version 1.1.1.1, 2012/10/09 09:29:52
|
version 1.1.1.2, 2013/07/22 10:46:12
|
Line 1
|
Line 1
|
.\" |
.\" |
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012 | .\" Copyright (c) 1994-1996, 1998-2005, 2007-2013 |
.\" Todd C. Miller <Todd.Miller@courtesan.com> |
.\" Todd C. Miller <Todd.Miller@courtesan.com> |
.\" |
.\" |
.\" Permission to use, copy, modify, and distribute this software for any |
.\" Permission to use, copy, modify, and distribute this software for any |
Line 19
|
Line 19
|
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force |
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force |
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. |
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. |
.\" |
.\" |
.Dd July 10, 2012 | .Dd March 13, 2013 |
.Dt SUDO @mansectsu@ |
.Dt SUDO @mansectsu@ |
.Os Sudo @PACKAGE_VERSION@ |
.Os Sudo @PACKAGE_VERSION@ |
.Sh NAME |
.Sh NAME |
Line 139 which is configured via the file
|
Line 139 which is configured via the file
|
.Pa @sysconfdir@/sudoers , |
.Pa @sysconfdir@/sudoers , |
or via LDAP. |
or via LDAP. |
See the |
See the |
.Sx PLUGINS | .Sx Plugins |
section for more information. |
section for more information. |
.Pp |
.Pp |
The security policy determines what privileges, if any, a user has |
The security policy determines what privileges, if any, a user has |
Line 202 If the
|
Line 202 If the
|
environment variable is set, it specifies the path to the helper |
environment variable is set, it specifies the path to the helper |
program. |
program. |
Otherwise, if |
Otherwise, if |
.Pa @sysconfdir@/sudo.conf | .Xr sudo.conf @mansectform@ |
contains a line specifying the askpass program, that value will be |
contains a line specifying the askpass program, that value will be |
used. |
used. |
For example: |
For example: |
Line 687 for more information.
|
Line 687 for more information.
|
When |
When |
.Nm sudo |
.Nm sudo |
executes a command, the security policy specifies the execution |
executes a command, the security policy specifies the execution |
envionment for the command. | environment for the command. |
Typically, the real and effective uid and gid are set to |
Typically, the real and effective uid and gid are set to |
match those of the target user, as specified in the password database, |
match those of the target user, as specified in the password database, |
and the group vector is initialized based on the group database |
and the group vector is initialized based on the group database |
Line 725 When
|
Line 725 When
|
.Nm sudo |
.Nm sudo |
runs a command, it calls |
runs a command, it calls |
.Xr fork 2 , |
.Xr fork 2 , |
sets up the execution environment as described above, and calls the | sets up the execution environment as described above, and calls the |
.Xr execve |
.Xr execve |
system call in the child process. |
system call in the child process. |
The main |
The main |
.Nm sudo |
.Nm sudo |
process waits until the command has completed, then passes the |
process waits until the command has completed, then passes the |
command's exit status to the security policy's close method and exits. | command's exit status to the security policy's close function and exits. |
If an I/O logging plugin is configured, a new pseudo-terminal | If an I/O logging plugin is configured or if the security policy |
| explicitly requests it, a new pseudo-terminal |
.Pq Dq pty |
.Pq Dq pty |
is created and a second |
is created and a second |
.Nm sudo |
.Nm sudo |
Line 743 and resume the command.
|
Line 744 and resume the command.
|
Without it, the command would be in what POSIX terms an |
Without it, the command would be in what POSIX terms an |
.Dq orphaned process group |
.Dq orphaned process group |
and it would not receive any job control signals. |
and it would not receive any job control signals. |
|
As a special case, if the policy plugin does not define a close |
|
function and no pty is required, |
|
.Nm sudo |
|
will execute the command directly instead of calling |
|
.Xr fork 2 |
|
first. |
.Ss Signal handling |
.Ss Signal handling |
Because the command is run as a child of the |
Because the command is run as a child of the |
.Nm sudo |
.Nm sudo |
Line 780 On some systems, the
|
Line 787 On some systems, the
|
command sends |
command sends |
.Dv SIGTERM |
.Dv SIGTERM |
to all non-system processes other than itself before rebooting |
to all non-system processes other than itself before rebooting |
the systyem. | the system. |
This prevents |
This prevents |
.Nm sudo |
.Nm sudo |
from relaying the |
from relaying the |
Line 807 are run using the
|
Line 814 are run using the
|
family of functions instead of |
family of functions instead of |
.Fn system |
.Fn system |
(which interposes a shell between the command and the calling process). |
(which interposes a shell between the command and the calling process). |
.Sh PLUGINS | .Pp |
| If no I/O logging plugins are loaded and the policy plugin has not |
| defined a |
| .Fn close |
| function, set a command timeout or required that the command be |
| run in a new pty, |
| .Nm sudo |
| may execute the command directly instead of running it as a child process. |
| .Ss Plugins |
Plugins are dynamically loaded based on the contents of the |
Plugins are dynamically loaded based on the contents of the |
.Pa @sysconfdir@/sudo.conf | .Xr sudo.conf @mansectform@ |
file. |
file. |
If no |
If no |
.Pa @sysconfdir@/sudo.conf | .Xr sudo.conf @mansectform@ |
file is present, or it contains no |
file is present, or it contains no |
.Li Plugin |
.Li Plugin |
lines, |
lines, |
.Nm sudo |
.Nm sudo |
will use the traditional |
will use the traditional |
.Em sudoers |
.Em sudoers |
security policy and I/O logging, which corresponds to the following | security policy and I/O logging. |
| See the |
| .Xr sudo.conf @mansectform@ |
| manual for details of the |
.Pa @sysconfdir@/sudo.conf |
.Pa @sysconfdir@/sudo.conf |
file. | file and the |
.Bd -literal | |
# | |
# Default @sysconfdir@/sudo.conf file | |
# | |
# Format: | |
# Plugin plugin_name plugin_path plugin_options ... | |
# Path askpass /path/to/askpass | |
# Path noexec /path/to/sudo_noexec.so | |
# Debug sudo /var/log/sudo_debug all@warn | |
# Set disable_coredump true | |
# | |
# The plugin_path is relative to @prefix@/libexec unless | |
# fully qualified. | |
# The plugin_name corresponds to a global symbol in the plugin | |
# that contains the plugin interface structure. | |
# The plugin_options are optional. | |
# | |
Plugin policy_plugin sudoers.so | |
Plugin io_plugin sudoers.so | |
.Ed | |
.Pp | |
A | |
.Li Plugin | |
line consists of the | |
.Li Plugin | |
keyword, followed by the | |
.Em symbol_name | |
and the | |
.Em path | |
to the shared object containing the plugin. | |
The | |
.Em symbol_name | |
is the name of the | |
.Li struct policy_plugin | |
or | |
.Li struct io_plugin | |
in the plugin shared object. | |
The | |
.Em path | |
may be fully qualified or relative. | |
If not fully qualified it is relative to the | |
.Pa @prefix@/libexec | |
directory. | |
Any additional parameters after the | |
.Em path | |
are passed as arguments to the plugin's | |
.Em open | |
function. | |
Lines that don't begin with | |
.Li Plugin , | |
.Li Path , | |
.Li Debug , | |
or | |
.Li Set | |
are silently ignored. | |
.Pp | |
For more information, see the | |
.Xr sudo_plugin @mansectsu@ |
.Xr sudo_plugin @mansectsu@ |
manual. | manual for more information about the |
.Sh PATHS | |
A | |
.Li Path | |
line consists of the | |
.Li Path | |
keyword, followed by the name of the path to set and its value. | |
E.g. | |
.Bd -literal -offset indent | |
Path noexec @noexec_file@ | |
Path askpass /usr/X11R6/bin/ssh-askpass | |
.Ed | |
.Pp | |
The following plugin-agnostic paths may be set in the | |
.Pa @sysconfdir@/sudo.conf | |
file: | |
.Bl -tag -width 8n | |
.It askpass | |
The fully qualified path to a helper program used to read the user's | |
password when no terminal is available. | |
This may be the case when | |
.Nm sudo |
.Nm sudo |
is executed from a graphical (as opposed to text-based) application. | plugin architecture. |
The program specified by | |
.Em askpass | |
should display the argument passed to it as the prompt and write | |
the user's password to the standard output. | |
The value of | |
.Em askpass | |
may be overridden by the | |
.Ev SUDO_ASKPASS | |
environment variable. | |
.It noexec | |
The fully-qualified path to a shared library containing dummy | |
versions of the | |
.Fn execv , | |
.Fn execve | |
and | |
.Fn fexecve | |
library functions that just return an error. | |
This is used to implement the | |
.Em noexec | |
functionality on systems that support | |
.Ev LD_PRELOAD | |
or its equivalent. | |
Defaults to | |
.Pa @noexec_file@ . | |
.El | |
.Sh DEBUG FLAGS | |
.Nm sudo | |
versions 1.8.4 and higher support a flexible debugging framework | |
that can help track down what | |
.Nm sudo | |
is doing internally if there is a problem. | |
.Pp | |
A | |
.Li Debug | |
line consists of the | |
.Li Debug | |
keyword, followed by the name of the program to debug | |
.Pq Nm sudo , Nm visudo , Nm sudoreplay , | |
the debug file name and a comma-separated list of debug flags. | |
The debug flag syntax used by | |
.Nm sudo | |
and the | |
.Em sudoers | |
plugin is | |
.Em subsystem Ns No @ Ns Em priority | |
but the plugin is free to use a different format so long as it does | |
not include a comma | |
.Pq Ql \&, . | |
.Pp | |
For instance: | |
.Bd -literal -offset indent | |
Debug sudo /var/log/sudo_debug all@warn,plugin@info | |
.Ed | |
.Pp | |
would log all debugging statements at the | |
.Em warn | |
level and higher in addition to those at the | |
.Em info | |
level for the plugin subsystem. | |
.Pp | |
Currently, only one | |
.Li Debug | |
entry per program is supported. | |
The | |
.Nm sudo | |
.Li Debug | |
entry is shared by the | |
.Nm sudo | |
front end, | |
.Nm sudoedit | |
and the plugins. | |
A future release may add support for per-plugin | |
.Li Debug | |
lines and/or support for multiple debugging files for a single | |
program. | |
.Pp | |
The priorities used by the | |
.Nm sudo | |
front end, in order of decreasing severity, are: | |
.Em crit , err , warn , notice , diag , info , trace | |
and | |
.Em debug . | |
Each priority, when specified, also includes all priorities higher | |
than it. | |
For example, a priority of | |
.Em notice | |
would include debug messages logged at | |
.Em notice | |
and higher. | |
.Pp | |
The following subsystems are used by the | |
.Nm sudo | |
front-end: | |
.Bl -tag -width Fl | |
.It Em all | |
matches every subsystem | |
.It Em args | |
command line argument processing | |
.It Em conv | |
user conversation | |
.It Em edit | |
sudoedit | |
.It Em exec | |
command execution | |
.It Em main | |
.Nm sudo | |
main function | |
.It Em netif | |
network interface handling | |
.It Em pcomm | |
communication with the plugin | |
.It Em plugin | |
plugin configuration | |
.It Em pty | |
pseudo-tty related code | |
.It Em selinux | |
SELinux-specific handling | |
.It Em util | |
utility functions | |
.It Em utmp | |
utmp handling | |
.El | |
.Sh EXIT VALUE |
.Sh EXIT VALUE |
Upon successful execution of a program, the exit status from |
Upon successful execution of a program, the exit status from |
.Em sudo |
.Em sudo |
Line 1106 To aid in debugging
|
Line 925 To aid in debugging
|
crashes, you may wish to re-enable core dumps by setting |
crashes, you may wish to re-enable core dumps by setting |
.Dq disable_coredump |
.Dq disable_coredump |
to false in the |
to false in the |
.Pa @sysconfdir@/sudo.conf | .Xr sudo.conf @mansectform@ |
file as follows: |
file as follows: |
.Bd -literal -offset indent |
.Bd -literal -offset indent |
Set disable_coredump false |
Set disable_coredump false |
.Ed |
.Ed |
.Pp |
.Pp |
Note that by default, most operating systems disable core dumps | See the |
from setuid programs, which includes | .Xr sudo.conf @mansectform@ |
.Nm sudo . | manual for more information. |
To actually get a | |
.Nm sudo | |
core file you may need to enable core dumps for setuid processes. | |
On BSD and Linux systems this is accomplished via the sysctl command, | |
on Solaris the coreadm command can be used. | |
.Sh ENVIRONMENT |
.Sh ENVIRONMENT |
.Nm sudo |
.Nm sudo |
utilizes the following environment variables. |
utilizes the following environment variables. |
Line 1251 and file redirection work.
|
Line 1065 and file redirection work.
|
$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" |
$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" |
.Ed |
.Ed |
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr grep 1 , |
|
.Xr su 1 , |
.Xr su 1 , |
.Xr stat 2 , |
.Xr stat 2 , |
.Xr login_cap 3 , |
.Xr login_cap 3 , |
.Xr passwd @mansectform@ , |
.Xr passwd @mansectform@ , |
|
.Xr sudo.conf @mansectform@ , |
.Xr sudoers @mansectform@ , |
.Xr sudoers @mansectform@ , |
.Xr sudo_plugin @mansectsu@ , |
.Xr sudo_plugin @mansectsu@ , |
.Xr sudoreplay @mansectsu@ , |
.Xr sudoreplay @mansectsu@ , |