Annotation of embedaddon/sudo/doc/sudo.man.in, revision 1.1.1.2

1.1.1.2 ! misho       1: .\" Copyright (c) 1994-1996, 1998-2005, 2007-2012
1.1       misho       2: .\"    Todd C. Miller <Todd.Miller@courtesan.com>
                      3: .\" 
                      4: .\" Permission to use, copy, modify, and distribute this software for any
                      5: .\" purpose with or without fee is hereby granted, provided that the above
                      6: .\" copyright notice and this permission notice appear in all copies.
                      7: .\" 
                      8: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
                      9: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
                     10: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
                     11: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
                     12: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
                     13: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
                     14: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
                     15: .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
                     16: .\" 
                     17: .\" Sponsored in part by the Defense Advanced Research Projects
                     18: .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
                     19: .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
                     20: .\" 
                     21: .nr SL @SEMAN@
                     22: .nr BA @BAMAN@
                     23: .nr LC @LCMAN@
                     24: .nr PT @password_timeout@
                     25: .\"
                     26: .\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14)
                     27: .\"
                     28: .\" Standard preamble:
                     29: .\" ========================================================================
                     30: .de Sp \" Vertical space (when we can't use .PP)
                     31: .if t .sp .5v
                     32: .if n .sp
                     33: ..
                     34: .de Vb \" Begin verbatim text
                     35: .ft CW
                     36: .nf
                     37: .ne \\$1
                     38: ..
                     39: .de Ve \" End verbatim text
                     40: .ft R
                     41: .fi
                     42: ..
                     43: .\" Set up some character translations and predefined strings.  \*(-- will
                     44: .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
                     45: .\" double quote, and \*(R" will give a right double quote.  \*(C+ will
                     46: .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
                     47: .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
                     48: .\" nothing in troff, for use with C<>.
                     49: .tr \(*W-
                     50: .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
                     51: .ie n \{\
                     52: .    ds -- \(*W-
                     53: .    ds PI pi
                     54: .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
                     55: .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
                     56: .    ds L" ""
                     57: .    ds R" ""
                     58: .    ds C` 
                     59: .    ds C' 
                     60: 'br\}
                     61: .el\{\
                     62: .    ds -- \|\(em\|
                     63: .    ds PI \(*p
                     64: .    ds L" ``
                     65: .    ds R" ''
                     66: 'br\}
                     67: .\"
                     68: .\" Escape single quotes in literal strings from groff's Unicode transform.
                     69: .ie \n(.g .ds Aq \(aq
                     70: .el       .ds Aq '
                     71: .\"
                     72: .\" If the F register is turned on, we'll generate index entries on stderr for
                     73: .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
                     74: .\" entries marked with X<> in POD.  Of course, you'll have to process the
                     75: .\" output yourself in some meaningful fashion.
                     76: .ie \nF \{\
                     77: .    de IX
                     78: .    tm Index:\\$1\t\\n%\t"\\$2"
                     79: ..
                     80: .    nr % 0
                     81: .    rr F
                     82: .\}
                     83: .el \{\
                     84: .    de IX
                     85: ..
                     86: .\}
                     87: .\"
                     88: .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
                     89: .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
                     90: .    \" fudge factors for nroff and troff
                     91: .if n \{\
                     92: .    ds #H 0
                     93: .    ds #V .8m
                     94: .    ds #F .3m
                     95: .    ds #[ \f1
                     96: .    ds #] \fP
                     97: .\}
                     98: .if t \{\
                     99: .    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
                    100: .    ds #V .6m
                    101: .    ds #F 0
                    102: .    ds #[ \&
                    103: .    ds #] \&
                    104: .\}
                    105: .    \" simple accents for nroff and troff
                    106: .if n \{\
                    107: .    ds ' \&
                    108: .    ds ` \&
                    109: .    ds ^ \&
                    110: .    ds , \&
                    111: .    ds ~ ~
                    112: .    ds /
                    113: .\}
                    114: .if t \{\
                    115: .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
                    116: .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
                    117: .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
                    118: .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
                    119: .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
                    120: .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
                    121: .\}
                    122: .    \" troff and (daisy-wheel) nroff accents
                    123: .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
                    124: .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
                    125: .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
                    126: .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
                    127: .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
                    128: .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
                    129: .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
                    130: .ds ae a\h'-(\w'a'u*4/10)'e
                    131: .ds Ae A\h'-(\w'A'u*4/10)'E
                    132: .    \" corrections for vroff
                    133: .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
                    134: .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
                    135: .    \" for low resolution devices (crt and lpr)
                    136: .if \n(.H>23 .if \n(.V>19 \
                    137: \{\
                    138: .    ds : e
                    139: .    ds 8 ss
                    140: .    ds o a
                    141: .    ds d- d\h'-1'\(ga
                    142: .    ds D- D\h'-1'\(hy
                    143: .    ds th \o'bp'
                    144: .    ds Th \o'LP'
                    145: .    ds ae ae
                    146: .    ds Ae AE
                    147: .\}
                    148: .rm #[ #] #H #V #F C
                    149: .\" ========================================================================
                    150: .\"
                    151: .IX Title "SUDO @mansectsu@"
1.1.1.2 ! misho     152: .TH SUDO @mansectsu@ "March 15, 2012" "1.8.5" "MAINTENANCE COMMANDS"
1.1       misho     153: .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
                    154: .\" way too many mistakes in technical documents.
                    155: .if n .ad l
                    156: .nh
                    157: .SH "NAME"
                    158: sudo, sudoedit \- execute a command as another user
                    159: .SH "SYNOPSIS"
                    160: .IX Header "SYNOPSIS"
1.1.1.2 ! misho     161: \&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR
1.1       misho     162: .PP
                    163: \&\fBsudo\fR \fB\-v\fR [\fB\-AknS\fR]
                    164: .if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
                    165: [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
                    166: [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR]
                    167: .PP
                    168: \&\fBsudo\fR \fB\-l[l]\fR [\fB\-AknS\fR]
                    169: .if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
                    170: [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
                    171: [\fB\-U\fR\ \fIuser\ name\fR] [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] [\fIcommand\fR]
                    172: .PP
                    173: \&\fBsudo\fR [\fB\-AbEHnPS\fR]
                    174: .if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
                    175: [\fB\-C\fR\ \fIfd\fR]
                    176: .if \n(LC [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
                    177: [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
                    178: .if \n(SL [\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR]
                    179: [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR]
                    180: [\fB\s-1VAR\s0\fR=\fIvalue\fR] [\fB\-i\fR\ |\ \fB\-s\fR] [\fIcommand\fR]
                    181: .PP
                    182: \&\fBsudoedit\fR [\fB\-AnS\fR]
                    183: .if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
                    184: [\fB\-C\fR\ \fIfd\fR]
                    185: .if \n(LC [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
                    186: [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
                    187: [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] file ...
                    188: .SH "DESCRIPTION"
                    189: .IX Header "DESCRIPTION"
                    190: \&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
                    191: superuser or another user, as specified by the security policy.
                    192: The real and effective uid and gid are set to match those of the
                    193: target user, as specified in the password database, and the group
                    194: vector is initialized based on the group database (unless the \fB\-P\fR
                    195: option was specified).
                    196: .PP
                    197: \&\fBsudo\fR supports a plugin architecture for security policies and
                    198: input/output logging.  Third parties can develop and distribute
1.1.1.2 ! misho     199: their own policy and I/O logging modules to work seamlessly with
1.1       misho     200: the \fBsudo\fR front end.  The default security policy is \fIsudoers\fR,
                    201: which is configured via the file \fI@sysconfdir@/sudoers\fR, or via
                    202: \&\s-1LDAP\s0.  See the \s-1PLUGINS\s0 section for more information.
                    203: .PP
                    204: The security policy determines what privileges, if any, a user has
                    205: to run \fBsudo\fR.  The policy may require that users authenticate
                    206: themselves with a password or another authentication mechanism.  If
                    207: authentication is required, \fBsudo\fR will exit if the user's password
                    208: is not entered within a configurable time limit.  This limit is
                    209: policy-specific; the default password prompt timeout for the
                    210: \&\fIsudoers\fR security policy is 
                    211: .ie \n(PT \f(CW\*(C`@password_timeout@\*(C'\fR minutes.
                    212: .el unlimited.
                    213: .PP
                    214: Security policies may support credential caching to allow the user
                    215: to run \fBsudo\fR again for a period of time without requiring
                    216: authentication.  The \fIsudoers\fR policy caches credentials for
                    217: \&\f(CW\*(C`@timeout@\*(C'\fR minutes, unless overridden in \fIsudoers\fR\|(@mansectform@).  By
                    218: running \fBsudo\fR with the \fB\-v\fR option, a user can update the cached
                    219: credentials without running a \fIcommand\fR.
                    220: .PP
                    221: When invoked as \fBsudoedit\fR, the \fB\-e\fR option (described below),
                    222: is implied.
                    223: .PP
                    224: Security policies may log successful and failed attempts to use
                    225: \&\fBsudo\fR.  If an I/O plugin is configured, the running command's
                    226: input and output may be logged as well.
                    227: .SH "OPTIONS"
                    228: .IX Header "OPTIONS"
                    229: \&\fBsudo\fR accepts the following command line options:
                    230: .IP "\-A" 12
                    231: .IX Item "-A"
                    232: Normally, if \fBsudo\fR requires a password, it will read it from the
                    233: user's terminal.  If the \fB\-A\fR (\fIaskpass\fR) option is specified,
                    234: a (possibly graphical) helper program is executed to read the user's
                    235: password and output the password to the standard output.  If the
                    236: \&\f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable is set, it specifies the path
                    237: to the helper program.  Otherwise, if \fI@sysconfdir@/sudo.conf\fR
                    238: contains a line specifying the askpass program, that value will be
                    239: used.  For example:
                    240: .Sp
                    241: .Vb 2
                    242: \&    # Path to askpass helper program
                    243: \&    Path askpass /usr/X11R6/bin/ssh\-askpass
                    244: .Ve
                    245: .Sp
                    246: If no askpass program is available, sudo will exit with an error.
                    247: .if \n(BA \{\
                    248: .IP "\-a \fItype\fR" 12
                    249: .IX Item "-a type"
                    250: The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
                    251: specified authentication type when validating the user, as allowed
                    252: by \fI/etc/login.conf\fR.  The system administrator may specify a list
                    253: of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R"
                    254: entry in \fI/etc/login.conf\fR.  This option is only available on systems
                    255: that support \s-1BSD\s0 authentication.
                    256: \}
                    257: .IP "\-b" 12
                    258: .IX Item "-b"
                    259: The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
                    260: command in the background.  Note that if you use the \fB\-b\fR
                    261: option you cannot use shell job control to manipulate the process.
                    262: Most interactive commands will fail to work properly in background
                    263: mode.
                    264: .IP "\-C \fIfd\fR" 12
                    265: .IX Item "-C fd"
                    266: Normally, \fBsudo\fR will close all open file descriptors other than
                    267: standard input, standard output and standard error.  The \fB\-C\fR
                    268: (\fIclose from\fR) option allows the user to specify a starting point
                    269: above the standard error (file descriptor three).  Values less than
                    270: three are not permitted.  The security policy may restrict the
                    271: user's ability to use the \fB\-C\fR option.  The \fIsudoers\fR policy only
                    272: permits use of the \fB\-C\fR option when the administrator has enabled
                    273: the \fIclosefrom_override\fR option.
                    274: .if \n(LC \{\
                    275: .IP "\-c \fIclass\fR" 12
                    276: .IX Item "-c class"
                    277: The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
                    278: with resources limited by the specified login class.  The \fIclass\fR
                    279: argument can be either a class name as defined in \fI/etc/login.conf\fR,
                    280: or a single '\-' character.  Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates
                    281: that the command should be run restricted by the default login
                    282: capabilities for the user the command is run as.  If the \fIclass\fR
                    283: argument specifies an existing user class, the command must be run
                    284: as root, or the \fBsudo\fR command must be run from a shell that is already
                    285: root.  This option is only available on systems with \s-1BSD\s0 login classes.
                    286: \}
                    287: .IP "\-E" 12
                    288: .IX Item "-E"
                    289: The \fB\-E\fR (\fIpreserve\fR \fIenvironment\fR) option indicates to the
                    290: security policy that the user wishes to preserve their existing
                    291: environment variables.  The security policy may return an error if
                    292: the \fB\-E\fR option is specified and the user does not have permission
                    293: to preserve the environment.
                    294: .IP "\-e" 12
                    295: .IX Item "-e"
                    296: The \fB\-e\fR (\fIedit\fR) option indicates that, instead of running a
                    297: command, the user wishes to edit one or more files.  In lieu of a
                    298: command, the string \*(L"sudoedit\*(R" is used when consulting the security
                    299: policy.  If the user is authorized by the policy, the following
                    300: steps are taken:
                    301: .RS 12
                    302: .IP "1." 4
                    303: Temporary copies are made of the files to be edited with the owner
                    304: set to the invoking user.
                    305: .IP "2." 4
                    306: The editor specified by the policy is run to edit the temporary files.
                    307: The \fIsudoers\fR policy uses the \f(CW\*(C`SUDO_EDITOR\*(C'\fR, \f(CW\*(C`VISUAL\*(C'\fR and \f(CW\*(C`EDITOR\*(C'\fR
                    308: environment variables (in that order).  If none of \f(CW\*(C`SUDO_EDITOR\*(C'\fR,
                    309: \&\f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR are set, the first program listed in the
                    310: \&\fIeditor\fR \fIsudoers\fR\|(@mansectform@) option is used.
                    311: .IP "3." 4
                    312: If they have been modified, the temporary files are copied back to
                    313: their original location and the temporary versions are removed.
                    314: .RE
                    315: .RS 12
                    316: .Sp
                    317: If the specified file does not exist, it will be created.  Note
                    318: that unlike most commands run by \fBsudo\fR, the editor is run with
                    319: the invoking user's environment unmodified.  If, for some reason,
                    320: \&\fBsudo\fR is unable to update a file with its edited version, the
                    321: user will receive a warning and the edited copy will remain in a
                    322: temporary file.
                    323: .RE
                    324: .IP "\-g \fIgroup\fR" 12
                    325: .IX Item "-g group"
                    326: Normally, \fBsudo\fR runs a command with the primary group set to the
                    327: one specified by the password database for the user the command is
                    328: being run as (by default, root).  The \fB\-g\fR (\fIgroup\fR) option causes
                    329: \&\fBsudo\fR to run the command with the primary group set to \fIgroup\fR
                    330: instead.  To specify a \fIgid\fR instead of a \fIgroup name\fR, use
                    331: \&\fI#gid\fR.  When running commands as a \fIgid\fR, many shells require
                    332: that the '#' be escaped with a backslash ('\e').  If no \fB\-u\fR option
                    333: is specified, the command will be run as the invoking user (not
                    334: root).  In either case, the primary group will be set to \fIgroup\fR.
                    335: .IP "\-H" 12
                    336: .IX Item "-H"
                    337: The \fB\-H\fR (\fI\s-1HOME\s0\fR) option requests that the security policy set
                    338: the \f(CW\*(C`HOME\*(C'\fR environment variable to the home directory of the target
                    339: user (root by default) as specified by the password database.
                    340: Depending on the policy, this may be the default behavior.
                    341: .IP "\-h" 12
                    342: .IX Item "-h"
                    343: The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a short help message
                    344: to the standard output and exit.
                    345: .IP "\-i [command]" 12
                    346: .IX Item "-i [command]"
                    347: The \fB\-i\fR (\fIsimulate initial login\fR) option runs the shell specified
                    348: by the password database entry of the target user as a login shell.
                    349: This means that login-specific resource files such as \f(CW\*(C`.profile\*(C'\fR
                    350: or \f(CW\*(C`.login\*(C'\fR will be read by the shell.  If a command is specified,
                    351: it is passed to the shell for execution via the shell's \fB\-c\fR option.
                    352: If no command is specified, an interactive shell is executed.
                    353: \&\fBsudo\fR attempts to change to that user's home directory before
                    354: running the shell.  The security policy shall initialize the
                    355: environment to a minimal set of variables, similar to what is present
                    356: when a user logs in.  The \fICommand Environment\fR section in the
                    357: \&\fIsudoers\fR\|(@mansectform@) manual documents how the \fB\-i\fR option affects the
                    358: environment in which a command is run when the \fIsudoers\fR policy
                    359: is in use.
                    360: .IP "\-K" 12
                    361: .IX Item "-K"
                    362: The \fB\-K\fR (sure \fIkill\fR) option is like \fB\-k\fR except that it removes
                    363: the user's cached credentials entirely and may not be used in
                    364: conjunction with a command or other option.  This option does not
                    365: require a password.  Not all security policies support credential
                    366: caching.
                    367: .IP "\-k [command]" 12
                    368: .IX Item "-k [command]"
                    369: When used alone, the \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates
                    370: the user's cached credentials.  The next time \fBsudo\fR is run a
                    371: password will be required.  This option does not require a password
                    372: and was added to allow a user to revoke \fBsudo\fR permissions from a
                    373: \&.logout file.  Not all security policies support credential
                    374: caching.
                    375: .Sp
                    376: When used in conjunction with a command or an option that may require
                    377: a password, the \fB\-k\fR option will cause \fBsudo\fR to ignore the user's
                    378: cached credentials.  As a result, \fBsudo\fR will prompt for a password
                    379: (if one is required by the security policy) and will not update the
                    380: user's cached credentials.
                    381: .IP "\-l[l] [\fIcommand\fR]" 12
                    382: .IX Item "-l[l] [command]"
                    383: If no \fIcommand\fR is specified, the \fB\-l\fR (\fIlist\fR) option will list
                    384: the allowed (and forbidden) commands for the invoking user (or the
                    385: user specified by the \fB\-U\fR option) on the current host.  If a
                    386: \&\fIcommand\fR is specified and is permitted by the security policy,
                    387: the fully-qualified path to the command is displayed along with any
                    388: command line arguments.  If \fIcommand\fR is specified but not allowed,
                    389: \&\fBsudo\fR will exit with a status value of 1.  If the \fB\-l\fR option
                    390: is specified with an \fBl\fR argument (i.e. \fB\-ll\fR), or if \fB\-l\fR is
                    391: specified multiple times, a longer list format is used.
                    392: .IP "\-n" 12
                    393: .IX Item "-n"
                    394: The \fB\-n\fR (\fInon-interactive\fR) option prevents \fBsudo\fR from prompting
                    395: the user for a password.  If a password is required for the command
                    396: to run, \fBsudo\fR will display an error messages and exit.
                    397: .IP "\-P" 12
                    398: .IX Item "-P"
                    399: The \fB\-P\fR (\fIpreserve\fR \fIgroup vector\fR) option causes \fBsudo\fR to
                    400: preserve the invoking user's group vector unaltered.  By default,
                    401: the \fIsudoers\fR policy will initialize the group vector to the list
                    402: of groups the target user is in.  The real and effective group IDs,
                    403: however, are still set to match the target user.
                    404: .IP "\-p \fIprompt\fR" 12
                    405: .IX Item "-p prompt"
                    406: The \fB\-p\fR (\fIprompt\fR) option allows you to override the default
                    407: password prompt and use a custom one.  The following percent (`\f(CW\*(C`%\*(C'\fR')
                    408: escapes are supported by the \fIsudoers\fR policy:
                    409: .RS 12
                    410: .ie n .IP "%H" 4
                    411: .el .IP "\f(CW%H\fR" 4
                    412: .IX Item "%H"
                    413: expanded to the host name including the domain name (on if
                    414: the machine's host name is fully qualified or the \fIfqdn\fR option
                    415: is set in \fIsudoers\fR\|(@mansectform@))
                    416: .ie n .IP "%h" 4
                    417: .el .IP "\f(CW%h\fR" 4
                    418: .IX Item "%h"
                    419: expanded to the local host name without the domain name
                    420: .ie n .IP "%p" 4
                    421: .el .IP "\f(CW%p\fR" 4
                    422: .IX Item "%p"
                    423: expanded to the name of the user whose password is being requested
                    424: (respects the \fIrootpw\fR, \fItargetpw\fR and \fIrunaspw\fR flags in
                    425: \&\fIsudoers\fR\|(@mansectform@))
                    426: .ie n .IP "%U" 4
                    427: .el .IP "\f(CW%U\fR" 4
                    428: .IX Item "%U"
                    429: expanded to the login name of the user the command will be run as
                    430: (defaults to root unless the \f(CW\*(C`\-u\*(C'\fR option is also specified)
                    431: .ie n .IP "%u" 4
                    432: .el .IP "\f(CW%u\fR" 4
                    433: .IX Item "%u"
                    434: expanded to the invoking user's login name
                    435: .ie n .IP "\*(C`%%\*(C'" 4
                    436: .el .IP "\f(CW\*(C`%%\*(C'\fR" 4
                    437: .IX Item "%%"
                    438: two consecutive \f(CW\*(C`%\*(C'\fR characters are collapsed into a single \f(CW\*(C`%\*(C'\fR character
                    439: .RE
                    440: .RS 12
                    441: .Sp
                    442: The prompt specified by the \fB\-p\fR option will override the system
                    443: password prompt on systems that support \s-1PAM\s0 unless the
                    444: \&\fIpassprompt_override\fR flag is disabled in \fIsudoers\fR.
                    445: .RE
                    446: .if \n(SL \{\
                    447: .IP "\-r \fIrole\fR" 12
                    448: .IX Item "-r role"
                    449: The \fB\-r\fR (\fIrole\fR) option causes the new (SELinux) security context to 
                    450: have the role specified by \fIrole\fR.
                    451: \}
                    452: .IP "\-S" 12
                    453: .IX Item "-S"
                    454: The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
                    455: the standard input instead of the terminal device.  The password must
                    456: be followed by a newline character.
                    457: .IP "\-s [command]" 12
                    458: .IX Item "-s [command]"
                    459: The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
                    460: environment variable if it is set or the shell as specified in the
                    461: password database.  If a command is specified, it is passed to the
                    462: shell for execution via the shell's \fB\-c\fR option.  If no command
                    463: is specified, an interactive shell is executed.
                    464: .if \n(SL \{\
                    465: .IP "\-t \fItype\fR" 12
                    466: .IX Item "-t type"
                    467: The \fB\-t\fR (\fItype\fR) option causes the new (SELinux) security context to 
                    468: have the type specified by \fItype\fR.  If no type is specified, the default
                    469: type is derived from the specified role.
                    470: \}
                    471: .IP "\-U \fIuser\fR" 12
                    472: .IX Item "-U user"
                    473: The \fB\-U\fR (\fIother user\fR) option is used in conjunction with the
                    474: \&\fB\-l\fR option to specify the user whose privileges should be listed.
                    475: The security policy may restrict listing other users' privileges.
                    476: The \fIsudoers\fR policy only allows root or a user with the \f(CW\*(C`ALL\*(C'\fR
                    477: privilege on the current host to use this option.
                    478: .IP "\-u \fIuser\fR" 12
                    479: .IX Item "-u user"
                    480: The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified
                    481: command as a user other than \fIroot\fR.  To specify a \fIuid\fR instead
                    482: of a \fIuser name\fR, use \fI#uid\fR.  When running commands as a \fIuid\fR,
                    483: many shells require that the '#' be escaped with a backslash ('\e').
                    484: Security policies may restrict \fIuid\fRs to those listed in the
                    485: password database.  The \fIsudoers\fR policy allows \fIuid\fRs that are
                    486: not in the password database as long as the \fItargetpw\fR option is
                    487: not set.  Other security policies may not support this.
                    488: .IP "\-V" 12
                    489: .IX Item "-V"
                    490: The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print its version
                    491: string and the version string of the security policy plugin and any
                    492: I/O plugins.  If the invoking user is already root the \fB\-V\fR option
                    493: will display the arguments passed to configure when \fIsudo\fR was
                    494: built and plugins may display more verbose information such as
                    495: default options.
                    496: .IP "\-v" 12
                    497: .IX Item "-v"
                    498: When given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
                    499: user's cached credentials, authenticating the user's password if
                    500: necessary.  For the \fIsudoers\fR plugin, this extends the \fBsudo\fR
                    501: timeout for another \f(CW\*(C`@timeout@\*(C'\fR minutes (or whatever the timeout
                    502: is set to in \fIsudoers\fR) but does not run a command.  Not all
                    503: security policies support cached credentials.
                    504: .IP "\-\-" 12
                    505: The \fB\-\-\fR option indicates that \fBsudo\fR should stop processing command
                    506: line arguments.
                    507: .PP
                    508: Environment variables to be set for the command may also be passed
                    509: on the command line in the form of \fB\s-1VAR\s0\fR=\fIvalue\fR, e.g.
                    510: \&\fB\s-1LD_LIBRARY_PATH\s0\fR=\fI/usr/local/pkg/lib\fR.  Variables passed on the
                    511: command line are subject to the same restrictions as normal environment
                    512: variables with one important exception.  If the \fIsetenv\fR option
                    513: is set in \fIsudoers\fR, the command to be run has the \f(CW\*(C`SETENV\*(C'\fR tag
                    514: set or the command matched is \f(CW\*(C`ALL\*(C'\fR, the user may set variables
1.1.1.2 ! misho     515: that would otherwise be forbidden.  See \fIsudoers\fR\|(@mansectform@) for more information.
1.1       misho     516: .SH "PLUGINS"
                    517: .IX Header "PLUGINS"
                    518: Plugins are dynamically loaded based on the contents of the
                    519: \&\fI@sysconfdir@/sudo.conf\fR file.  If no \fI@sysconfdir@/sudo.conf\fR
                    520: file is present, or it contains no \f(CW\*(C`Plugin\*(C'\fR lines, \fBsudo\fR
                    521: will use the traditional \fIsudoers\fR security policy and I/O logging,
                    522: which corresponds to the following \fI@sysconfdir@/sudo.conf\fR file.
                    523: .PP
                    524: .Vb 10
                    525: \& #
                    526: \& # Default @sysconfdir@/sudo.conf file
                    527: \& #
                    528: \& # Format:
1.1.1.2 ! misho     529: \& #   Plugin plugin_name plugin_path plugin_options ...
1.1       misho     530: \& #   Path askpass /path/to/askpass
1.1.1.2 ! misho     531: \& #   Path noexec /path/to/sudo_noexec.so
        !           532: \& #   Debug sudo /var/log/sudo_debug all@warn
        !           533: \& #   Set disable_coredump true
1.1       misho     534: \& #
                    535: \& # The plugin_path is relative to @prefix@/libexec unless
                    536: \& #   fully qualified.
                    537: \& # The plugin_name corresponds to a global symbol in the plugin
                    538: \& #   that contains the plugin interface structure.
1.1.1.2 ! misho     539: \& # The plugin_options are optional.
1.1       misho     540: \& #
                    541: \& Plugin policy_plugin sudoers.so
                    542: \& Plugin io_plugin sudoers.so
                    543: .Ve
                    544: .PP
                    545: A \f(CW\*(C`Plugin\*(C'\fR line consists of the \f(CW\*(C`Plugin\*(C'\fR keyword, followed by the
                    546: \&\fIsymbol_name\fR and the \fIpath\fR to the shared object containing the
                    547: plugin.  The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR
                    548: or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object.  The \fIpath\fR
                    549: may be fully qualified or relative.  If not fully qualified it is
                    550: relative to the \fI@prefix@/libexec\fR directory.  Any additional
1.1.1.2 ! misho     551: parameters after the \fIpath\fR are passed as arguments to the plugin's
        !           552: \&\fIopen\fR function.  Lines that don't begin with \f(CW\*(C`Plugin\*(C'\fR, \f(CW\*(C`Path\*(C'\fR,
        !           553: \&\f(CW\*(C`Debug\*(C'\fR or \f(CW\*(C`Set\*(C'\fR are silently ignored.
1.1       misho     554: .PP
                    555: For more information, see the \fIsudo_plugin\fR\|(@mansectsu@) manual.
                    556: .SH "PATHS"
                    557: .IX Header "PATHS"
                    558: A \f(CW\*(C`Path\*(C'\fR line consists of the \f(CW\*(C`Path\*(C'\fR keyword, followed by the
                    559: name of the path to set and its value.  E.g.
                    560: .PP
                    561: .Vb 2
                    562: \& Path noexec @noexec_file@
                    563: \& Path askpass /usr/X11R6/bin/ssh\-askpass
                    564: .Ve
                    565: .PP
                    566: The following plugin-agnostic paths may be set in the
                    567: \&\fI@sysconfdir@/sudo.conf\fR file.
                    568: .IP "askpass" 16
                    569: .IX Item "askpass"
                    570: The fully qualified path to a helper program used to read the user's
                    571: password when no terminal is available.  This may be the case when
                    572: \&\fBsudo\fR is executed from a graphical (as opposed to text-based)
                    573: application.  The program specified by \fIaskpass\fR should display
                    574: the argument passed to it as the prompt and write the user's password
                    575: to the standard output.  The value of \fIaskpass\fR may be overridden
                    576: by the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable.
                    577: .IP "noexec" 16
                    578: .IX Item "noexec"
                    579: The fully-qualified path to a shared library containing dummy
                    580: versions of the \fIexecv()\fR, \fIexecve()\fR and \fIfexecve()\fR library functions
                    581: that just return an error.  This is used to implement the \fInoexec\fR
                    582: functionality on systems that support \f(CW\*(C`LD_PRELOAD\*(C'\fR or its equivalent.
                    583: Defaults to \fI@noexec_file@\fR.
1.1.1.2 ! misho     584: .SH "DEBUG FLAGS"
        !           585: .IX Header "DEBUG FLAGS"
        !           586: \&\fBsudo\fR versions 1.8.4 and higher support a flexible debugging
        !           587: framework that can help track down what \fBsudo\fR is doing internally
        !           588: if there is a problem.
        !           589: .PP
        !           590: A \f(CW\*(C`Debug\*(C'\fR line consists of the \f(CW\*(C`Debug\*(C'\fR keyword, followed by the
        !           591: name of the program to debug (\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR),
        !           592: the debug file name and a comma-separated list of debug flags.
        !           593: The debug flag syntax used by \fBsudo\fR and the \fIsudoers\fR plugin is
        !           594: \&\fIsubsystem\fR@\fIpriority\fR but the plugin is free to use a different
        !           595: format so long as it does not include a command \f(CW\*(C`,\*(C'\fR.
        !           596: .PP
        !           597: For instance:
        !           598: .PP
        !           599: .Vb 1
        !           600: \& Debug sudo /var/log/sudo_debug all@warn,plugin@info
        !           601: .Ve
        !           602: .PP
        !           603: would log all debugging statements at the \fIwarn\fR level and higher
        !           604: in addition to those at the \fIinfo\fR level for the plugin subsystem.
        !           605: .PP
        !           606: Currently, only one \f(CW\*(C`Debug\*(C'\fR entry per program is supported.  The
        !           607: \&\f(CW\*(C`sudo\*(C'\fR \f(CW\*(C`Debug\*(C'\fR entry is shared by the \fBsudo\fR front end, \fBsudoedit\fR
        !           608: and the plugins.  A future release may add support for per-plugin
        !           609: \&\f(CW\*(C`Debug\*(C'\fR lines and/or support for multiple debugging files for a
        !           610: single program.
        !           611: .PP
        !           612: The priorities used by the \fBsudo\fR front end, in order of decreasing
        !           613: severity, are: \fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR,
        !           614: \&\fItrace\fR and \fIdebug\fR.  Each priority, when specified, also includes
        !           615: all priorities higher than it.  For example, a priority of \fInotice\fR
        !           616: would include debug messages logged at \fInotice\fR and higher.
        !           617: .PP
        !           618: The following subsystems are used by \fBsudo\fR:
        !           619: .IP "\fIall\fR" 10
        !           620: .IX Item "all"
        !           621: matches every subsystem
        !           622: .IP "\fIargs\fR" 10
        !           623: .IX Item "args"
        !           624: command line argument processing
        !           625: .IP "\fIconv\fR" 10
        !           626: .IX Item "conv"
        !           627: user conversation
        !           628: .IP "\fIedit\fR" 10
        !           629: .IX Item "edit"
        !           630: sudoedit
        !           631: .IP "\fIexec\fR" 10
        !           632: .IX Item "exec"
        !           633: command execution
        !           634: .IP "\fImain\fR" 10
        !           635: .IX Item "main"
        !           636: \&\fBsudo\fR main function
        !           637: .IP "\fInetif\fR" 10
        !           638: .IX Item "netif"
        !           639: network interface handling
        !           640: .IP "\fIpcomm\fR" 10
        !           641: .IX Item "pcomm"
        !           642: communication with the plugin
        !           643: .IP "\fIplugin\fR" 10
        !           644: .IX Item "plugin"
        !           645: plugin configuration
        !           646: .IP "\fIpty\fR" 10
        !           647: .IX Item "pty"
        !           648: pseudo-tty related code
        !           649: .IP "\fIselinux\fR" 10
        !           650: .IX Item "selinux"
        !           651: SELinux-specific handling
        !           652: .IP "\fIutil\fR" 10
        !           653: .IX Item "util"
        !           654: utility functions
        !           655: .IP "\fIutmp\fR" 10
        !           656: .IX Item "utmp"
        !           657: utmp handling
1.1       misho     658: .SH "RETURN VALUES"
                    659: .IX Header "RETURN VALUES"
                    660: Upon successful execution of a program, the exit status from \fBsudo\fR
                    661: will simply be the exit status of the program that was executed.
                    662: .PP
                    663: Otherwise, \fBsudo\fR exits with a value of 1 if there is a
                    664: configuration/permission problem or if \fBsudo\fR cannot execute the
                    665: given command.  In the latter case the error string is printed to
                    666: the standard error.  If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries
                    667: in the user's \f(CW\*(C`PATH\*(C'\fR, an error is printed on stderr.  (If the
                    668: directory does not exist or if it is not really a directory, the
                    669: entry is ignored and no error is printed.)  This should not happen
                    670: under normal circumstances.  The most common reason for \fIstat\fR\|(2)
                    671: to return \*(L"permission denied\*(R" is if you are running an automounter
                    672: and one of the directories in your \f(CW\*(C`PATH\*(C'\fR is on a machine that is
                    673: currently unreachable.
                    674: .SH "SECURITY NOTES"
                    675: .IX Header "SECURITY NOTES"
                    676: \&\fBsudo\fR tries to be safe when executing external commands.
                    677: .PP
                    678: To prevent command spoofing, \fBsudo\fR checks \*(L".\*(R" and "" (both denoting
                    679: current directory) last when searching for a command in the user's
                    680: \&\s-1PATH\s0 (if one or both are in the \s-1PATH\s0).  Note, however, that the
                    681: actual \f(CW\*(C`PATH\*(C'\fR environment variable is \fInot\fR modified and is passed
                    682: unchanged to the program that \fBsudo\fR executes.
                    683: .PP
                    684: Please note that \fBsudo\fR will normally only log the command it
                    685: explicitly runs.  If a user runs a command such as \f(CW\*(C`sudo su\*(C'\fR or
                    686: \&\f(CW\*(C`sudo sh\*(C'\fR, subsequent commands run from that shell are not subject
                    687: to \fBsudo\fR's security policy.  The same is true for commands that
                    688: offer shell escapes (including most editors).  If I/O logging is
                    689: enabled, subsequent commands will have their input and/or output
                    690: logged, but there will not be traditional logs for those commands.
                    691: Because of this, care must be taken when giving users access to
                    692: commands via \fBsudo\fR to verify that the command does not inadvertently
                    693: give the user an effective root shell.  For more information, please
                    694: see the \f(CW\*(C`PREVENTING SHELL ESCAPES\*(C'\fR section in \fIsudoers\fR\|(@mansectform@).
1.1.1.2 ! misho     695: .PP
        !           696: To prevent the disclosure of potentially sensitive information,
        !           697: \&\fBsudo\fR disables core dumps by default while it is executing (they
        !           698: are re-enabled for the command that is run).  To aid in debugging
        !           699: \&\fBsudo\fR crashes, you may wish to re-enable core dumps by setting
        !           700: \&\*(L"disable_coredump\*(R" to false in the \fI@sysconfdir@/sudo.conf\fR file.
        !           701: .PP
        !           702: .Vb 1
        !           703: \& Set disable_coredump false
        !           704: .Ve
        !           705: .PP
        !           706: Note that by default, most operating systems disable core dumps
        !           707: from setuid programs, which includes \fBsudo\fR.  To actually get a
        !           708: \&\fBsudo\fR core file you may need to enable core dumps for setuid
        !           709: processes.  On \s-1BSD\s0 and Linux systems this is accomplished via the
        !           710: sysctl command, on Solaris the coreadm command can be used.
1.1       misho     711: .SH "ENVIRONMENT"
                    712: .IX Header "ENVIRONMENT"
                    713: \&\fBsudo\fR utilizes the following environment variables.  The security
                    714: policy has control over the content of the command's environment.
                    715: .ie n .IP "\*(C`EDITOR\*(C'" 16
                    716: .el .IP "\f(CW\*(C`EDITOR\*(C'\fR" 16
                    717: .IX Item "EDITOR"
                    718: Default editor to use in \fB\-e\fR (sudoedit) mode if neither \f(CW\*(C`SUDO_EDITOR\*(C'\fR
                    719: nor \f(CW\*(C`VISUAL\*(C'\fR is set
                    720: .ie n .IP "\*(C`MAIL\*(C'" 16
                    721: .el .IP "\f(CW\*(C`MAIL\*(C'\fR" 16
                    722: .IX Item "MAIL"
                    723: In \fB\-i\fR mode or when \fIenv_reset\fR is enabled in \fIsudoers\fR, set
                    724: to the mail spool of the target user
                    725: .ie n .IP "\*(C`HOME\*(C'" 16
                    726: .el .IP "\f(CW\*(C`HOME\*(C'\fR" 16
                    727: .IX Item "HOME"
                    728: Set to the home directory of the target user if \fB\-i\fR or \fB\-H\fR are
                    729: specified, \fIenv_reset\fR or \fIalways_set_home\fR are set in \fIsudoers\fR,
                    730: or when the \fB\-s\fR option is specified and \fIset_home\fR is set in
                    731: \&\fIsudoers\fR
                    732: .ie n .IP "\*(C`PATH\*(C'" 16
                    733: .el .IP "\f(CW\*(C`PATH\*(C'\fR" 16
                    734: .IX Item "PATH"
                    735: May be overridden by the security policy.
                    736: .ie n .IP "\*(C`SHELL\*(C'" 16
                    737: .el .IP "\f(CW\*(C`SHELL\*(C'\fR" 16
                    738: .IX Item "SHELL"
                    739: Used to determine shell to run with \f(CW\*(C`\-s\*(C'\fR option
                    740: .ie n .IP "\*(C`SUDO_ASKPASS\*(C'" 16
                    741: .el .IP "\f(CW\*(C`SUDO_ASKPASS\*(C'\fR" 16
                    742: .IX Item "SUDO_ASKPASS"
                    743: Specifies the path to a helper program used to read the password
                    744: if no terminal is available or if the \f(CW\*(C`\-A\*(C'\fR option is specified.
                    745: .ie n .IP "\*(C`SUDO_COMMAND\*(C'" 16
                    746: .el .IP "\f(CW\*(C`SUDO_COMMAND\*(C'\fR" 16
                    747: .IX Item "SUDO_COMMAND"
                    748: Set to the command run by sudo
                    749: .ie n .IP "\*(C`SUDO_EDITOR\*(C'" 16
                    750: .el .IP "\f(CW\*(C`SUDO_EDITOR\*(C'\fR" 16
                    751: .IX Item "SUDO_EDITOR"
                    752: Default editor to use in \fB\-e\fR (sudoedit) mode
                    753: .ie n .IP "\*(C`SUDO_GID\*(C'" 16
                    754: .el .IP "\f(CW\*(C`SUDO_GID\*(C'\fR" 16
                    755: .IX Item "SUDO_GID"
                    756: Set to the group \s-1ID\s0 of the user who invoked sudo
                    757: .ie n .IP "\*(C`SUDO_PROMPT\*(C'" 16
                    758: .el .IP "\f(CW\*(C`SUDO_PROMPT\*(C'\fR" 16
                    759: .IX Item "SUDO_PROMPT"
                    760: Used as the default password prompt
                    761: .ie n .IP "\*(C`SUDO_PS1\*(C'" 16
                    762: .el .IP "\f(CW\*(C`SUDO_PS1\*(C'\fR" 16
                    763: .IX Item "SUDO_PS1"
                    764: If set, \f(CW\*(C`PS1\*(C'\fR will be set to its value for the program being run
                    765: .ie n .IP "\*(C`SUDO_UID\*(C'" 16
                    766: .el .IP "\f(CW\*(C`SUDO_UID\*(C'\fR" 16
                    767: .IX Item "SUDO_UID"
                    768: Set to the user \s-1ID\s0 of the user who invoked sudo
                    769: .ie n .IP "\*(C`SUDO_USER\*(C'" 16
                    770: .el .IP "\f(CW\*(C`SUDO_USER\*(C'\fR" 16
                    771: .IX Item "SUDO_USER"
                    772: Set to the login of the user who invoked sudo
                    773: .ie n .IP "\*(C`USER\*(C'" 16
                    774: .el .IP "\f(CW\*(C`USER\*(C'\fR" 16
                    775: .IX Item "USER"
                    776: Set to the target user (root unless the \fB\-u\fR option is specified)
                    777: .ie n .IP "\*(C`VISUAL\*(C'" 16
                    778: .el .IP "\f(CW\*(C`VISUAL\*(C'\fR" 16
                    779: .IX Item "VISUAL"
                    780: Default editor to use in \fB\-e\fR (sudoedit) mode if \f(CW\*(C`SUDO_EDITOR\*(C'\fR
                    781: is not set
                    782: .SH "FILES"
                    783: .IX Header "FILES"
                    784: .ie n .IP "\fI@sysconfdir@/sudo.conf\fR" 24
                    785: .el .IP "\fI@sysconfdir@/sudo.conf\fR" 24
                    786: .IX Item "@sysconfdir@/sudo.conf"
1.1.1.2 ! misho     787: \&\fBsudo\fR front end configuration
1.1       misho     788: .SH "EXAMPLES"
                    789: .IX Header "EXAMPLES"
                    790: Note: the following examples assume a properly configured security policy.
                    791: .PP
                    792: To get a file listing of an unreadable directory:
                    793: .PP
                    794: .Vb 1
                    795: \& $ sudo ls /usr/local/protected
                    796: .Ve
                    797: .PP
                    798: To list the home directory of user yaz on a machine where the
                    799: file system holding ~yaz is not exported as root:
                    800: .PP
                    801: .Vb 1
                    802: \& $ sudo \-u yaz ls ~yaz
                    803: .Ve
                    804: .PP
                    805: To edit the \fIindex.html\fR file as user www:
                    806: .PP
                    807: .Vb 1
                    808: \& $ sudo \-u www vi ~www/htdocs/index.html
                    809: .Ve
                    810: .PP
                    811: To view system logs only accessible to root and users in the adm group:
                    812: .PP
                    813: .Vb 1
                    814: \& $ sudo \-g adm view /var/log/syslog
                    815: .Ve
                    816: .PP
                    817: To run an editor as jim with a different primary group:
                    818: .PP
                    819: .Vb 1
                    820: \& $ sudo \-u jim \-g audio vi ~jim/sound.txt
                    821: .Ve
                    822: .PP
                    823: To shutdown a machine:
                    824: .PP
                    825: .Vb 1
                    826: \& $ sudo shutdown \-r +15 "quick reboot"
                    827: .Ve
                    828: .PP
                    829: To make a usage listing of the directories in the /home
                    830: partition.  Note that this runs the commands in a sub-shell
                    831: to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
                    832: .PP
                    833: .Vb 1
                    834: \& $ sudo sh \-c "cd /home ; du \-s * | sort \-rn > USAGE"
                    835: .Ve
                    836: .SH "SEE ALSO"
                    837: .IX Header "SEE ALSO"
                    838: \&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2),
                    839: .if \n(LC \&\fIlogin_cap\fR\|(3),
                    840: \&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), \fIsudo_plugin\fR\|(@mansectsu@), \fIsudoreplay\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)
                    841: .SH "AUTHORS"
                    842: .IX Header "AUTHORS"
                    843: Many people have worked on \fBsudo\fR over the years; this
                    844: version consists of code written primarily by:
                    845: .PP
                    846: .Vb 1
                    847: \&        Todd C. Miller
                    848: .Ve
                    849: .PP
1.1.1.2 ! misho     850: See the \s-1CONTRIBUTORS\s0 file in the \fBsudo\fR distribution
        !           851: (http://www.sudo.ws/sudo/contributors.html) for a list of people
        !           852: who have contributed to \fBsudo\fR.
        !           853: .SH "HISTORY"
        !           854: .IX Header "HISTORY"
        !           855: See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution
        !           856: (http://www.sudo.ws/sudo/history.html) for a brief history of sudo.
1.1       misho     857: .SH "CAVEATS"
                    858: .IX Header "CAVEATS"
                    859: There is no easy way to prevent a user from gaining a root shell
                    860: if that user is allowed to run arbitrary commands via \fBsudo\fR.
                    861: Also, many programs (such as editors) allow the user to run commands
                    862: via shell escapes, thus avoiding \fBsudo\fR's checks.  However, on
                    863: most systems it is possible to prevent shell escapes with the
                    864: \&\fIsudoers\fR\|(@mansectform@) module's \fInoexec\fR functionality.
                    865: .PP
                    866: It is not meaningful to run the \f(CW\*(C`cd\*(C'\fR command directly via sudo, e.g.,
                    867: .PP
                    868: .Vb 1
                    869: \& $ sudo cd /usr/local/protected
                    870: .Ve
                    871: .PP
                    872: since when the command exits the parent process (your shell) will
                    873: still be the same.  Please see the \s-1EXAMPLES\s0 section for more information.
                    874: .PP
                    875: Running shell scripts via \fBsudo\fR can expose the same kernel bugs that
                    876: make setuid shell scripts unsafe on some operating systems (if your \s-1OS\s0
                    877: has a /dev/fd/ directory, setuid shell scripts are generally safe).
                    878: .SH "BUGS"
                    879: .IX Header "BUGS"
                    880: If you feel you have found a bug in \fBsudo\fR, please submit a bug report
                    881: at http://www.sudo.ws/sudo/bugs/
                    882: .SH "SUPPORT"
                    883: .IX Header "SUPPORT"
                    884: Limited free support is available via the sudo-users mailing list,
                    885: see http://www.sudo.ws/mailman/listinfo/sudo\-users to subscribe or
                    886: search the archives.
                    887: .SH "DISCLAIMER"
                    888: .IX Header "DISCLAIMER"
                    889: \&\fBsudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
                    890: including, but not limited to, the implied warranties of merchantability
                    891: and fitness for a particular purpose are disclaimed.  See the \s-1LICENSE\s0
                    892: file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
                    893: for complete details.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>