+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
N\bNA\bAM\bME\bE
sudo, sudoedit - execute a command as another user
If an I/O plugin is configured, the running command's input and output
may be logged as well.
-
-
-
-
-1.8.1 April 9, 2011 1
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
O\bOP\bPT\bTI\bIO\bON\bNS\bS
s\bsu\bud\bdo\bo accepts the following command line options:
is already root. This option is only available on systems
with BSD login classes.
-
-
-1.8.1 April 9, 2011 2
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
-D _\bl_\be_\bv_\be_\bl Enable debugging of s\bsu\bud\bdo\bo plugins and s\bsu\bud\bdo\bo itself. The
_\bl_\be_\bv_\be_\bl may be a value from 1 through 9.
behavior.
-h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes s\bsu\bud\bdo\bo to print a short help
-
-
-
-1.8.1 April 9, 2011 3
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
message to the standard output and exit.
-i [command]
messages and exit.
-P The -\b-P\bP (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\bg_\br_\bo_\bu_\bp _\bv_\be_\bc_\bt_\bo_\br) option causes s\bsu\bud\bdo\bo to
-
-
-
-1.8.1 April 9, 2011 4
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
preserve the invoking user's group vector unaltered. By
default, the _\bs_\bu_\bd_\bo_\be_\br_\bs policy will initialize the group
vector to the list of groups the target user is in. The
role.
-U _\bu_\bs_\be_\br The -\b-U\bU (_\bo_\bt_\bh_\be_\br _\bu_\bs_\be_\br) option is used in conjunction with the
-
-
-
-1.8.1 April 9, 2011 5
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
-\b-l\bl option to specify the user whose privileges should be
listed. The security policy may restrict listing other
users' privileges. The _\bs_\bu_\bd_\bo_\be_\br_\bs policy only allows root or
security policy and I/O logging, which corresponds to the following
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file.
-
-
-
-
-
-
-
-1.8.1 April 9, 2011 6
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
#
# Default /etc/sudo.conf file
#
that support LD_PRELOAD or its equivalent. Defaults to
_\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo_\b__\bn_\bo_\be_\bx_\be_\bc_\b._\bs_\bo.
-
-
-
-1.8.1 April 9, 2011 7
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
R\bRE\bET\bTU\bUR\bRN\bN V\bVA\bAL\bLU\bUE\bES\bS
Upon successful execution of a program, the exit status from s\bsu\bud\bdo\bo will
simply be the exit status of the program that was executed.
SHELL Used to determine shell to run with -s option
-
-
-1.8.1 April 9, 2011 8
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
SUDO_ASKPASS Specifies the path to a helper program used to read the
password if no terminal is available or if the -A
option is specified.
To shutdown a machine:
-
-
-1.8.1 April 9, 2011 9
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
$ sudo shutdown -r +15 "quick reboot"
To make a usage listing of the directories in the /home partition.
including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose are disclaimed.
See the LICENSE file distributed with s\bsu\bud\bdo\bo or
-
-
-
-1.8.1 April 9, 2011 10
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
http://www.sudo.ws/sudo/license.html for complete details.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.8.1 April 9, 2011 11
-
-
+1.8.2 May 22, 2011 SUDO(1m)
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "April 9, 2011" "1.8.1" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "May 22, 2011" "1.8.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
+SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
N\bNA\bAM\bME\bE
sudo_plugin - Sudo Plugin API
Plugin sudoers_policy sudoers.so
Plugin sudoers_io sudoers.so
-
-
-
-1.8.1 April 9, 2011 1
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
P\bPo\bol\bli\bic\bcy\by P\bPl\blu\bug\bgi\bin\bn A\bAP\bPI\bI
A policy plugin must declare and populate a policy_plugin struct in the
global scope. This structure contains pointers to the functions that
version
The version passed in by s\bsu\bud\bdo\bo allows the plugin to determine
the major and minor version number of the plugin API supported
-
-
-
-1.8.1 April 9, 2011 2
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
by s\bsu\bud\bdo\bo.
conversation
login_shell=bool
Set to true if the user specified the -i flag, indicating
-
-
-
-1.8.1 April 9, 2011 3
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
that the user wishes to run a login shell.
implied_shell=bool
The command name that sudo was run as, typically "sudo" or
"sudoedit".
-
-
-1.8.1 April 9, 2011 4
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
sudoedit=bool
Set to true when the -e flag is is specified or if invoked
as s\bsu\bud\bdo\boe\bed\bdi\bit\bt. The plugin shall substitute an editor into
is no terminal device available, a default value of 24 is
used.
-
-
-1.8.1 April 9, 2011 5
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
cols=int
The number of columns the user's terminal supports. If
there is no terminal device available, a default value of
the _\bo_\bp_\be_\bn function, the user has requested _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt mode. _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt
is a mechanism for editing one or more files where an editor is run
with the user's credentials instead of with elevated privileges.
-
-
-
-1.8.1 April 9, 2011 6
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
s\bsu\bud\bdo\bo achieves this by creating user-writable temporary copies of
the files to be edited and then overwriting the originals with the
temporary copies after editing is complete. If the plugin supports
command=string
Fully qualified path to the command to be executed.
-
-
-
-
-1.8.1 April 9, 2011 7
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
runas_uid=uid
User ID to run the command as.
timeout=int
Command timeout. If non-zero then when the timeout expires
-
-
-
-1.8.1 April 9, 2011 8
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
the command will be killed.
sudoedit=bool
screen, not output to a pipe or file. This is a hint to
the I/O logging plugin which may choose to ignore it.
-
-
-1.8.1 April 9, 2011 9
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
use_pty=bool
Allocate a pseudo-tty to run the command in, regardless of
whether or not I/O logging is in use. By default, s\bsu\bud\bdo\bo
policy allows it. If NULL, the plugin should list the
privileges of the invoking user.
-
-
-
-
-1.8.1 April 9, 2011 10
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
argc
The number of elements in _\ba_\br_\bg_\bv, not counting the final NULL
pointer.
Returns 1 on success, 0 on failure and -1 on error. On error, the
plugin may optionally call the conversation or plugin_printf
-
-
-
-1.8.1 April 9, 2011 11
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
function with SUDO_CONF_ERROR_MSG to present additional error
information to the user.
logging is to be performed. If the open function returns 0, no I/O
will be sent to the plugin.
-
-
-1.8.1 April 9, 2011 12
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
The io_plugin struct has the following fields:
type
"name=value" strings. The vector is terminated by a NULL
pointer. These settings correspond to flags the user specified
when running s\bsu\bud\bdo\bo. As such, they will only be present when the
-
-
-
-1.8.1 April 9, 2011 13
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
corresponding flag has been specified on the command line.
When parsing _\bs_\be_\bt_\bt_\bi_\bn_\bg_\bs, the plugin should split on the f\bfi\bir\brs\bst\bt
error
If the command could not be executed, this is set to the value
of errno set by the _\be_\bx_\be_\bc_\bv_\be(2) system call. If the command was
-
-
-
-1.8.1 April 9, 2011 14
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
successfully executed, the value of error is 0.
show_version
the data should be passed to the command, 0 if the data is rejected
(which will terminate the command) or -1 if an error occurred.
-
-
-
-1.8.1 April 9, 2011 15
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
The function arguments are as follows:
buf The buffer containing user input.
informational or error messages to the user, which is usually more
convenient for simple messages where no use input is required.
-
-
-1.8.1 April 9, 2011 16
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
struct sudo_conv_message {
#define SUDO_CONV_PROMPT_ECHO_OFF 0x0001 /* do not echo user input */
#define SUDO_CONV_PROMPT_ECHO_ON 0x0002 /* echo user input */
in the global scope. This structure contains pointers to the functions
that implement plugin initialization, cleanup and group lookup.
-
-
-
-
-
-
-1.8.1 April 9, 2011 17
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
struct sudoers_group_plugin {
unsigned int version;
int (*init)(int version, sudo_printf_t sudo_printf,
close open file handles.
query
-
-
-
-
-1.8.1 April 9, 2011 18
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
int (*query)(const char *user, const char *group,
const struct passwd *pwd);
-1.8.1 April 9, 2011 19
-
-
+1.8.2 May 22, 2011 SUDO_PLUGIN(1m)
.\" ========================================================================
.\"
.IX Title "SUDO_PLUGIN @mansectsu@"
-.TH SUDO_PLUGIN @mansectsu@ "April 9, 2011" "1.8.1" "MAINTENANCE COMMANDS"
+.TH SUDO_PLUGIN @mansectsu@ "May 22, 2011" "1.8.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
N\bNA\bAM\bME\bE
sudoers - default sudo security policy module
_\bs_\bu_\bd_\bo_\be_\br_\bs also supports logging a command's input and output streams.
I/O logging is not on by default but can be enabled using the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt
and _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt Defaults flags as well as the LOG_INPUT and LOG_OUTPUT
-
-
-
-1.8.1 April 9, 2011 1
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
command tags.
C\bCo\bom\bmm\bma\ban\bnd\bd E\bEn\bnv\bvi\bir\bro\bon\bnm\bme\ben\bnt\bt
Form (EBNF). Don't despair if you don't know what EBNF is; it is
fairly simple, and the definitions below are annotated.
-
-
-
-1.8.1 April 9, 2011 2
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
Q\bQu\bui\bic\bck\bk g\bgu\bui\bid\bde\be t\bto\bo E\bEB\bBN\bNF\bF
EBNF is a concise and exact way of describing the grammar of a
language. Each EBNF definition is made up of _\bp_\br_\bo_\bd_\bu_\bc_\bt_\bi_\bo_\bn _\br_\bu_\bl_\be_\bs. E.g.,
Alias_Type NAME = item1, item2, item3 : NAME = item4, item5
-
-
-1.8.1 April 9, 2011 3
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
The definitions of what constitutes a valid _\ba_\bl_\bi_\ba_\bs member follow.
User_List ::= User |
'!'* %:nonunix_group |
'!'* %:#nonunix_gid |
'!'* +netgroup |
-
-
-
-1.8.1 April 9, 2011 4
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
'!'* Runas_Alias
A Runas_List is similar to a User_List except that instead of
he/she wishes. However, you may also specify command line arguments
(including wildcards). Alternately, you can specify "" to indicate
that the command may only be run w\bwi\bit\bth\bho\bou\but\bt command line arguments. A
-
-
-
-1.8.1 April 9, 2011 5
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
directory is a fully qualified path name ending in a '/'. When you
specify a directory in a Cmnd_List, the user will be able to run any
file within that directory (but not in any subdirectories therein).
See "SUDOERS OPTIONS" for a list of supported Defaults parameters.
-
-
-
-1.8.1 April 9, 2011 6
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
U\bUs\bse\ber\br S\bSp\bpe\bec\bci\bif\bfi\bic\bca\bat\bti\bio\bon\bn
User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \
(':' Host_List '=' Cmnd_Spec_List)*
dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
-
-
-
-1.8.1 April 9, 2011 7
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
Then user d\bdg\bgb\bb is now allowed to run _\b/_\bb_\bi_\bn_\b/_\bl_\bs as o\bop\bpe\ber\bra\bat\bto\bor\br, but _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl
and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm as r\bro\boo\bot\bt.
the tag unless it is overridden by the opposite tag (i.e.: PASSWD
overrides NOPASSWD and NOEXEC overrides EXEC).
-
-
-
-1.8.1 April 9, 2011 8
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
_\bN_\bO_\bP_\bA_\bS_\bS_\bW_\bD _\ba_\bn_\bd _\bP_\bA_\bS_\bS_\bW_\bD
By default, s\bsu\bud\bdo\bo requires that a user authenticate him or herself
_\bL_\bO_\bG_\b__\bI_\bN_\bP_\bU_\bT _\ba_\bn_\bd _\bN_\bO_\bL_\bO_\bG_\b__\bI_\bN_\bP_\bU_\bT
-
-
-1.8.1 April 9, 2011 9
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
These tags override the value of the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt option on a per-command
basis. For more information, see the description of _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt in the
"SUDOERS OPTIONS" section below.
file currently being parsed using the #include and #includedir
directives.
-
-
-1.8.1 April 9, 2011 10
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
This can be used, for example, to keep a site-wide _\bs_\bu_\bd_\bo_\be_\br_\bs file in
addition to a local, per-machine file. For the sake of this example
the site-wide _\bs_\bu_\bd_\bo_\be_\br_\bs will be _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs and the per-machine one will
User_Alias, Runas_Alias, or Host_Alias. You should not try to define
your own _\ba_\bl_\bi_\ba_\bs called A\bAL\bLL\bL as the built-in alias will be used in
preference to your own. Please note that using A\bAL\bLL\bL can be dangerous
-
-
-
-1.8.1 April 9, 2011 11
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
since in a command context, it allows the user to run a\ban\bny\by command on
the system.
z\bzl\bli\bib\bb support.
env_editor If set, v\bvi\bis\bsu\bud\bdo\bo will use the value of the EDITOR or
-
-
-
-1.8.1 April 9, 2011 12
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
VISUAL environment variables before falling back on the
default editor list. Note that this may create a
security hole as it allows the user to run any
_\bo_\bf_\bf by default.
ignore_dot If set, s\bsu\bud\bdo\bo will ignore '.' or '' (current dir) in the
-
-
-
-1.8.1 April 9, 2011 13
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
PATH environment variable; the PATH itself is not
modified. This flag is _\bo_\bf_\bf by default.
log line, prefixed with _\bT_\bS_\bI_\bD_\b=. The _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be option
may be used to control the format of the session ID.
-
-
-
-1.8.1 April 9, 2011 14
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
Output logs may be viewed with the _\bs_\bu_\bd_\bo_\br_\be_\bp_\bl_\ba_\by(1m)
utility, which can also be used to list or search the
available logs.
passprompt_override
The password prompt specified by _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will
-
-
-
-1.8.1 April 9, 2011 15
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
normally only be used if the password prompt provided
by systems such as PAM matches the string "Password:".
If _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be is set, _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will always
the the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is enabled, so _\bs_\be_\bt_\b__\bh_\bo_\bm_\be is
only effective for configurations where either
_\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is disabled or HOME is present in the
-
-
-
-1.8.1 April 9, 2011 16
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
_\be_\bn_\bv_\b__\bk_\be_\be_\bp list. This flag is _\bo_\bf_\bf by default.
set_logname Normally, s\bsu\bud\bdo\bo will set the LOGNAME, USER and USERNAME
not listed in the passwd database as an argument to the
-\b-u\bu option. This flag is _\bo_\bf_\bf by default.
-
-
-1.8.1 April 9, 2011 17
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
tty_tickets If set, users must authenticate on a per-tty basis.
With this flag enabled, s\bsu\bud\bdo\bo will use a file named for
the tty the user is logged in on in the user's time
I\bIn\bnt\bte\beg\bge\ber\brs\bs t\bth\bha\bat\bt c\bca\ban\bn b\bbe\be u\bus\bse\bed\bd i\bin\bn a\ba b\bbo\boo\bol\ble\bea\ban\bn c\bco\bon\bnt\bte\bex\bxt\bt:
-
-
-1.8.1 April 9, 2011 18
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
loglinelen Number of characters per line for the file log. This
value is used to decide when to wrap lines for nicer
log files. This has no effect on the syslog log file,
The following percent (`%') escape sequences are
supported:
-
-
-1.8.1 April 9, 2011 19
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
%{seq}
expanded to a monotonically increasing base-36
sequence number, such as 0100A5, where every two
noexec_file This option is deprecated and will be removed in a
future release of s\bsu\bud\bdo\bo. The path to the noexec file
-
-
-
-1.8.1 April 9, 2011 20
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
should now be set in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file.
passprompt The default prompt to use when asking for a password;
runas_default The default user to run commands as if the -\b-u\bu option is
not specified on the command line. This defaults to
- root. Note that if _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt is set it m\bmu\bus\bst\bt occur
- before any Runas_Alias specifications.
+ root.
syslog_badpri Syslog priority to use when user authenticates
unsuccessfully. Defaults to alert.
+ The following syslog priorities are supported: a\bal\ble\ber\brt\bt,
+ c\bcr\bri\bit\bt, d\bde\beb\bbu\bug\bg, e\bem\bme\ber\brg\bg, e\ber\brr\br, i\bin\bnf\bfo\bo, n\bno\bot\bti\bic\bce\be, and w\bwa\bar\brn\bni\bin\bng\bg.
+
syslog_goodpri Syslog priority to use when user authenticates
successfully. Defaults to notice.
+ See syslog_badpri for the list of supported syslog
+ priorities.
+
sudoers_locale Locale to use when parsing the sudoers file, logging
commands, and sending email. Note that changing the
locale may affect how sudoers is interpreted. Defaults
The default is _\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo.
timestampowner The owner of the timestamp directory and the timestamps
-
-
-
-1.8.1 April 9, 2011 21
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
stored therein. The default is root.
type The default SELinux type to use when constructing a new
S\bSt\btr\bri\bin\bng\bgs\bs t\bth\bha\bat\bt c\bca\ban\bn b\bbe\be u\bus\bse\bed\bd i\bin\bn a\ba b\bbo\boo\bol\ble\bea\ban\bn c\bco\bon\bnt\bte\bex\bxt\bt:
- askpass The _\ba_\bs_\bk_\bp_\ba_\bs_\bs option specifies the fully qualified path to a
- helper program used to read the user's password when no
- terminal is available. This may be the case when s\bsu\bud\bdo\bo is
- executed from a graphical (as opposed to text-based)
- application. The program specified by _\ba_\bs_\bk_\bp_\ba_\bs_\bs should
- display the argument passed to it as the prompt and write
- the user's password to the standard output. The value of
- _\ba_\bs_\bk_\bp_\ba_\bs_\bs may be overridden by the SUDO_ASKPASS environment
- variable.
-
env_file The _\be_\bn_\bv_\b__\bf_\bi_\bl_\be options specifies the fully qualified path to
a file containing variables to be set in the environment of
the program being run. Entries in this file should either
along with the password prompt. It has the following
possible values:
-
-
-
-1.8.1 April 9, 2011 22
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
always Always lecture the user.
never Never lecture the user.
should be enclosed in double quotes (") to protect against
s\bsu\bud\bdo\bo interpreting the @ sign. Defaults to root.
-
-
-1.8.1 April 9, 2011 23
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
secure_path Path used for every command run from s\bsu\bud\bdo\bo. If you don't
trust the people running s\bsu\bud\bdo\bo to have a sane PATH
environment variable you may want to use this. Another use
syslog Syslog facility if syslog is being used for logging (negate
to disable syslog logging). Defaults to auth.
+ The following syslog facilities are supported: a\bau\but\bth\bhp\bpr\bri\biv\bv (if
+ your OS supports it), a\bau\but\bth\bh, d\bda\bae\bem\bmo\bon\bn, u\bus\bse\ber\br, l\blo\boc\bca\bal\bl0\b0, l\blo\boc\bca\bal\bl1\b1,
+ l\blo\boc\bca\bal\bl2\b2, l\blo\boc\bca\bal\bl3\b3, l\blo\boc\bca\bal\bl4\b4, l\blo\boc\bca\bal\bl5\b5, l\blo\boc\bca\bal\bl6\b6, and l\blo\boc\bca\bal\bl7\b7.
+
verifypw This option controls when a password will be required when
a user runs s\bsu\bud\bdo\bo with the -\b-v\bv option. It has the following
possible values:
environment when the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is not in effect.
The argument may be a double-quoted, space-separated
list or a single value without double-quotes. The list
-
-
-
-1.8.1 April 9, 2011 24
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
can be replaced, added to, deleted from, or disabled by
using the =, +=, -=, and ! operators respectively. The
default list of environment variables to remove is
variables to keep is displayed when s\bsu\bud\bdo\bo is run by root
with the _\b-_\bV option.
- When logging via _\bs_\by_\bs_\bl_\bo_\bg(3), s\bsu\bud\bdo\bo accepts the following values for the
- syslog facility (the value of the s\bsy\bys\bsl\blo\bog\bg Parameter): a\bau\but\bth\bhp\bpr\bri\biv\bv (if your
- OS supports it), a\bau\but\bth\bh, d\bda\bae\bem\bmo\bon\bn, u\bus\bse\ber\br, l\blo\boc\bca\bal\bl0\b0, l\blo\boc\bca\bal\bl1\b1, l\blo\boc\bca\bal\bl2\b2, l\blo\boc\bca\bal\bl3\b3,
- l\blo\boc\bca\bal\bl4\b4, l\blo\boc\bca\bal\bl5\b5, l\blo\boc\bca\bal\bl6\b6, and l\blo\boc\bca\bal\bl7\b7. The following syslog priorities
- are supported: a\bal\ble\ber\brt\bt, c\bcr\bri\bit\bt, d\bde\beb\bbu\bug\bg, e\bem\bme\ber\brg\bg, e\ber\brr\br, i\bin\bnf\bfo\bo, n\bno\bot\bti\bic\bce\be, and
- w\bwa\bar\brn\bni\bin\bng\bg.
-
F\bFI\bIL\bLE\bES\bS
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
-
-
-
-1.8.1 April 9, 2011 25
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
User_Alias WEBMASTERS = will, wendy, wim
# Runas alias specification
The _\bU_\bs_\be_\br _\bs_\bp_\be_\bc_\bi_\bf_\bi_\bc_\ba_\bt_\bi_\bo_\bn is the part that actually determines who may run
what.
-
-
-
-
-1.8.1 April 9, 2011 26
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
bob SPARC = (OP) ALL : SGI = (OP) ALL
-
-
-1.8.1 April 9, 2011 27
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
The user b\bbo\bob\bb may run anything on the _\bS_\bP_\bA_\bR_\bC and _\bS_\bG_\bI machines as any user
listed in the _\bO_\bP Runas_Alias (r\bro\boo\bot\bt and o\bop\bpe\ber\bra\bat\bto\bor\br).
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
-
-
-
-1.8.1 April 9, 2011 28
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
Any user may mount or unmount a CD-ROM on the machines in the CDROM
Host_Alias (orion, perseus, hercules) without entering a password.
This is a bit tedious for users to type, so it is a prime candidate for
noexec Many systems that support shared libraries have the ability
to override default library functions by pointing an
environment variable (usually LD_PRELOAD) to an alternate
-
-
-
-1.8.1 April 9, 2011 29
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
shared library. On such systems, s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality
can be used to prevent a program run by s\bsu\bud\bdo\bo from executing
any other programs. Note, however, that this applies only to
_\bs_\bu_\bd_\bo_\be_\br_\bs will not honor time stamps set far in the future. Time stamps
with a date greater than current_time + 2 * TIMEOUT will be ignored and
sudo will log and complain. This is done to keep a user from creating
-
-
-
-1.8.1 April 9, 2011 30
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
his/her own time stamp with a bogus date on systems that allow users to
give away files if the time stamp directory is located in a world-
writable directory.
D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
s\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of
-
-
-
-1.8.1 April 9, 2011 31
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
merchantability and fitness for a particular purpose are disclaimed.
See the LICENSE file distributed with s\bsu\bud\bdo\bo or
http://www.sudo.ws/sudo/license.html for complete details.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.8.1 April 9, 2011 32
-
-
+1.8.2 May 22, 2011 SUDOERS(4)
+SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
N\bNA\bAM\bME\bE
sudoers.ldap - sudo LDAP configuration
Sudo first looks for the cn=default entry in the SUDOers container. If
found, the multi-valued sudoOption attribute is parsed in the same
-
-
-
-1.8.1 April 9, 2011 1
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
manner as a global Defaults line in _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. In the following
example, the SSH_AUTH_SOCK variable will be preserved in the
environment for all users.
A timestamp in the form yyyymmddHHMMZ that can be used to provide a
start date/time for when the sudoRole will be valid. If multiple
sudoNotBefore entries are present, the earliest is used. Note that
-
-
-
-1.8.1 April 9, 2011 2
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
timestamps must be in Coordinated Universal Time (UTC), not the
local timezone.
that the user belongs to. (The special ALL tag is matched in this
query too.) If no match is returned for the user's name and groups, a
third query returns all entries containing user netgroups and checks to
-
-
-
-1.8.1 April 9, 2011 3
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
see if the user belongs to any of them.
If timed entries are enabled with the S\bSU\bUD\bDO\bOE\bER\bRS\bS_\b_T\bTI\bIM\bME\bED\bD configuration
currently ignored. For example, the following attributes do not behave
the way one might expect.
-
-
-
-
-1.8.1 April 9, 2011 4
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
# does not match all but joe
# rather, does not match anyone
sudoUser: !joe
commercial versions of Unix are only capable of supporting one or
the other.
-
-
-1.8.1 April 9, 2011 5
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
H\bHO\bOS\bST\bT name[:port] ...
If no U\bUR\bRI\bI is specified, the H\bHO\bOS\bST\bT parameter specifies a whitespace-
delimited list of LDAP servers to connect to. Each host may
in a moderate amount of debugging information. A value of 2 shows
the results of the matches themselves. This parameter should not
be set in a production environment as the extra information is
-
-
-
-1.8.1 April 9, 2011 6
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
likely to confuse users.
B\bBI\bIN\bND\bDD\bDN\bN DN
T\bTL\bLS\bS_\b_C\bCA\bAC\bCE\bER\bRT\bT file name
An alias for T\bTL\bLS\bS_\b_C\bCA\bAC\bCE\bER\bRT\bTF\bFI\bIL\bLE\bE for OpenLDAP compatibility.
-
-
-
-
-1.8.1 April 9, 2011 7
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
T\bTL\bLS\bS_\b_C\bCA\bAC\bCE\bER\bRT\bTF\bFI\bIL\bLE\bE file name
The path to a certificate authority bundle which contains the
certificates for all the Certificate Authorities the client knows
the OpenSSL manual for a list of valid ciphers. This option is
only supported by the OpenLDAP libraries.
-
-
-
-
-1.8.1 April 9, 2011 8
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
U\bUS\bSE\bE_\b_S\bSA\bAS\bSL\bL on/true/yes/off/false/no
Enable U\bUS\bSE\bE_\b_S\bSA\bAS\bSL\bL for LDAP servers that support SASL authentication.
sudoers: files
-
-
-
-1.8.1 April 9, 2011 9
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
Note that _\b/_\be_\bt_\bc_\b/_\bn_\bs_\bs_\bw_\bi_\bt_\bc_\bh_\b._\bc_\bo_\bn_\bf is supported even when the underlying
operating system does not use an nsswitch.conf file.
#uri ldaps://secureldapserver
#uri ldaps://secureldapserver ldap://ldapserver
#
-
-
-
-1.8.1 April 9, 2011 10
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
# The amount of time, in seconds, to wait while trying to connect to
# an LDAP server.
bind_timelimit 30
#tls_randfile /etc/egd-pool
#
# You may restrict which ciphers are used. Consult your SSL
-
-
-
-1.8.1 April 9, 2011 11
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
# documentation for which options go here.
# Only supported when using OpenLDAP.
#
attributetype ( 1.3.6.1.4.1.15953.9.1.2
NAME 'sudoHost'
-
-
-
-1.8.1 April 9, 2011 12
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
DESC 'Host(s) who may run sudo'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
DESC 'an integer to order the sudoRole entries'
EQUALITY integerMatch
ORDERING integerOrderingMatch
-
-
-
-1.8.1 April 9, 2011 13
-
-
-
-
-
-SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
-
-
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.8.1 April 9, 2011 14
-
-
+1.8.2 May 22, 2011 SUDOERS.LDAP(4)
.\" ========================================================================
.\"
.IX Title "SUDOERS.LDAP @mansectform@"
-.TH SUDOERS.LDAP @mansectform@ "April 9, 2011" "1.8.1" "MAINTENANCE COMMANDS"
+.TH SUDOERS.LDAP @mansectform@ "May 22, 2011" "1.8.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "April 9, 2011" "1.8.1" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "May 22, 2011" "1.8.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.IX Item "runas_default"
The default user to run commands as if the \fB\-u\fR option is not specified
on the command line. This defaults to \f(CW\*(C`@runas_default@\*(C'\fR.
-Note that if \fIrunas_default\fR is set it \fBmust\fR occur before
-any \f(CW\*(C`Runas_Alias\*(C'\fR specifications.
.IP "syslog_badpri" 16
.IX Item "syslog_badpri"
Syslog priority to use when user authenticates unsuccessfully.
Defaults to \f(CW\*(C`@badpri@\*(C'\fR.
+.Sp
+The following syslog priorities are supported: \fBalert\fR, \fBcrit\fR,
+\&\fBdebug\fR, \fBemerg\fR, \fBerr\fR, \fBinfo\fR, \fBnotice\fR, and \fBwarning\fR.
.IP "syslog_goodpri" 16
.IX Item "syslog_goodpri"
Syslog priority to use when user authenticates successfully.
Defaults to \f(CW\*(C`@goodpri@\*(C'\fR.
+.Sp
+See syslog_badpri for the list of supported syslog priorities.
.IP "sudoers_locale" 16
.IX Item "sudoers_locale"
Locale to use when parsing the sudoers file, logging commands, and
\}
.PP
\&\fBStrings that can be used in a boolean context\fR:
-.IP "askpass" 12
-.IX Item "askpass"
-The \fIaskpass\fR option specifies the fully qualified path to a helper
-program used to read the user's password when no terminal is
-available. This may be the case when \fBsudo\fR is executed from a
-graphical (as opposed to text-based) application. The program
-specified by \fIaskpass\fR should display the argument passed to it
-as the prompt and write the user's password to the standard output.
-The value of \fIaskpass\fR may be overridden by the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR
-environment variable.
.IP "env_file" 12
.IX Item "env_file"
The \fIenv_file\fR options specifies the fully qualified path to a
.IX Item "syslog"
Syslog facility if syslog is being used for logging (negate to
disable syslog logging). Defaults to \f(CW\*(C`@logfac@\*(C'\fR.
+.Sp
+The following syslog facilities are supported: \fBauthpriv\fR (if your
+\&\s-1OS\s0 supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR,
+\&\fBlocal2\fR, \fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR.
.IP "verifypw" 12
.IX Item "verifypw"
This option controls when a password will be required when a user runs
to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and
\&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of variables to keep
is displayed when \fBsudo\fR is run by root with the \fI\-V\fR option.
-.PP
-When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values
-for the syslog facility (the value of the \fBsyslog\fR Parameter):
-\&\fBauthpriv\fR (if your \s-1OS\s0 supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR,
-\&\fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR, \fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR,
-\&\fBlocal6\fR, and \fBlocal7\fR. The following syslog priorities are
-supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, \fBerr\fR, \fBinfo\fR,
-\&\fBnotice\fR, and \fBwarning\fR.
.SH "FILES"
.IX Header "FILES"
.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24
+SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
N\bNA\bAM\bME\bE
sudoreplay - replay sudo session logs
-l [_\bs_\be_\ba_\br_\bc_\bh _\be_\bx_\bp_\br_\be_\bs_\bs_\bi_\bo_\bn]
Enable "list mode". In this mode, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by will list
available session IDs. If a _\bs_\be_\ba_\br_\bc_\bh _\be_\bx_\bp_\br_\be_\bs_\bs_\bi_\bo_\bn is
-
-
-
-1.8.1 April 9, 2011 1
-
-
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
specified, it will be used to restrict the IDs that are
displayed. An expression is composed of the following
predicates:
well as '(' and ')' for grouping (note that parentheses
must generally be escaped from the shell). The _\ba_\bn_\bd
operator is optional, adjacent predicates have an implied
-
-
-
-1.8.1 April 9, 2011 2
-
-
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
_\ba_\bn_\bd unless separated by an _\bo_\br.
-m _\bm_\ba_\bx_\b__\bw_\ba_\bi_\bt Specify an upper bound on how long to wait between key
tomorrow
Exactly one day from now.
-
-
-
-
-1.8.1 April 9, 2011 3
-
-
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
yesterday
24 hours ago.
Example session timing file.
Note that the _\bs_\bt_\bd_\bi_\bn, _\bs_\bt_\bd_\bo_\bu_\bt and _\bs_\bt_\bd_\be_\br_\br files will be empty unless s\bsu\bud\bdo\bo
-
-
-
-1.8.1 April 9, 2011 4
-
-
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
was used as part of a pipeline for a particular command.
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.8.1 April 9, 2011 5
-
-
+1.8.2 May 22, 2011 SUDOREPLAY(1m)
.\" ========================================================================
.\"
.IX Title "SUDOREPLAY @mansectsu@"
-.TH SUDOREPLAY @mansectsu@ "April 9, 2011" "1.8.1" "MAINTENANCE COMMANDS"
+.TH SUDOREPLAY @mansectsu@ "May 22, 2011" "1.8.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
+VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
-VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
-
-
N\bNA\bAM\bME\bE
visudo - edit the sudoers file
-\b-f\bf may be "-", indicating that _\bs_\bu_\bd_\bo_\be_\br_\bs will be read from
the standard input.
-
-
-
-1.8.1 April 9, 2011 1
-
-
-
-
-
-VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
-
-
-h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes v\bvi\bis\bsu\bud\bdo\bo to print a short help
message to the standard output and exit.
used. You may wish to comment out or remove the unused alias. In
-\b-s\bs (strict) mode this is an error, not a warning.
-
-
-
-
-1.8.1 April 9, 2011 2
-
-
-
-
-
-VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
-
-
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
_\bv_\bi(1), _\bs_\bu_\bd_\bo_\be_\br_\bs(4), _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bp_\bw(1m)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.8.1 April 9, 2011 3
-
-
+1.8.2 May 22, 2011 VISUDO(1m)
.\" ========================================================================
.\"
.IX Title "VISUDO @mansectsu@"
-.TH VISUDO @mansectsu@ "April 9, 2011" "1.8.1" "MAINTENANCE COMMANDS"
+.TH VISUDO @mansectsu@ "May 22, 2011" "1.8.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l