|
version 1.1.1.5, 2013/10/14 07:56:34
|
version 1.1.1.6, 2014/06/15 16:12:54
|
|
Line 1
|
Line 1
|
| .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! |
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! |
| .\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in |
.\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in |
| .\" |
.\" |
| .\" Copyright (c) 1994-1996, 1998-2005, 2007-2013 | .\" Copyright (c) 1994-1996, 1998-2005, 2007-2014 |
| .\" Todd C. Miller <Todd.Miller@courtesan.com> |
.\" Todd C. Miller <Todd.Miller@courtesan.com> |
| .\" |
.\" |
| .\" Permission to use, copy, modify, and distribute this software for any |
.\" Permission to use, copy, modify, and distribute this software for any |
|
Line 21
|
Line 21
|
| .\" Agency (DARPA) and Air Force Research Laboratory, Air Force |
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force |
| .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. |
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. |
| .\" |
.\" |
| .TH "SUDOERS" "@mansectsu@" "August 31, 2013" "Sudo @PACKAGE_VERSION@" "Programmer's Manual" | .TH "SUDOERS" "@mansectsu@" "February 15, 2014" "Sudo @PACKAGE_VERSION@" "Programmer's Manual" |
| .nh |
.nh |
| .if n .ad l |
.if n .ad l |
| .SH "NAME" |
.SH "NAME" |
|
Line 206 lookup is still done for root, not the user specified
|
Line 206 lookup is still done for root, not the user specified
|
| \fRSUDO_USER\fR. |
\fRSUDO_USER\fR. |
| .PP |
.PP |
| \fIsudoers\fR |
\fIsudoers\fR |
| uses time stamp files for credential caching. | uses per-user time stamp files for credential caching. |
| Once a | Once a user has been authenticated, a record is written |
| user has been authenticated, the time stamp is updated and the user | containing the uid that was used to authenticate, the |
| may then use sudo without a password for a short period of time | terminal session ID, and a time stamp |
| | (using a monotonic clock if one is available). |
| | The user may then use |
| | \fBsudo\fR |
| | without a password for a short period of time |
| (\fR@timeout@\fR |
(\fR@timeout@\fR |
| minutes unless overridden by the |
minutes unless overridden by the |
| \fItimeout\fR |
\fItimeout\fR |
|
Line 217 option)
|
Line 221 option)
|
| \&. |
\&. |
| By default, |
By default, |
| \fIsudoers\fR |
\fIsudoers\fR |
| uses a tty-based time stamp which means that | uses a separate record for each tty, which means that |
| there is a separate time stamp for each of a user's login sessions. | a user's login sessions are authenticated separately. |
| The |
The |
| \fItty_tickets\fR |
\fItty_tickets\fR |
| option can be disabled to force the use of a |
option can be disabled to force the use of a |
|
Line 330 The list of environment variables that
|
Line 334 The list of environment variables that
|
| \fBsudo\fR |
\fBsudo\fR |
| allows or denies is |
allows or denies is |
| contained in the output of |
contained in the output of |
| ``\fRsudo -V\fR'' | \(lq\fRsudo -V\fR\(rq |
| when run as root. |
when run as root. |
| .PP |
.PP |
| Note that the dynamic linker on most operating systems will remove |
Note that the dynamic linker on most operating systems will remove |
|
Line 431 EBNF also contains the following
|
Line 435 EBNF also contains the following
|
| operators, which many readers will recognize from regular |
operators, which many readers will recognize from regular |
| expressions. |
expressions. |
| Do not, however, confuse them with |
Do not, however, confuse them with |
| ``wildcard'' | \(lqwildcard\(rq |
| characters, which have different meanings. |
characters, which have different meanings. |
| .TP 6n |
.TP 6n |
| \fR\&?\fR |
\fR\&?\fR |
|
Line 500 A
|
Line 504 A
|
| \fRNAME\fR |
\fRNAME\fR |
| is a string of uppercase letters, numbers, |
is a string of uppercase letters, numbers, |
| and underscore characters |
and underscore characters |
| (`_'). | (\(oq_\(cq). |
| A |
A |
| \fRNAME\fR |
\fRNAME\fR |
| \fBmust\fR |
\fBmust\fR |
|
Line 508 start with an
|
Line 512 start with an
|
| uppercase letter. |
uppercase letter. |
| It is possible to put several alias definitions |
It is possible to put several alias definitions |
| of the same type on a single line, joined by a colon |
of the same type on a single line, joined by a colon |
| (`:\&'). | (\(oq:\&\(cq). |
| E.g., |
E.g., |
| .nf |
.nf |
| .sp |
.sp |
|
Line 541 A
|
Line 545 A
|
| \fRUser_List\fR |
\fRUser_List\fR |
| is made up of one or more user names, user IDs |
is made up of one or more user names, user IDs |
| (prefixed with |
(prefixed with |
| `#'), | \(oq#\(cq), |
| system group names and IDs (prefixed with |
system group names and IDs (prefixed with |
| `%' | \(oq%\(cq |
| and |
and |
| `%#' | \(oq%#\(cq |
| respectively), netgroups (prefixed with |
respectively), netgroups (prefixed with |
| `+'), | \(oq+\(cq), |
| non-Unix group names and IDs (prefixed with |
non-Unix group names and IDs (prefixed with |
| `%:' | \(oq%:\(cq |
| and |
and |
| `%:#' | \(oq%:#\(cq |
| respectively) and |
respectively) and |
| \fRUser_Alias\fRes. |
\fRUser_Alias\fRes. |
| Each list item may be prefixed with zero or more |
Each list item may be prefixed with zero or more |
| `\&!' | \(oq\&!\(cq |
| operators. |
operators. |
| An odd number of |
An odd number of |
| `\&!' | \(oq\&!\(cq |
| operators negate the value of |
operators negate the value of |
| the item; an even number just cancel each other out. |
the item; an even number just cancel each other out. |
| .PP |
.PP |
|
Line 602 for more information.
|
Line 606 for more information.
|
| .PP |
.PP |
| Note that quotes around group names are optional. |
Note that quotes around group names are optional. |
| Unquoted strings must use a backslash |
Unquoted strings must use a backslash |
| (`\e') | (\(oq\e\(cq) |
| to escape spaces and special characters. |
to escape spaces and special characters. |
| See |
See |
| \fIOther special characters and reserved words\fR |
\fIOther special characters and reserved words\fR |
|
Line 658 A
|
Line 662 A
|
| \fRHost_List\fR |
\fRHost_List\fR |
| is made up of one or more host names, IP addresses, |
is made up of one or more host names, IP addresses, |
| network numbers, netgroups (prefixed with |
network numbers, netgroups (prefixed with |
| `+') | \(oq+\(cq) |
| and other aliases. |
and other aliases. |
| Again, the value of an item may be negated with the |
Again, the value of an item may be negated with the |
| `\&!' | \(oq\&!\(cq |
| operator. |
operator. |
| If you do not specify a netmask along with the network number, |
If you do not specify a netmask along with the network number, |
| \fBsudo\fR |
\fBsudo\fR |
|
Line 686 Note that
|
Line 690 Note that
|
| only inspects actual network interfaces; this means that IP address |
only inspects actual network interfaces; this means that IP address |
| 127.0.0.1 (localhost) will never match. |
127.0.0.1 (localhost) will never match. |
| Also, the host name |
Also, the host name |
| ``localhost'' | \(lqlocalhost\(rq |
| will only match if that is the actual host name, which is usually |
will only match if that is the actual host name, which is usually |
| only the case for non-networked systems. |
only the case for non-networked systems. |
| .nf |
.nf |
|
Line 733 may only be run
|
Line 737 may only be run
|
| command line arguments. |
command line arguments. |
| A directory is a |
A directory is a |
| fully qualified path name ending in a |
fully qualified path name ending in a |
| `/'. | \(oq/\(cq. |
| When you specify a directory in a |
When you specify a directory in a |
| \fRCmnd_List\fR, |
\fRCmnd_List\fR, |
| the user will be able to run any file within that directory |
the user will be able to run any file within that directory |
|
Line 747 in the
|
Line 751 in the
|
| must match exactly those given by the user on the command line |
must match exactly those given by the user on the command line |
| (or match the wildcards if there are any). |
(or match the wildcards if there are any). |
| Note that the following characters must be escaped with a |
Note that the following characters must be escaped with a |
| `\e' | \(oq\e\(cq |
| if they are used in command arguments: |
if they are used in command arguments: |
| `,\&', | \(oq,\&\(cq, |
| `:\&', | \(oq:\&\(cq, |
| `=\&', | \(oq=\&\(cq, |
| `\e'. | \(oq\e\(cq. |
| The built-in command |
The built-in command |
| ``\fRsudoedit\fR'' | \(lq\fRsudoedit\fR\(rq |
| is used to permit a user to run |
is used to permit a user to run |
| \fBsudo\fR |
\fBsudo\fR |
| with the |
with the |
|
Line 763 option (or as
|
Line 767 option (or as
|
| \fBsudoedit\fR). |
\fBsudoedit\fR). |
| It may take command line arguments just as a normal command does. |
It may take command line arguments just as a normal command does. |
| Note that |
Note that |
| ``\fRsudoedit\fR'' | \(lq\fRsudoedit\fR\(rq |
| is a command built into |
is a command built into |
| \fBsudo\fR |
\fBsudo\fR |
| itself and must be specified in |
itself and must be specified in |
|
Line 845 values,
|
Line 849 values,
|
| or |
or |
| \fBlists\fR. |
\fBlists\fR. |
| Flags are implicitly boolean and can be turned off via the |
Flags are implicitly boolean and can be turned off via the |
| `\&!' | \(oq\&!\(cq |
| operator. |
operator. |
| Some integer, string and list parameters may also be |
Some integer, string and list parameters may also be |
| used in a boolean context to disable them. |
used in a boolean context to disable them. |
|
Line 854 in double quotes
|
Line 858 in double quotes
|
| (\&"") |
(\&"") |
| when they contain multiple words. |
when they contain multiple words. |
| Special characters may be escaped with a backslash |
Special characters may be escaped with a backslash |
| (`\e'). | (\(oq\e\(cq). |
| .PP |
.PP |
| Lists have two additional assignment operators, |
Lists have two additional assignment operators, |
| \fR+=\fR |
\fR+=\fR |
|
Line 906 run as
|
Line 910 run as
|
| but this can be changed on a per-command basis. |
but this can be changed on a per-command basis. |
| .PP |
.PP |
| The basic structure of a user specification is |
The basic structure of a user specification is |
| ``who where = (as_whom) what''. | \(lqwho where = (as_whom) what\(rq. |
| Let's break that down into its constituent parts: |
Let's break that down into its constituent parts: |
| .SS "Runas_Spec" |
.SS "Runas_Spec" |
| A |
A |
|
Line 918 A fully-specified
|
Line 922 A fully-specified
|
| consists of two |
consists of two |
| \fRRunas_List\fRs |
\fRRunas_List\fRs |
| (as defined above) separated by a colon |
(as defined above) separated by a colon |
| (`:\&') | (\(oq:\&\(cq) |
| and enclosed in a set of parentheses. |
and enclosed in a set of parentheses. |
| The first |
The first |
| \fRRunas_List\fR |
\fRRunas_List\fR |
|
Line 1118 $ ppriv -l
|
Line 1122 $ ppriv -l
|
| .fi |
.fi |
| .PP |
.PP |
| In addition, there are several |
In addition, there are several |
| ``special'' | \(lqspecial\(rq |
| privilege strings: |
privilege strings: |
| .TP 10n |
.TP 10n |
| none |
none |
|
Line 1135 the default set of privileges normal users are granted
|
Line 1139 the default set of privileges normal users are granted
|
| .PP |
.PP |
| Privileges can be excluded from a set by prefixing the privilege |
Privileges can be excluded from a set by prefixing the privilege |
| name with either an |
name with either an |
| `\&!' | \(oq\&!\(cq |
| or |
or |
| `\-' | \(oq\-\(cq |
| character. |
character. |
| .SS "Tag_Spec" |
.SS "Tag_Spec" |
| A command may have zero or more tags associated with it. |
A command may have zero or more tags associated with it. |
|
Line 1189 Conversely, the
|
Line 1193 Conversely, the
|
| \fRPASSWD\fR |
\fRPASSWD\fR |
| tag can be used to reverse things. |
tag can be used to reverse things. |
| For example: |
For example: |
| .RS |
|
| .nf |
.nf |
| .sp |
.sp |
| .RS 0n | .RS 2n |
| ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm |
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 2n |
| .sp |
.sp |
| would allow the user |
would allow the user |
| \fBray\fR |
\fBray\fR |
|
Line 1215 run
|
Line 1219 run
|
| without a password the entry would be: |
without a password the entry would be: |
| .nf |
.nf |
| .sp |
.sp |
| .RS 0n | .RS 2n |
| ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm |
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm |
| .RE |
.RE |
| .fi |
.fi |
|
Line 1230 By default, if the
|
Line 1234 By default, if the
|
| \fRNOPASSWD\fR |
\fRNOPASSWD\fR |
| tag is applied to any of the entries for a user on the current host, |
tag is applied to any of the entries for a user on the current host, |
| he or she will be able to run |
he or she will be able to run |
| ``\fRsudo -l\fR'' | \(lq\fRsudo -l\fR\(rq |
| without a password. |
without a password. |
| Additionally, a user may only run |
Additionally, a user may only run |
| ``\fRsudo -v\fR'' | \(lq\fRsudo -v\fR\(rq |
| without a password if the |
without a password if the |
| \fRNOPASSWD\fR |
\fRNOPASSWD\fR |
| tag is present for all a user's entries that pertain to the current host. |
tag is present for all a user's entries that pertain to the current host. |
|
Line 1242 This behavior may be overridden via the
|
Line 1246 This behavior may be overridden via the
|
| and |
and |
| \fIlistpw\fR |
\fIlistpw\fR |
| options. |
options. |
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 2n |
.TP 2n |
| \fINOEXEC\fR and \fIEXEC\fR |
\fINOEXEC\fR and \fIEXEC\fR |
| .sp |
.sp |
|
Line 1264 may run
|
Line 1266 may run
|
| and |
and |
| \fI/usr/bin/vi\fR |
\fI/usr/bin/vi\fR |
| but shell escapes will be disabled. |
but shell escapes will be disabled. |
| .RS |
|
| .nf |
.nf |
| .sp |
.sp |
| .RS 0n | .RS 2n |
| aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi |
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 2n |
| .sp |
.sp |
| See the |
See the |
| \fIPreventing shell escapes\fR |
\fIPreventing shell escapes\fR |
| section below for more details on how |
section below for more details on how |
| \fRNOEXEC\fR |
\fRNOEXEC\fR |
| works and whether or not it will work on your system. |
works and whether or not it will work on your system. |
| .PD |
|
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 2n |
.TP 2n |
| \fISETENV\fR and \fINOSETENV\fR |
\fISETENV\fR and \fINOSETENV\fR |
| .sp |
.sp |
|
Line 1308 the
|
Line 1307 the
|
| tag is implied for that command; this default may be overridden by use of the |
tag is implied for that command; this default may be overridden by use of the |
| \fRNOSETENV\fR |
\fRNOSETENV\fR |
| tag. |
tag. |
| .PD |
|
| .TP 2n |
.TP 2n |
| \fILOG_INPUT\fR and \fINOLOG_INPUT\fR |
\fILOG_INPUT\fR and \fINOLOG_INPUT\fR |
| .sp |
.sp |
|
Line 1365 in the specified range.
|
Line 1363 in the specified range.
|
| .TP 10n |
.TP 10n |
| \fR\ex\fR |
\fR\ex\fR |
| For any character |
For any character |
| `x', | \(oqx\(cq, |
| evaluates to |
evaluates to |
| `x'. | \(oqx\(cq. |
| This is used to escape special characters such as: |
This is used to escape special characters such as: |
| `*', | \(oq*\(cq, |
| `\&?', | \(oq\&?\(cq, |
| `[\&', | \(oq[\&\(cq, |
| and |
and |
| `]\&'. | \(oq]\&\(cq. |
| .PP |
.PP |
| Character classes may also be used if your system's |
Character classes may also be used if your system's |
| glob(3) |
glob(3) |
|
Line 1381 and
|
Line 1379 and
|
| fnmatch(3) |
fnmatch(3) |
| functions support them. |
functions support them. |
| However, because the |
However, because the |
| `:\&' | \(oq:\&\(cq |
| character has special meaning in |
character has special meaning in |
| \fIsudoers\fR, |
\fIsudoers\fR, |
| it must be |
it must be |
|
Line 1390 For example:
|
Line 1388 For example:
|
| .nf |
.nf |
| .sp |
.sp |
| .RS 4n |
.RS 4n |
| /bin/ls [[\:alpha\:]]* | /bin/ls [[:\&alpha:\&]]* |
| .RE |
.RE |
| .fi |
.fi |
| .PP |
.PP |
| Would match any file name beginning with a letter. |
Would match any file name beginning with a letter. |
| .PP |
.PP |
| Note that a forward slash |
Note that a forward slash |
| (`/') | (\(oq/\(cq) |
| will |
will |
| \fBnot\fR |
\fBnot\fR |
| be matched by |
be matched by |
|
Line 1423 arbitrary strings and not just path names.
|
Line 1421 arbitrary strings and not just path names.
|
| Wildcards in command line arguments should be used with care. |
Wildcards in command line arguments should be used with care. |
| Because command line arguments are matched as a single, concatenated |
Because command line arguments are matched as a single, concatenated |
| string, a wildcard such as |
string, a wildcard such as |
| `\&?' | \(oq\&?\(cq |
| or |
or |
| `*' | \(oq*\(cq |
| can match multiple words. |
can match multiple words. |
| For example, while a sudoers entry like: |
For example, while a sudoers entry like: |
| .nf |
.nf |
|
Line 1468 sudoedit
|
Line 1466 sudoedit
|
| Command line arguments to the |
Command line arguments to the |
| \fIsudoedit\fR |
\fIsudoedit\fR |
| built-in command should always be path names, so a forward slash |
built-in command should always be path names, so a forward slash |
| (`/') | (\(oq/\(cq) |
| will not be matched by a wildcard. |
will not be matched by a wildcard. |
| .SS "Including other files from within sudoers" |
.SS "Including other files from within sudoers" |
| It is possible to include other |
It is possible to include other |
|
Line 1521 file loops.
|
Line 1519 file loops.
|
| .PP |
.PP |
| If the path to the include file is not fully-qualified (does not |
If the path to the include file is not fully-qualified (does not |
| begin with a |
begin with a |
| `/', | \(oq/\(cq, |
| it must be located in the same directory as the sudoers file it was |
it must be located in the same directory as the sudoers file it was |
| included from. |
included from. |
| For example, if |
For example, if |
|
Line 1541 The file name may also include the
|
Line 1539 The file name may also include the
|
| \fR%h\fR |
\fR%h\fR |
| escape, signifying the short form of the host name. |
escape, signifying the short form of the host name. |
| In other words, if the machine's host name is |
In other words, if the machine's host name is |
| ``xerxes'', | \(lqxerxes\(rq, |
| then |
then |
| .nf |
.nf |
| .sp |
.sp |
|
Line 1575 For example, given:
|
Line 1573 For example, given:
|
| will read each file in |
will read each file in |
| \fI/etc/sudoers.d\fR, |
\fI/etc/sudoers.d\fR, |
| skipping file names that end in |
skipping file names that end in |
| `~' | \(oq~\(cq |
| or contain a |
or contain a |
| `.\&' | \(oq.\&\(cq |
| character to avoid causing problems with package manager or editor |
character to avoid causing problems with package manager or editor |
| temporary/backup files. |
temporary/backup files. |
| Files are parsed in sorted lexical order. |
Files are parsed in sorted lexical order. |
|
Line 1606 with the
|
Line 1604 with the
|
| flag to edit the files directly. |
flag to edit the files directly. |
| .SS "Other special characters and reserved words" |
.SS "Other special characters and reserved words" |
| The pound sign |
The pound sign |
| (`#') | (\(oq#\(cq) |
| is used to indicate a comment (unless it is part of a #include |
is used to indicate a comment (unless it is part of a #include |
| directive or unless it occurs in the context of a user name and is |
directive or unless it occurs in the context of a user name and is |
| followed by one or more digits, in which case it is treated as a |
followed by one or more digits, in which case it is treated as a |
|
Line 1637 can be dangerous since in a command context, it allows
|
Line 1635 can be dangerous since in a command context, it allows
|
| command on the system. |
command on the system. |
| .PP |
.PP |
| An exclamation point |
An exclamation point |
| (`\&!') | (\(oq\&!\(cq) |
| can be used as a logical |
can be used as a logical |
| \fInot\fR |
\fInot\fR |
| operator in a list or |
operator in a list or |
|
Line 1646 as well as in front of a
|
Line 1644 as well as in front of a
|
| \fRCmnd\fR. |
\fRCmnd\fR. |
| This allows one to exclude certain values. |
This allows one to exclude certain values. |
| For the |
For the |
| `\&!' | \(oq\&!\(cq |
| operator to be effective, there must be something for it to exclude. |
operator to be effective, there must be something for it to exclude. |
| For example, to match all users except for root one would use: |
For example, to match all users except for root one would use: |
| .nf |
.nf |
|
Line 1668 is omitted, as in:
|
Line 1666 is omitted, as in:
|
| .PP |
.PP |
| it would explicitly deny root but not match any other users. |
it would explicitly deny root but not match any other users. |
| This is different from a true |
This is different from a true |
| ``negation'' | \(lqnegation\(rq |
| operator. |
operator. |
| .PP |
.PP |
| Note, however, that using a |
Note, however, that using a |
| `\&!' | \(oq\&!\(cq |
| in conjunction with the built-in |
in conjunction with the built-in |
| \fBALL\fR |
\fBALL\fR |
| alias to allow a user to run |
alias to allow a user to run |
| ``all but a few'' | \(lqall but a few\(rq |
| commands rarely works as intended (see |
commands rarely works as intended (see |
| \fISECURITY NOTES\fR |
\fISECURITY NOTES\fR |
| below). |
below). |
| .PP |
.PP |
| Long lines can be continued with a backslash |
Long lines can be continued with a backslash |
| (`\e') | (\(oq\e\(cq) |
| as the last character on the line. |
as the last character on the line. |
| .PP |
.PP |
| White space between elements in a list as well as special syntactic |
White space between elements in a list as well as special syntactic |
| characters in a |
characters in a |
| \fIUser Specification\fR |
\fIUser Specification\fR |
| (`=\&', | (\(oq=\&\(cq, |
| `:\&', | \(oq:\&\(cq, |
| `(\&', | \(oq(\&\(cq, |
| `)\&') | \(oq)\&\(cq) |
| is optional. |
is optional. |
| .PP |
.PP |
| The following characters must be escaped with a backslash |
The following characters must be escaped with a backslash |
| (`\e') | (\(oq\e\(cq) |
| when used as part of a word (e.g.\& a user name or host name): |
when used as part of a word (e.g.\& a user name or host name): |
| `\&!', | \(oq\&!\(cq, |
| `=\&', | \(oq=\&\(cq, |
| `:\&', | \(oq:\&\(cq, |
| `,\&', | \(oq,\&\(cq, |
| `(\&', | \(oq(\&\(cq, |
| `)\&', | \(oq)\&\(cq, |
| `\e'. | \(oq\e\(cq. |
| .SH "SUDOERS OPTIONS" |
.SH "SUDOERS OPTIONS" |
| \fBsudo\fR's |
\fBsudo\fR's |
| behavior can be modified by |
behavior can be modified by |
|
Line 1779 is compiled with
|
Line 1777 is compiled with
|
| \fBzlib\fR |
\fBzlib\fR |
| support. |
support. |
| .TP 18n |
.TP 18n |
| |
use_netgroups |
| |
If set, netgroups (prefixed with |
| |
\(oq+\(cq), |
| |
may be used in place of a user or host. |
| |
For LDAP-based sudoers, netgroup support requires an expensive |
| |
substring match on the server. |
| |
If netgroups are not needed, this option can be disabled to reduce the |
| |
load on the LDAP server. |
| |
This flag is |
| |
\fIon\fR |
| |
by default. |
| |
.TP 18n |
| exec_background |
exec_background |
| By default, |
By default, |
| \fBsudo\fR |
\fBsudo\fR |
|
Line 1860 if they match a value specified in
|
Line 1870 if they match a value specified in
|
| \fReditor\fR. |
\fReditor\fR. |
| This flag is |
This flag is |
| \fI@env_editor@\fR |
\fI@env_editor@\fR |
| by | by default. |
| default. | |
| .TP 18n |
.TP 18n |
| env_reset |
env_reset |
| If set, |
If set, |
|
Line 1931 or
|
Line 1940 or
|
| \fI../bin/ls\fR. |
\fI../bin/ls\fR. |
| This has security implications when path names that include globbing |
This has security implications when path names that include globbing |
| characters are used with the negation operator, |
characters are used with the negation operator, |
| `!\&', | \(oq!\&\(cq, |
| as such rules can be trivially bypassed. |
as such rules can be trivially bypassed. |
| As such, this option should not be used when |
As such, this option should not be used when |
| \fIsudoers\fR |
\fIsudoers\fR |
|
Line 1950 command) does not contain the domain name.
|
Line 1959 command) does not contain the domain name.
|
| In other words, instead of myhost you would use myhost.mydomain.edu. |
In other words, instead of myhost you would use myhost.mydomain.edu. |
| You may still use the short form if you wish (and even mix the two). |
You may still use the short form if you wish (and even mix the two). |
| This option is only effective when the |
This option is only effective when the |
| ``canonical'' | \(lqcanonical\(rq |
| host name, as returned by the |
host name, as returned by the |
| \fBgetaddrinfo\fR() |
\fBgetaddrinfo\fR() |
| or |
or |
|
Line 1962 for host name resolution.
|
Line 1971 for host name resolution.
|
| If the system is configured to use the |
If the system is configured to use the |
| \fI/etc/hosts\fR |
\fI/etc/hosts\fR |
| file in preference to DNS, the |
file in preference to DNS, the |
| ``canonical'' | \(lqcanonical\(rq |
| host name may not be fully-qualified. |
host name may not be fully-qualified. |
| The order that sources are queried for hosts name resolution | The order that sources are queried for host name resolution |
| is usually specified in the |
is usually specified in the |
| \fI@nsswitch_conf@\fR, |
\fI@nsswitch_conf@\fR, |
| \fI@netsvc_conf@\fR, |
\fI@netsvc_conf@\fR, |
|
Line 1975 file.
|
Line 1984 file.
|
| In the |
In the |
| \fI/etc/hosts\fR |
\fI/etc/hosts\fR |
| file, the first host name of the entry is considered to be the |
file, the first host name of the entry is considered to be the |
| ``canonical'' | \(lqcanonical\(rq |
| name; subsequent names are aliases that are not used by |
name; subsequent names are aliases that are not used by |
| \fBsudoers\fR. |
\fBsudoers\fR. |
| For example, the following hosts file line for the machine |
For example, the following hosts file line for the machine |
| ``xyzzy'' | \(lqxyzzy\(rq |
| has the fully-qualified domain name as the |
has the fully-qualified domain name as the |
| ``canonical'' | \(lqcanonical\(rq |
| host name, and the short version as an alias. |
host name, and the short version as an alias. |
| .sp |
.sp |
| .RS 6n | .RS 24n |
| 192.168.1.1 xyzzy.sudo.ws xyzzy |
192.168.1.1 xyzzy.sudo.ws xyzzy |
| .RE |
.RE |
| |
.RS 18n |
| .sp |
.sp |
| If the machine's hosts file entry is not formatted properly, the |
If the machine's hosts file entry is not formatted properly, the |
| \fIfqdn\fR |
\fIfqdn\fR |
|
Line 2001 to make DNS lookups which renders
|
Line 2011 to make DNS lookups which renders
|
| unusable if DNS stops working (for example if the machine is disconnected |
unusable if DNS stops working (for example if the machine is disconnected |
| from the network). |
from the network). |
| Also note that just like with the hosts file, you must use the |
Also note that just like with the hosts file, you must use the |
| ``canonical'' | \(lqcanonical\(rq |
| name as DNS knows it. |
name as DNS knows it. |
| That is, you may not use a host alias |
That is, you may not use a host alias |
| (\fRCNAME\fR |
(\fRCNAME\fR |
|
Line 2012 aliases from DNS.
|
Line 2022 aliases from DNS.
|
| This flag is |
This flag is |
| \fI@fqdn@\fR |
\fI@fqdn@\fR |
| by default. |
by default. |
| |
.RE |
| .TP 18n |
.TP 18n |
| ignore_dot |
ignore_dot |
| If set, |
If set, |
|
Line 2080 by default)
|
Line 2091 by default)
|
| using a unique session ID that is included in the normal |
using a unique session ID that is included in the normal |
| \fBsudo\fR |
\fBsudo\fR |
| log line, prefixed with |
log line, prefixed with |
| ``\fRTSID=\fR''. | \(lq\fRTSID=\fR\(rq. |
| The |
The |
| \fIiolog_file\fR |
\fIiolog_file\fR |
| option may be used to control the format of the session ID. |
option may be used to control the format of the session ID. |
|
Line 2113 by default)
|
Line 2124 by default)
|
| using a unique session ID that is included in the normal |
using a unique session ID that is included in the normal |
| \fBsudo\fR |
\fBsudo\fR |
| log line, prefixed with |
log line, prefixed with |
| ``\fRTSID=\fR''. | \(lq\fRTSID=\fR\(rq. |
| The |
The |
| \fIiolog_file\fR |
\fIiolog_file\fR |
| option may be used to control the format of the session ID. |
option may be used to control the format of the session ID. |
|
Line 2270 The password prompt specified by
|
Line 2281 The password prompt specified by
|
| \fIpassprompt\fR |
\fIpassprompt\fR |
| will normally only be used if the password prompt provided by systems |
will normally only be used if the password prompt provided by systems |
| such as PAM matches the string |
such as PAM matches the string |
| ``Password:''. | \(lqPassword:\(rq. |
| If |
If |
| \fIpassprompt_override\fR |
\fIpassprompt_override\fR |
| is set, |
is set, |
|
Line 2348 If set, root is allowed to run
|
Line 2359 If set, root is allowed to run
|
| \fBsudo\fR |
\fBsudo\fR |
| too. |
too. |
| Disabling this prevents users from |
Disabling this prevents users from |
| ``chaining'' | \(lqchaining\(rq |
| \fBsudo\fR |
\fBsudo\fR |
| commands to get a root shell by doing something like |
commands to get a root shell by doing something like |
| ``\fRsudo sudo /bin/sh\fR''. | \(lq\fRsudo sudo /bin/sh\fR\(rq. |
| Note, however, that turning off |
Note, however, that turning off |
| \fIroot_sudo\fR |
\fIroot_sudo\fR |
| will also prevent root from running |
will also prevent root from running |
|
Line 2366 by default.
|
Line 2377 by default.
|
| rootpw |
rootpw |
| If set, |
If set, |
| \fBsudo\fR |
\fBsudo\fR |
| will prompt for the root password instead of the password of the invoking user. | will prompt for the root password instead of the password of the invoking user |
| | when running a command or editing a file. |
| This flag is |
This flag is |
| \fIoff\fR |
\fIoff\fR |
| by default. |
by default. |
|
Line 2378 will prompt for the password of the user defined by th
|
Line 2390 will prompt for the password of the user defined by th
|
| \fIrunas_default\fR |
\fIrunas_default\fR |
| option (defaults to |
option (defaults to |
| \fR@runas_default@\fR) |
\fR@runas_default@\fR) |
| instead of the password of the invoking user. | instead of the password of the invoking user |
| | when running a command or editing a file. |
| This flag is |
This flag is |
| \fIoff\fR |
\fIoff\fR |
| by default. |
by default. |
|
Line 2521 by the
|
Line 2534 by the
|
| \fB\-u\fR |
\fB\-u\fR |
| option (defaults to |
option (defaults to |
| \fRroot\fR) |
\fRroot\fR) |
| instead of the password of the invoking user. | instead of the password of the invoking user |
| In addition, the time stamp file name will include the target user's name. | when running a command or editing a file. |
| Note that this flag precludes the use of a uid not listed in the passwd |
Note that this flag precludes the use of a uid not listed in the passwd |
| database as an argument to the |
database as an argument to the |
| \fB\-u\fR |
\fB\-u\fR |
|
Line 2535 tty_tickets
|
Line 2548 tty_tickets
|
| If set, users must authenticate on a per-tty basis. |
If set, users must authenticate on a per-tty basis. |
| With this flag enabled, |
With this flag enabled, |
| \fBsudo\fR |
\fBsudo\fR |
| will use a file named for the tty the user is | will use a separate record in the time stamp file for each tty. |
| logged in on in the user's time stamp directory. | If disabled, a single record is used for all login sessions. |
| If disabled, the time stamp of the directory is used instead. | |
| This flag is |
This flag is |
| \fI@tty_tickets@\fR |
\fI@tty_tickets@\fR |
| by default. |
by default. |
|
Line 2610 flag is set,
|
Line 2622 flag is set,
|
| \fBsudo\fR |
\fBsudo\fR |
| will prompt for a password even when it would be visible on the screen. |
will prompt for a password even when it would be visible on the screen. |
| This makes it possible to run things like |
This makes it possible to run things like |
| ``\fRssh somehost sudo ls\fR'' | \(lq\fRssh somehost sudo ls\fR\(rq |
| since by default, |
since by default, |
| ssh(1) |
ssh(1) |
| does |
does |
|
Line 2680 If set to a value less than
|
Line 2692 If set to a value less than
|
| \fR0\fR |
\fR0\fR |
| the user's time stamp will never expire. |
the user's time stamp will never expire. |
| This can be used to allow users to create or delete their own time stamps via |
This can be used to allow users to create or delete their own time stamps via |
| ``\fRsudo -v\fR'' | \(lq\fRsudo -v\fR\(rq |
| and |
and |
| ``\fRsudo -k\fR'' | \(lq\fRsudo -k\fR\(rq |
| respectively. |
respectively. |
| .TP 18n |
.TP 18n |
| umask |
umask |
|
Line 2711 unless insults are enabled.
|
Line 2723 unless insults are enabled.
|
| .TP 18n |
.TP 18n |
| editor |
editor |
| A colon |
A colon |
| (`:\&') | (\(oq:\&\(cq) |
| separated list of editors allowed to be used with |
separated list of editors allowed to be used with |
| \fBvisudo\fR. |
\fBvisudo\fR. |
| \fBvisudo\fR |
\fBvisudo\fR |
|
Line 2739 The default is
|
Line 2751 The default is
|
| \fI@iolog_dir@\fR. |
\fI@iolog_dir@\fR. |
| .sp |
.sp |
| The following percent |
The following percent |
| (`%') | (\(oq%\(cq) |
| escape sequences are supported: |
escape sequences are supported: |
| .RS | .PP |
| | .RS 18n |
| | .PD 0 |
| .TP 6n |
.TP 6n |
| \fR%{seq}\fR |
\fR%{seq}\fR |
| expanded to a monotonically increasing base-36 sequence number, such as 0100A5, |
expanded to a monotonically increasing base-36 sequence number, such as 0100A5, |
| where every two digits are used to form a new directory, e.g.\& |
where every two digits are used to form a new directory, e.g.\& |
| \fI01/00/A5\fR |
\fI01/00/A5\fR |
| |
.PD |
| .TP 6n |
.TP 6n |
| \fR%{user}\fR |
\fR%{user}\fR |
| expanded to the invoking user's login name |
expanded to the invoking user's login name |
|
Line 2773 strftime(3)
|
Line 2788 strftime(3)
|
| function will be expanded. |
function will be expanded. |
| .sp |
.sp |
| To include a literal |
To include a literal |
| `%' | \(oq%\(cq |
| character, the string |
character, the string |
| `%%' | \(oq%%\(cq |
| should be used. |
should be used. |
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 18n |
.TP 18n |
| iolog_file |
iolog_file |
| The path name, relative to |
The path name, relative to |
|
Line 2797 Note that
|
Line 2810 Note that
|
| \fIiolog_file\fR |
\fIiolog_file\fR |
| may contain directory components. |
may contain directory components. |
| The default is |
The default is |
| ``\fR%{seq}\fR''. | \(lq\fR%{seq}\fR\(rq. |
| .sp |
.sp |
| See the |
See the |
| \fIiolog_dir\fR |
\fIiolog_dir\fR |
| option above for a list of supported percent |
option above for a list of supported percent |
| (`%') | (\(oq%\(cq) |
| escape sequences. |
escape sequences. |
| .sp |
.sp |
| In addition to the escape sequences, path names that end in six or |
In addition to the escape sequences, path names that end in six or |
|
Line 2824 overwritten unless
|
Line 2837 overwritten unless
|
| ends in six or |
ends in six or |
| more |
more |
| \fRX\fRs. |
\fRX\fRs. |
| .PD |
|
| .TP 18n |
.TP 18n |
| |
lecture_status_dir |
| |
The directory in which |
| |
\fBsudo\fR |
| |
stores per-user lecture status files. |
| |
Once a user has received the lecture, a zero-length file is |
| |
created in this directory so that |
| |
\fBsudo\fR |
| |
will not lecture the user again. |
| |
This directory should |
| |
\fInot\fR |
| |
be cleared when the system reboots. |
| |
The default is |
| |
\fI@vardir@/lectured\fR. |
| |
.TP 18n |
| limitprivs |
limitprivs |
| The default Solaris limit privileges to use when constructing a new |
The default Solaris limit privileges to use when constructing a new |
| privilege set for a command. |
privilege set for a command. |
|
Line 2844 The escape
|
Line 2870 The escape
|
| \fR%h\fR |
\fR%h\fR |
| will expand to the host name of the machine. |
will expand to the host name of the machine. |
| Default is |
Default is |
| ``\fR@mailsub@\fR''. | \(lq\fR@mailsub@\fR\(rq. |
| .TP 18n |
.TP 18n |
| maxseq |
maxseq |
| The maximum sequence number that will be substituted for the |
The maximum sequence number that will be substituted for the |
| ``\fR%{seq}\fR'' | \(lq\fR%{seq}\fR\(rq |
| escape in the I/O log file (see the |
escape in the I/O log file (see the |
| \fIiolog_dir\fR |
\fIiolog_dir\fR |
| description above for more information). |
description above for more information). |
| While the value substituted for |
While the value substituted for |
| ``\fR%{seq}\fR'' | \(lq\fR%{seq}\fR\(rq |
| is in base 36, |
is in base 36, |
| \fImaxseq\fR |
\fImaxseq\fR |
| itself should be expressed in decimal. |
itself should be expressed in decimal. |
| Values larger than 2176782336 (which corresponds to the |
Values larger than 2176782336 (which corresponds to the |
| base 36 sequence number |
base 36 sequence number |
| ``ZZZZZZ'') | \(lqZZZZZZ\(rq) |
| will be silently truncated to 2176782336. |
will be silently truncated to 2176782336. |
| The default value is 2176782336. |
The default value is 2176782336. |
| .sp |
.sp |
| Once the local sequence number reaches the value of |
Once the local sequence number reaches the value of |
| \fImaxseq\fR, |
\fImaxseq\fR, |
| it will |
it will |
| ``roll over'' | \(lqroll over\(rq |
| to zero, after which |
to zero, after which |
| \fBsudoers\fR |
\fBsudoers\fR |
| will truncate and re-use any existing I/O log pathnames. | will truncate and re-use any existing I/O log path names. |
| .sp |
.sp |
| This setting is only supported by version 1.8.7 or higher. |
This setting is only supported by version 1.8.7 or higher. |
| .TP 18n |
.TP 18n |
|
Line 2888 name used when the
|
Line 2914 name used when the
|
| \fB\-i\fR |
\fB\-i\fR |
| option is specified. |
option is specified. |
| The default value is |
The default value is |
| ``\fR@pam_login_service@\fR''. | \(lq\fR@pam_login_service@\fR\(rq. |
| See the description of |
See the description of |
| \fIpam_service\fR |
\fIpam_service\fR |
| for more information. |
for more information. |
|
Line 2904 file or a file in the
|
Line 2930 file or a file in the
|
| \fI/etc/pam.d\fR |
\fI/etc/pam.d\fR |
| directory. |
directory. |
| The default value is |
The default value is |
| ``\fRsudo\fR''. | \(lq\fRsudo\fR\(rq. |
| .sp |
.sp |
| This setting is only supported by version 1.8.8 or higher. |
This setting is only supported by version 1.8.8 or higher. |
| .TP 18n |
.TP 18n |
|
Line 2915 option or the
|
Line 2941 option or the
|
| \fRSUDO_PROMPT\fR |
\fRSUDO_PROMPT\fR |
| environment variable. |
environment variable. |
| The following percent |
The following percent |
| (`%') | (\(oq%\(cq) |
| escape sequences are supported: |
escape sequences are supported: |
| .RS | .PP |
| | .RS 18n |
| | .PD 0 |
| .TP 6n |
.TP 6n |
| \fR%H\fR |
\fR%H\fR |
| expanded to the local host name including the domain name |
expanded to the local host name including the domain name |
| (only if the machine's host name is fully qualified or the |
(only if the machine's host name is fully qualified or the |
| \fIfqdn\fR |
\fIfqdn\fR |
| option is set) |
option is set) |
| |
.PD |
| .TP 6n |
.TP 6n |
| \fR%h\fR |
\fR%h\fR |
| expanded to the local host name without the domain name |
expanded to the local host name without the domain name |
|
Line 2952 characters are collapsed into a single
|
Line 2981 characters are collapsed into a single
|
| character |
character |
| .PP |
.PP |
| The default value is |
The default value is |
| ``\fR@passprompt@\fR''. | \(lq\fR@passprompt@\fR\(rq. |
| .PP | |
| .RE |
.RE |
| .PD 0 |
|
| .TP 18n |
.TP 18n |
| privs |
privs |
| The default Solaris privileges to use when constructing a new |
The default Solaris privileges to use when constructing a new |
|
Line 2973 The default privileges may be overridden on a per-comm
|
Line 3000 The default privileges may be overridden on a per-comm
|
| This option is only available if |
This option is only available if |
| \fBsudoers\fR |
\fBsudoers\fR |
| is built on Solaris 10 or higher. |
is built on Solaris 10 or higher. |
| .PD |
|
| .TP 18n |
.TP 18n |
| role |
role |
| The default SELinux role to use when constructing a new security |
The default SELinux role to use when constructing a new security |
|
Line 3022 Locale to use when parsing the sudoers file, logging c
|
Line 3048 Locale to use when parsing the sudoers file, logging c
|
| sending email. |
sending email. |
| Note that changing the locale may affect how sudoers is interpreted. |
Note that changing the locale may affect how sudoers is interpreted. |
| Defaults to |
Defaults to |
| ``\fRC\fR''. | \(lq\fRC\fR\(rq. |
| .TP 18n |
.TP 18n |
| timestampdir |
timestampdir |
| The directory in which |
The directory in which |
| \fBsudo\fR |
\fBsudo\fR |
| stores its time stamp files. |
stores its time stamp files. |
| |
This directory should be cleared when the system reboots. |
| The default is |
The default is |
| \fI@timedir@\fR. | \fI@rundir@/ts\fR. |
| .TP 18n |
.TP 18n |
| timestampowner |
timestampowner |
| The owner of the time stamp directory and the time stamps stored therein. | The owner of the lecture status directory, time stamp directory and all |
| | files stored therein. |
| The default is |
The default is |
| \fRroot\fR. |
\fRroot\fR. |
| .TP 18n |
.TP 18n |
|
Line 3054 The
|
Line 3082 The
|
| option specifies the fully qualified path to a file containing variables |
option specifies the fully qualified path to a file containing variables |
| to be set in the environment of the program being run. |
to be set in the environment of the program being run. |
| Entries in this file should either be of the form |
Entries in this file should either be of the form |
| ``\fRVARIABLE=value\fR'' | \(lq\fRVARIABLE=value\fR\(rq |
| or |
or |
| ``\fRexport VARIABLE=value\fR''. | \(lq\fRexport VARIABLE=value\fR\(rq. |
| The value may optionally be surrounded by single or double quotes. |
The value may optionally be surrounded by single or double quotes. |
| Variables in this file are subject to other |
Variables in this file are subject to other |
| \fBsudo\fR |
\fBsudo\fR |
|
Line 3091 lecture
|
Line 3119 lecture
|
| This option controls when a short lecture will be printed along with |
This option controls when a short lecture will be printed along with |
| the password prompt. |
the password prompt. |
| It has the following possible values: |
It has the following possible values: |
| .RS | .PP |
| | .RS 14n |
| | .PD 0 |
| .TP 8n |
.TP 8n |
| always |
always |
| Always lecture the user. |
Always lecture the user. |
| |
.PD |
| .TP 8n |
.TP 8n |
| never |
never |
| Never lecture the user. |
Never lecture the user. |
|
Line 3111 Negating the option results in a value of
|
Line 3142 Negating the option results in a value of
|
| being used. |
being used. |
| The default value is |
The default value is |
| \fI@lecture@\fR. |
\fI@lecture@\fR. |
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 14n |
.TP 14n |
| lecture_file |
lecture_file |
| Path to a file containing an alternate |
Path to a file containing an alternate |
|
Line 3123 file exists.
|
Line 3152 file exists.
|
| By default, |
By default, |
| \fBsudo\fR |
\fBsudo\fR |
| uses a built-in lecture. |
uses a built-in lecture. |
| .PD |
|
| .TP 14n |
.TP 14n |
| listpw |
listpw |
| This option controls when a password will be required when a user runs |
This option controls when a password will be required when a user runs |
|
Line 3132 with the
|
Line 3160 with the
|
| \fB\-l\fR |
\fB\-l\fR |
| option. |
option. |
| It has the following possible values: |
It has the following possible values: |
| .RS | .PP |
| | .RS 14n |
| | .PD 0 |
| .TP 10n |
.TP 10n |
| all |
all |
| All the user's |
All the user's |
|
Line 3141 entries for the current host must have
|
Line 3171 entries for the current host must have
|
| the |
the |
| \fRNOPASSWD\fR |
\fRNOPASSWD\fR |
| flag set to avoid entering a password. |
flag set to avoid entering a password. |
| |
.PD |
| .TP 10n |
.TP 10n |
| always |
always |
| The user must always enter a password to use the |
The user must always enter a password to use the |
|
Line 3168 Negating the option results in a value of
|
Line 3199 Negating the option results in a value of
|
| being used. |
being used. |
| The default value is |
The default value is |
| \fIany\fR. |
\fIany\fR. |
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 14n |
.TP 14n |
| logfile |
logfile |
| Path to the |
Path to the |
|
Line 3181 negating this option turns it off.
|
Line 3210 negating this option turns it off.
|
| By default, |
By default, |
| \fBsudo\fR |
\fBsudo\fR |
| logs via syslog. |
logs via syslog. |
| .PD |
|
| .TP 14n |
.TP 14n |
| mailerflags |
mailerflags |
| Flags to use when invoking mailer. Defaults to |
Flags to use when invoking mailer. Defaults to |
|
Line 3193 Defaults to the path to sendmail found at configure ti
|
Line 3221 Defaults to the path to sendmail found at configure ti
|
| .TP 14n |
.TP 14n |
| mailfrom |
mailfrom |
| Address to use for the |
Address to use for the |
| ``from'' | \(lqfrom\(rq |
| address when sending warning and error mail. |
address when sending warning and error mail. |
| The address should be enclosed in double quotes |
The address should be enclosed in double quotes |
| (\&"") |
(\&"") |
|
Line 3227 to have a sane
|
Line 3255 to have a sane
|
| \fRPATH\fR |
\fRPATH\fR |
| environment variable you may want to use this. |
environment variable you may want to use this. |
| Another use is if you want to have the |
Another use is if you want to have the |
| ``root path'' | \(lqroot path\(rq |
| be separate from the |
be separate from the |
| ``user path''. | \(lquser path\(rq. |
| Users in the group specified by the |
Users in the group specified by the |
| \fIexempt_group\fR |
\fIexempt_group\fR |
| option are not affected by |
option are not affected by |
|
Line 3266 with the
|
Line 3294 with the
|
| \fB\-v\fR |
\fB\-v\fR |
| option. |
option. |
| It has the following possible values: |
It has the following possible values: |
| .RS | .PP |
| | .RS 14n |
| | .PD 0 |
| .TP 8n |
.TP 8n |
| all |
all |
| All the user's |
All the user's |
|
Line 3274 All the user's
|
Line 3304 All the user's
|
| entries for the current host must have the |
entries for the current host must have the |
| \fRNOPASSWD\fR |
\fRNOPASSWD\fR |
| flag set to avoid entering a password. |
flag set to avoid entering a password. |
| |
.PD |
| .TP 8n |
.TP 8n |
| always |
always |
| The user must always enter a password to use the |
The user must always enter a password to use the |
|
Line 3307 The default value is
|
Line 3338 The default value is
|
| env_check |
env_check |
| Environment variables to be removed from the user's environment if |
Environment variables to be removed from the user's environment if |
| the variable's value contains |
the variable's value contains |
| `%' | \(oq%\(cq |
| or |
or |
| `/' | \(oq/\(cq |
| characters. |
characters. |
| This can be used to guard against printf-style format vulnerabilities |
This can be used to guard against printf-style format vulnerabilities |
| in poorly-written programs. |
in poorly-written programs. |
|
Line 3414 The path to the group file should be specified as an o
|
Line 3445 The path to the group file should be specified as an o
|
| to the plugin. |
to the plugin. |
| For example, if the group file to be used is |
For example, if the group file to be used is |
| \fI/etc/sudo-group\fR: |
\fI/etc/sudo-group\fR: |
| .RS |
|
| .nf |
.nf |
| .sp |
.sp |
| .RS 0n | .RS 10n |
| Defaults group_plugin="group_file.so /etc/sudo-group" |
Defaults group_plugin="group_file.so /etc/sudo-group" |
| .RE |
.RE |
| .fi |
.fi |
| .PP |
|
| .RE |
|
| .PD 0 |
|
| .TP 10n |
.TP 10n |
| system_group |
system_group |
| The |
The |
|
Line 3435 and
|
Line 3462 and
|
| This plugin can be used in instances where the user belongs to |
This plugin can be used in instances where the user belongs to |
| groups not present in the user's supplemental group vector. |
groups not present in the user's supplemental group vector. |
| This plugin takes no options: |
This plugin takes no options: |
| .RS |
|
| .nf |
.nf |
| .sp |
.sp |
| .RS 0n | .RS 10n |
| Defaults group_plugin=system_group.so |
Defaults group_plugin=system_group.so |
| .RE |
.RE |
| .fi |
.fi |
| .RE |
|
| .PD |
|
| .PP |
.PP |
| The group provider plugin API is described in detail in |
The group provider plugin API is described in detail in |
| sudo_plugin(@mansectsu@). |
sudo_plugin(@mansectsu@). |
|
Line 3470 Where the fields are as follows:
|
Line 3494 Where the fields are as follows:
|
| date |
date |
| The date the command was run. |
The date the command was run. |
| Typically, this is in the format |
Typically, this is in the format |
| ``MMM, DD, HH:MM:SS''. | \(lqMMM, DD, HH:MM:SS\(rq. |
| If logging via |
If logging via |
| syslog(3), |
syslog(3), |
| the actual date format is controlled by the syslog daemon. |
the actual date format is controlled by the syslog daemon. |
|
Line 3500 The login name of the user who ran
|
Line 3524 The login name of the user who ran
|
| .TP 14n |
.TP 14n |
| ttyname |
ttyname |
| The short name of the terminal (e.g.\& |
The short name of the terminal (e.g.\& |
| ``console'', | \(lqconsole\(rq, |
| ``tty01'', | \(lqtty01\(rq, |
| or |
or |
| ``pts/0'') | \(lqpts/0\(rq) |
| \fBsudo\fR |
\fBsudo\fR |
| was run on, or |
was run on, or |
| ``unknown'' | \(lqunknown\(rq |
| if there was no terminal present. |
if there was no terminal present. |
| .TP 14n |
.TP 14n |
| cwd |
cwd |
|
Line 3538 The actual command that was executed.
|
Line 3562 The actual command that was executed.
|
| Messages are logged using the locale specified by |
Messages are logged using the locale specified by |
| \fIsudoers_locale\fR, |
\fIsudoers_locale\fR, |
| which defaults to the |
which defaults to the |
| ``\fRC\fR'' | \(lq\fRC\fR\(rq |
| locale. |
locale. |
| .SS "Denied command log entries" |
.SS "Denied command log entries" |
| If the user is not allowed to run the command, the reason for the denial |
If the user is not allowed to run the command, the reason for the denial |
|
Line 3621 using group permissions to avoid this problem.
|
Line 3645 using group permissions to avoid this problem.
|
| Consider either changing the ownership of |
Consider either changing the ownership of |
| \fI@sysconfdir@/sudoers\fR |
\fI@sysconfdir@/sudoers\fR |
| or adding an argument like |
or adding an argument like |
| ``sudoers_uid=N'' | \(lqsudoers_uid=N\(rq |
| (where |
(where |
| `N' | \(oqN\(cq |
| is the user ID that owns the |
is the user ID that owns the |
| \fIsudoers\fR |
\fIsudoers\fR |
| file) to the end of the |
file) to the end of the |
|
Line 3650 file has the wrong owner.
|
Line 3674 file has the wrong owner.
|
| If you wish to change the |
If you wish to change the |
| \fIsudoers\fR |
\fIsudoers\fR |
| file owner, please add |
file owner, please add |
| ``sudoers_uid=N'' | \(lqsudoers_uid=N\(rq |
| (where |
(where |
| `N' | \(oqN\(cq |
| is the user ID that owns the |
is the user ID that owns the |
| \fIsudoers\fR |
\fIsudoers\fR |
| file) to the |
file) to the |
|
Line 3671 The
|
Line 3695 The
|
| file must not be world-writable, the default file mode |
file must not be world-writable, the default file mode |
| is 0440 (readable by owner and group, writable by none). |
is 0440 (readable by owner and group, writable by none). |
| The default mode may be changed via the |
The default mode may be changed via the |
| ``sudoers_mode'' | \(lqsudoers_mode\(rq |
| option to the |
option to the |
| \fBsudoers\fR |
\fBsudoers\fR |
| \fRPlugin\fR |
\fRPlugin\fR |
|
Line 3686 file has the wrong group ownership.
|
Line 3710 file has the wrong group ownership.
|
| If you wish to change the |
If you wish to change the |
| \fIsudoers\fR |
\fIsudoers\fR |
| file group ownership, please add |
file group ownership, please add |
| ``sudoers_gid=N'' | \(lqsudoers_gid=N\(rq |
| (where |
(where |
| `N' | \(oqN\(cq |
| is the group ID that owns the |
is the group ID that owns the |
| \fIsudoers\fR |
\fIsudoers\fR |
| file) to the |
file) to the |
|
Line 3698 line in the
|
Line 3722 line in the
|
| sudo.conf(@mansectform@) |
sudo.conf(@mansectform@) |
| file. |
file. |
| .TP 3n |
.TP 3n |
| unable to open @timedir@/username/ttyname | unable to open @rundir@/ts/username |
| \fIsudoers\fR |
\fIsudoers\fR |
| was unable to read or create the user's time stamp file. |
was unable to read or create the user's time stamp file. |
| |
This can happen when |
| |
\fItimestampowner\fR |
| |
is set to a user other than root and the mode on |
| |
\fI@rundir@\fR |
| |
is not searchable by group or other. |
| |
The default mode for |
| |
\fI@rundir@\fR |
| |
is 0711. |
| .TP 3n |
.TP 3n |
| unable to write to @timedir@/username/ttyname | unable to write to @rundir@/ts/username |
| \fIsudoers\fR |
\fIsudoers\fR |
| was unable to write to the user's time stamp file. |
was unable to write to the user's time stamp file. |
| .TP 3n |
.TP 3n |
| unable to mkdir to @timedir@/username | @rundir@/ts is owned by uid X, should be Y |
| | The time stamp directory is owned by a user other than |
| | \fItimestampowner\fR. |
| | This can occur when the value of |
| | \fItimestampowner\fR |
| | has been changed. |
| \fIsudoers\fR |
\fIsudoers\fR |
| was unable to create the user's time stamp directory. | will ignore the time stamp directory until the owner is corrected. |
| | .TP 3n |
| | @rundir@/ts is group writable |
| | The time stamp directory is group-writable; it should be writable only by |
| | \fItimestampowner\fR. |
| | The default mode for the time stamp directory is 0700. |
| | \fIsudoers\fR |
| | will ignore the time stamp directory until the mode is corrected. |
| .SS "Notes on logging via syslog" |
.SS "Notes on logging via syslog" |
| By default, |
By default, |
| \fIsudoers\fR |
\fIsudoers\fR |
|
Line 3731 To prevent the command line arguments from being trunc
|
Line 3775 To prevent the command line arguments from being trunc
|
| \fBsudoers\fR |
\fBsudoers\fR |
| will split up log messages that are larger than 960 characters |
will split up log messages that are larger than 960 characters |
| (not including the date, hostname, and the string |
(not including the date, hostname, and the string |
| ``sudo''). | \(lqsudo\(rq). |
| When a message is split, additional parts will include the string |
When a message is split, additional parts will include the string |
| ``(command continued)'' | \(lq(command continued)\(rq |
| after the user name and before the continued command line arguments. |
after the user name and before the continued command line arguments. |
| .SS "Notes on logging to a file" |
.SS "Notes on logging to a file" |
| If the |
If the |
|
Line 3773 on the log files.
|
Line 3817 on the log files.
|
| If the |
If the |
| \fIloglinelen\fR |
\fIloglinelen\fR |
| option is set to 0 (or negated with a |
option is set to 0 (or negated with a |
| `\&!'), | \(oq\&!\(cq), |
| word wrap will be disabled. |
word wrap will be disabled. |
| .SH "FILES" |
.SH "FILES" |
| .TP 26n |
.TP 26n |
|
Line 3792 List of network groups
|
Line 3836 List of network groups
|
| \fI@iolog_dir@\fR |
\fI@iolog_dir@\fR |
| I/O log files |
I/O log files |
| .TP 26n |
.TP 26n |
| \fI@timedir@\fR | \fI@rundir@/ts\fR |
| Directory containing time stamps for the |
Directory containing time stamps for the |
| \fIsudoers\fR |
\fIsudoers\fR |
| security policy |
security policy |
| .TP 26n |
.TP 26n |
| |
\fI@vardir@/lectured\fR |
| |
Directory containing lecture status files for the |
| |
\fIsudoers\fR |
| |
security policy |
| |
.TP 26n |
| \fI/etc/environment\fR |
\fI/etc/environment\fR |
| Initial environment for |
Initial environment for |
| \fB\-i\fR |
\fB\-i\fR |
|
Line 4082 may run any command on machines in the
|
Line 4131 may run any command on machines in the
|
| netgroup. |
netgroup. |
| \fBsudo\fR |
\fBsudo\fR |
| knows that |
knows that |
| ``biglab'' | \(lqbiglab\(rq |
| is a netgroup due to the |
is a netgroup due to the |
| `+' | \(oq+\(cq |
| prefix. |
prefix. |
| .nf |
.nf |
| .sp |
.sp |
|
Line 4218 Any user may mount or unmount a CD-ROM on the machines
|
Line 4267 Any user may mount or unmount a CD-ROM on the machines
|
| This is a bit tedious for users to type, so it is a prime candidate |
This is a bit tedious for users to type, so it is a prime candidate |
| for encapsulating in a shell script. |
for encapsulating in a shell script. |
| .SH "SECURITY NOTES" |
.SH "SECURITY NOTES" |
| .SS "Limitations of the `!\&' operator" | .SS "Limitations of the \(oq!\&\(cq operator" |
| It is generally not effective to |
It is generally not effective to |
| ``subtract'' | \(lqsubtract\(rq |
| commands from |
commands from |
| \fBALL\fR |
\fBALL\fR |
| using the |
using the |
| `!\&' | \(oq!\&\(cq |
| operator. |
operator. |
| A user can trivially circumvent this by copying the desired command |
A user can trivially circumvent this by copying the desired command |
| to a different name and then executing that. |
to a different name and then executing that. |
|
Line 4251 In general, if a user has sudo
|
Line 4300 In general, if a user has sudo
|
| \fBALL\fR |
\fBALL\fR |
| there is nothing to prevent them from creating their own program that gives |
there is nothing to prevent them from creating their own program that gives |
| them a root shell (or making their own copy of a shell) regardless of any |
them a root shell (or making their own copy of a shell) regardless of any |
| `!\&' | \(oq!\&\(cq |
| elements in the user specification. |
elements in the user specification. |
| .SS "Security implications of \fIfast_glob\fR" |
.SS "Security implications of \fIfast_glob\fR" |
| If the |
If the |
|
Line 4355 for a command, use the
|
Line 4404 for a command, use the
|
| tag as documented |
tag as documented |
| in the User Specification section above. |
in the User Specification section above. |
| Here is that example again: |
Here is that example again: |
| .RS |
|
| .nf |
.nf |
| .sp |
.sp |
| .RS 0n | .RS 10n |
| aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi |
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 10n |
| .sp |
.sp |
| This allows user |
This allows user |
| \fBaaron\fR |
\fBaaron\fR |
|
Line 4387 operations (such as changing or overwriting files) tha
|
Line 4436 operations (such as changing or overwriting files) tha
|
| to unintended privilege escalation. |
to unintended privilege escalation. |
| In the specific case of an editor, a safer approach is to give the |
In the specific case of an editor, a safer approach is to give the |
| user permission to run |
user permission to run |
| \fBsudoedit\fR. | \fBsudoedit\fR |
| | (see below). |
| | .SS "Secure editing" |
| | The |
| | \fIsudoers\fR |
| | plugin includes |
| | \fBsudoedit\fR |
| | support which allows users to securely edit files with the editor |
| | of their choice. |
| | As |
| | \fBsudoedit\fR |
| | is a built-in command, it must be specified in |
| | \fIsudoers\fR |
| | without a leading path. |
| | However, it may take command line arguments just as a normal command does. |
| | For example, to allow user operator to edit the |
| | \(lqmessage of the day\(rq |
| | file: |
| | .nf |
| | .sp |
| | .RS 6n |
| | operator sudoedit /etc/motd |
| | .RE |
| | .fi |
| | .PP |
| | The operator user then runs |
| | \fBsudoedit\fR |
| | as follows: |
| | .nf |
| | .sp |
| | .RS 6n |
| | $ sudoedit /etc/motd |
| | .RE |
| | .fi |
| | .PP |
| | The editor will run as the operator user, not root, on a temporary copy of |
| | \fI/etc/motd\fR. |
| | After the file has been edited, |
| | \fI/etc/motd\fR |
| | will be updated with the contents of the temporary copy. |
| .SS "Time stamp file checks" |
.SS "Time stamp file checks" |
| \fIsudoers\fR |
\fIsudoers\fR |
| will check the ownership of its time stamp directory |
will check the ownership of its time stamp directory |
| (\fI@timedir@\fR | (\fI@rundir@/ts\fR |
| by default) |
by default) |
| and ignore the directory's contents if it is not owned by root or |
and ignore the directory's contents if it is not owned by root or |
| if it is writable by a user other than root. |
if it is writable by a user other than root. |
| On systems that allow non-root users to give away files via | Older versions of |
| chown(2), | |
| if the time stamp directory is located in a world-writable | |
| directory (e.g.\&, | |
| \fI/tmp\fR), | |
| it is possible for a user to create the time stamp directory before | |
| \fBsudo\fR |
\fBsudo\fR |
| is run. | stored time stamp files in |
| However, because | \fI/tmp\fR; |
| | this is no longer recommended as it may be possible for a user |
| | to create the time stamp themselves on systems that allow |
| | unprivileged users to change the ownership of files they create. |
| | .PP |
| | While the time stamp directory |
| | \fIshould\fR |
| | be cleared at reboot time, not all systems contain a |
| | \fI/var/run\fR |
| | directory. |
| | To avoid potential problems, |
| \fIsudoers\fR |
\fIsudoers\fR |
| checks the ownership and mode of the directory and its | will ignore time stamp files that date from before the machine booted |
| contents, the only damage that can be done is to | on systems where the boot time is available. |
| ``hide'' | |
| files by putting them in the time stamp dir. | |
| This is unlikely to happen since once the time stamp dir is owned by root | |
| and inaccessible by any other user, the user placing files there would be | |
| unable to get them back out. | |
| .PP |
.PP |
| |
Some systems with graphical desktop environments allow unprivileged |
| |
users to change the system clock. |
| |
Since |
| \fIsudoers\fR |
\fIsudoers\fR |
| |
relies on the system clock for time stamp validation, it may be |
| |
possible on such systems for a user to run |
| |
\fBsudo\fR |
| |
for longer than |
| |
\fItimestamp_timeout\fR |
| |
by setting the clock back. |
| |
To combat this, |
| |
\fIsudoers\fR |
| |
uses a monotonic clock (which never moves backwards) for its time stamps |
| |
if the system supports it. |
| |
.PP |
| |
\fIsudoers\fR |
| will not honor time stamps set far in the future. |
will not honor time stamps set far in the future. |
| Time stamps with a date greater than current_time + 2 * |
Time stamps with a date greater than current_time + 2 * |
| \fRTIMEOUT\fR |
\fRTIMEOUT\fR |
| will be ignored and sudo will log and complain. | will be ignored and |
| This is done to keep a user from creating his/her own time stamp with a | |
| bogus date on systems that allow users to give away files if the time | |
| stamp directory is located in a world-writable directory. | |
| .PP | |
| On systems where the boot time is available, | |
| \fIsudoers\fR |
\fIsudoers\fR |
| will ignore time stamps that date from before the machine booted. | will log and complain. |
| .PP |
.PP |
| Since time stamp files live in the file system, they can outlive a |
Since time stamp files live in the file system, they can outlive a |
| user's login session. |
user's login session. |
|
Line 4432 As a result, a user may be able to login, run a comman
|
Line 4530 As a result, a user may be able to login, run a comman
|
| \fBsudo\fR |
\fBsudo\fR |
| after authenticating, logout, login again, and run |
after authenticating, logout, login again, and run |
| \fBsudo\fR |
\fBsudo\fR |
| without authenticating so long as the time stamp file's modification | without authenticating so long as the record's time stamp is within |
| time is within | |
| \fR@timeout@\fR |
\fR@timeout@\fR |
| minutes (or whatever the timeout is set to in | minutes (or whatever value the timeout is set to in |
| \fIsudoers\fR). |
\fIsudoers\fR). |
| When the |
When the |
| \fItty_tickets\fR |
\fItty_tickets\fR |
| option is enabled, the time stamp has per-tty granularity but still | option is enabled, the time stamp record includes the device |
| | number of the terminal the user authenticated with. |
| | This provides per-tty granularity but time stamp records still |
| may outlive the user's session. |
may outlive the user's session. |
| On Linux systems where the devpts filesystem is used, Solaris systems | The time stamp record also includes the session ID of the process |
| with the devices filesystem, as well as other systems that utilize a | that last authenticated. |
| devfs filesystem that monotonically increase the inode number of devices | This prevents processes in different terminal sessions from using |
| as they are created (such as Mac OS X), | the same time stamp record. |
| \fIsudoers\fR | It also helps reduce the chance that a user will be able to run |
| is able to determine when a tty-based time stamp file is stale and will | \fBsudo\fR |
| ignore it. | without entering a password when logging out and back in again |
| Administrators should not rely on this feature as it is not universally | on the same terminal. |
| available. | |
| .SH "DEBUGGING" |
.SH "DEBUGGING" |
| Versions 1.8.4 and higher of the |
Versions 1.8.4 and higher of the |
| \fBsudoers\fR |
\fBsudoers\fR |
|
Line 4545 pseudo-tty related code
|
Line 4643 pseudo-tty related code
|
| \fIrbtree\fR |
\fIrbtree\fR |
| redblack tree internals |
redblack tree internals |
| .TP 10n |
.TP 10n |
| |
\fIsssd\fR |
| |
SSSD-based sudoers |
| |
.TP 10n |
| \fIutil\fR |
\fIutil\fR |
| utility functions |
utility functions |
| .PD 0 |
.PD 0 |
| .PP |
.PP |
| .PD |
|
| For example: |
For example: |
| .nf |
.nf |
| .sp |
.sp |
|
Line 4557 For example:
|
Line 4657 For example:
|
| Debug sudo /var/log/sudo_debug match@info,nss@info |
Debug sudo /var/log/sudo_debug match@info,nss@info |
| .RE |
.RE |
| .fi |
.fi |
| |
.PD |
| .PP |
.PP |
| For more information, see the |
For more information, see the |
| sudo.conf(@mansectform@) |
sudo.conf(@mansectform@) |
|
Line 4610 search the archives.
|
Line 4711 search the archives.
|
| .SH "DISCLAIMER" |
.SH "DISCLAIMER" |
| \fBsudo\fR |
\fBsudo\fR |
| is provided |
is provided |
| ``AS IS'' | \(lqAS IS\(rq |
| and any express or implied warranties, including, but not limited |
and any express or implied warranties, including, but not limited |
| to, the implied warranties of merchantability and fitness for a |
to, the implied warranties of merchantability and fitness for a |
| particular purpose are disclaimed. |
particular purpose are disclaimed. |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoers.man.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc