on Solaris
        !           488:        the coreadm command can be used.
        !           489: 
1.1       misho     490: EENNVVIIRROONNMMEENNTT
                    491:        ssuuddoo utilizes the following environment variables.  The security policy
                    492:        has control over the content of the command's environment.
                    493: 
                    494:        EDITOR          Default editor to use in --ee (sudoedit) mode if neither
                    495:                        SUDO_EDITOR nor VISUAL is set
                    496: 
                    497:        MAIL            In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set
                    498:                        to the mail spool of the target user
                    499: 
                    500:        HOME            Set to the home directory of the target user if --ii or
                    501:                        --HH are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set
                    502:                        in _s_u_d_o_e_r_s, or when the --ss option is specified and
                    503:                        _s_e_t___h_o_m_e is set in _s_u_d_o_e_r_s
                    504: 
                    505:        PATH            May be overridden by the security policy.
                    506: 
                    507:        SHELL           Used to determine shell to run with -s option
                    508: 
                    509:        SUDO_ASKPASS    Specifies the path to a helper program used to read the
                    510:                        password if no terminal is available or if the -A
                    511:                        option is specified.
                    512: 
                    513:        SUDO_COMMAND    Set to the command run by sudo
                    514: 
                    515:        SUDO_EDITOR     Default editor to use in --ee (sudoedit) mode
                    516: 
                    517:        SUDO_GID        Set to the group ID of the user who invoked sudo
                    518: 
                    519:        SUDO_PROMPT     Used as the default password prompt
                    520: 
                    521:        SUDO_PS1        If set, PS1 will be set to its value for the program
                    522:                        being run
                    523: 
                    524:        SUDO_UID        Set to the user ID of the user who invoked sudo
                    525: 
                    526:        SUDO_USER       Set to the login of the user who invoked sudo
                    527: 
                    528:        USER            Set to the target user (root unless the --uu option is
                    529:                        specified)
                    530: 
                    531:        VISUAL          Default editor to use in --ee (sudoedit) mode if
                    532:                        SUDO_EDITOR is not set
                    533: 
                    534: FFIILLEESS
1.1.1.2 ! misho     535:        _/_e_t_c_/_s_u_d_o_._c_o_n_f          ssuuddoo front end configuration
1.1       misho     536: 
                    537: EEXXAAMMPPLLEESS
                    538:        Note: the following examples assume a properly configured security
                    539:        policy.
                    540: 
                    541:        To get a file listing of an unreadable directory:
                    542: 
                    543:         $ sudo ls /usr/local/protected
                    544: 
                    545:        To list the home directory of user yaz on a machine where the file
                    546:        system holding ~yaz is not exported as root:
                    547: 
                    548:         $ sudo -u yaz ls ~yaz
                    549: 
                    550:        To edit the _i_n_d_e_x_._h_t_m_l file as user www:
                    551: 
                    552:         $ sudo -u www vi ~www/htdocs/index.html
                    553: 
                    554:        To view system logs only accessible to root and users in the adm group:
                    555: 
                    556:         $ sudo -g adm view /var/log/syslog
                    557: 
                    558:        To run an editor as jim with a different primary group:
                    559: 
                    560:         $ sudo -u jim -g audio vi ~jim/sound.txt
                    561: 
                    562:        To shutdown a machine:
                    563: 
                    564:         $ sudo shutdown -r +15 "quick reboot"
                    565: 
                    566:        To make a usage listing of the directories in the /home partition.
                    567:        Note that this runs the commands in a sub-shell to make the cd and file
                    568:        redirection work.
                    569: 
                    570:         $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
                    571: 
                    572: SSEEEE AALLSSOO
                    573:        _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(4),
                    574:        _s_u_d_o___p_l_u_g_i_n(1m), _s_u_d_o_r_e_p_l_a_y(1m), _v_i_s_u_d_o(1m)
                    575: 
                    576: AAUUTTHHOORRSS
                    577:        Many people have worked on ssuuddoo over the years; this version consists
                    578:        of code written primarily by:
                    579: 
                    580:                Todd C. Miller
                    581: 
1.1.1.2 ! misho     582:        See the CONTRIBUTORS file in the ssuuddoo distribution
        !           583:        (http://www.sudo.ws/sudo/contributors.html) for a list of people who
        !           584:        have contributed to ssuuddoo.
        !           585: 
        !           586: HHIISSTTOORRYY
        !           587:        See the HISTORY file in the ssuuddoo distribution
        !           588:        (http://www.sudo.ws/sudo/history.html) for a brief history of sudo.
1.1       misho     589: 
                    590: CCAAVVEEAATTSS
                    591:        There is no easy way to prevent a user from gaining a root shell if
                    592:        that user is allowed to run arbitrary commands via ssuuddoo.  Also, many
                    593:        programs (such as editors) allow the user to run commands via shell
                    594:        escapes, thus avoiding ssuuddoo's checks.  However, on most systems it is
                    595:        possible to prevent shell escapes with the _s_u_d_o_e_r_s(4) module's _n_o_e_x_e_c
                    596:        functionality.
                    597: 
                    598:        It is not meaningful to run the cd command directly via sudo, e.g.,
                    599: 
                    600:         $ sudo cd /usr/local/protected
                    601: 
                    602:        since when the command exits the parent process (your shell) will still
                    603:        be the same.  Please see the EXAMPLES section for more information.
                    604: 
                    605:        Running shell scripts via ssuuddoo can expose the same kernel bugs that
                    606:        make setuid shell scripts unsafe on some operating systems (if your OS
                    607:        has a /dev/fd/ directory, setuid shell scripts are generally safe).
                    608: 
                    609: BBUUGGSS
                    610:        If you feel you have found a bug in ssuuddoo, please submit a bug report at
                    611:        http://www.sudo.ws/sudo/bugs/
                    612: 
                    613: SSUUPPPPOORRTT
                    614:        Limited free support is available via the sudo-users mailing list, see
                    615:        http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
                    616:        the archives.
                    617: 
                    618: DDIISSCCLLAAIIMMEERR
                    619:        ssuuddoo is provided ``AS IS'' and any express or implied warranties,
                    620:        including, but not limited to, the implied warranties of
                    621:        merchantability and fitness for a particular purpose are disclaimed.
                    622:        See the LICENSE file distributed with ssuuddoo or
                    623:        http://www.sudo.ws/sudo/license.html for complete details.
                    624: 
                    625: 
                    626: 
1.1.1.2 ! misho     627: 1.8.5                           March 15, 2012                        SUDO(1m)

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>