1: SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
2:
3:
4:
5: N�NA�AM�ME�E
6: sudo, sudoedit - execute a command as another user
7:
8: S�SY�YN�NO�OP�PS�SI�IS�S
9: s�su�ud�do�o -�-h�h | -�-K�K | -�-k�k | -�-V�V
10:
11: s�su�ud�do�o -�-v�v [-�-A�Ak�kn�nS�S] [-�-a�a _�a_�u_�t_�h_�__�t_�y_�p_�e] [-�-g�g _�g_�r_�o_�u_�p _�n_�a_�m_�e|_�#_�g_�i_�d] [-�-p�p _�p_�r_�o_�m_�p_�t]
12: [-�-u�u _�u_�s_�e_�r _�n_�a_�m_�e|_�#_�u_�i_�d]
13:
14: s�su�ud�do�o -�-l�l[�[l�l]�] [-�-A�Ak�kn�nS�S] [-�-a�a _�a_�u_�t_�h_�__�t_�y_�p_�e] [-�-g�g _�g_�r_�o_�u_�p _�n_�a_�m_�e|_�#_�g_�i_�d] [-�-p�p _�p_�r_�o_�m_�p_�t]
15: [-�-U�U _�u_�s_�e_�r _�n_�a_�m_�e] [-�-u�u _�u_�s_�e_�r _�n_�a_�m_�e|_�#_�u_�i_�d] [_�c_�o_�m_�m_�a_�n_�d]
16:
17: s�su�ud�do�o [-�-A�Ab�bE�EH�Hn�nP�PS�S] [-�-a�a _�a_�u_�t_�h_�__�t_�y_�p_�e] [-�-C�C _�f_�d] [-�-c�c _�c_�l_�a_�s_�s|_�-]
18: [-�-g�g _�g_�r_�o_�u_�p _�n_�a_�m_�e|_�#_�g_�i_�d] [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-r�r _�r_�o_�l_�e] [-�-t�t _�t_�y_�p_�e]
19: [-�-u�u _�u_�s_�e_�r _�n_�a_�m_�e|_�#_�u_�i_�d] [V�VA�AR�R=_�v_�a_�l_�u_�e] [-�-i�i | -�-s�s] [_�c_�o_�m_�m_�a_�n_�d]
20:
21: s�su�ud�do�oe�ed�di�it�t [-�-A�An�nS�S] [-�-a�a _�a_�u_�t_�h_�__�t_�y_�p_�e] [-�-C�C _�f_�d] [-�-c�c _�c_�l_�a_�s_�s|_�-]
22: [-�-g�g _�g_�r_�o_�u_�p _�n_�a_�m_�e|_�#_�g_�i_�d] [-�-p�p _�p_�r_�o_�m_�p_�t] [-�-u�u _�u_�s_�e_�r _�n_�a_�m_�e|_�#_�u_�i_�d] file ...
23:
24: D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
25: s�su�ud�do�o allows a permitted user to execute a _�c_�o_�m_�m_�a_�n_�d as the superuser or
26: another user, as specified by the security policy. The real and
27: effective uid and gid are set to match those of the target user, as
28: specified in the password database, and the group vector is initialized
29: based on the group database (unless the -�-P�P option was specified).
30:
31: s�su�ud�do�o supports a plugin architecture for security policies and
32: input/output logging. Third parties can develop and distribute their
33: own policy and I/O logging modules to work seamlessly with the s�su�ud�do�o
34: front end. The default security policy is _�s_�u_�d_�o_�e_�r_�s, which is configured
35: via the file _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s, or via LDAP. See the PLUGINS section for
36: more information.
37:
38: The security policy determines what privileges, if any, a user has to
39: run s�su�ud�do�o. The policy may require that users authenticate themselves
40: with a password or another authentication mechanism. If authentication
41: is required, s�su�ud�do�o will exit if the user's password is not entered
42: within a configurable time limit. This limit is policy-specific; the
43: default password prompt timeout for the _�s_�u_�d_�o_�e_�r_�s security policy is 5
44: minutes.
45:
46: Security policies may support credential caching to allow the user to
47: run s�su�ud�do�o again for a period of time without requiring authentication.
48: The _�s_�u_�d_�o_�e_�r_�s policy caches credentials for 5 minutes, unless overridden
49: in _�s_�u_�d_�o_�e_�r_�s(4). By running s�su�ud�do�o with the -�-v�v option, a user can update
50: the cached credentials without running a _�c_�o_�m_�m_�a_�n_�d.
51:
52: When invoked as s�su�ud�do�oe�ed�di�it�t, the -�-e�e option (described below), is implied.
53:
54: Security policies may log successful and failed attempts to use s�su�ud�do�o.
55: If an I/O plugin is configured, the running command's input and output
56: may be logged as well.
57:
58: O�OP�PT�TI�IO�ON�NS�S
59: s�su�ud�do�o accepts the following command line options:
60:
61: -A Normally, if s�su�ud�do�o requires a password, it will read it from
62: the user's terminal. If the -�-A�A (_�a_�s_�k_�p_�a_�s_�s) option is
63: specified, a (possibly graphical) helper program is
64: executed to read the user's password and output the
65: password to the standard output. If the SUDO_ASKPASS
66: environment variable is set, it specifies the path to the
67: helper program. Otherwise, if _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f contains a
68: line specifying the askpass program, that value will be
69: used. For example:
70:
71: # Path to askpass helper program
72: Path askpass /usr/X11R6/bin/ssh-askpass
73:
74: If no askpass program is available, sudo will exit with an
75: error.
76:
77: -a _�t_�y_�p_�e The -�-a�a (_�a_�u_�t_�h_�e_�n_�t_�i_�c_�a_�t_�i_�o_�n _�t_�y_�p_�e) option causes s�su�ud�do�o to use the
78: specified authentication type when validating the user, as
79: allowed by _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f. The system administrator may
80: specify a list of sudo-specific authentication methods by
81: adding an "auth-sudo" entry in _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f. This
82: option is only available on systems that support BSD
83: authentication.
84:
85: -b The -�-b�b (_�b_�a_�c_�k_�g_�r_�o_�u_�n_�d) option tells s�su�ud�do�o to run the given
86: command in the background. Note that if you use the -�-b�b
87: option you cannot use shell job control to manipulate the
88: process. Most interactive commands will fail to work
89: properly in background mode.
90:
91: -C _�f_�d Normally, s�su�ud�do�o will close all open file descriptors other
92: than standard input, standard output and standard error.
93: The -�-C�C (_�c_�l_�o_�s_�e _�f_�r_�o_�m) option allows the user to specify a
94: starting point above the standard error (file descriptor
95: three). Values less than three are not permitted. The
96: security policy may restrict the user's ability to use the
97: -�-C�C option. The _�s_�u_�d_�o_�e_�r_�s policy only permits use of the -�-C�C
98: option when the administrator has enabled the
99: _�c_�l_�o_�s_�e_�f_�r_�o_�m_�__�o_�v_�e_�r_�r_�i_�d_�e option.
100:
101: -c _�c_�l_�a_�s_�s The -�-c�c (_�c_�l_�a_�s_�s) option causes s�su�ud�do�o to run the specified
102: command with resources limited by the specified login
103: class. The _�c_�l_�a_�s_�s argument can be either a class name as
104: defined in _�/_�e_�t_�c_�/_�l_�o_�g_�i_�n_�._�c_�o_�n_�f, or a single '-' character.
105: Specifying a _�c_�l_�a_�s_�s of - indicates that the command should
106: be run restricted by the default login capabilities for the
107: user the command is run as. If the _�c_�l_�a_�s_�s argument
108: specifies an existing user class, the command must be run
109: as root, or the s�su�ud�do�o command must be run from a shell that
110: is already root. This option is only available on systems
111: with BSD login classes.
112:
113: -E The -�-E�E (_�p_�r_�e_�s_�e_�r_�v_�e _�e_�n_�v_�i_�r_�o_�n_�m_�e_�n_�t) option indicates to the
114: security policy that the user wishes to preserve their
115: existing environment variables. The security policy may
116: return an error if the -�-E�E option is specified and the user
117: does not have permission to preserve the environment.
118:
119: -e The -�-e�e (_�e_�d_�i_�t) option indicates that, instead of running a
120: command, the user wishes to edit one or more files. In
121: lieu of a command, the string "sudoedit" is used when
122: consulting the security policy. If the user is authorized
123: by the policy, the following steps are taken:
124:
125: 1. Temporary copies are made of the files to be edited
126: with the owner set to the invoking user.
127:
128: 2. The editor specified by the policy is run to edit the
129: temporary files. The _�s_�u_�d_�o_�e_�r_�s policy uses the
130: SUDO_EDITOR, VISUAL and EDITOR environment variables
131: (in that order). If none of SUDO_EDITOR, VISUAL or
132: EDITOR are set, the first program listed in the _�e_�d_�i_�t_�o_�r
133: _�s_�u_�d_�o_�e_�r_�s(4) option is used.
134:
135: 3. If they have been modified, the temporary files are
136: copied back to their original location and the
137: temporary versions are removed.
138:
139: If the specified file does not exist, it will be created.
140: Note that unlike most commands run by s�su�ud�do�o, the editor is
141: run with the invoking user's environment unmodified. If,
142: for some reason, s�su�ud�do�o is unable to update a file with its
143: edited version, the user will receive a warning and the
144: edited copy will remain in a temporary file.
145:
146: -g _�g_�r_�o_�u_�p Normally, s�su�ud�do�o runs a command with the primary group set to
147: the one specified by the password database for the user the
148: command is being run as (by default, root). The -�-g�g (_�g_�r_�o_�u_�p)
149: option causes s�su�ud�do�o to run the command with the primary
150: group set to _�g_�r_�o_�u_�p instead. To specify a _�g_�i_�d instead of a
151: _�g_�r_�o_�u_�p _�n_�a_�m_�e, use _�#_�g_�i_�d. When running commands as a _�g_�i_�d, many
152: shells require that the '#' be escaped with a backslash
153: ('\'). If no -�-u�u option is specified, the command will be
154: run as the invoking user (not root). In either case, the
155: primary group will be set to _�g_�r_�o_�u_�p.
156:
157: -H The -�-H�H (_�H_�O_�M_�E) option requests that the security policy set
158: the HOME environment variable to the home directory of the
159: target user (root by default) as specified by the password
160: database. Depending on the policy, this may be the default
161: behavior.
162:
163: -h The -�-h�h (_�h_�e_�l_�p) option causes s�su�ud�do�o to print a short help
164: message to the standard output and exit.
165:
166: -i [command]
167: The -�-i�i (_�s_�i_�m_�u_�l_�a_�t_�e _�i_�n_�i_�t_�i_�a_�l _�l_�o_�g_�i_�n) option runs the shell
168: specified by the password database entry of the target user
169: as a login shell. This means that login-specific resource
170: files such as .profile or .login will be read by the shell.
171: If a command is specified, it is passed to the shell for
172: execution via the shell's -�-c�c option. If no command is
173: specified, an interactive shell is executed. s�su�ud�do�o attempts
174: to change to that user's home directory before running the
175: shell. The security policy shall initialize the
176: environment to a minimal set of variables, similar to what
177: is present when a user logs in. The _�C_�o_�m_�m_�a_�n_�d _�E_�n_�v_�i_�r_�o_�n_�m_�e_�n_�t
178: section in the _�s_�u_�d_�o_�e_�r_�s(4) manual documents how the -�-i�i
179: option affects the environment in which a command is run
180: when the _�s_�u_�d_�o_�e_�r_�s policy is in use.
181:
182: -K The -�-K�K (sure _�k_�i_�l_�l) option is like -�-k�k except that it removes
183: the user's cached credentials entirely and may not be used
184: in conjunction with a command or other option. This option
185: does not require a password. Not all security policies
186: support credential caching.
187:
188: -k [command]
189: When used alone, the -�-k�k (_�k_�i_�l_�l) option to s�su�ud�do�o invalidates
190: the user's cached credentials. The next time s�su�ud�do�o is run a
191: password will be required. This option does not require a
192: password and was added to allow a user to revoke s�su�ud�do�o
193: permissions from a .logout file. Not all security policies
194: support credential caching.
195:
196: When used in conjunction with a command or an option that
197: may require a password, the -�-k�k option will cause s�su�ud�do�o to
198: ignore the user's cached credentials. As a result, s�su�ud�do�o
199: will prompt for a password (if one is required by the
200: security policy) and will not update the user's cached
201: credentials.
202:
203: -l[l] [_�c_�o_�m_�m_�a_�n_�d]
204: If no _�c_�o_�m_�m_�a_�n_�d is specified, the -�-l�l (_�l_�i_�s_�t) option will list
205: the allowed (and forbidden) commands for the invoking user
206: (or the user specified by the -�-U�U option) on the current
207: host. If a _�c_�o_�m_�m_�a_�n_�d is specified and is permitted by the
208: security policy, the fully-qualified path to the command is
209: displayed along with any command line arguments. If
210: _�c_�o_�m_�m_�a_�n_�d is specified but not allowed, s�su�ud�do�o will exit with a
211: status value of 1. If the -�-l�l option is specified with an l�l
212: argument (i.e. -�-l�ll�l), or if -�-l�l is specified multiple times,
213: a longer list format is used.
214:
215: -n The -�-n�n (_�n_�o_�n_�-_�i_�n_�t_�e_�r_�a_�c_�t_�i_�v_�e) option prevents s�su�ud�do�o from
216: prompting the user for a password. If a password is
217: required for the command to run, s�su�ud�do�o will display an error
218: messages and exit.
219:
220: -P The -�-P�P (_�p_�r_�e_�s_�e_�r_�v_�e _�g_�r_�o_�u_�p _�v_�e_�c_�t_�o_�r) option causes s�su�ud�do�o to
221: preserve the invoking user's group vector unaltered. By
222: default, the _�s_�u_�d_�o_�e_�r_�s policy will initialize the group
223: vector to the list of groups the target user is in. The
224: real and effective group IDs, however, are still set to
225: match the target user.
226:
227: -p _�p_�r_�o_�m_�p_�t The -�-p�p (_�p_�r_�o_�m_�p_�t) option allows you to override the default
228: password prompt and use a custom one. The following
229: percent (`%') escapes are supported by the _�s_�u_�d_�o_�e_�r_�s policy:
230:
231: %H expanded to the host name including the domain name (on
232: if the machine's host name is fully qualified or the
233: _�f_�q_�d_�n option is set in _�s_�u_�d_�o_�e_�r_�s(4))
234:
235: %h expanded to the local host name without the domain name
236:
237: %p expanded to the name of the user whose password is
238: being requested (respects the _�r_�o_�o_�t_�p_�w, _�t_�a_�r_�g_�e_�t_�p_�w and
239: _�r_�u_�n_�a_�s_�p_�w flags in _�s_�u_�d_�o_�e_�r_�s(4))
240:
241: %U expanded to the login name of the user the command will
242: be run as (defaults to root unless the -u option is
243: also specified)
244:
245: %u expanded to the invoking user's login name
246:
247: %% two consecutive % characters are collapsed into a
248: single % character
249:
250: The prompt specified by the -�-p�p option will override the
251: system password prompt on systems that support PAM unless
252: the _�p_�a_�s_�s_�p_�r_�o_�m_�p_�t_�__�o_�v_�e_�r_�r_�i_�d_�e flag is disabled in _�s_�u_�d_�o_�e_�r_�s.
253:
254: -r _�r_�o_�l_�e The -�-r�r (_�r_�o_�l_�e) option causes the new (SELinux) security
255: context to have the role specified by _�r_�o_�l_�e.
256:
257: -S The -�-S�S (_�s_�t_�d_�i_�n) option causes s�su�ud�do�o to read the password from
258: the standard input instead of the terminal device. The
259: password must be followed by a newline character.
260:
261: -s [command]
262: The -�-s�s (_�s_�h_�e_�l_�l) option runs the shell specified by the _�S_�H_�E_�L_�L
263: environment variable if it is set or the shell as specified
264: in the password database. If a command is specified, it is
265: passed to the shell for execution via the shell's -�-c�c
266: option. If no command is specified, an interactive shell
267: is executed.
268:
269: -t _�t_�y_�p_�e The -�-t�t (_�t_�y_�p_�e) option causes the new (SELinux) security
270: context to have the type specified by _�t_�y_�p_�e. If no type is
271: specified, the default type is derived from the specified
272: role.
273:
274: -U _�u_�s_�e_�r The -�-U�U (_�o_�t_�h_�e_�r _�u_�s_�e_�r) option is used in conjunction with the
275: -�-l�l option to specify the user whose privileges should be
276: listed. The security policy may restrict listing other
277: users' privileges. The _�s_�u_�d_�o_�e_�r_�s policy only allows root or
278: a user with the ALL privilege on the current host to use
279: this option.
280:
281: -u _�u_�s_�e_�r The -�-u�u (_�u_�s_�e_�r) option causes s�su�ud�do�o to run the specified
282: command as a user other than _�r_�o_�o_�t. To specify a _�u_�i_�d
283: instead of a _�u_�s_�e_�r _�n_�a_�m_�e, use _�#_�u_�i_�d. When running commands as
284: a _�u_�i_�d, many shells require that the '#' be escaped with a
285: backslash ('\'). Security policies may restrict _�u_�i_�ds to
286: those listed in the password database. The _�s_�u_�d_�o_�e_�r_�s policy
287: allows _�u_�i_�ds that are not in the password database as long
288: as the _�t_�a_�r_�g_�e_�t_�p_�w option is not set. Other security policies
289: may not support this.
290:
291: -V The -�-V�V (_�v_�e_�r_�s_�i_�o_�n) option causes s�su�ud�do�o to print its version
292: string and the version string of the security policy plugin
293: and any I/O plugins. If the invoking user is already root
294: the -�-V�V option will display the arguments passed to
295: configure when _�s_�u_�d_�o was built and plugins may display more
296: verbose information such as default options.
297:
298: -v When given the -�-v�v (_�v_�a_�l_�i_�d_�a_�t_�e) option, s�su�ud�do�o will update the
299: user's cached credentials, authenticating the user's
300: password if necessary. For the _�s_�u_�d_�o_�e_�r_�s plugin, this
301: extends the s�su�ud�do�o timeout for another 5 minutes (or whatever
302: the timeout is set to in _�s_�u_�d_�o_�e_�r_�s) but does not run a
303: command. Not all security policies support cached
304: credentials.
305:
306: -- The -�--�- option indicates that s�su�ud�do�o should stop processing
307: command line arguments.
308:
309: Environment variables to be set for the command may also be passed on
310: the command line in the form of V�VA�AR�R=_�v_�a_�l_�u_�e, e.g.
311: L�LD�D_�_L�LI�IB�BR�RA�AR�RY�Y_�_P�PA�AT�TH�H=_�/_�u_�s_�r_�/_�l_�o_�c_�a_�l_�/_�p_�k_�g_�/_�l_�i_�b. Variables passed on the command
312: line are subject to the same restrictions as normal environment
313: variables with one important exception. If the _�s_�e_�t_�e_�n_�v option is set in
314: _�s_�u_�d_�o_�e_�r_�s, the command to be run has the SETENV tag set or the command
315: matched is ALL, the user may set variables that would otherwise be
316: forbidden. See _�s_�u_�d_�o_�e_�r_�s(4) for more information.
317:
318: P�PL�LU�UG�GI�IN�NS�S
319: Plugins are dynamically loaded based on the contents of the
320: _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f file. If no _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f file is present, or it
321: contains no Plugin lines, s�su�ud�do�o will use the traditional _�s_�u_�d_�o_�e_�r_�s
322: security policy and I/O logging, which corresponds to the following
323: _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f file.
324:
325: #
326: # Default /etc/sudo.conf file
327: #
328: # Format:
329: # Plugin plugin_name plugin_path plugin_options ...
330: # Path askpass /path/to/askpass
331: # Path noexec /path/to/sudo_noexec.so
332: # Debug sudo /var/log/sudo_debug all@warn
333: # Set disable_coredump true
334: #
335: # The plugin_path is relative to /usr/local/libexec unless
336: # fully qualified.
337: # The plugin_name corresponds to a global symbol in the plugin
338: # that contains the plugin interface structure.
339: # The plugin_options are optional.
340: #
341: Plugin policy_plugin sudoers.so
342: Plugin io_plugin sudoers.so
343:
344: A Plugin line consists of the Plugin keyword, followed by the
345: _�s_�y_�m_�b_�o_�l_�__�n_�a_�m_�e and the _�p_�a_�t_�h to the shared object containing the plugin.
346: The _�s_�y_�m_�b_�o_�l_�__�n_�a_�m_�e is the name of the struct policy_plugin or struct
347: io_plugin in the plugin shared object. The _�p_�a_�t_�h may be fully qualified
348: or relative. If not fully qualified it is relative to the
349: _�/_�u_�s_�r_�/_�l_�o_�c_�a_�l_�/_�l_�i_�b_�e_�x_�e_�c directory. Any additional parameters after the _�p_�a_�t_�h
350: are passed as arguments to the plugin's _�o_�p_�e_�n function. Lines that
351: don't begin with Plugin, Path, Debug or Set are silently ignored.
352:
353: For more information, see the _�s_�u_�d_�o_�__�p_�l_�u_�g_�i_�n(1m) manual.
354:
355: P�PA�AT�TH�HS�S
356: A Path line consists of the Path keyword, followed by the name of the
357: path to set and its value. E.g.
358:
359: Path noexec /usr/local/libexec/sudo_noexec.so
360: Path askpass /usr/X11R6/bin/ssh-askpass
361:
362: The following plugin-agnostic paths may be set in the _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f
363: file.
364:
365: askpass The fully qualified path to a helper program used to
366: read the user's password when no terminal is available.
367: This may be the case when s�su�ud�do�o is executed from a
368: graphical (as opposed to text-based) application. The
369: program specified by _�a_�s_�k_�p_�a_�s_�s should display the
370: argument passed to it as the prompt and write the
371: user's password to the standard output. The value of
372: _�a_�s_�k_�p_�a_�s_�s may be overridden by the SUDO_ASKPASS
373: environment variable.
374:
375: noexec The fully-qualified path to a shared library containing
376: dummy versions of the _�e_�x_�e_�c_�v_�(_�), _�e_�x_�e_�c_�v_�e_�(_�) and _�f_�e_�x_�e_�c_�v_�e_�(_�)
377: library functions that just return an error. This is
378: used to implement the _�n_�o_�e_�x_�e_�c functionality on systems
379: that support LD_PRELOAD or its equivalent. Defaults to
380: _�/_�u_�s_�r_�/_�l_�o_�c_�a_�l_�/_�l_�i_�b_�e_�x_�e_�c_�/_�s_�u_�d_�o_�__�n_�o_�e_�x_�e_�c_�._�s_�o.
381:
382: D�DE�EB�BU�UG�G F�FL�LA�AG�GS�S
383: s�su�ud�do�o versions 1.8.4 and higher support a flexible debugging framework
384: that can help track down what s�su�ud�do�o is doing internally if there is a
385: problem.
386:
387: A Debug line consists of the Debug keyword, followed by the name of the
388: program to debug (s�su�ud�do�o, v�vi�is�su�ud�do�o, s�su�ud�do�or�re�ep�pl�la�ay�y), the debug file name and a
389: comma-separated list of debug flags. The debug flag syntax used by
390: s�su�ud�do�o and the _�s_�u_�d_�o_�e_�r_�s plugin is _�s_�u_�b_�s_�y_�s_�t_�e_�m@_�p_�r_�i_�o_�r_�i_�t_�y but the plugin is
391: free to use a different format so long as it does not include a command
392: ,.
393:
394: For instance:
395:
396: Debug sudo /var/log/sudo_debug all@warn,plugin@info
397:
398: would log all debugging statements at the _�w_�a_�r_�n level and higher in
399: addition to those at the _�i_�n_�f_�o level for the plugin subsystem.
400:
401: Currently, only one Debug entry per program is supported. The sudo
402: Debug entry is shared by the s�su�ud�do�o front end, s�su�ud�do�oe�ed�di�it�t and the plugins.
403: A future release may add support for per-plugin Debug lines and/or
404: support for multiple debugging files for a single program.
405:
406: The priorities used by the s�su�ud�do�o front end, in order of decreasing
407: severity, are: _�c_�r_�i_�t, _�e_�r_�r, _�w_�a_�r_�n, _�n_�o_�t_�i_�c_�e, _�d_�i_�a_�g, _�i_�n_�f_�o, _�t_�r_�a_�c_�e and _�d_�e_�b_�u_�g.
408: Each priority, when specified, also includes all priorities higher than
409: it. For example, a priority of _�n_�o_�t_�i_�c_�e would include debug messages
410: logged at _�n_�o_�t_�i_�c_�e and higher.
411:
412: The following subsystems are used by s�su�ud�do�o:
413:
414: _�a_�l_�l matches every subsystem
415:
416: _�a_�r_�g_�s command line argument processing
417:
418: _�c_�o_�n_�v user conversation
419:
420: _�e_�d_�i_�t sudoedit
421:
422: _�e_�x_�e_�c command execution
423:
424: _�m_�a_�i_�n s�su�ud�do�o main function
425:
426: _�n_�e_�t_�i_�f network interface handling
427:
428: _�p_�c_�o_�m_�m communication with the plugin
429:
430: _�p_�l_�u_�g_�i_�n plugin configuration
431:
432: _�p_�t_�y pseudo-tty related code
433:
434: _�s_�e_�l_�i_�n_�u_�x SELinux-specific handling
435:
436: _�u_�t_�i_�l utility functions
437:
438: _�u_�t_�m_�p utmp handling
439:
440: R�RE�ET�TU�UR�RN�N V�VA�AL�LU�UE�ES�S
441: Upon successful execution of a program, the exit status from s�su�ud�do�o will
442: simply be the exit status of the program that was executed.
443:
444: Otherwise, s�su�ud�do�o exits with a value of 1 if there is a
445: configuration/permission problem or if s�su�ud�do�o cannot execute the given
446: command. In the latter case the error string is printed to the
447: standard error. If s�su�ud�do�o cannot _�s_�t_�a_�t(2) one or more entries in the
448: user's PATH, an error is printed on stderr. (If the directory does not
449: exist or if it is not really a directory, the entry is ignored and no
450: error is printed.) This should not happen under normal circumstances.
451: The most common reason for _�s_�t_�a_�t(2) to return "permission denied" is if
452: you are running an automounter and one of the directories in your PATH
453: is on a machine that is currently unreachable.
454:
455: S�SE�EC�CU�UR�RI�IT�TY�Y N�NO�OT�TE�ES�S
456: s�su�ud�do�o tries to be safe when executing external commands.
457:
458: To prevent command spoofing, s�su�ud�do�o checks "." and "" (both denoting
459: current directory) last when searching for a command in the user's PATH
460: (if one or both are in the PATH). Note, however, that the actual PATH
461: environment variable is _�n_�o_�t modified and is passed unchanged to the
462: program that s�su�ud�do�o executes.
463:
464: Please note that s�su�ud�do�o will normally only log the command it explicitly
465: runs. If a user runs a command such as sudo su or sudo sh, subsequent
466: commands run from that shell are not subject to s�su�ud�do�o's security policy.
467: The same is true for commands that offer shell escapes (including most
468: editors). If I/O logging is enabled, subsequent commands will have
469: their input and/or output logged, but there will not be traditional
470: logs for those commands. Because of this, care must be taken when
471: giving users access to commands via s�su�ud�do�o to verify that the command
472: does not inadvertently give the user an effective root shell. For more
473: information, please see the PREVENTING SHELL ESCAPES section in
474: _�s_�u_�d_�o_�e_�r_�s(4).
475:
476: To prevent the disclosure of potentially sensitive information, s�su�ud�do�o
477: disables core dumps by default while it is executing (they are re-
478: enabled for the command that is run). To aid in debugging s�su�ud�do�o
479: crashes, you may wish to re-enable core dumps by setting
480: "disable_coredump" to false in the _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f file.
481:
482: Set disable_coredump false
483:
484: Note that by default, most operating systems disable core dumps from
485: setuid programs, which includes s�su�ud�do�o. To actually get a s�su�ud�do�o core file
486: you may need to enable core dumps for setuid processes. On BSD and
487: Linux systems this is accomplished via the sysctl command, on Solaris
488: the coreadm command can be used.
489:
490: E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T
491: s�su�ud�do�o utilizes the following environment variables. The security policy
492: has control over the content of the command's environment.
493:
494: EDITOR Default editor to use in -�-e�e (sudoedit) mode if neither
495: SUDO_EDITOR nor VISUAL is set
496:
497: MAIL In -�-i�i mode or when _�e_�n_�v_�__�r_�e_�s_�e_�t is enabled in _�s_�u_�d_�o_�e_�r_�s, set
498: to the mail spool of the target user
499:
500: HOME Set to the home directory of the target user if -�-i�i or
501: -�-H�H are specified, _�e_�n_�v_�__�r_�e_�s_�e_�t or _�a_�l_�w_�a_�y_�s_�__�s_�e_�t_�__�h_�o_�m_�e are set
502: in _�s_�u_�d_�o_�e_�r_�s, or when the -�-s�s option is specified and
503: _�s_�e_�t_�__�h_�o_�m_�e is set in _�s_�u_�d_�o_�e_�r_�s
504:
505: PATH May be overridden by the security policy.
506:
507: SHELL Used to determine shell to run with -s option
508:
509: SUDO_ASKPASS Specifies the path to a helper program used to read the
510: password if no terminal is available or if the -A
511: option is specified.
512:
513: SUDO_COMMAND Set to the command run by sudo
514:
515: SUDO_EDITOR Default editor to use in -�-e�e (sudoedit) mode
516:
517: SUDO_GID Set to the group ID of the user who invoked sudo
518:
519: SUDO_PROMPT Used as the default password prompt
520:
521: SUDO_PS1 If set, PS1 will be set to its value for the program
522: being run
523:
524: SUDO_UID Set to the user ID of the user who invoked sudo
525:
526: SUDO_USER Set to the login of the user who invoked sudo
527:
528: USER Set to the target user (root unless the -�-u�u option is
529: specified)
530:
531: VISUAL Default editor to use in -�-e�e (sudoedit) mode if
532: SUDO_EDITOR is not set
533:
534: F�FI�IL�LE�ES�S
535: _�/_�e_�t_�c_�/_�s_�u_�d_�o_�._�c_�o_�n_�f s�su�ud�do�o front end configuration
536:
537: E�EX�XA�AM�MP�PL�LE�ES�S
538: Note: the following examples assume a properly configured security
539: policy.
540:
541: To get a file listing of an unreadable directory:
542:
543: $ sudo ls /usr/local/protected
544:
545: To list the home directory of user yaz on a machine where the file
546: system holding ~yaz is not exported as root:
547:
548: $ sudo -u yaz ls ~yaz
549:
550: To edit the _�i_�n_�d_�e_�x_�._�h_�t_�m_�l file as user www:
551:
552: $ sudo -u www vi ~www/htdocs/index.html
553:
554: To view system logs only accessible to root and users in the adm group:
555:
556: $ sudo -g adm view /var/log/syslog
557:
558: To run an editor as jim with a different primary group:
559:
560: $ sudo -u jim -g audio vi ~jim/sound.txt
561:
562: To shutdown a machine:
563:
564: $ sudo shutdown -r +15 "quick reboot"
565:
566: To make a usage listing of the directories in the /home partition.
567: Note that this runs the commands in a sub-shell to make the cd and file
568: redirection work.
569:
570: $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
571:
572: S�SE�EE�E A�AL�LS�SO�O
573: _�g_�r_�e_�p(1), _�s_�u(1), _�s_�t_�a_�t(2), _�l_�o_�g_�i_�n_�__�c_�a_�p(3), _�p_�a_�s_�s_�w_�d(4), _�s_�u_�d_�o_�e_�r_�s(4),
574: _�s_�u_�d_�o_�__�p_�l_�u_�g_�i_�n(1m), _�s_�u_�d_�o_�r_�e_�p_�l_�a_�y(1m), _�v_�i_�s_�u_�d_�o(1m)
575:
576: A�AU�UT�TH�HO�OR�RS�S
577: Many people have worked on s�su�ud�do�o over the years; this version consists
578: of code written primarily by:
579:
580: Todd C. Miller
581:
582: See the CONTRIBUTORS file in the s�su�ud�do�o distribution
583: (http://www.sudo.ws/sudo/contributors.html) for a list of people who
584: have contributed to s�su�ud�do�o.
585:
586: H�HI�IS�ST�TO�OR�RY�Y
587: See the HISTORY file in the s�su�ud�do�o distribution
588: (http://www.sudo.ws/sudo/history.html) for a brief history of sudo.
589:
590: C�CA�AV�VE�EA�AT�TS�S
591: There is no easy way to prevent a user from gaining a root shell if
592: that user is allowed to run arbitrary commands via s�su�ud�do�o. Also, many
593: programs (such as editors) allow the user to run commands via shell
594: escapes, thus avoiding s�su�ud�do�o's checks. However, on most systems it is
595: possible to prevent shell escapes with the _�s_�u_�d_�o_�e_�r_�s(4) module's _�n_�o_�e_�x_�e_�c
596: functionality.
597:
598: It is not meaningful to run the cd command directly via sudo, e.g.,
599:
600: $ sudo cd /usr/local/protected
601:
602: since when the command exits the parent process (your shell) will still
603: be the same. Please see the EXAMPLES section for more information.
604:
605: Running shell scripts via s�su�ud�do�o can expose the same kernel bugs that
606: make setuid shell scripts unsafe on some operating systems (if your OS
607: has a /dev/fd/ directory, setuid shell scripts are generally safe).
608:
609: B�BU�UG�GS�S
610: If you feel you have found a bug in s�su�ud�do�o, please submit a bug report at
611: http://www.sudo.ws/sudo/bugs/
612:
613: S�SU�UP�PP�PO�OR�RT�T
614: Limited free support is available via the sudo-users mailing list, see
615: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
616: the archives.
617:
618: D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
619: s�su�ud�do�o is provided ``AS IS'' and any express or implied warranties,
620: including, but not limited to, the implied warranties of
621: merchantability and fitness for a particular purpose are disclaimed.
622: See the LICENSE file distributed with s�su�ud�do�o or
623: http://www.sudo.ws/sudo/license.html for complete details.
624:
625:
626:
627: 1.8.5 March 15, 2012 SUDO(1m)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc