Annotation of embedaddon/sudo/doc/sudo.cat, revision 1.1.1.6
1.1.1.3 misho 1: SUDO(1m) System Manager's Manual SUDO(1m)
1.1 misho 2:
3: N�NA�AM�ME�E
1.1.1.3 misho 4: s�su�ud�do�o, s�su�ud�do�oe�ed�di�it�t - execute a command as another user
1.1 misho 5:
6: S�SY�YN�NO�OP�PS�SI�IS�S
1.1.1.3 misho 7: s�su�ud�do�o -�-h�h | -�-K�K | -�-k�k | -�-V�V
1.1.1.5 misho 8: s�su�ud�do�o -�-v�v [-�-A�Ak�kn�nS�S] [-�-a�a _�t_�y_�p_�e] [-�-g�g _�g_�r_�o_�u_�p] [-�-h�h _�h_�o_�s_�t] [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-u�u _�u_�s_�e_�r]
9: s�su�ud�do�o -�-l�l [-�-A�Ak�kn�nS�S] [-�-a�a _�t_�y_�p_�e] [-�-g�g _�g_�r_�o_�u_�p] [-�-h�h _�h_�o_�s_�t] [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-U�U _�u_�s_�e_�r]
10: [-�-u�u _�u_�s_�e_�r] [_�c_�o_�m_�m_�a_�n_�d]
11: s�su�ud�do�o [-�-A�Ab�bE�EH�Hn�nP�PS�S] [-�-a�a _�t_�y_�p_�e] [-�-C�C _�n_�u_�m] [-�-c�c _�c_�l_�a_�s_�s] [-�-g�g _�g_�r_�o_�u_�p] [-�-h�h _�h_�o_�s_�t]
1.1.1.6 ! misho 12: [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-r�r _�r_�o_�l_�e] [-�-t�t _�t_�y_�p_�e] [-�-u�u _�u_�s_�e_�r] [_�V_�A_�R=_�v_�a_�l_�u_�e] [-�-i�i | -�-s�s]
1.1.1.5 misho 13: [_�c_�o_�m_�m_�a_�n_�d]
14: s�su�ud�do�oe�ed�di�it�t [-�-A�Ak�kn�nS�S] [-�-a�a _�t_�y_�p_�e] [-�-C�C _�n_�u_�m] [-�-c�c _�c_�l_�a_�s_�s] [-�-g�g _�g_�r_�o_�u_�p] [-�-h�h _�h_�o_�s_�t]
1.1.1.6 ! misho 15: [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-u�u _�u_�s_�e_�r] _�f_�i_�l_�e _�._�._�.
1.1 misho 16:
17: D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
1.1.1.3 misho 18: s�su�ud�do�o allows a permitted user to execute a _�c_�o_�m_�m_�a_�n_�d as the superuser or
19: another user, as specified by the security policy.
20:
21: s�su�ud�do�o supports a plugin architecture for security policies and
22: input/output logging. Third parties can develop and distribute their own
23: policy and I/O logging plugins to work seamlessly with the s�su�ud�do�o front
24: end. The default security policy is _�s_�u_�d_�o_�e_�r_�s, which is configured via the
1.1.1.4 misho 25: file _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s, or via LDAP. See the _�P_�l_�u_�g_�i_�n_�s section for more
1.1.1.3 misho 26: information.
27:
28: The security policy determines what privileges, if any, a user has to run
29: s�su�ud�do�o. The policy may require that users authenticate themselves with a
30: password or another authentication mechanism. If authentication is
31: required, s�su�ud�do�o will exit if the user's password is not entered within a
32: configurable time limit. This limit is policy-specific; the default
33: password prompt timeout for the _�s_�u_�d_�o_�e_�r_�s security policy is 5 minutes.
34:
35: Security policies may support credential caching to allow the user to run
36: s�su�ud�do�o again for a period of time without requiring authentication. The
37: _�s_�u_�d_�o_�e_�r_�s policy caches credentials for 5 minutes, unless overridden in
38: sudoers(4). By running s�su�ud�do�o with the -�-v�v option, a user can update the
39: cached credentials without running a _�c_�o_�m_�m_�a_�n_�d.
40:
41: When invoked as s�su�ud�do�oe�ed�di�it�t, the -�-e�e option (described below), is implied.
42:
43: Security policies may log successful and failed attempts to use s�su�ud�do�o. If
44: an I/O plugin is configured, the running command's input and output may
45: be logged as well.
46:
47: The options are as follows:
48:
1.1.1.5 misho 49: -�-A�A, -�--�-a�as�sk�kp�pa�as�ss�s
50: Normally, if s�su�ud�do�o requires a password, it will read it from
1.1.1.3 misho 51: the user's terminal. If the -�-A�A (_�a_�s_�k_�p_�a_�s_�s) option is
52: specified, a (possibly graphical) helper program is executed
53: to read the user's password and output the password to the
54: standard output. If the SUDO_ASKPASS environment variable is
55: set, it specifies the path to the helper program. Otherwise,
1.1.1.4 misho 56: if sudo.conf(4) contains a line specifying the askpass
1.1.1.3 misho 57: program, that value will be used. For example:
58:
59: # Path to askpass helper program
60: Path askpass /usr/X11R6/bin/ssh-askpass
61:
62: If no askpass program is available, s�su�ud�do�o will exit with an
63: error.
64:
1.1.1.5 misho 65: -�-a�a _�t_�y_�p_�e, -�--�-a�au�ut�th�h-�-t�ty�yp�pe�e=_�t_�y_�p_�e
66: Use the specified BSD authentication _�t_�y_�p_�e when validating the
67: user, if allowed by _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f. The system
68: administrator may specify a list of sudo-specific
69: authentication methods by adding an ``auth-sudo'' entry in
70: _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f. This option is only available on systems
71: that support BSD authentication.
72:
73: -�-b�b, -�--�-b�ba�ac�ck�kg�gr�ro�ou�un�nd�d
74: Run the given command in the background. Note that it is not
75: possible to use shell job control to manipulate background
76: processes started by s�su�ud�do�o. Most interactive commands will
77: fail to work properly in background mode.
78:
79: -�-C�C _�n_�u_�m, -�--�-c�cl�lo�os�se�e-�-f�fr�ro�om�m=_�n_�u_�m
80: Close all file descriptors greater than or equal to _�n_�u_�m
81: before executing a command. Values less than three are not
82: permitted. By default, s�su�ud�do�o will close all open file
83: descriptors other than standard input, standard output and
84: standard error when executing a command. The security policy
85: may restrict the user's ability to use this option. The
86: _�s_�u_�d_�o_�e_�r_�s policy only permits use of the -�-C�C option when the
1.1.1.3 misho 87: administrator has enabled the _�c_�l_�o_�s_�e_�f_�r_�o_�m_�__�o_�v_�e_�r_�r_�i_�d_�e option.
88:
1.1.1.5 misho 89: -�-c�c _�c_�l_�a_�s_�s, -�--�-l�lo�og�gi�in�n-�-c�cl�la�as�ss�s=_�c_�l_�a_�s_�s
90: Run the command with resource limits and scheduling priority
91: of the specified login _�c_�l_�a_�s_�s. The _�c_�l_�a_�s_�s argument can be
92: either a class name as defined in _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f, or a
1.1.1.6 ! misho 93: single `-' character. If _�c_�l_�a_�s_�s is -�-, the default login class
1.1.1.5 misho 94: of the target user will be used. Otherwise, the command must
1.1.1.6 ! misho 95: be run as the superuser (user ID 0), or s�su�ud�do�o must be run from
! 96: a shell that is already running as the superuser. If the
! 97: command is being run as a login shell, additional
! 98: _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f settings, such as the umask and environment
! 99: variables, will be applied, if present. This option is only
! 100: available on systems with BSD login classes.
1.1.1.5 misho 101:
102: -�-E�E, -�--�-p�pr�re�es�se�er�rv�ve�e-�-e�en�nv�v
103: Indicates to the security policy that the user wishes to
104: preserve their existing environment variables. The security
105: policy may return an error if the user does not have
106: permission to preserve the environment.
107:
108: -�-e�e, -�--�-e�ed�di�it�t Edit one or more files instead of running a command. In lieu
109: of a path name, the string "sudoedit" is used when consulting
1.1.1.3 misho 110: the security policy. If the user is authorized by the
111: policy, the following steps are taken:
1.1 misho 112:
1.1.1.3 misho 113: 1. Temporary copies are made of the files to be edited
1.1 misho 114: with the owner set to the invoking user.
115:
1.1.1.3 misho 116: 2. The editor specified by the policy is run to edit the
1.1 misho 117: temporary files. The _�s_�u_�d_�o_�e_�r_�s policy uses the
118: SUDO_EDITOR, VISUAL and EDITOR environment variables
119: (in that order). If none of SUDO_EDITOR, VISUAL or
120: EDITOR are set, the first program listed in the _�e_�d_�i_�t_�o_�r
1.1.1.3 misho 121: sudoers(4) option is used.
