|
version 1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
|
Line 1
|
Line 1
|
| Copyright (c) 1994-1996, 1998-2005, 2007-2011 | Copyright (c) 1994-1996, 1998-2005, 2007-2012 |
| Todd C. Miller <Todd.Miller@courtesan.com> |
Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| Permission to use, copy, modify, and distribute this software for any |
Permission to use, copy, modify, and distribute this software for any |
|
Line 26 sudo, sudoedit - execute a command as another user
|
Line 26 sudo, sudoedit - execute a command as another user
|
| |
|
| =head1 SYNOPSIS |
=head1 SYNOPSIS |
| |
|
| B<sudo> S<[B<-D> I<level>]> B<-h> | B<-K> | B<-k> | B<-V> | B<sudo> B<-h> | B<-K> | B<-k> | B<-V> |
| |
|
| B<sudo> B<-v> [B<-AknS>] |
B<sudo> B<-v> [B<-AknS>] |
| S<[B<-a> I<auth_type>]> |
S<[B<-a> I<auth_type>]> |
| S<[B<-D> I<level>]> |
|
| S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> |
S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> |
| S<[B<-u> I<user name>|I<#uid>]> |
S<[B<-u> I<user name>|I<#uid>]> |
| |
|
| B<sudo> B<-l[l]> [B<-AknS>] |
B<sudo> B<-l[l]> [B<-AknS>] |
| S<[B<-a> I<auth_type>]> |
S<[B<-a> I<auth_type>]> |
| S<[B<-D> I<level>]> |
|
| S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> |
S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> |
| S<[B<-U> I<user name>]> S<[B<-u> I<user name>|I<#uid>]> [I<command>] |
S<[B<-U> I<user name>]> S<[B<-u> I<user name>|I<#uid>]> [I<command>] |
| |
|
| B<sudo> [B<-AbEHnPS>] |
B<sudo> [B<-AbEHnPS>] |
| S<[B<-a> I<auth_type>]> |
S<[B<-a> I<auth_type>]> |
| S<[B<-C> I<fd>]> |
S<[B<-C> I<fd>]> |
| S<[B<-D> I<level>]> |
|
| S<[B<-c> I<class>|I<->]> |
S<[B<-c> I<class>|I<->]> |
| S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> |
S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> |
| S<[B<-r> I<role>]> S<[B<-t> I<type>]> |
S<[B<-r> I<role>]> S<[B<-t> I<type>]> |
|
Line 54 B<sudoedit> [B<-AnS>]
|
Line 51 B<sudoedit> [B<-AnS>]
|
| S<[B<-a> I<auth_type>]> |
S<[B<-a> I<auth_type>]> |
| S<[B<-C> I<fd>]> |
S<[B<-C> I<fd>]> |
| S<[B<-c> I<class>|I<->]> |
S<[B<-c> I<class>|I<->]> |
| S<[B<-D> I<level>]> |
|
| S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> |
S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> |
| S<[B<-u> I<user name>|I<#uid>]> file ... |
S<[B<-u> I<user name>|I<#uid>]> file ... |
| |
|
|
Line 69 option was specified).
|
Line 65 option was specified).
|
| |
|
| B<sudo> supports a plugin architecture for security policies and |
B<sudo> supports a plugin architecture for security policies and |
| input/output logging. Third parties can develop and distribute |
input/output logging. Third parties can develop and distribute |
| their own policy and I/O logging modules to work seemlessly with | their own policy and I/O logging modules to work seamlessly with |
| the B<sudo> front end. The default security policy is I<sudoers>, |
the B<sudo> front end. The default security policy is I<sudoers>, |
| which is configured via the file F<@sysconfdir@/sudoers>, or via |
which is configured via the file F<@sysconfdir@/sudoers>, or via |
| LDAP. See the L<PLUGINS> section for more information. |
LDAP. See the L<PLUGINS> section for more information. |
|
Line 158 argument specifies an existing user class, the command
|
Line 154 argument specifies an existing user class, the command
|
| as root, or the B<sudo> command must be run from a shell that is already |
as root, or the B<sudo> command must be run from a shell that is already |
| root. This option is only available on systems with BSD login classes. |
root. This option is only available on systems with BSD login classes. |
| |
|
| =item -D I<level> |
|
| |
|
| Enable debugging of B<sudo> plugins and B<sudo> itself. The I<level> |
|
| may be a value from 1 through 9. |
|
| |
|
| =item -E |
=item -E |
| |
|
| The B<-E> (I<preserve> I<environment>) option indicates to the |
The B<-E> (I<preserve> I<environment>) option indicates to the |
|
Line 416 command line are subject to the same restrictions as n
|
Line 407 command line are subject to the same restrictions as n
|
| variables with one important exception. If the I<setenv> option |
variables with one important exception. If the I<setenv> option |
| is set in I<sudoers>, the command to be run has the C<SETENV> tag |
is set in I<sudoers>, the command to be run has the C<SETENV> tag |
| set or the command matched is C<ALL>, the user may set variables |
set or the command matched is C<ALL>, the user may set variables |
| that would overwise be forbidden. See L<sudoers(5)> for more information. | that would otherwise be forbidden. See L<sudoers(5)> for more information. |
| |
|
| =head1 PLUGINS |
=head1 PLUGINS |
| |
|
|
Line 430 which corresponds to the following F<@sysconfdir@/sudo
|
Line 421 which corresponds to the following F<@sysconfdir@/sudo
|
| # Default @sysconfdir@/sudo.conf file |
# Default @sysconfdir@/sudo.conf file |
| # |
# |
| # Format: |
# Format: |
| # Plugin plugin_name plugin_path | # Plugin plugin_name plugin_path plugin_options ... |
| # Path askpass /path/to/askpass |
# Path askpass /path/to/askpass |
| # Path noexec /path/to/noexec.so | # Path noexec /path/to/sudo_noexec.so |
| | # Debug sudo /var/log/sudo_debug all@warn |
| | # Set disable_coredump true |
| # |
# |
| # The plugin_path is relative to @prefix@/libexec unless |
# The plugin_path is relative to @prefix@/libexec unless |
| # fully qualified. |
# fully qualified. |
| # The plugin_name corresponds to a global symbol in the plugin |
# The plugin_name corresponds to a global symbol in the plugin |
| # that contains the plugin interface structure. |
# that contains the plugin interface structure. |
| |
# The plugin_options are optional. |
| # |
# |
| Plugin policy_plugin sudoers.so |
Plugin policy_plugin sudoers.so |
| Plugin io_plugin sudoers.so |
Plugin io_plugin sudoers.so |
|
Line 448 plugin. The I<symbol_name> is the name of the C<struc
|
Line 442 plugin. The I<symbol_name> is the name of the C<struc
|
| or C<struct io_plugin> in the plugin shared object. The I<path> |
or C<struct io_plugin> in the plugin shared object. The I<path> |
| may be fully qualified or relative. If not fully qualified it is |
may be fully qualified or relative. If not fully qualified it is |
| relative to the F<@prefix@/libexec> directory. Any additional |
relative to the F<@prefix@/libexec> directory. Any additional |
| parameters after the I<path> are ignored. Lines that don't begin | parameters after the I<path> are passed as arguments to the plugin's |
| with C<Plugin> or C<Path> are silently ignored | I<open> function. Lines that don't begin with C<Plugin>, C<Path>, |
| | C<Debug> or C<Set> are silently ignored. |
| |
|
| For more information, see the L<sudo_plugin(8)> manual. |
For more information, see the L<sudo_plugin(8)> manual. |
| |
|
|
Line 486 Defaults to F<@noexec_file@>.
|
Line 481 Defaults to F<@noexec_file@>.
|
| |
|
| =back |
=back |
| |
|
| |
=head1 DEBUG FLAGS |
| |
|
| |
B<sudo> versions 1.8.4 and higher support a flexible debugging |
| |
framework that can help track down what B<sudo> is doing internally |
| |
if there is a problem. |
| |
|
| |
A C<Debug> line consists of the C<Debug> keyword, followed by the |
| |
name of the program to debug (B<sudo>, B<visudo>, B<sudoreplay>), |
| |
the debug file name and a comma-separated list of debug flags. |
| |
The debug flag syntax used by B<sudo> and the I<sudoers> plugin is |
| |
I<subsystem>@I<priority> but the plugin is free to use a different |
| |
format so long as it does not include a command C<,>. |
| |
|
| |
For instance: |
| |
|
| |
Debug sudo /var/log/sudo_debug all@warn,plugin@info |
| |
|
| |
would log all debugging statements at the I<warn> level and higher |
| |
in addition to those at the I<info> level for the plugin subsystem. |
| |
|
| |
Currently, only one C<Debug> entry per program is supported. The |
| |
C<sudo> C<Debug> entry is shared by the B<sudo> front end, B<sudoedit> |
| |
and the plugins. A future release may add support for per-plugin |
| |
C<Debug> lines and/or support for multiple debugging files for a |
| |
single program. |
| |
|
| |
The priorities used by the B<sudo> front end, in order of decreasing |
| |
severity, are: I<crit>, I<err>, I<warn>, I<notice>, I<diag>, I<info>, |
| |
I<trace> and I<debug>. Each priority, when specified, also includes |
| |
all priorities higher than it. For example, a priority of I<notice> |
| |
would include debug messages logged at I<notice> and higher. |
| |
|
| |
The following subsystems are used by B<sudo>: |
| |
|
| |
=over 10 |
| |
|
| |
=item I<all> |
| |
|
| |
matches every subsystem |
| |
|
| |
=item I<args> |
| |
|
| |
command line argument processing |
| |
|
| |
=item I<conv> |
| |
|
| |
user conversation |
| |
|
| |
=item I<edit> |
| |
|
| |
sudoedit |
| |
|
| |
=item I<exec> |
| |
|
| |
command execution |
| |
|
| |
=item I<main> |
| |
|
| |
B<sudo> main function |
| |
|
| |
=item I<netif> |
| |
|
| |
network interface handling |
| |
|
| |
=item I<pcomm> |
| |
|
| |
communication with the plugin |
| |
|
| |
=item I<plugin> |
| |
|
| |
plugin configuration |
| |
|
| |
=item I<pty> |
| |
|
| |
pseudo-tty related code |
| |
|
| |
=item I<selinux> |
| |
|
| |
SELinux-specific handling |
| |
|
| |
=item I<util> |
| |
|
| |
utility functions |
| |
|
| |
=item I<utmp> |
| |
|
| |
utmp handling |
| |
|
| |
=back |
| |
|
| =head1 RETURN VALUES |
=head1 RETURN VALUES |
| |
|
| Upon successful execution of a program, the exit status from B<sudo> |
Upon successful execution of a program, the exit status from B<sudo> |
|
Line 525 commands via B<sudo> to verify that the command does n
|
Line 610 commands via B<sudo> to verify that the command does n
|
| give the user an effective root shell. For more information, please |
give the user an effective root shell. For more information, please |
| see the C<PREVENTING SHELL ESCAPES> section in L<sudoers(5)>. |
see the C<PREVENTING SHELL ESCAPES> section in L<sudoers(5)>. |
| |
|
| |
To prevent the disclosure of potentially sensitive information, |
| |
B<sudo> disables core dumps by default while it is executing (they |
| |
are re-enabled for the command that is run). To aid in debugging |
| |
B<sudo> crashes, you may wish to re-enable core dumps by setting |
| |
"disable_coredump" to false in the F<@sysconfdir@/sudo.conf> file. |
| |
|
| |
Set disable_coredump false |
| |
|
| |
Note that by default, most operating systems disable core dumps |
| |
from setuid programs, which includes B<sudo>. To actually get a |
| |
B<sudo> core file you may need to enable core dumps for setuid |
| |
processes. On BSD and Linux systems this is accomplished via the |
| |
sysctl command, on Solaris the coreadm command can be used. |
| |
|
| =head1 ENVIRONMENT |
=head1 ENVIRONMENT |
| |
|
| B<sudo> utilizes the following environment variables. The security |
B<sudo> utilizes the following environment variables. The security |
|
Line 607 is not set
|
Line 706 is not set
|
| |
|
| =item F<@sysconfdir@/sudo.conf> |
=item F<@sysconfdir@/sudo.conf> |
| |
|
| B<sudo> plugin and path configuration | B<sudo> front end configuration |
| |
|
| =back |
=back |
| |
|
|
Line 659 version consists of code written primarily by:
|
Line 758 version consists of code written primarily by:
|
| |
|
| Todd C. Miller |
Todd C. Miller |
| |
|
| See the HISTORY file in the B<sudo> distribution or visit | See the CONTRIBUTORS file in the B<sudo> distribution |
| http://www.sudo.ws/sudo/history.html for a short history | (http://www.sudo.ws/sudo/contributors.html) for a list of people |
| of B<sudo>. | who have contributed to B<sudo>. |
| | |
| | =head1 HISTORY |
| | |
| | See the HISTORY file in the B<sudo> distribution |
| | (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. |
| |
|
| =head1 CAVEATS |
=head1 CAVEATS |
| |
|
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo.pod CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc