Annotation of embedaddon/sudo/doc/sudo.cat, revision 1.1.1.5
1.1.1.3 misho 1: SUDO(1m) System Manager's Manual SUDO(1m)
1.1 misho 2:
3: NNAAMMEE
1.1.1.3 misho 4: ssuuddoo, ssuuddooeeddiitt - execute a command as another user
1.1 misho 5:
6: SSYYNNOOPPSSIISS
1.1.1.3 misho 7: ssuuddoo --hh | --KK | --kk | --VV
1.1.1.5 ! misho 8: ssuuddoo --vv [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r]
! 9: ssuuddoo --ll [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--UU _u_s_e_r]
! 10: [--uu _u_s_e_r] [_c_o_m_m_a_n_d]
! 11: ssuuddoo [--AAbbEEHHnnPPSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t]
! 12: [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--uu _u_s_e_r] [VVAARR=_v_a_l_u_e] [--ii | --ss]
! 13: [_c_o_m_m_a_n_d]
! 14: ssuuddooeeddiitt [--AAkknnSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t]
! 15: [--pp _p_r_o_m_p_t] [--uu _u_s_e_r] file ...
1.1 misho 16:
17: DDEESSCCRRIIPPTTIIOONN
1.1.1.3 misho 18: ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or
19: another user, as specified by the security policy.
20:
21: ssuuddoo supports a plugin architecture for security policies and
22: input/output logging. Third parties can develop and distribute their own
23: policy and I/O logging plugins to work seamlessly with the ssuuddoo front
24: end. The default security policy is _s_u_d_o_e_r_s, which is configured via the
1.1.1.4 misho 25: file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP. See the _P_l_u_g_i_n_s section for more
1.1.1.3 misho 26: information.
27:
28: The security policy determines what privileges, if any, a user has to run
29: ssuuddoo. The policy may require that users authenticate themselves with a
30: password or another authentication mechanism. If authentication is
31: required, ssuuddoo will exit if the user's password is not entered within a
32: configurable time limit. This limit is policy-specific; the default
33: password prompt timeout for the _s_u_d_o_e_r_s security policy is 5 minutes.
34:
35: Security policies may support credential caching to allow the user to run
36: ssuuddoo again for a period of time without requiring authentication. The
37: _s_u_d_o_e_r_s policy caches credentials for 5 minutes, unless overridden in
38: sudoers(4). By running ssuuddoo with the --vv option, a user can update the
39: cached credentials without running a _c_o_m_m_a_n_d.
40:
41: When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied.
42:
43: Security policies may log successful and failed attempts to use ssuuddoo. If
44: an I/O plugin is configured, the running command's input and output may
45: be logged as well.
46:
47: The options are as follows:
48:
1.1.1.5 ! misho 49: --AA, ----aasskkppaassss
! 50: Normally, if ssuuddoo requires a password, it will read it from
1.1.1.3 misho 51: the user's terminal. If the --AA (_a_s_k_p_a_s_s) option is
52: specified, a (possibly graphical) helper program is executed
53: to read the user's password and output the password to the
54: standard output. If the SUDO_ASKPASS environment variable is
55: set, it specifies the path to the helper program. Otherwise,
1.1.1.4 misho 56: if sudo.conf(4) contains a line specifying the askpass
1.1.1.3 misho 57: program, that value will be used. For example:
58:
59: # Path to askpass helper program
60: Path askpass /usr/X11R6/bin/ssh-askpass
61:
62: If no askpass program is available, ssuuddoo will exit with an
63: error.
64:
1.1.1.5 ! misho 65: --aa _t_y_p_e, ----aauutthh--ttyyppee=_t_y_p_e
! 66: Use the specified BSD authentication _t_y_p_e when validating the
! 67: user, if allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system
! 68: administrator may specify a list of sudo-specific
! 69: authentication methods by adding an ``auth-sudo'' entry in
! 70: _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. This option is only available on systems
! 71: that support BSD authentication.
! 72:
! 73: --bb, ----bbaacckkggrroouunndd
! 74: Run the given command in the background. Note that it is not
! 75: possible to use shell job control to manipulate background
! 76: processes started by ssuuddoo. Most interactive commands will
! 77: fail to work properly in background mode.
! 78:
! 79: --CC _n_u_m, ----cclloossee--ffrroomm=_n_u_m
! 80: Close all file descriptors greater than or equal to _n_u_m
! 81: before executing a command. Values less than three are not
! 82: permitted. By default, ssuuddoo will close all open file
! 83: descriptors other than standard input, standard output and
! 84: standard error when executing a command. The security policy
! 85: may restrict the user's ability to use this option. The
! 86: _s_u_d_o_e_r_s policy only permits use of the --CC option when the
1.1.1.3 misho 87: administrator has enabled the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option.
88:
1.1.1.5 ! misho 89: --cc _c_l_a_s_s, ----llooggiinn--ccllaassss=_c_l_a_s_s
! 90: Run the command with resource limits and scheduling priority
! 91: of the specified login _c_l_a_s_s. The _c_l_a_s_s argument can be
! 92: either a class name as defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a
! 93: single `-' character. If _c_l_a_s_s is -, the default login class
! 94: of the target user will be used. Otherwise, the command must
! 95: be run as root, or ssuuddoo must be run from a shell that is
! 96: already root. If the command is being run as a login shell,
! 97: additional _/_e_t_c_/_l_o_g_i_n_._c_o_n_f settings, such as the umask and
! 98: environment variables, will be applied if present. This
! 99: option is only available on systems with BSD login classes.
! 100:
! 101: --EE, ----pprreesseerrvvee--eennvv
! 102: Indicates to the security policy that the user wishes to
! 103: preserve their existing environment variables. The security
! 104: policy may return an error if the user does not have
! 105: permission to preserve the environment.
! 106:
! 107: --ee, ----eeddiitt Edit one or more files instead of running a command. In lieu
! 108: of a path name, the string "sudoedit" is used when consulting
1.1.1.3 misho 109: the security policy. If the user is authorized by the
110: policy, the following steps are taken:
1.1 misho 111:
1.1.1.3 misho 112: 1. Temporary copies are made of the files to be edited
1.1 misho 113: with the owner set to the invoking user.
114:
1.1.1.3 misho 115: 2. The editor specified by the policy is run to edit the
1.1 misho 116: temporary files. The _s_u_d_o_e_r_s policy uses the
117: SUDO_EDITOR, VISUAL and EDITOR environment variables
118: (in that order). If none of SUDO_EDITOR, VISUAL or
119: EDITOR are set, the first program listed in the _e_d_i_t_o_r
1.1.1.3 misho 120: sudoers(4) option is used.
1.1 misho 121:
1.1.1.3 misho 122: 3. If they have been modified, the temporary files are
1.1 misho 123: copied back to their original location and the
124: temporary versions are removed.
125:
1.1.1.3 misho 126: If the specified file does not exist, it will be created.
127: Note that unlike most commands run by _s_u_d_o, the editor is run
128: with the invoking user's environment unmodified. If, for
129: some reason, ssuuddoo is unable to update a file with its edited
130: version, the user will receive a warning and the edited copy
131: will remain in a temporary file.
132:
1.1.1.5 ! misho 133: --gg _g_r_o_u_p, ----ggrroouupp=_g_r_o_u_p
! 134: Run the command with the primary group set to _g_r_o_u_p instead
! 135: of the primary group specified by the target user's password
! 136: database entry. The _g_r_o_u_p may be either a group name or a
! 137: numeric group ID (GID) prefixed with the `#' character (e.g.
! 138: #0 for GID 0). When running a command as a GID, many shells
1.1.1.3 misho 139: require that the `#' be escaped with a backslash (`\'). If
140: no --uu option is specified, the command will be run as the
1.1.1.5 ! misho 141: invoking user. In either case, the primary group will be set
! 142: to _g_r_o_u_p.
1.1.1.3 misho 143:
1.1.1.5 ! misho 144: --HH, ----sseett--hhoommee
! 145: Request that the security policy set the HOME environment
! 146: variable to the home directory specified by the target user's
! 147: password database entry. Depending on the policy, this may
! 148: be the default behavior.
! 149:
! 150: --hh, ----hheellpp Display a short help message to the standard output and exit.
! 151:
! 152: --hh _h_o_s_t, ----hhoosstt=_h_o_s_t
! 153: Run the command on the specified _h_o_s_t if the security policy
! 154: plugin supports remote commands. Note that the _s_u_d_o_e_r_s
! 155: plugin does not currently support running remote commands.
! 156: This may also be used in conjunction with the --ll option to
! 157: list a user's privileges for the remote host.
! 158:
! 159: --ii, ----llooggiinn
! 160: Run the shell specified by the target user's password
! 161: database entry as a login shell. This means that login-
! 162: specific resource files such as _._p_r_o_f_i_l_e or _._l_o_g_i_n will be
! 163: read by the shell. If a command is specified, it is passed
! 164: to the shell for execution via the shell's --cc option. If no
! 165: command is specified, an interactive shell is executed. ssuuddoo
! 166: attempts to change to that user's home directory before
! 167: running the shell. The command is run with an environment
! 168: similar to the one a user would receive at log in. The
! 169: _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t section in the sudoers(4) manual
! 170: documents how the --ii option affects the environment in which
! 171: a command is run when the _s_u_d_o_e_r_s policy is in use.
! 172:
! 173: --KK, ----rreemmoovvee--ttiimmeessttaammpp
! 174: Similar to the --kk option, except that it removes the user's
! 175: cached credentials entirely and may not be used in
1.1.1.3 misho 176: conjunction with a command or other option. This option does
177: not require a password. Not all security policies support
178: credential caching.
179:
1.1.1.5 ! misho 180: --kk, ----rreesseett--ttiimmeessttaammpp
! 181: When used without a command, invalidates the user's cached
! 182: credentials. In other words, the next time ssuuddoo is run a
1.1.1.3 misho 183: password will be required. This option does not require a
184: password and was added to allow a user to revoke ssuuddoo
1.1.1.5 ! misho 185: permissions from a _._l_o_g_o_u_t file.
1.1.1.3 misho 186:
187: When used in conjunction with a command or an option that may
1.1.1.5 ! misho 188: require a password, this option will cause ssuuddoo to ignore the
! 189: user's cached credentials. As a result, ssuuddoo will prompt for
! 190: a password (if one is required by the security policy) and
! 191: will not update the user's cached credentials.
! 192:
! 193: Not all security policies support credential caching.
! 194:
! 195: --ll, ----lliisstt If no _c_o_m_m_a_n_d is specified, list the allowed (and forbidden)
! 196: commands for the invoking user (or the user specified by the
! 197: --UU option) on the current host. A longer list format is used
! 198: if this option is specified multiple times and the security
! 199: policy supports a verbose output format.
! 200:
1.1.1.3 misho 201: If a _c_o_m_m_a_n_d is specified and is permitted by the security
202: policy, the fully-qualified path to the command is displayed
203: along with any command line arguments. If _c_o_m_m_a_n_d is
204: specified but not allowed, ssuuddoo will exit with a status value
1.1.1.5 ! misho 205: of 1.
! 206:
! 207: --nn, ----nnoonn--iinntteerraaccttiivvee
! 208: Avoid prompting the user for input of any kind. If a
! 209: password is required for the command to run, ssuuddoo will
! 210: display an error message and exit.
! 211:
! 212: --PP, ----pprreesseerrvvee--ggrroouuppss
! 213: Preserve the invoking user's group vector unaltered. By
! 214: default, the _s_u_d_o_e_r_s policy will initialize the group vector
! 215: to the list of groups the target user is a member of. The
! 216: real and effective group IDs, however, are still set to match
! 217: the target user.
! 218:
! 219: --pp _p_r_o_m_p_t, ----pprroommpptt=_p_r_o_m_p_t
! 220: Use a custom password prompt with optional escape sequences.
! 221: The following percent (`%') escape sequences are supported by
! 222: the _s_u_d_o_e_r_s policy:
1.1.1.3 misho 223:
224: %H expanded to the host name including the domain name (on
225: if the machine's host name is fully qualified or the _f_q_d_n
226: option is set in sudoers(4))
227:
228: %h expanded to the local host name without the domain name
229:
230: %p expanded to the name of the user whose password is being
231: requested (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w, and _r_u_n_a_s_p_w
232: flags in sudoers(4))
233:
234: %U expanded to the login name of the user the command will
235: be run as (defaults to root unless the --uu option is also
236: specified)
237:
238: %u expanded to the invoking user's login name
239:
240: %% two consecutive `%' characters are collapsed into a
241: single `%' character
242:
1.1.1.5 ! misho 243: The custom prompt will override the system password prompt on
! 244: systems that support PAM unless the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag
! 245: is disabled in _s_u_d_o_e_r_s.
! 246:
! 247: --rr _r_o_l_e, ----rroollee=_r_o_l_e
! 248: Run the command with an SELinux security context that
! 249: includes the specified _r_o_l_e.
! 250:
! 251: --SS, ----ssttddiinn
! 252: Write the prompt to the standard error and read the password
! 253: from the standard input instead of using the terminal device.
! 254: The password must be followed by a newline character.
! 255:
! 256: --ss, ----sshheellll
! 257: Run the shell specified by the SHELL environment variable if
! 258: it is set or the shell specified by the invoking user's
! 259: password database entry. If a command is specified, it is
1.1.1.3 misho 260: passed to the shell for execution via the shell's --cc option.
261: If no command is specified, an interactive shell is executed.
262:
1.1.1.5 ! misho 263: --tt _t_y_p_e, ----ttyyppee=_t_y_p_e
! 264: Run the command with an SELinux security context that
! 265: includes the specified _t_y_p_e. If no _t_y_p_e is specified, the
! 266: default type is derived from the role.
! 267:
! 268: --UU _u_s_e_r, ----ootthheerr--uusseerr=_u_s_e_r
! 269: Used in conjunction with the --ll option to list the privileges
! 270: for _u_s_e_r instead of for the invoking user. The security
! 271: policy may restrict listing other users' privileges. The
! 272: _s_u_d_o_e_r_s policy only allows root or a user with the ALL
! 273: privilege on the current host to use this option.
! 274:
! 275: --uu _u_s_e_r, ----uusseerr=_u_s_e_r
! 276: Run the command as a user other than the default target user
! 277: (usually _r_o_o_t _)_. The _u_s_e_r may be either a user name or a
! 278: numeric user ID (UID) prefixed with the `#' character (e.g.
! 279: #0 for UID 0). When running commands as a UID, many shells
! 280: require that the `#' be escaped with a backslash (`\'). Some
! 281: security policies may restrict UIDs to those listed in the
! 282: password database. The _s_u_d_o_e_r_s policy allows UIDs that are
1.1.1.3 misho 283: not in the password database as long as the _t_a_r_g_e_t_p_w option
284: is not set. Other security policies may not support this.
285:
1.1.1.5 ! misho 286: --VV, ----vveerrssiioonn
! 287: Print the ssuuddoo version string as well as the version string
! 288: of the security policy plugin and any I/O plugins. If the
! 289: invoking user is already root the --VV option will display the
! 290: arguments passed to configure when ssuuddoo was built and plugins
! 291: may display more verbose information such as default options.
1.1.1.3 misho 292:
1.1.1.5 ! misho 293: --vv, ----vvaalliiddaattee
! 294: Update the user's cached credentials, authenticating the user
1.1.1.3 misho 295: if necessary. For the _s_u_d_o_e_r_s plugin, this extends the ssuuddoo
1.1.1.5 ! misho 296: timeout for another 5 minutes by default, but does not run a
! 297: command. Not all security policies support cached
! 298: credentials.
1.1.1.3 misho 299:
300: ---- The ---- option indicates that ssuuddoo should stop processing
301: command line arguments.
302:
303: Environment variables to be set for the command may also be passed on the
304: command line in the form of VVAARR=_v_a_l_u_e, e.g.
305: LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b. Variables passed on the command line
1.1.1.5 ! misho 306: are subject to restrictions imposed by the security policy plugin. The
! 307: _s_u_d_o_e_r_s policy subjects variables passed on the command line to the same
! 308: restrictions as normal environment variables with one important
! 309: exception. If the _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s, the command to be run
! 310: has the SETENV tag set or the command matched is ALL, the user may set
! 311: variables that would otherwise be forbidden. See sudoers(4) for more
! 312: information.
1.1.1.3 misho 313:
314: CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
315: When ssuuddoo executes a command, the security policy specifies the execution
1.1.1.5 ! misho 316: environment for the command. Typically, the real and effective user and
! 317: group and IDs are set to match those of the target user, as specified in
! 318: the password database, and the group vector is initialized based on the
! 319: group database (unless the --PP option was specified).
1.1.1.3 misho 320:
321: The following parameters may be specified by security policy:
322:
323: oo real and effective user ID
324:
325: oo real and effective group ID
326:
327: oo supplementary group IDs
328:
329: oo the environment list
330:
331: oo current working directory
332:
333: oo file creation mode mask (umask)
334:
335: oo SELinux role and type
336:
337: oo Solaris project
338:
339: oo Solaris privileges
340:
341: oo BSD login class
342:
343: oo scheduling priority (aka nice value)
344:
345: PPrroocceessss mmooddeell
346: When ssuuddoo runs a command, it calls fork(2), sets up the execution
347: environment as described above, and calls the execve system call in the
348: child process. The main ssuuddoo process waits until the command has
349: completed, then passes the command's exit status to the security policy's
1.1.1.4 misho 350: close function and exits. If an I/O logging plugin is configured or if
351: the security policy explicitly requests it, a new pseudo-terminal
352: (``pty'') is created and a second ssuuddoo process is used to relay job
353: control signals between the user's existing pty and the new pty the
354: command is being run in. This extra process makes it possible to, for
355: example, suspend and resume the command. Without it, the command would
356: be in what POSIX terms an ``orphaned process group'' and it would not
357: receive any job control signals. As a special case, if the policy plugin
358: does not define a close function and no pty is required, ssuuddoo will
1.1.1.5 ! misho 359: execute the command directly instead of calling fork(2) first. The
! 360: _s_u_d_o_e_r_s policy plugin will only define a close function when I/O logging
! 361: is enabled, a pty is required, or the _p_a_m___s_e_s_s_i_o_n or _p_a_m___s_e_t_c_r_e_d options
! 362: are enabled. Note that _p_a_m___s_e_s_s_i_o_n and _p_a_m___s_e_t_c_r_e_d are enabled by
! 363: default on systems using PAM.
1.1.1.3 misho 364:
365: SSiiggnnaall hhaannddlliinngg
1.1.1.5 ! misho 366: When the command is run as a child of the ssuuddoo process, ssuuddoo will relay
! 367: signals it receives to the command. Unless the command is being run in a
! 368: new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed unless
! 369: they are sent by a user process, not the kernel. Otherwise, the command
! 370: would receive SIGINT twice every time the user entered control-C. Some
! 371: signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will not
! 372: be relayed to the command. As a general rule, SIGTSTP should be used
1.1.1.3 misho 373: instead of SIGSTOP when you wish to suspend a command being run by ssuuddoo.
374:
375: As a special case, ssuuddoo will not relay signals that were sent by the
376: command it is running. This prevents the command from accidentally
377: killing itself. On some systems, the reboot(1m) command sends SIGTERM to
1.1.1.4 misho 378: all non-system processes other than itself before rebooting the system.
1.1.1.3 misho 379: This prevents ssuuddoo from relaying the SIGTERM signal it received back to
380: reboot(1m), which might then exit before the system was actually rebooted,
381: leaving it in a half-dead state similar to single user mode. Note,
382: however, that this check only applies to the command run by ssuuddoo and not
383: any other processes that the command may create. As a result, running a
384: script that calls reboot(1m) or shutdown(1m) via ssuuddoo may cause the system
385: to end up in this undefined state unless the reboot(1m) or shutdown(1m) are
386: run using the eexxeecc() family of functions instead of ssyysstteemm() (which
387: interposes a shell between the command and the calling process).
1.1 misho 388:
1.1.1.4 misho 389: If no I/O logging plugins are loaded and the policy plugin has not
390: defined a cclloossee() function, set a command timeout or required that the
391: command be run in a new pty, ssuuddoo may execute the command directly
392: instead of running it as a child process.
393:
394: PPlluuggiinnss
395: Plugins are dynamically loaded based on the contents of the sudo.conf(4)
396: file. If no sudo.conf(4) file is present, or it contains no Plugin
397: lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s security policy and I/O
398: logging. See the sudo.conf(4) manual for details of the _/_e_t_c_/_s_u_d_o_._c_o_n_f
399: file and the sudo_plugin(1m) manual for more information about the ssuuddoo
400: plugin architecture.
1.1.1.2 misho 401:
1.1.1.3 misho 402: EEXXIITT VVAALLUUEE
403: Upon successful execution of a program, the exit status from _s_u_d_o will
404: simply be the exit status of the program that was executed.
1.1 misho 405:
1.1.1.3 misho 406: Otherwise, ssuuddoo exits with a value of 1 if there is a
407: configuration/permission problem or if ssuuddoo cannot execute the given
408: command. In the latter case the error string is printed to the standard
409: error. If ssuuddoo cannot stat(2) one or more entries in the user's PATH, an
410: error is printed on stderr. (If the directory does not exist or if it is
411: not really a directory, the entry is ignored and no error is printed.)
412: This should not happen under normal circumstances. The most common
413: reason for stat(2) to return ``permission denied'' is if you are running
414: an automounter and one of the directories in your PATH is on a machine
415: that is currently unreachable.
1.1 misho 416:
417: SSEECCUURRIITTYY NNOOTTEESS
1.1.1.3 misho 418: ssuuddoo tries to be safe when executing external commands.
1.1 misho 419:
1.1.1.3 misho 420: To prevent command spoofing, ssuuddoo checks "." and "" (both denoting
421: current directory) last when searching for a command in the user's PATH
422: (if one or both are in the PATH). Note, however, that the actual PATH
423: environment variable is _n_o_t modified and is passed unchanged to the
424: program that ssuuddoo executes.
425:
426: Please note that ssuuddoo will normally only log the command it explicitly
427: runs. If a user runs a command such as sudo su or sudo sh, subsequent
428: commands run from that shell are not subject to ssuuddoo's security policy.
429: The same is true for commands that offer shell escapes (including most
430: editors). If I/O logging is enabled, subsequent commands will have their
431: input and/or output logged, but there will not be traditional logs for
432: those commands. Because of this, care must be taken when giving users
433: access to commands via ssuuddoo to verify that the command does not
434: inadvertently give the user an effective root shell. For more
435: information, please see the _P_R_E_V_E_N_T_I_N_G _S_H_E_L_L _E_S_C_A_P_E_S section in
436: sudoers(4).
437:
438: To prevent the disclosure of potentially sensitive information, ssuuddoo
439: disables core dumps by default while it is executing (they are re-enabled
440: for the command that is run). To aid in debugging ssuuddoo crashes, you may
441: wish to re-enable core dumps by setting ``disable_coredump'' to false in
1.1.1.4 misho 442: the sudo.conf(4) file as follows:
1.1.1.3 misho 443:
444: Set disable_coredump false
445:
1.1.1.4 misho 446: See the sudo.conf(4) manual for more information.
1.1.1.2 misho 447:
1.1 misho 448: EENNVVIIRROONNMMEENNTT
1.1.1.3 misho 449: ssuuddoo utilizes the following environment variables. The security policy
450: has control over the actual content of the command's environment.
1.1 misho 451:
1.1.1.3 misho 452: EDITOR Default editor to use in --ee (sudoedit) mode if neither
453: SUDO_EDITOR nor VISUAL is set.
1.1 misho 454:
1.1.1.3 misho 455: MAIL In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set
456: to the mail spool of the target user.
1.1 misho 457:
1.1.1.3 misho 458: HOME Set to the home directory of the target user if --ii or --HH
459: are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set in
460: _s_u_d_o_e_r_s, or when the --ss option is specified and _s_e_t___h_o_m_e
461: is set in _s_u_d_o_e_r_s.
1.1 misho 462:
1.1.1.3 misho 463: PATH May be overridden by the security policy.
1.1 misho 464:
1.1.1.3 misho 465: SHELL Used to determine shell to run with --ss option.
1.1 misho 466:
1.1.1.3 misho 467: SUDO_ASKPASS Specifies the path to a helper program used to read the
468: password if no terminal is available or if the --AA option
469: is specified.
1.1 misho 470:
1.1.1.3 misho 471: SUDO_COMMAND Set to the command run by sudo.
1.1 misho 472:
1.1.1.3 misho 473: SUDO_EDITOR Default editor to use in --ee (sudoedit) mode.
1.1 misho 474:
1.1.1.3 misho 475: SUDO_GID Set to the group ID of the user who invoked sudo.
1.1 misho 476:
1.1.1.3 misho 477: SUDO_PROMPT Used as the default password prompt.
1.1 misho 478:
1.1.1.3 misho 479: SUDO_PS1 If set, PS1 will be set to its value for the program
480: being run.
1.1 misho 481:
1.1.1.3 misho 482: SUDO_UID Set to the user ID of the user who invoked sudo.
1.1 misho 483:
1.1.1.3 misho 484: SUDO_USER Set to the login name of the user who invoked sudo.
1.1 misho 485:
1.1.1.3 misho 486: USER Set to the target user (root unless the --uu option is
487: specified).
1.1 misho 488:
1.1.1.3 misho 489: VISUAL Default editor to use in --ee (sudoedit) mode if
490: SUDO_EDITOR is not set.
1.1 misho 491:
492: FFIILLEESS
1.1.1.3 misho 493: _/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo front end configuration
1.1 misho 494:
495: EEXXAAMMPPLLEESS
1.1.1.3 misho 496: Note: the following examples assume a properly configured security
497: policy.
1.1 misho 498:
1.1.1.3 misho 499: To get a file listing of an unreadable directory:
1.1 misho 500:
1.1.1.3 misho 501: $ sudo ls /usr/local/protected
1.1 misho 502:
1.1.1.3 misho 503: To list the home directory of user yaz on a machine where the file system
504: holding ~yaz is not exported as root:
1.1 misho 505:
1.1.1.3 misho 506: $ sudo -u yaz ls ~yaz
1.1 misho 507:
1.1.1.3 misho 508: To edit the _i_n_d_e_x_._h_t_m_l file as user www:
1.1 misho 509:
1.1.1.3 misho 510: $ sudo -u www vi ~www/htdocs/index.html
1.1 misho 511:
1.1.1.3 misho 512: To view system logs only accessible to root and users in the adm group:
1.1 misho 513:
1.1.1.3 misho 514: $ sudo -g adm view /var/log/syslog
1.1 misho 515:
1.1.1.3 misho 516: To run an editor as jim with a different primary group:
1.1 misho 517:
1.1.1.3 misho 518: $ sudo -u jim -g audio vi ~jim/sound.txt
1.1 misho 519:
1.1.1.3 misho 520: To shut down a machine:
1.1 misho 521:
1.1.1.3 misho 522: $ sudo shutdown -r +15 "quick reboot"
1.1 misho 523:
1.1.1.3 misho 524: To make a usage listing of the directories in the /home partition. Note
525: that this runs the commands in a sub-shell to make the cd and file
526: redirection work.
1.1 misho 527:
1.1.1.3 misho 528: $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
1.1 misho 529:
530: SSEEEE AALLSSOO
1.1.1.4 misho 531: su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudoers(4),
1.1.1.3 misho 532: sudo_plugin(1m), sudoreplay(1m), visudo(1m)
1.1 misho 533:
1.1.1.3 misho 534: HHIISSTTOORRYY
535: See the HISTORY file in the ssuuddoo distribution
536: (http://www.sudo.ws/sudo/history.html) for a brief history of sudo.
1.1 misho 537:
1.1.1.3 misho 538: AAUUTTHHOORRSS
539: Many people have worked on ssuuddoo over the years; this version consists of
540: code written primarily by:
1.1 misho 541:
1.1.1.3 misho 542: Todd C. Miller
1.1.1.2 misho 543:
1.1.1.3 misho 544: See the CONTRIBUTORS file in the ssuuddoo distribution
545: (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
546: people who have contributed to ssuuddoo.
1.1 misho 547:
548: CCAAVVEEAATTSS
1.1.1.3 misho 549: There is no easy way to prevent a user from gaining a root shell if that
550: user is allowed to run arbitrary commands via ssuuddoo. Also, many programs
551: (such as editors) allow the user to run commands via shell escapes, thus
552: avoiding ssuuddoo's checks. However, on most systems it is possible to
553: prevent shell escapes with the sudoers(4) plugin's _n_o_e_x_e_c functionality.
554:
555: It is not meaningful to run the cd command directly via sudo, e.g.,
556:
557: $ sudo cd /usr/local/protected
558:
559: since when the command exits the parent process (your shell) will still
560: be the same. Please see the _E_X_A_M_P_L_E_S section for more information.
561:
562: Running shell scripts via ssuuddoo can expose the same kernel bugs that make
563: setuid shell scripts unsafe on some operating systems (if your OS has a
564: /dev/fd/ directory, setuid shell scripts are generally safe).
1.1 misho 565:
566: BBUUGGSS
1.1.1.3 misho 567: If you feel you have found a bug in ssuuddoo, please submit a bug report at
568: http://www.sudo.ws/sudo/bugs/
1.1 misho 569:
570: SSUUPPPPOORRTT
1.1.1.3 misho 571: Limited free support is available via the sudo-users mailing list, see
572: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
573: archives.
1.1 misho 574:
575: DDIISSCCLLAAIIMMEERR
1.1.1.3 misho 576: ssuuddoo is provided ``AS IS'' and any express or implied warranties,
577: including, but not limited to, the implied warranties of merchantability
578: and fitness for a particular purpose are disclaimed. See the LICENSE
579: file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
580: complete details.
1.1 misho 581:
1.1.1.5 ! misho 582: Sudo 1.8.8 August 14, 2013 Sudo 1.8.8
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>