1.1 misho 122:
1.1.1.3 misho 123: 3. If they have been modified, the temporary files are
1.1 misho 124: copied back to their original location and the
125: temporary versions are removed.
126:
1.1.1.3 misho 127: If the specified file does not exist, it will be created.
128: Note that unlike most commands run by _�s_�u_�d_�o, the editor is run
129: with the invoking user's environment unmodified. If, for
130: some reason, s�su�ud�do�o is unable to update a file with its edited
131: version, the user will receive a warning and the edited copy
132: will remain in a temporary file.
133:
1.1.1.5 misho 134: -�-g�g _�g_�r_�o_�u_�p, -�--�-g�gr�ro�ou�up�p=_�g_�r_�o_�u_�p
135: Run the command with the primary group set to _�g_�r_�o_�u_�p instead
136: of the primary group specified by the target user's password
137: database entry. The _�g_�r_�o_�u_�p may be either a group name or a
138: numeric group ID (GID) prefixed with the `#' character (e.g.
139: #0 for GID 0). When running a command as a GID, many shells
1.1.1.3 misho 140: require that the `#' be escaped with a backslash (`\'). If
141: no -�-u�u option is specified, the command will be run as the
1.1.1.5 misho 142: invoking user. In either case, the primary group will be set
143: to _�g_�r_�o_�u_�p.
1.1.1.3 misho 144:
1.1.1.5 misho 145: -�-H�H, -�--�-s�se�et�t-�-h�ho�om�me�e
146: Request that the security policy set the HOME environment
147: variable to the home directory specified by the target user's
148: password database entry. Depending on the policy, this may
149: be the default behavior.
150:
151: -�-h�h, -�--�-h�he�el�lp�p Display a short help message to the standard output and exit.
152:
153: -�-h�h _�h_�o_�s_�t, -�--�-h�ho�os�st�t=_�h_�o_�s_�t
154: Run the command on the specified _�h_�o_�s_�t if the security policy
155: plugin supports remote commands. Note that the _�s_�u_�d_�o_�e_�r_�s
156: plugin does not currently support running remote commands.
157: This may also be used in conjunction with the -�-l�l option to
158: list a user's privileges for the remote host.
159:
160: -�-i�i, -�--�-l�lo�og�gi�in�n
161: Run the shell specified by the target user's password
162: database entry as a login shell. This means that login-
163: specific resource files such as _�._�p_�r_�o_�f_�i_�l_�e or _�._�l_�o_�g_�i_�n will be
164: read by the shell. If a command is specified, it is passed
165: to the shell for execution via the shell's -�-c�c option. If no
166: command is specified, an interactive shell is executed. s�su�ud�do�o
167: attempts to change to that user's home directory before
168: running the shell. The command is run with an environment
169: similar to the one a user would receive at log in. The
170: _�C_�o_�m_�m_�a_�n_�d _�E_�n_�v_�i_�r_�o_�n_�m_�e_�n_�t section in the sudoers(4) manual
171: documents how the -�-i�i option affects the environment in which
172: a command is run when the _�s_�u_�d_�o_�e_�r_�s policy is in use.
173:
174: -�-K�K, -�--�-r�re�em�mo�ov�ve�e-�-t�ti�im�me�es�st�ta�am�mp�p
175: Similar to the -�-k�k option, except that it removes the user's
176: cached credentials entirely and may not be used in
1.1.1.3 misho 177: conjunction with a command or other option. This option does
178: not require a password. Not all security policies support
179: credential caching.
180:
1.1.1.5 misho 181: -�-k�k, -�--�-r�re�es�se�et�t-�-t�ti�im�me�es�st�ta�am�mp�p
182: When used without a command, invalidates the user's cached
183: credentials. In other words, the next time s�su�ud�do�o is run a
1.1.1.3 misho 184: password will be required. This option does not require a
185: password and was added to allow a user to revoke s�su�ud�do�o
1.1.1.5 misho 186: permissions from a _�._�l_�o_�g_�o_�u_�t file.
1.1.1.3 misho 187:
188: When used in conjunction with a command or an option that may
1.1.1.5 misho 189: require a password, this option will cause s�su�ud�do�o to ignore the
190: user's cached credentials. As a result, s�su�ud�do�o will prompt for
191: a password (if one is required by the security policy) and
192: will not update the user's cached credentials.
193:
194: Not all security policies support credential caching.
195:
196: -�-l�l, -�--�-l�li�is�st�t If no _�c_�o_�m_�m_�a_�n_�d is specified, list the allowed (and forbidden)
197: commands for the invoking user (or the user specified by the
198: -�-U�U option) on the current host. A longer list format is used
199: if this option is specified multiple times and the security
200: policy supports a verbose output format.
201:
1.1.1.3 misho 202: If a _�c_�o_�m_�m_�a_�n_�d is specified and is permitted by the security
203: policy, the fully-qualified path to the command is displayed
204: along with any command line arguments. If _�c_�o_�m_�m_�a_�n_�d is
205: specified but not allowed, s�su�ud�do�o will exit with a status value
1.1.1.5 misho 206: of 1.
207:
208: -�-n�n, -�--�-n�no�on�n-�-i�in�nt�te�er�ra�ac�ct�ti�iv�ve�e
209: Avoid prompting the user for input of any kind. If a
210: password is required for the command to run, s�su�ud�do�o will
211: display an error message and exit.
212:
213: -�-P�P, -�--�-p�pr�re�es�se�er�rv�ve�e-�-g�gr�ro�ou�up�ps�s
214: Preserve the invoking user's group vector unaltered. By
215: default, the _�s_�u_�d_�o_�e_�r_�s policy will initialize the group vector
216: to the list of groups the target user is a member of. The
217: real and effective group IDs, however, are still set to match
218: the target user.
219:
220: -�-p�p _�p_�r_�o_�m_�p_�t, -�--�-p�pr�ro�om�mp�pt�t=_�p_�r_�o_�m_�p_�t
221: Use a custom password prompt with optional escape sequences.
222: The following percent (`%') escape sequences are supported by
223: the _�s_�u_�d_�o_�e_�r_�s policy:
1.1.1.3 misho 224:
225: %H expanded to the host name including the domain name (on
226: if the machine's host name is fully qualified or the _�f_�q_�d_�n
227: option is set in sudoers(4))
228:
229: %h expanded to the local host name without the domain name
230:
231: %p expanded to the name of the user whose password is being
232: requested (respects the _�r_�o_�o_�t_�p_�w, _�t_�a_�r_�g_�e_�t_�p_�w, and _�r_�u_�n_�a_�s_�p_�w
233: flags in sudoers(4))
234:
235: %U expanded to the login name of the user the command will
236: be run as (defaults to root unless the -�-u�u option is also
237: specified)
238:
239: %u expanded to the invoking user's login name
240:
241: %% two consecutive `%' characters are collapsed into a
242: single `%' character
243:
1.1.1.5 misho 244: The custom prompt will override the system password prompt on
245: systems that support PAM unless the _�p_�a_�s_�s_�p_�r_�o_�m_�p_�t_�__�o_�v_�e_�r_�r_�i_�d_�e flag
246: is disabled in _�s_�u_�d_�o_�e_�r_�s.
247:
248: -�-r�r _�r_�o_�l_�e, -�--�-r�ro�ol�le�e=_�r_�o_�l_�e
249: Run the command with an SELinux security context that
250: includes the specified _�r_�o_�l_�e.
251:
252: -�-S�S, -�--�-s�st�td�di�in�n
253: Write the prompt to the standard error and read the password
254: from the standard input instead of using the terminal device.
255: The password must be followed by a newline character.
256:
257: -�-s�s, -�--�-s�sh�he�el�ll�l
258: Run the shell specified by the SHELL environment variable if
259: it is set or the shell specified by the invoking user's
260: password database entry. If a command is specified, it is
1.1.1.3 misho 261: passed to the shell for execution via the shell's -�-c�c option.
262: If no command is specified, an interactive shell is executed.
263:
1.1.1.5 misho 264: -�-t�t _�t_�y_�p_�e, -�--�-t�ty�yp�pe�e=_�t_�y_�p_�e
265: Run the command with an SELinux security context that
266: includes the specified _�t_�y_�p_�e. If no _�t_�y_�p_�e is specified, the
267: default type is derived from the role.
268:
269: -�-U�U _�u_�s_�e_�r, -�--�-o�ot�th�he�er�r-�-u�us�se�er�r=_�u_�s_�e_�r
270: Used in conjunction with the -�-l�l option to list the privileges
271: for _�u_�s_�e_�r instead of for the invoking user. The security
272: policy may restrict listing other users' privileges. The
273: _�s_�u_�d_�o_�e_�r_�s policy only allows root or a user with the ALL
274: privilege on the current host to use this option.
275:
276: -�-u�u _�u_�s_�e_�r, -�--�-u�us�se�er�r=_�u_�s_�e_�r
277: Run the command as a user other than the default target user
278: (usually _�r_�o_�o_�t _�)_�. The _�u_�s_�e_�r may be either a user name or a
279: numeric user ID (UID) prefixed with the `#' character (e.g.
280: #0 for UID 0). When running commands as a UID, many shells
281: require that the `#' be escaped with a backslash (`\'). Some
282: security policies may restrict UIDs to those listed in the
283: password database. The _�s_�u_�d_�o_�e_�r_�s policy allows UIDs that are
1.1.1.3 misho 284: not in the password database as long as the _�t_�a_�r_�g_�e_�t_�p_�w option
285: is not set. Other security policies may not support this.
286:
1.1.1.5 misho 287: -�-V�V, -�--�-v�ve�er�rs�si�io�on�n
288: Print the s�su�ud�do�o version string as well as the version string
289: of the security policy plugin and any I/O plugins. If the
290: invoking user is already root the -�-V�V option will display the
291: arguments passed to configure when s�su�ud�do�o was built and plugins
292: may display more verbose information such as default options.
1.1.1.3 misho 293:
1.1.1.5 misho 294: -�-v�v, -�--�-v�va�al�li�id�da�at�te�e
295: Update the user's cached credentials, authenticating the user
1.1.1.3 misho 296: if necessary. For the _�s_�u_�d_�o_�e_�r_�s plugin, this extends the s�su�ud�do�o
1.1.1.5 misho 297: timeout for another 5 minutes by default, but does not run a
298: command. Not all security policies support cached
299: credentials.
1.1.1.3 misho 300:
301: -�--�- The -�--�- option indicates that s�su�ud�do�o should stop processing
302: command line arguments.
303:
304: Environment variables to be set for the command may also be passed on the
1.1.1.6 ! misho 305: command line in the form of _�V_�A_�R=_�v_�a_�l_�u_�e, e.g.
! 306: LD_LIBRARY_PATH=_�/_�u_�s_�r_�/_�l_�o_�c_�a_�l_�/_�p_�k_�g_�/_�l_�i_�b. Variables passed on the command line
1.1.1.5 misho 307: are subject to restrictions imposed by the security policy plugin. The
308: _�s_�u_�d_�o_�e_�r_�s policy subjects variables passed on the command line to the same
309: restrictions as normal environment variables with one important
310: exception. If the _�s_�e_�t_�e_�n_�v option is set in _�s_�u_�d_�o_�e_�r_�s, the command to be run
311: has the SETENV tag set or the command matched is ALL, the user may set
312: variables that would otherwise be forbidden. See sudoers(4) for more
313: information.
1.1.1.3 misho 314:
315: C�CO�OM�MM�MA�AN�ND�D E�EX�XE�EC�CU�UT�TI�IO�ON�N
316: When s�su�ud�do�o executes a command, the security policy specifies the execution
1.1.1.5 misho 317: environment for the command. Typically, the real and effective user and
318: group and IDs are set to match those of the target user, as specified in
319: the password database, and the group vector is initialized based on the
320: group database (unless the -�-P�P option was specified).
1.1.1.3 misho 321:
322: The following parameters may be specified by security policy:
323:
324: o�o real and effective user ID
325:
326: o�o real and effective group ID
327:
328: o�o supplementary group IDs
329:
330: o�o the environment list
331:
332: o�o current working directory
333:
334: o�o file creation mode mask (umask)
335:
336: o�o SELinux role and type
337:
338: o�o Solaris project
339:
340: o�o Solaris privileges
341:
342: o�o BSD login class
343:
344: o�o scheduling priority (aka nice value)
345:
346: P�Pr�ro�oc�ce�es�ss�s m�mo�od�de�el�l
347: When s�su�ud�do�o runs a command, it calls fork(2), sets up the execution
348: environment as described above, and calls the execve system call in the
349: child process. The main s�su�ud�do�o process waits until the command has
350: completed, then passes the command's exit status to the security policy's
1.1.1.4 misho 351: close function and exits. If an I/O logging plugin is configured or if
352: the security policy explicitly requests it, a new pseudo-terminal
353: (``pty'') is created and a second s�su�ud�do�o process is used to relay job
354: control signals between the user's existing pty and the new pty the
355: command is being run in. This extra process makes it possible to, for
356: example, suspend and resume the command. Without it, the command would
357: be in what POSIX terms an ``orphaned process group'' and it would not
358: receive any job control signals. As a special case, if the policy plugin
359: does not define a close function and no pty is required, s�su�ud�do�o will
1.1.1.5 misho 360: execute the command directly instead of calling fork(2) first. The
361: _�s_�u_�d_�o_�e_�r_�s policy plugin will only define a close function when I/O logging
362: is enabled, a pty is required, or the _�p_�a_�m_�__�s_�e_�s_�s_�i_�o_�n or _�p_�a_�m_�__�s_�e_�t_�c_�r_�e_�d options
363: are enabled. Note that _�p_�a_�m_�__�s_�e_�s_�s_�i_�o_�n and _�p_�a_�m_�__�s_�e_�t_�c_�r_�e_�d are enabled by
364: default on systems using PAM.
1.1.1.3 misho 365:
366: S�Si�ig�gn�na�al�l h�ha�an�nd�dl�li�in�ng�g
1.1.1.5 misho 367: When the command is run as a child of the s�su�ud�do�o process, s�su�ud�do�o will relay
368: signals it receives to the command. Unless the command is being run in a
369: new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed unless
370: they are sent by a user process, not the kernel. Otherwise, the command
371: would receive SIGINT twice every time the user entered control-C. Some
372: signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will not
373: be relayed to the command. As a general rule, SIGTSTP should be used
1.1.1.3 misho 374: instead of SIGSTOP when you wish to suspend a command being run by s�su�ud�do�o.
375:
376: As a special case, s�su�ud�do�o will not relay signals that were sent by the
377: command it is running. This prevents the command from accidentally
378: killing itself. On some systems, the reboot(1m) command sends SIGTERM to
1.1.1.4 misho 379: all non-system processes other than itself before rebooting the system.
1.1.1.3 misho 380: This prevents s�su�ud�do�o from relaying the SIGTERM signal it received back to
381: reboot(1m), which might then exit before the system was actually rebooted,
382: leaving it in a half-dead state similar to single user mode. Note,
383: however, that this check only applies to the command run by s�su�ud�do�o and not
384: any other processes that the command may create. As a result, running a
385: script that calls reboot(1m) or shutdown(1m) via s�su�ud�do�o may cause the system
386: to end up in this undefined state unless the reboot(1m) or shutdown(1m) are
387: run using the e�ex�xe�ec�c() family of functions instead of s�sy�ys�st�te�em�m() (which
388: interposes a shell between the command and the calling process).
1.1 misho 389:
1.1.1.4 misho 390: If no I/O logging plugins are loaded and the policy plugin has not
391: defined a c�cl�lo�os�se�e() function, set a command timeout or required that the
392: command be run in a new pty, s�su�ud�do�o may execute the command directly
393: instead of running it as a child process.
394:
395: P�Pl�lu�ug�gi�in�ns�s
1.1.1.6 ! misho 396: Plugins may be specified via Plugin directives in the sudo.conf(4) file.
! 397: They may be loaded as dynamic shared objects (on systems that support
! 398: them), or compiled directly into the s�su�ud�do�o binary. If no sudo.conf(4)
! 399: file is present, or it contains no Plugin lines, s�su�ud�do�o will use the
! 400: traditional _�s_�u_�d_�o_�e_�r_�s security policy and I/O logging. See the
! 401: sudo.conf(4) manual for details of the _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f file and the
! 402: sudo_plugin(1m) manual for more information about the s�su�ud�do�o plugin
! 403: architecture.
1.1.1.2 misho 404:
1.1.1.3 misho 405: E�EX�XI�IT�T V�VA�AL�LU�UE�E
406: Upon successful execution of a program, the exit status from _�s_�u_�d_�o will
407: simply be the exit status of the program that was executed.
1.1 misho 408:
1.1.1.3 misho 409: Otherwise, s�su�ud�do�o exits with a value of 1 if there is a
410: configuration/permission problem or if s�su�ud�do�o cannot execute the given
411: command. In the latter case the error string is printed to the standard
412: error. If s�su�ud�do�o cannot stat(2) one or more entries in the user's PATH, an
413: error is printed on stderr. (If the directory does not exist or if it is
414: not really a directory, the entry is ignored and no error is printed.)
415: This should not happen under normal circumstances. The most common
416: reason for stat(2) to return ``permission denied'' is if you are running
417: an automounter and one of the directories in your PATH is on a machine
418: that is currently unreachable.
1.1 misho 419:
420: S�SE�EC�CU�UR�RI�IT�TY�Y N�NO�OT�TE�ES�S
1.1.1.3 misho 421: s�su�ud�do�o tries to be safe when executing external commands.
1.1 misho 422:
1.1.1.3 misho 423: To prevent command spoofing, s�su�ud�do�o checks "." and "" (both denoting
424: current directory) last when searching for a command in the user's PATH
425: (if one or both are in the PATH). Note, however, that the actual PATH
426: environment variable is _�n_�o_�t modified and is passed unchanged to the
427: program that s�su�ud�do�o executes.
428:
429: Please note that s�su�ud�do�o will normally only log the command it explicitly
430: runs. If a user runs a command such as sudo su or sudo sh, subsequent
431: commands run from that shell are not subject to s�su�ud�do�o's security policy.
432: The same is true for commands that offer shell escapes (including most
433: editors). If I/O logging is enabled, subsequent commands will have their
434: input and/or output logged, but there will not be traditional logs for
435: those commands. Because of this, care must be taken when giving users
436: access to commands via s�su�ud�do�o to verify that the command does not
437: inadvertently give the user an effective root shell. For more
438: information, please see the _�P_�R_�E_�V_�E_�N_�T_�I_�N_�G _�S_�H_�E_�L_�L _�E_�S_�C_�A_�P_�E_�S section in
439: sudoers(4).
440:
441: To prevent the disclosure of potentially sensitive information, s�su�ud�do�o
442: disables core dumps by default while it is executing (they are re-enabled
443: for the command that is run). To aid in debugging s�su�ud�do�o crashes, you may
444: wish to re-enable core dumps by setting ``disable_coredump'' to false in
1.1.1.4 misho 445: the sudo.conf(4) file as follows:
1.1.1.3 misho 446:
447: Set disable_coredump false
448:
1.1.1.4 misho 449: See the sudo.conf(4) manual for more information.
1.1.1.2 misho 450:
1.1 misho 451: E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T
1.1.1.3 misho 452: s�su�ud�do�o utilizes the following environment variables. The security policy
453: has control over the actual content of the command's environment.
1.1 misho 454:
1.1.1.3 misho 455: EDITOR Default editor to use in -�-e�e (sudoedit) mode if neither
456: SUDO_EDITOR nor VISUAL is set.
1.1 misho 457:
1.1.1.3 misho 458: MAIL In -�-i�i mode or when _�e_�n_�v_�__�r_�e_�s_�e_�t is enabled in _�s_�u_�d_�o_�e_�r_�s, set
459: to the mail spool of the target user.
1.1 misho 460:
1.1.1.3 misho 461: HOME Set to the home directory of the target user if -�-i�i or -�-H�H
462: are specified, _�e_�n_�v_�__�r_�e_�s_�e_�t or _�a_�l_�w_�a_�y_�s_�__�s_�e_�t_�__�h_�o_�m_�e are set in
463: _�s_�u_�d_�o_�e_�r_�s, or when the -�-s�s option is specified and _�s_�e_�t_�__�h_�o_�m_�e
464: is set in _�s_�u_�d_�o_�e_�r_�s.
1.1 misho 465:
1.1.1.3 misho 466: PATH May be overridden by the security policy.
1.1 misho 467:
1.1.1.3 misho 468: SHELL Used to determine shell to run with -�-s�s option.
1.1 misho 469:
1.1.1.3 misho 470: SUDO_ASKPASS Specifies the path to a helper program used to read the
471: password if no terminal is available or if the -�-A�A option
472: is specified.
1.1 misho 473:
1.1.1.3 misho 474: SUDO_COMMAND Set to the command run by sudo.
1.1 misho 475:
1.1.1.3 misho 476: SUDO_EDITOR Default editor to use in -�-e�e (sudoedit) mode.
1.1 misho 477:
1.1.1.3 misho 478: SUDO_GID Set to the group ID of the user who invoked sudo.
1.1 misho 479:
1.1.1.3 misho 480: SUDO_PROMPT Used as the default password prompt.
1.1 misho 481:
1.1.1.3 misho 482: SUDO_PS1 If set, PS1 will be set to its value for the program
483: being run.
1.1 misho 484:
1.1.1.3 misho 485: SUDO_UID Set to the user ID of the user who invoked sudo.
1.1 misho 486:
1.1.1.3 misho 487: SUDO_USER Set to the login name of the user who invoked sudo.
1.1 misho 488:
1.1.1.3 misho 489: USER Set to the target user (root unless the -�-u�u option is
490: specified).
1.1 misho 491:
1.1.1.3 misho 492: VISUAL Default editor to use in -�-e�e (sudoedit) mode if
493: SUDO_EDITOR is not set.
1.1 misho 494:
495: F�FI�IL�LE�ES�S
1.1.1.3 misho 496: _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f s�su�ud�do�o front end configuration
1.1 misho 497:
498: E�EX�XA�AM�MP�PL�LE�ES�S
1.1.1.3 misho 499: Note: the following examples assume a properly configured security
500: policy.
1.1 misho 501:
1.1.1.3 misho 502: To get a file listing of an unreadable directory:
1.1 misho 503:
1.1.1.3 misho 504: $ sudo ls /usr/local/protected
1.1 misho 505:
1.1.1.3 misho 506: To list the home directory of user yaz on a machine where the file system
507: holding ~yaz is not exported as root:
1.1 misho 508:
1.1.1.3 misho 509: $ sudo -u yaz ls ~yaz
1.1 misho 510:
1.1.1.3 misho 511: To edit the _�i_�n_�d_�e_�x_�._�h_�t_�m_�l file as user www:
1.1 misho 512:
1.1.1.3 misho 513: $ sudo -u www vi ~www/htdocs/index.html
1.1 misho 514:
1.1.1.3 misho 515: To view system logs only accessible to root and users in the adm group:
1.1 misho 516:
1.1.1.3 misho 517: $ sudo -g adm view /var/log/syslog
1.1 misho 518:
1.1.1.3 misho 519: To run an editor as jim with a different primary group:
1.1 misho 520:
1.1.1.3 misho 521: $ sudo -u jim -g audio vi ~jim/sound.txt
1.1 misho 522:
1.1.1.3 misho 523: To shut down a machine:
1.1 misho 524:
1.1.1.3 misho 525: $ sudo shutdown -r +15 "quick reboot"
1.1 misho 526:
1.1.1.3 misho 527: To make a usage listing of the directories in the /home partition. Note
528: that this runs the commands in a sub-shell to make the cd and file
529: redirection work.
1.1 misho 530:
1.1.1.3 misho 531: $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
1.1 misho 532:
533: S�SE�EE�E A�AL�LS�SO�O
1.1.1.4 misho 534: su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudoers(4),
1.1.1.3 misho 535: sudo_plugin(1m), sudoreplay(1m), visudo(1m)
1.1 misho 536:
1.1.1.3 misho 537: H�HI�IS�ST�TO�OR�RY�Y
538: See the HISTORY file in the s�su�ud�do�o distribution
539: (http://www.sudo.ws/sudo/history.html) for a brief history of sudo.
1.1 misho 540:
1.1.1.3 misho 541: A�AU�UT�TH�HO�OR�RS�S
542: Many people have worked on s�su�ud�do�o over the years; this version consists of
543: code written primarily by:
1.1 misho 544:
1.1.1.3 misho 545: Todd C. Miller
1.1.1.2 misho 546:
1.1.1.3 misho 547: See the CONTRIBUTORS file in the s�su�ud�do�o distribution
548: (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
549: people who have contributed to s�su�ud�do�o.
1.1 misho 550:
551: C�CA�AV�VE�EA�AT�TS�S
1.1.1.3 misho 552: There is no easy way to prevent a user from gaining a root shell if that
553: user is allowed to run arbitrary commands via s�su�ud�do�o. Also, many programs
554: (such as editors) allow the user to run commands via shell escapes, thus
555: avoiding s�su�ud�do�o's checks. However, on most systems it is possible to
556: prevent shell escapes with the sudoers(4) plugin's _�n_�o_�e_�x_�e_�c functionality.
557:
558: It is not meaningful to run the cd command directly via sudo, e.g.,
559:
560: $ sudo cd /usr/local/protected
561:
562: since when the command exits the parent process (your shell) will still
563: be the same. Please see the _�E_�X_�A_�M_�P_�L_�E_�S section for more information.
564:
565: Running shell scripts via s�su�ud�do�o can expose the same kernel bugs that make
566: setuid shell scripts unsafe on some operating systems (if your OS has a
567: /dev/fd/ directory, setuid shell scripts are generally safe).
1.1 misho 568:
569: B�BU�UG�GS�S
1.1.1.3 misho 570: If you feel you have found a bug in s�su�ud�do�o, please submit a bug report at
571: http://www.sudo.ws/sudo/bugs/
1.1 misho 572:
573: S�SU�UP�PP�PO�OR�RT�T
1.1.1.3 misho 574: Limited free support is available via the sudo-users mailing list, see
575: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
576: archives.
1.1 misho 577:
578: D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
1.1.1.3 misho 579: s�su�ud�do�o is provided ``AS IS'' and any express or implied warranties,
580: including, but not limited to, the implied warranties of merchantability
581: and fitness for a particular purpose are disclaimed. See the LICENSE
582: file distributed with s�su�ud�do�o or http://www.sudo.ws/sudo/license.html for
583: complete details.
1.1 misho 584:
1.1.1.6 ! misho 585: Sudo 1.8.10 February 15, 2014 Sudo 1.8.10
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc