file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.10 December 8, 2013 Sudo 1.8.10
+Sudo 1.8.10 February 15, 2014 Sudo 1.8.10
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.9 January 22, 2014 Sudo 1.8.9
+Sudo 1.8.10 January 22, 2014 Sudo 1.8.10
plugin.
.PP
The pound sign
-(`#')
+(\(oq#\(cq)
is used to indicate a comment.
Both the comment character and any text after it, up to the end of
the line, are ignored.
.PP
Long lines can be continued with a backslash
-(`\e')
+(\(oq\e\(cq)
as the last character on the line.
Note that leading white space is removed from the beginning of lines
even when the continuation character is used.
The
\fBsudo.conf\fR
file is always parsed in the
-``\fRC\fR''
+\(lq\fRC\fR\(rq
locale.
.SS "Plugin configuration"
\fBsudo\fR
To aid in debugging
\fBsudo\fR
crashes, you may wish to re-enable core dumps by setting
-``disable_coredump''
+\(lqdisable_coredump\(rq
to false in
\fBsudo.conf\fR
as follows:
-.RS
.nf
.sp
-.RS 6n
+.RS 16n
Set disable_coredump false
.RE
.fi
+.RS 10n
.sp
Note that most operating systems disable core dumps from setuid programs,
including
This setting is only available in
\fBsudo\fR
version 1.8.4 and higher.
-.PP
.RE
-.PD 0
.TP 10n
group_source
\fBsudo\fR
On systems with the
getconf(1)
utility, running:
-.RS 6n
+.RS 16n
getconf NGROUPS_MAX
.RE
+.RS 10n
will return the maximum number of groups.
.sp
However, it is still possible to be a member of a larger number of
Supported values for
\fIgroup_source\fR
are:
-.RS
-.PD
.TP 10n
static
Use the static group list that the kernel returns.
Retrieving the group list this way is very fast but it is subject
to an upper limit as described above.
It is
-``static''
+\(lqstatic\(rq
in that it does not reflect changes to the group database made
after the user logs in.
This was the default behavior prior to
dynamic
Always query the group database directly.
It is
-``dynamic''
+\(lqdynamic\(rq
in that changes made to the group database after the user logs in
will be reflected in the group list.
On some systems, querying the group database for all of a user's
to only use the kernel's static list of groups for the user:
.nf
.sp
-.RS 6n
+.RS 16n
Set group_source static
.RE
.fi
This setting is only available in
\fBsudo\fR
version 1.8.7 and higher.
-.PP
.RE
-.PD 0
.TP 10n
max_groups
The maximum number of user groups to retrieve from the group database.
This setting is only available in
\fBsudo\fR
version 1.8.7 and higher.
-.PD
.TP 10n
probe_interfaces
By default,
of virtual interfaces, this may take a non-negligible amount of time.
If IP-based matching is not required, network interface probing
can be disabled as follows:
-.RS
.nf
.sp
-.RS 6n
+.RS 16n
Set probe_interfaces false
.RE
.fi
+.RS 10n
.sp
This setting is only available in
\fBsudo\fR
\fIsubsystem\fR@\fIpriority\fR
but a plugin is free to use a different format so long as it does
not include a comma
-(`\&,').
+(\(oq\&,\(cq).
.PP
For example:
.nf
.SH "DISCLAIMER"
\fBsudo\fR
is provided
-``AS IS''
+\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in
.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2013
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2014
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDO" "@mansectsu@" "December 8, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "@mansectsu@" "February 15, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
.SH "SYNOPSIS"
.HP 5n
\fBsudo\fR
-\fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR
+\fB\-h\fR\ |\ \fB\-K\fR\ |\ \fB\-k\fR\ |\ \fB\-V\fR
.PD 0
.HP 5n
\fBsudo\fR
contains a line specifying the askpass program, that value will be
used.
For example:
-.RS
.nf
.sp
-.RS 4n
+.RS 16n
# Path to askpass helper program
Path askpass /usr/X11R6/bin/ssh-askpass
.RE
.fi
+.RS 12n
.sp
If no askpass program is available,
\fBsudo\fR
will exit with an error.
-.PP
.RE
-.PD 0
.TP 12n
\fB\-a\fR \fItype\fR, \fB\--auth-type\fR=\fItype\fR
Use the specified BSD authentication
\fI/etc/login.conf\fR.
The system administrator may specify a list of sudo-specific
authentication methods by adding an
-``auth-sudo''
+\(lqauth-sudo\(rq
entry in
\fI/etc/login.conf\fR.
This option is only available on systems that support BSD authentication.
-.PD
.TP 12n
\fB\-b\fR, \fB\--background\fR
Run the given command in the background.
argument can be either a class name as defined in
\fI/etc/login.conf\fR,
or a single
-`\-'
+\(oq\-\(cq
character.
If
\fIclass\fR
the security policy.
If the user is authorized by the policy, the following steps are
taken:
-.RS
+.RS 13n
.TP 5n
1.
Temporary copies are made of the files to be edited with the owner
3.
If they have been modified, the temporary files are copied back to
their original location and the temporary versions are removed.
-.PP
+.RE
+.RS 12n
+.sp
If the specified file does not exist, it will be created.
Note that unlike most commands run by
\fIsudo\fR,
is unable to update a file with its edited version, the user will
receive a warning and the edited copy will remain in a temporary
file.
-.PP
.RE
-.PD 0
.TP 12n
\fB\-g\fR \fIgroup\fR, \fB\--group\fR=\fIgroup\fR
Run the command with the primary group set to
may be either a group name or a numeric group ID
(GID)
prefixed with the
-`#'
+\(oq#\(cq
character (e.g.
\fR#0\fR
for GID 0).
When running a command as a GID, many shells require that the
-`#'
+\(oq#\(cq
be escaped with a backslash
-(`\e').
+(\(oq\e\(cq).
If no
\fB\-u\fR
option is specified, the command will be run as the invoking user.
In either case, the primary group will be set to
\fIgroup\fR.
-.PD
.TP 12n
\fB\-H\fR, \fB\--set-home\fR
Request that the security policy set the
\fB\-p\fR \fIprompt\fR, \fB\--prompt\fR=\fIprompt\fR
Use a custom password prompt with optional escape sequences.
The following percent
-(`%')
+(\(oq%\(cq)
escape sequences are supported by the
\fIsudoers\fR
policy:
-.RS
+.PP
+.RS 12n
+.PD 0
.TP 4n
\fR%H\fR
expanded to the host name including the domain name (on if the
\fIfqdn\fR
option is set in
sudoers(@mansectform@))
+.PD
.TP 4n
\fR%h\fR
expanded to the local host name without the domain name
.TP 4n
\fR%%\fR
two consecutive
-`%'
+\(oq%\(cq
characters are collapsed into a single
-`%'
+\(oq%\(cq
character
.PP
The custom prompt will override the system password prompt on systems that
\fIpassprompt_override\fR
flag is disabled in
\fIsudoers\fR.
-.PP
.RE
-.PD 0
.TP 12n
\fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR
Run the command with an SELinux security context that includes
the specified
\fIrole\fR.
-.PD
.TP 12n
\fB\-S\fR, \fB\--stdin\fR
Write the prompt to the standard error and read the password from the
may be either a user name or a numeric user ID
(UID)
prefixed with the
-`#'
+\(oq#\(cq
character (e.g.
\fR#0\fR
for UID 0).
When running commands as a UID, many shells require that the
-`#'
+\(oq#\(cq
be escaped with a backslash
-(`\e').
+(\(oq\e\(cq).
Some security policies may restrict UIDs
to those listed in the password database.
The
command's exit status to the security policy's close function and exits.
If an I/O logging plugin is configured or if the security policy
explicitly requests it, a new pseudo-terminal
-(``pty'')
+(\(lqpty\(rq)
is created and a second
\fBsudo\fR
process is used to relay job control signals between the user's
This extra process makes it possible to, for example, suspend
and resume the command.
Without it, the command would be in what POSIX terms an
-``orphaned process group''
+\(lqorphaned process group\(rq
and it would not receive any job control signals.
As a special case, if the policy plugin does not define a close
function and no pty is required,
The most common reason for
stat(2)
to return
-``permission denied''
+\(lqpermission denied\(rq
is if you are running an automounter and one of the directories in
your
\fRPATH\fR
To aid in debugging
\fBsudo\fR
crashes, you may wish to re-enable core dumps by setting
-``disable_coredump''
+\(lqdisable_coredump\(rq
to false in the
sudo.conf(@mansectform@)
file as follows:
.SH "DISCLAIMER"
\fBsudo\fR
is provided
-``AS IS''
+\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.9 December 20, 2013 Sudo 1.8.9
+Sudo 1.8.10 December 20, 2013 Sudo 1.8.10
built against.
.TP 6n
open
-.RS
.nf
-.RS 0n
+.RS 6n
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
char * const user_info[], char * const user_env[],
char * const plugin_options[]);
.RE
.fi
+.RS 6n
.sp
Returns 1 on success, 0 on failure, \-1 if a general error occurred,
or \-2 if there was a usage error.
A vector of user-supplied
\fBsudo\fR
settings in the form of
-``name=value''
+\(lqname=value\(rq
strings.
The vector is terminated by a
\fRNULL\fR
the plugin should split on the
\fBfirst\fR
equal sign
-(`=')
+(\(oq=\(cq)
since the
\fIname\fR
field will never include one
itself but the
\fIvalue\fR
might.
-.RS
+.PP
+.RS 6n
+.PD 0
.TP 6n
bsdauth_type=string
Authentication type, if specified by the
\fB\-a\fR
flag, to use on
systems where BSD authentication is supported.
+.PD
.TP 6n
closefrom=number
If specified, the user has requested via the
\fIsubsystem\fR@\fIpriority\fR
but the plugin is free to use a different
format so long as it does not include a comma
-(`,\&').
+(\(oq,\&\(cq).
There is not currently a way to specify a set of debug flags specific
to the plugin--the flags are shared by
\fBsudo\fR
network_addrs=list
A space-separated list of IP network addresses and netmasks in the
form
-``addr/netmask'',
+\(lqaddr/netmask\(rq,
e.g.\&
-``192.168.1.2/255.255.255.0''.
+\(lq192.168.1.2/255.255.255.0\(rq.
The address and netmask pairs may be either IPv4 or IPv6, depending on
what the operating system supports.
If the address contains a colon
-(`:\&'),
+(\(oq:\&\(cq),
it is an IPv6 address, else it is IPv4.
.TP 6n
noninteractive=bool
.TP 6n
progname=string
The command name that sudo was run as, typically
-``sudo''
+\(lqsudo\(rq
or
-``sudoedit''.
+\(lqsudoedit\(rq.
.TP 6n
prompt=string
The prompt to use when requesting a password, if specified via
.PP
Additional settings may be added in the future so the plugin should
silently ignore settings that it does not recognize.
-.PP
.RE
-.PD 0
.TP 6n
user_info
A vector of information about the user running the command in the form of
-``name=value''
+\(lqname=value\(rq
strings.
The vector is terminated by a
\fRNULL\fR
the plugin should split on the
\fBfirst\fR
equal sign
-(`=')
+(\(oq=\(cq)
since the
\fIname\fR
field will never include one
itself but the
\fIvalue\fR
might.
-.RS
-.PD
+.PP
+.RS 6n
+.PD 0
.TP 6n
cols=int
The number of columns the user's terminal supports.
If there is no terminal device available, a default value of 80 is used.
+.PD
.TP 6n
cwd=string
The user's current working directory.
The path to the user's terminal device.
If the user has no terminal device associated with the session,
the value will be empty, as in
-``\fRtty=\fR''.
+\(lq\fRtty=\fR\(rq.
.TP 6n
uid=uid_t
The real user ID of the user invoking
user=string
The name of the user invoking
\fBsudo\fR.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
user_env
The user's environment in the form of a
\fRNULL\fR-terminated vector of
-``name=value''
+\(lqname=value\(rq
strings.
.sp
When parsing
the plugin should split on the
\fBfirst\fR
equal sign
-(`=')
+(\(oq=\(cq)
since the
\fIname\fR
field will never include one
itself but the
\fIvalue\fR
might.
-.PD
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
close
.br
-.RS
.nf
-.RS 0n
+.RS 6n
void (*close)(int exit_status, int error);
.RE
.fi
+.RS 6n
.sp
The
\fBclose\fR()
finishes.
.sp
The function arguments are as follows:
-.PD
.TP 6n
exit_status
The command's exit status, as returned by the
\fBsudo\fR
front end may execute the command directly instead of running
it as a child process.
-.PP
.RE
-.PD 0
.TP 6n
show_version
-.RS
.nf
-.RS 0n
+.RS 6n
int (*show_version)(int verbose);
.RE
.fi
+.RS 6n
.sp
The
\fBshow_version\fR()
function using
\fRSUDO_CONV_INFO_MSG\fR.
If the user requests detailed version information, the verbose flag will be set.
-.PD
-.PP
.RE
-.PD 0
.TP 6n
check_policy
-.RS
.nf
-.RS 0n
+.RS 6n
int (*check_policy)(int argc, char * const argv[]
char *env_add[], char **command_info[],
char **argv_out[], char **user_env_out[]);
.RE
.fi
+.RS 6n
.sp
The
\fBcheck_policy\fR()
\fIargv_out\fR,
separated from the
editor and its arguments by a
-``\fR--\fR''
+\(lq\fR--\fR\(rq
element.
The
-``\fR--\fR''
+\(lq\fR--\fR\(rq
will
be removed by
\fBsudo\fR
to present additional error information to the user.
.sp
The function arguments are as follows:
-.PD
.TP 6n
argc
The number of elements in
line in the form of a
\fRNULL\fR-terminated
vector of
-``name=value''
+\(lqname=value\(rq
strings.
The plugin may reject the command if one or more variables
are not allowed to be set, or it may silently ignore such variables.
the plugin should split on the
\fBfirst\fR
equal sign
-(`=')
+(\(oq=\(cq)
since the
\fIname\fR
field will never include one
.TP 6n
command_info
Information about the command being run in the form of
-``name=value''
+\(lqname=value\(rq
strings.
These values are used by
\fBsudo\fR
pointer.
The following values are recognized by
\fBsudo\fR:
-.RS
+.PP
+.RS 6n
+.PD 0
.TP 6n
chroot=string
The root directory to use when running the command.
+.PD
.TP 6n
closefrom=number
If specified,
the invoking user's existing entry.
.PP
Unsupported values will be ignored.
-.PP
.RE
-.PD 0
.TP 6n
argv_out
The
execve(2)
system call when executing the command.
The plugin is responsible for allocating and populating the vector.
-.PD
.TP 6n
user_env_out
The
\fRNULL\fR-terminated
environment vector to use when executing the command.
The plugin is responsible for allocating and populating the vector.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
list
-.RS
.nf
-.RS 0n
+.RS 6n
int (*list)(int verbose, const char *list_user,
int argc, char * const argv[]);
.RE
.fi
+.RS 6n
.sp
List available privileges for the invoking user.
Returns 1 on success, 0 on failure and \-1 on error.
\fBplugin_printf\fR()
function using
\fRSUDO_CONV_INFO_MSG\fR,
-.PD
.TP 6n
verbose
Flag indicating whether to list in verbose mode or not.
system call.
If the command is permitted by the policy, the fully-qualified path
to the command should be displayed along with any command line arguments.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
validate
-.RS
.nf
-.RS 0n
+.RS 6n
int (*validate)(void);
.RE
.fi
+.RS 6n
.sp
The
\fBvalidate\fR()
\fRSUDO_CONF_ERROR_MSG\fR
to present additional
error information to the user.
-.PD
-.PP
.RE
-.PD 0
.TP 6n
invalidate
-.RS
.nf
-.RS 0n
+.RS 6n
void (*invalidate)(int remove);
.RE
.fi
+.RS 6n
.sp
The
\fBinvalidate\fR()
function should be
\fRNULL\fR
if the plugin does not support credential caching.
-.PD
-.PP
.RE
-.PD 0
.TP 6n
init_session
-.RS
.nf
-.RS 0n
+.RS 6n
int (*init_session)(struct passwd *pwd, char **user_envp[);
.RE
.fi
+.RS 6n
.sp
The
\fBinit_session\fR()
run in, in the form of a
\fRNULL\fR-terminated
vector of
-``name=value''
+\(lqname=value\(rq
strings.
This is the same string passed back to the front end via
the Policy Plugin's
\fRSUDO_CONF_ERROR_MSG\fR
to present additional
error information to the user.
-.PD
-.PP
.RE
-.PD 0
.TP 6n
register_hooks
-.RS
.nf
-.RS 0n
+.RS 6n
void (*register_hooks)(int version,
int (*register_hook)(struct sudo_hook *hook));
.RE
.fi
+.RS 6n
.sp
The
\fBregister_hooks\fR()
version 1.2 or higher,
\fRregister_hooks\fR
will not be called.
-.PD
-.PP
.RE
-.PD 0
.TP 6n
deregister_hooks
-.RS
.nf
-.RS 0n
+.RS 6n
void (*deregister_hooks)(int version,
int (*deregister_hook)(struct sudo_hook *hook));
.RE
.fi
+.RS 6n
.sp
The
\fBderegister_hooks\fR()
\fRderegister_hooks\fR
will not be called.
.RE
-.PD
.PP
\fIPolicy Plugin Version Macros\fR
.nf
built against.
.TP 6n
open
-.RS
.nf
-.RS 0n
+.RS 6n
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
char * const user_info[], int argc, char * const argv[],
char * const user_env[], char * const plugin_options[]);
.RE
.fi
+.RS 6n
.sp
The
\fBopen\fR()
A vector of user-supplied
\fBsudo\fR
settings in the form of
-``name=value''
+\(lqname=value\(rq
strings.
The vector is terminated by a
\fRNULL\fR
the plugin should split on the
\fBfirst\fR
equal sign
-(`=')
+(\(oq=\(cq)
since the
\fIname\fR
field will never include one
.TP 6n
user_info
A vector of information about the user running the command in the form of
-``name=value''
+\(lqname=value\(rq
strings.
The vector is terminated by a
\fRNULL\fR
the plugin should split on the
\fBfirst\fR
equal sign
-(`=')
+(\(oq=\(cq)
since the
\fIname\fR
field will never include one
The user's environment in the form of a
\fRNULL\fR-terminated
vector of
-``name=value''
+\(lqname=value\(rq
strings.
.sp
When parsing
the plugin should split on the
\fBfirst\fR
equal sign
-(`=')
+(\(oq=\(cq)
since the
\fIname\fR
field will never include one
front end before using
\fIplugin_options\fR.
Failure to do so may result in a crash.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
close
.br
-.RS
.nf
-.RS 0n
+.RS 6n
void (*close)(int exit_status, int error);
.RE
.fi
+.RS 6n
.sp
The
\fBclose\fR()
finishes.
.sp
The function arguments are as follows:
-.PD
.TP 6n
exit_status
The command's exit status, as returned by the
If the command was successfully executed, the value of
\fRerror\fR
is 0.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
show_version
-.RS
.nf
-.RS 0n
+.RS 6n
int (*show_version)(int verbose);
.RE
.fi
+.RS 6n
.sp
The
\fBshow_version\fR()
function using
\fRSUDO_CONV_INFO_MSG\fR.
If the user requests detailed version information, the verbose flag will be set.
-.PD
-.PP
.RE
-.PD 0
.TP 6n
log_ttyin
-.RS
.nf
-.RS 0n
+.RS 6n
int (*log_ttyin)(const char *buf, unsigned int len);
.RE
.fi
+.RS 6n
.sp
The
\fBlog_ttyin\fR()
is rejected (which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
-.PD
.TP 6n
buf
The buffer containing user input.
The length of
\fIbuf\fR
in bytes.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
log_ttyout
-.RS
.nf
-.RS 0n
+.RS 6n
int (*log_ttyout)(const char *buf, unsigned int len);
.RE
.fi
+.RS 6n
.sp
The
\fBlog_ttyout\fR()
(which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
-.PD
.TP 6n
buf
The buffer containing command output.
The length of
\fIbuf\fR
in bytes.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
log_stdin
-.RS
.nf
-.RS 0n
+.RS 6n
int (*log_stdin)(const char *buf, unsigned int len);
.RE
.fi
+.RS 6n
.sp
The
\fBlog_stdin\fR()
rejected (which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
-.PD
.TP 6n
buf
The buffer containing user input.
The length of
\fIbuf\fR
in bytes.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
log_stdout
-.RS
.nf
-.RS 0n
+.RS 6n
int (*log_stdout)(const char *buf, unsigned int len);
.RE
.fi
+.RS 6n
.sp
The
\fBlog_stdout\fR()
rejected (which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
-.PD
.TP 6n
buf
The buffer containing command output.
The length of
\fIbuf\fR
in bytes.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
log_stderr
-.RS
.nf
-.RS 0n
+.RS 6n
int (*log_stderr)(const char *buf, unsigned int len);
.RE
.fi
+.RS 6n
.sp
The
\fBlog_stderr\fR()
rejected (which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
-.PD
.TP 6n
buf
The buffer containing command output.
The length of
\fIbuf\fR
in bytes.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
register_hooks
See the
\fIPolicy plugin API\fR
section for a description of
\fRregister_hooks\fR.
-.PD
.TP 6n
deregister_hooks
See the
The
\fRhook_type\fR
field may be one of the following supported hook types:
-.RS
+.PP
+.RS 6n
+.PD 0
.TP 6n
\fRSUDO_HOOK_SETENV\fR
The C library
\fRhook_fn\fR
field should
be a function that matches the following typedef:
-.RS
.nf
.sp
-.RS 0n
+.RS 6n
typedef int (*sudo_hook_fn_setenv_t)(const char *name,
const char *value, int overwrite, void *closure);
.RE
.fi
+.RS 6n
.sp
If the registered hook does not match the typedef the results are
unspecified.
-.PP
.RE
-.PD 0
+.PD
.TP 6n
\fRSUDO_HOOK_UNSETENV\fR
The C library
\fRhook_fn\fR
field should
be a function that matches the following typedef:
-.RS
.nf
.sp
-.RS 0n
+.RS 6n
typedef int (*sudo_hook_fn_unsetenv_t)(const char *name,
void *closure);
.RE
.fi
-.PD
-.PP
-.RE
-.PD 0
.TP 6n
\fRSUDO_HOOK_GETENV\fR
The C library
\fRhook_fn\fR
field should
be a function that matches the following typedef:
-.RS
.nf
.sp
-.RS 0n
+.RS 6n
typedef int (*sudo_hook_fn_getenv_t)(const char *name,
char **value, void *closure);
.RE
.fi
+.RS 6n
.sp
If the registered hook does not match the typedef the results are
unspecified.
-.PD
-.PP
.RE
-.PD 0
.TP 6n
\fRSUDO_HOOK_PUTENV\fR
The C library
\fRhook_fn\fR
field should
be a function that matches the following typedef:
-.RS
.nf
.sp
-.RS 0n
+.RS 6n
typedef int (*sudo_hook_fn_putenv_t)(char *string,
void *closure);
.RE
.fi
+.RS 6n
.sp
If the registered hook does not match the typedef the results are
unspecified.
.RE
-.PD
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
hook_fn
sudo_hook_fn_t hook_fn;
This can be used to pass arbitrary data to the plugin's hook implementation.
.sp
The function return value may be one of the following:
-.RS
-.PD
+.PP
+.RS 6n
+.PD 0
.TP 6n
\fRSUDO_HOOK_RET_ERROR\fR
The hook function encountered an error.
+.PD
.TP 6n
\fRSUDO_HOOK_RET_NEXT\fR
The hook completed without error, go on to the next hook (including
the environment but leaves
\fRenviron\fR
unchanged.
+.PD 0
+.PP
.RE
+.PD
.PP
Note that it is very easy to create an infinite loop when hooking
C library functions.
A plugin may also accept a
\fIrunas_user\fR
in the form of
-``user@hostname''
+\(lquser@hostname\(rq
which will work with older versions of
\fBsudo\fR.
It is anticipated that remote commands will be supported by executing a
-``helper''
+\(lqhelper\(rq
program.
The policy plugin should setup the execution environment such that the
\fBsudo\fR
was built against.
.TP 6n
init
-.RS
.nf
-.RS 0n
+.RS 6n
int (*init)(int version, sudo_printf_t plugin_printf,
char *const argv[]);
.RE
.fi
+.RS 6n
.sp
The
\fBinit\fR()
\fIargv\fR
will be
\fRNULL\fR.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
cleanup
-.RS
.nf
-.RS 0n
+.RS 6n
void (*cleanup)();
.RE
.fi
+.RS 6n
.sp
The
\fBcleanup\fR()
has finished its
group checks.
The plugin should free any memory it has allocated and close open file handles.
-.PD
-.PP
.RE
-.PD 0
.TP 6n
query
.br
-.RS
.nf
-.RS 0n
+.RS 6n
int (*query)(const char *user, const char *group,
const struct passwd *pwd);
.RE
.fi
+.RS 6n
.sp
The
\fBquery\fR()
\fIgroup\fR.
.sp
The function arguments are as follows:
-.PD
.TP 6n
user
The name of the user being looked up in the external group database.
\fIpwd\fR
will be
\fRNULL\fR.
+.PD 0
+.PP
.RE
+.PD
.PP
\fIGroup API Version Macros\fR
.nf
.SH "DISCLAIMER"
\fBsudo\fR
is provided
-``AS IS''
+\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.10 February 7, 2014 Sudo 1.8.10
+Sudo 1.8.10 February 15, 2014 Sudo 1.8.10
.TP 6n
\fBsudoUser\fR
A user name, user ID (prefixed with
-`#'),
+\(oq#\(cq),
Unix group name or ID (prefixed with
-`%'
+\(oq%\(cq
or
-`%#'
+\(oq%#\(cq
respectively), user netgroup (prefixed with
-`+'),
+\(oq+\(cq),
or non-Unix group name or ID (prefixed with
-`%:'
+\(oq%:\(cq
or
-`%:#'
+\(oq%:#\(cq
respectively).
Non-Unix group support is only available when an appropriate
\fIgroup_plugin\fR
.TP 6n
\fBsudoHost\fR
A host name, IP address, IP network, or host netgroup (prefixed with a
-`+').
+\(oq+\(cq).
The special value
\fRALL\fR
will match any host.
A fully-qualified Unix command name with optional command line arguments,
potentially including globbing characters (aka wild cards).
If a command name is preceded by an exclamation point,
-`\&!',
+\(oq\&!\(cq,
the user will be prohibited from running that command.
.sp
The built-in command
-``\fRsudoedit\fR''
+\(lq\fRsudoedit\fR\(rq
is used to permit a user to run
\fBsudo\fR
with the
\fBsudoedit\fR).
It may take command line arguments just as a normal command does.
Note that
-``\fRsudoedit\fR''
+\(lq\fRsudoedit\fR\(rq
is a command built into
\fBsudo\fR
itself and must be specified in without a leading path.
has write access to the command or its parent directory.
The following digest formats are supported: sha224, sha256, sha384 and sha512.
The digest name must be followed by a colon
-(`:\&')
+(\(oq:\&\(cq)
and then the actual digest, in either hex or base64 format.
For example, given the following value for sudoCommand:
-.RS
.nf
.sp
-.RS 4n
+.RS 10n
sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls
.RE
.fi
+.RS 6n
.sp
The user may only run
\fI/bin/ls\fR
if its sha224 digest matches the specified value.
Command digests are only supported by version 1.8.7 or higher.
-.PP
.RE
-.PD 0
.TP 6n
\fBsudoOption\fR
Identical in function to the global options described above, but
specific to the
\fRsudoRole\fR
in which it resides.
-.PD
.TP 6n
\fBsudoRunAsUser\fR
A user name or uid (prefixed with
-`#')
+\(oq#\(cq)
that commands may be run as or a Unix group (prefixed with a
-`%')
+\(oq%\(cq)
or user netgroup (prefixed with a
-`+')
+\(oq+\(cq)
that contains a list of users that commands may be run as.
The special value
\fRALL\fR
.TP 6n
\fBsudoRunAsGroup\fR
A Unix group or gid (prefixed with
-`#')
+\(oq#\(cq)
that commands may be run as.
The special value
\fRALL\fR
\fRsudoOrder\fR
attribute is chosen.
This corresponds to the
-``last match''
+\(lqlast match\(rq
behavior of the sudoers file.
If the
\fRsudoOrder\fR
in a case-independent manner.
.PP
The pound sign
-(`#')
+(\(oq#\(cq)
is used to indicate a comment.
Both the comment character and any text after it, up to the end of
the line, are ignored.
Long lines can be continued with a backslash
-(`\e')
+(\(oq\e\(cq)
as the last character on the line.
Note that leading white space is removed from the beginning of lines
even when the continuation character is used.
Each host may include an optional
\fIport\fR
separated by a colon
-(`:\&').
+(\(oq:\&\(cq).
The
\fBHOST\fR
parameter is deprecated in favor of the
The same information is now logged via the
\fBsudo\fR
debugging framework using the
-``ldap''
+\(lqldap\(rq
subsystem at priorities
\fIdiag\fR
and
The path to a file containing the client certificate which can
be used to authenticate the client to the LDAP server.
The certificate type depends on the LDAP libraries used.
-.RS
+.PP
+.RS 6n
+.PD 0
.TP 6n
OpenLDAP:
\fRtls_cert /etc/ssl/client_cert.pem\fR
+.PD
.TP 6n
Netscape-derived:
\fRtls_cert /var/ldap/cert7.db\fR
.sp
When using Netscape-derived libraries, this file may also contain
Certificate Authority certificates.
+.PD 0
.PP
.RE
-.PD 0
+.PD
.TP 6n
\fBTLS_KEY\fR \fIfile name\fR
The path to a file containing the private key which matches the
\fBTLS_CERT\fR.
The private key must not be password-protected.
The key type depends on the LDAP libraries used.
-.RS
-.PD
+.PP
+.RS 6n
+.PD 0
.TP 6n
OpenLDAP:
\fRtls_key /etc/ssl/client_key.pem\fR
+.PD
.TP 6n
Netscape-derived:
\fRtls_key /var/ldap/key3.db\fR
\fRtls_key /usr/ldap/ldapkey.kdb\fR
.PD 0
.PP
-.PD
When using Tivoli LDAP libraries, this file may also contain
Certificate Authority and client certificates and may be encrypted.
-.PP
.RE
-.PD 0
+.PD
.TP 6n
\fBTLS_KEYPW\fR \fIsecret\fR
The
using the Tivoli Directory Server LDAP library.
This should be a simple string without quotes.
The password may not include the comment character
-(`#')
+(\(oq#\(cq)
and escaping of special characters with a backslash
-(`\e')
+(\(oq\e\(cq)
is not supported.
If this option is used,
\fI@ldap_conf@\fR
utility can be used to manage the key database and create a
\fIstash file\fR.
This option is only supported by the Tivoli LDAP libraries.
-.PD
.TP 6n
\fBTLS_RANDFILE\fR \fIfile name\fR
The
not stop searching after the first match and later matches take
precedence over earlier ones.
The following sources are recognized:
+.PP
+.RS 4n
+.PD 0
.TP 10n
files
read sudoers from
\fI@sysconfdir@/sudoers\fR
-.PD 0
.TP 10n
ldap
read sudoers from LDAP
+.RE
.PD
.PP
In addition, the entry
.SH "DISCLAIMER"
\fBsudo\fR
is provided
-``AS IS''
+\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "@mansectsu@" "February 7, 2014" "Sudo @PACKAGE_VERSION@" "Programmer's Manual"
+.TH "SUDOERS" "@mansectsu@" "February 15, 2014" "Sudo @PACKAGE_VERSION@" "Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudo\fR
allows or denies is
contained in the output of
-``\fRsudo -V\fR''
+\(lq\fRsudo -V\fR\(rq
when run as root.
.PP
Note that the dynamic linker on most operating systems will remove
operators, which many readers will recognize from regular
expressions.
Do not, however, confuse them with
-``wildcard''
+\(lqwildcard\(rq
characters, which have different meanings.
.TP 6n
\fR\&?\fR
\fRNAME\fR
is a string of uppercase letters, numbers,
and underscore characters
-(`_').
+(\(oq_\(cq).
A
\fRNAME\fR
\fBmust\fR
uppercase letter.
It is possible to put several alias definitions
of the same type on a single line, joined by a colon
-(`:\&').
+(\(oq:\&\(cq).
E.g.,
.nf
.sp
\fRUser_List\fR
is made up of one or more user names, user IDs
(prefixed with
-`#'),
+\(oq#\(cq),
system group names and IDs (prefixed with
-`%'
+\(oq%\(cq
and
-`%#'
+\(oq%#\(cq
respectively), netgroups (prefixed with
-`+'),
+\(oq+\(cq),
non-Unix group names and IDs (prefixed with
-`%:'
+\(oq%:\(cq
and
-`%:#'
+\(oq%:#\(cq
respectively) and
\fRUser_Alias\fRes.
Each list item may be prefixed with zero or more
-`\&!'
+\(oq\&!\(cq
operators.
An odd number of
-`\&!'
+\(oq\&!\(cq
operators negate the value of
the item; an even number just cancel each other out.
.PP
.PP
Note that quotes around group names are optional.
Unquoted strings must use a backslash
-(`\e')
+(\(oq\e\(cq)
to escape spaces and special characters.
See
\fIOther special characters and reserved words\fR
\fRHost_List\fR
is made up of one or more host names, IP addresses,
network numbers, netgroups (prefixed with
-`+')
+\(oq+\(cq)
and other aliases.
Again, the value of an item may be negated with the
-`\&!'
+\(oq\&!\(cq
operator.
If you do not specify a netmask along with the network number,
\fBsudo\fR
only inspects actual network interfaces; this means that IP address
127.0.0.1 (localhost) will never match.
Also, the host name
-``localhost''
+\(lqlocalhost\(rq
will only match if that is the actual host name, which is usually
only the case for non-networked systems.
.nf
command line arguments.
A directory is a
fully qualified path name ending in a
-`/'.
+\(oq/\(cq.
When you specify a directory in a
\fRCmnd_List\fR,
the user will be able to run any file within that directory
must match exactly those given by the user on the command line
(or match the wildcards if there are any).
Note that the following characters must be escaped with a
-`\e'
+\(oq\e\(cq
if they are used in command arguments:
-`,\&',
-`:\&',
-`=\&',
-`\e'.
+\(oq,\&\(cq,
+\(oq:\&\(cq,
+\(oq=\&\(cq,
+\(oq\e\(cq.
The built-in command
-``\fRsudoedit\fR''
+\(lq\fRsudoedit\fR\(rq
is used to permit a user to run
\fBsudo\fR
with the
\fBsudoedit\fR).
It may take command line arguments just as a normal command does.
Note that
-``\fRsudoedit\fR''
+\(lq\fRsudoedit\fR\(rq
is a command built into
\fBsudo\fR
itself and must be specified in
or
\fBlists\fR.
Flags are implicitly boolean and can be turned off via the
-`\&!'
+\(oq\&!\(cq
operator.
Some integer, string and list parameters may also be
used in a boolean context to disable them.
(\&"")
when they contain multiple words.
Special characters may be escaped with a backslash
-(`\e').
+(\(oq\e\(cq).
.PP
Lists have two additional assignment operators,
\fR+=\fR
but this can be changed on a per-command basis.
.PP
The basic structure of a user specification is
-``who where = (as_whom) what''.
+\(lqwho where = (as_whom) what\(rq.
Let's break that down into its constituent parts:
.SS "Runas_Spec"
A
consists of two
\fRRunas_List\fRs
(as defined above) separated by a colon
-(`:\&')
+(\(oq:\&\(cq)
and enclosed in a set of parentheses.
The first
\fRRunas_List\fR
.fi
.PP
In addition, there are several
-``special''
+\(lqspecial\(rq
privilege strings:
.TP 10n
none
.PP
Privileges can be excluded from a set by prefixing the privilege
name with either an
-`\&!'
+\(oq\&!\(cq
or
-`\-'
+\(oq\-\(cq
character.
.SS "Tag_Spec"
A command may have zero or more tags associated with it.
\fRPASSWD\fR
tag can be used to reverse things.
For example:
-.RS
.nf
.sp
-.RS 0n
+.RS 2n
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
.RE
.fi
+.RS 2n
.sp
would allow the user
\fBray\fR
without a password the entry would be:
.nf
.sp
-.RS 0n
+.RS 2n
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
.RE
.fi
\fRNOPASSWD\fR
tag is applied to any of the entries for a user on the current host,
he or she will be able to run
-``\fRsudo -l\fR''
+\(lq\fRsudo -l\fR\(rq
without a password.
Additionally, a user may only run
-``\fRsudo -v\fR''
+\(lq\fRsudo -v\fR\(rq
without a password if the
\fRNOPASSWD\fR
tag is present for all a user's entries that pertain to the current host.
and
\fIlistpw\fR
options.
-.PP
.RE
-.PD 0
.TP 2n
\fINOEXEC\fR and \fIEXEC\fR
.sp
and
\fI/usr/bin/vi\fR
but shell escapes will be disabled.
-.RS
.nf
.sp
-.RS 0n
+.RS 2n
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
.RE
.fi
+.RS 2n
.sp
See the
\fIPreventing shell escapes\fR
section below for more details on how
\fRNOEXEC\fR
works and whether or not it will work on your system.
-.PD
-.PP
.RE
-.PD 0
.TP 2n
\fISETENV\fR and \fINOSETENV\fR
.sp
tag is implied for that command; this default may be overridden by use of the
\fRNOSETENV\fR
tag.
-.PD
.TP 2n
\fILOG_INPUT\fR and \fINOLOG_INPUT\fR
.sp
.TP 10n
\fR\ex\fR
For any character
-`x',
+\(oqx\(cq,
evaluates to
-`x'.
+\(oqx\(cq.
This is used to escape special characters such as:
-`*',
-`\&?',
-`[\&',
+\(oq*\(cq,
+\(oq\&?\(cq,
+\(oq[\&\(cq,
and
-`]\&'.
+\(oq]\&\(cq.
.PP
Character classes may also be used if your system's
glob(3)
fnmatch(3)
functions support them.
However, because the
-`:\&'
+\(oq:\&\(cq
character has special meaning in
\fIsudoers\fR,
it must be
.nf
.sp
.RS 4n
-/bin/ls [[\:alpha\:]]*
+/bin/ls [[\&:alpha\&:]]*
.RE
.fi
.PP
Would match any file name beginning with a letter.
.PP
Note that a forward slash
-(`/')
+(\(oq/\(cq)
will
\fBnot\fR
be matched by
Wildcards in command line arguments should be used with care.
Because command line arguments are matched as a single, concatenated
string, a wildcard such as
-`\&?'
+\(oq\&?\(cq
or
-`*'
+\(oq*\(cq
can match multiple words.
For example, while a sudoers entry like:
.nf
Command line arguments to the
\fIsudoedit\fR
built-in command should always be path names, so a forward slash
-(`/')
+(\(oq/\(cq)
will not be matched by a wildcard.
.SS "Including other files from within sudoers"
It is possible to include other
.PP
If the path to the include file is not fully-qualified (does not
begin with a
-`/',
+\(oq/\(cq,
it must be located in the same directory as the sudoers file it was
included from.
For example, if
\fR%h\fR
escape, signifying the short form of the host name.
In other words, if the machine's host name is
-``xerxes'',
+\(lqxerxes\(rq,
then
.nf
.sp
will read each file in
\fI/etc/sudoers.d\fR,
skipping file names that end in
-`~'
+\(oq~\(cq
or contain a
-`.\&'
+\(oq.\&\(cq
character to avoid causing problems with package manager or editor
temporary/backup files.
Files are parsed in sorted lexical order.
flag to edit the files directly.
.SS "Other special characters and reserved words"
The pound sign
-(`#')
+(\(oq#\(cq)
is used to indicate a comment (unless it is part of a #include
directive or unless it occurs in the context of a user name and is
followed by one or more digits, in which case it is treated as a
command on the system.
.PP
An exclamation point
-(`\&!')
+(\(oq\&!\(cq)
can be used as a logical
\fInot\fR
operator in a list or
\fRCmnd\fR.
This allows one to exclude certain values.
For the
-`\&!'
+\(oq\&!\(cq
operator to be effective, there must be something for it to exclude.
For example, to match all users except for root one would use:
.nf
.PP
it would explicitly deny root but not match any other users.
This is different from a true
-``negation''
+\(lqnegation\(rq
operator.
.PP
Note, however, that using a
-`\&!'
+\(oq\&!\(cq
in conjunction with the built-in
\fBALL\fR
alias to allow a user to run
-``all but a few''
+\(lqall but a few\(rq
commands rarely works as intended (see
\fISECURITY NOTES\fR
below).
.PP
Long lines can be continued with a backslash
-(`\e')
+(\(oq\e\(cq)
as the last character on the line.
.PP
White space between elements in a list as well as special syntactic
characters in a
\fIUser Specification\fR
-(`=\&',
-`:\&',
-`(\&',
-`)\&')
+(\(oq=\&\(cq,
+\(oq:\&\(cq,
+\(oq(\&\(cq,
+\(oq)\&\(cq)
is optional.
.PP
The following characters must be escaped with a backslash
-(`\e')
+(\(oq\e\(cq)
when used as part of a word (e.g.\& a user name or host name):
-`\&!',
-`=\&',
-`:\&',
-`,\&',
-`(\&',
-`)\&',
-`\e'.
+\(oq\&!\(cq,
+\(oq=\&\(cq,
+\(oq:\&\(cq,
+\(oq,\&\(cq,
+\(oq(\&\(cq,
+\(oq)\&\(cq,
+\(oq\e\(cq.
.SH "SUDOERS OPTIONS"
\fBsudo\fR's
behavior can be modified by
.TP 18n
use_netgroups
If set, netgroups (prefixed with
-`+'),
+\(oq+\(cq),
may be used in place of a user or host.
For LDAP-based sudoers, netgroup support requires an expensive
substring match on the server.
\fI../bin/ls\fR.
This has security implications when path names that include globbing
characters are used with the negation operator,
-`!\&',
+\(oq!\&\(cq,
as such rules can be trivially bypassed.
As such, this option should not be used when
\fIsudoers\fR
In other words, instead of myhost you would use myhost.mydomain.edu.
You may still use the short form if you wish (and even mix the two).
This option is only effective when the
-``canonical''
+\(lqcanonical\(rq
host name, as returned by the
\fBgetaddrinfo\fR()
or
If the system is configured to use the
\fI/etc/hosts\fR
file in preference to DNS, the
-``canonical''
+\(lqcanonical\(rq
host name may not be fully-qualified.
The order that sources are queried for host name resolution
is usually specified in the
In the
\fI/etc/hosts\fR
file, the first host name of the entry is considered to be the
-``canonical''
+\(lqcanonical\(rq
name; subsequent names are aliases that are not used by
\fBsudoers\fR.
For example, the following hosts file line for the machine
-``xyzzy''
+\(lqxyzzy\(rq
has the fully-qualified domain name as the
-``canonical''
+\(lqcanonical\(rq
host name, and the short version as an alias.
.sp
-.RS 6n
+.RS 24n
192.168.1.1 xyzzy.sudo.ws xyzzy
.RE
+.RS 18n
.sp
If the machine's hosts file entry is not formatted properly, the
\fIfqdn\fR
unusable if DNS stops working (for example if the machine is disconnected
from the network).
Also note that just like with the hosts file, you must use the
-``canonical''
+\(lqcanonical\(rq
name as DNS knows it.
That is, you may not use a host alias
(\fRCNAME\fR
This flag is
\fI@fqdn@\fR
by default.
+.RE
.TP 18n
ignore_dot
If set,
using a unique session ID that is included in the normal
\fBsudo\fR
log line, prefixed with
-``\fRTSID=\fR''.
+\(lq\fRTSID=\fR\(rq.
The
\fIiolog_file\fR
option may be used to control the format of the session ID.
using a unique session ID that is included in the normal
\fBsudo\fR
log line, prefixed with
-``\fRTSID=\fR''.
+\(lq\fRTSID=\fR\(rq.
The
\fIiolog_file\fR
option may be used to control the format of the session ID.
\fIpassprompt\fR
will normally only be used if the password prompt provided by systems
such as PAM matches the string
-``Password:''.
+\(lqPassword:\(rq.
If
\fIpassprompt_override\fR
is set,
\fBsudo\fR
too.
Disabling this prevents users from
-``chaining''
+\(lqchaining\(rq
\fBsudo\fR
commands to get a root shell by doing something like
-``\fRsudo sudo /bin/sh\fR''.
+\(lq\fRsudo sudo /bin/sh\fR\(rq.
Note, however, that turning off
\fIroot_sudo\fR
will also prevent root from running
\fBsudo\fR
will prompt for a password even when it would be visible on the screen.
This makes it possible to run things like
-``\fRssh somehost sudo ls\fR''
+\(lq\fRssh somehost sudo ls\fR\(rq
since by default,
ssh(1)
does
\fR0\fR
the user's time stamp will never expire.
This can be used to allow users to create or delete their own time stamps via
-``\fRsudo -v\fR''
+\(lq\fRsudo -v\fR\(rq
and
-``\fRsudo -k\fR''
+\(lq\fRsudo -k\fR\(rq
respectively.
.TP 18n
umask
.TP 18n
editor
A colon
-(`:\&')
+(\(oq:\&\(cq)
separated list of editors allowed to be used with
\fBvisudo\fR.
\fBvisudo\fR
\fI@iolog_dir@\fR.
.sp
The following percent
-(`%')
+(\(oq%\(cq)
escape sequences are supported:
-.RS
+.PP
+.RS 18n
+.PD 0
.TP 6n
\fR%{seq}\fR
expanded to a monotonically increasing base-36 sequence number, such as 0100A5,
where every two digits are used to form a new directory, e.g.\&
\fI01/00/A5\fR
+.PD
.TP 6n
\fR%{user}\fR
expanded to the invoking user's login name
function will be expanded.
.sp
To include a literal
-`%'
+\(oq%\(cq
character, the string
-`%%'
+\(oq%%\(cq
should be used.
-.PP
.RE
-.PD 0
.TP 18n
iolog_file
The path name, relative to
\fIiolog_file\fR
may contain directory components.
The default is
-``\fR%{seq}\fR''.
+\(lq\fR%{seq}\fR\(rq.
.sp
See the
\fIiolog_dir\fR
option above for a list of supported percent
-(`%')
+(\(oq%\(cq)
escape sequences.
.sp
In addition to the escape sequences, path names that end in six or
ends in six or
more
\fRX\fRs.
-.PD
.TP 18n
lecture_status_dir
The directory in which
\fR%h\fR
will expand to the host name of the machine.
Default is
-``\fR@mailsub@\fR''.
+\(lq\fR@mailsub@\fR\(rq.
.TP 18n
maxseq
The maximum sequence number that will be substituted for the
-``\fR%{seq}\fR''
+\(lq\fR%{seq}\fR\(rq
escape in the I/O log file (see the
\fIiolog_dir\fR
description above for more information).
While the value substituted for
-``\fR%{seq}\fR''
+\(lq\fR%{seq}\fR\(rq
is in base 36,
\fImaxseq\fR
itself should be expressed in decimal.
Values larger than 2176782336 (which corresponds to the
base 36 sequence number
-``ZZZZZZ'')
+\(lqZZZZZZ\(rq)
will be silently truncated to 2176782336.
The default value is 2176782336.
.sp
Once the local sequence number reaches the value of
\fImaxseq\fR,
it will
-``roll over''
+\(lqroll over\(rq
to zero, after which
\fBsudoers\fR
will truncate and re-use any existing I/O log path names.
\fB\-i\fR
option is specified.
The default value is
-``\fR@pam_login_service@\fR''.
+\(lq\fR@pam_login_service@\fR\(rq.
See the description of
\fIpam_service\fR
for more information.
\fI/etc/pam.d\fR
directory.
The default value is
-``\fRsudo\fR''.
+\(lq\fRsudo\fR\(rq.
.sp
This setting is only supported by version 1.8.8 or higher.
.TP 18n
\fRSUDO_PROMPT\fR
environment variable.
The following percent
-(`%')
+(\(oq%\(cq)
escape sequences are supported:
-.RS
+.PP
+.RS 18n
+.PD 0
.TP 6n
\fR%H\fR
expanded to the local host name including the domain name
(only if the machine's host name is fully qualified or the
\fIfqdn\fR
option is set)
+.PD
.TP 6n
\fR%h\fR
expanded to the local host name without the domain name
character
.PP
The default value is
-``\fR@passprompt@\fR''.
-.PP
+\(lq\fR@passprompt@\fR\(rq.
.RE
-.PD 0
.TP 18n
privs
The default Solaris privileges to use when constructing a new
This option is only available if
\fBsudoers\fR
is built on Solaris 10 or higher.
-.PD
.TP 18n
role
The default SELinux role to use when constructing a new security
sending email.
Note that changing the locale may affect how sudoers is interpreted.
Defaults to
-``\fRC\fR''.
+\(lq\fRC\fR\(rq.
.TP 18n
timestampdir
The directory in which
option specifies the fully qualified path to a file containing variables
to be set in the environment of the program being run.
Entries in this file should either be of the form
-``\fRVARIABLE=value\fR''
+\(lq\fRVARIABLE=value\fR\(rq
or
-``\fRexport VARIABLE=value\fR''.
+\(lq\fRexport VARIABLE=value\fR\(rq.
The value may optionally be surrounded by single or double quotes.
Variables in this file are subject to other
\fBsudo\fR
This option controls when a short lecture will be printed along with
the password prompt.
It has the following possible values:
-.RS
+.PP
+.RS 14n
+.PD 0
.TP 8n
always
Always lecture the user.
+.PD
.TP 8n
never
Never lecture the user.
being used.
The default value is
\fI@lecture@\fR.
-.PP
.RE
-.PD 0
.TP 14n
lecture_file
Path to a file containing an alternate
By default,
\fBsudo\fR
uses a built-in lecture.
-.PD
.TP 14n
listpw
This option controls when a password will be required when a user runs
\fB\-l\fR
option.
It has the following possible values:
-.RS
+.PP
+.RS 14n
+.PD 0
.TP 10n
all
All the user's
the
\fRNOPASSWD\fR
flag set to avoid entering a password.
+.PD
.TP 10n
always
The user must always enter a password to use the
being used.
The default value is
\fIany\fR.
-.PP
.RE
-.PD 0
.TP 14n
logfile
Path to the
By default,
\fBsudo\fR
logs via syslog.
-.PD
.TP 14n
mailerflags
Flags to use when invoking mailer. Defaults to
.TP 14n
mailfrom
Address to use for the
-``from''
+\(lqfrom\(rq
address when sending warning and error mail.
The address should be enclosed in double quotes
(\&"")
\fRPATH\fR
environment variable you may want to use this.
Another use is if you want to have the
-``root path''
+\(lqroot path\(rq
be separate from the
-``user path''.
+\(lquser path\(rq.
Users in the group specified by the
\fIexempt_group\fR
option are not affected by
\fB\-v\fR
option.
It has the following possible values:
-.RS
+.PP
+.RS 14n
+.PD 0
.TP 8n
all
All the user's
entries for the current host must have the
\fRNOPASSWD\fR
flag set to avoid entering a password.
+.PD
.TP 8n
always
The user must always enter a password to use the
env_check
Environment variables to be removed from the user's environment if
the variable's value contains
-`%'
+\(oq%\(cq
or
-`/'
+\(oq/\(cq
characters.
This can be used to guard against printf-style format vulnerabilities
in poorly-written programs.
to the plugin.
For example, if the group file to be used is
\fI/etc/sudo-group\fR:
-.RS
.nf
.sp
-.RS 0n
+.RS 10n
Defaults group_plugin="group_file.so /etc/sudo-group"
.RE
.fi
-.PP
-.RE
-.PD 0
.TP 10n
system_group
The
This plugin can be used in instances where the user belongs to
groups not present in the user's supplemental group vector.
This plugin takes no options:
-.RS
.nf
.sp
-.RS 0n
+.RS 10n
Defaults group_plugin=system_group.so
.RE
.fi
-.RE
-.PD
.PP
The group provider plugin API is described in detail in
sudo_plugin(@mansectsu@).
date
The date the command was run.
Typically, this is in the format
-``MMM, DD, HH:MM:SS''.
+\(lqMMM, DD, HH:MM:SS\(rq.
If logging via
syslog(3),
the actual date format is controlled by the syslog daemon.
.TP 14n
ttyname
The short name of the terminal (e.g.\&
-``console'',
-``tty01'',
+\(lqconsole\(rq,
+\(lqtty01\(rq,
or
-``pts/0'')
+\(lqpts/0\(rq)
\fBsudo\fR
was run on, or
-``unknown''
+\(lqunknown\(rq
if there was no terminal present.
.TP 14n
cwd
Messages are logged using the locale specified by
\fIsudoers_locale\fR,
which defaults to the
-``\fRC\fR''
+\(lq\fRC\fR\(rq
locale.
.SS "Denied command log entries"
If the user is not allowed to run the command, the reason for the denial
Consider either changing the ownership of
\fI@sysconfdir@/sudoers\fR
or adding an argument like
-``sudoers_uid=N''
+\(lqsudoers_uid=N\(rq
(where
-`N'
+\(oqN\(cq
is the user ID that owns the
\fIsudoers\fR
file) to the end of the
If you wish to change the
\fIsudoers\fR
file owner, please add
-``sudoers_uid=N''
+\(lqsudoers_uid=N\(rq
(where
-`N'
+\(oqN\(cq
is the user ID that owns the
\fIsudoers\fR
file) to the
file must not be world-writable, the default file mode
is 0440 (readable by owner and group, writable by none).
The default mode may be changed via the
-``sudoers_mode''
+\(lqsudoers_mode\(rq
option to the
\fBsudoers\fR
\fRPlugin\fR
If you wish to change the
\fIsudoers\fR
file group ownership, please add
-``sudoers_gid=N''
+\(lqsudoers_gid=N\(rq
(where
-`N'
+\(oqN\(cq
is the group ID that owns the
\fIsudoers\fR
file) to the
\fBsudoers\fR
will split up log messages that are larger than 960 characters
(not including the date, hostname, and the string
-``sudo'').
+\(lqsudo\(rq).
When a message is split, additional parts will include the string
-``(command continued)''
+\(lq(command continued)\(rq
after the user name and before the continued command line arguments.
.SS "Notes on logging to a file"
If the
If the
\fIloglinelen\fR
option is set to 0 (or negated with a
-`\&!'),
+\(oq\&!\(cq),
word wrap will be disabled.
.SH "FILES"
.TP 26n
netgroup.
\fBsudo\fR
knows that
-``biglab''
+\(lqbiglab\(rq
is a netgroup due to the
-`+'
+\(oq+\(cq
prefix.
.nf
.sp
This is a bit tedious for users to type, so it is a prime candidate
for encapsulating in a shell script.
.SH "SECURITY NOTES"
-.SS "Limitations of the `!\&' operator"
+.SS "Limitations of the \(oq!\&\(cq operator"
It is generally not effective to
-``subtract''
+\(lqsubtract\(rq
commands from
\fBALL\fR
using the
-`!\&'
+\(oq!\&\(cq
operator.
A user can trivially circumvent this by copying the desired command
to a different name and then executing that.
\fBALL\fR
there is nothing to prevent them from creating their own program that gives
them a root shell (or making their own copy of a shell) regardless of any
-`!\&'
+\(oq!\&\(cq
elements in the user specification.
.SS "Security implications of \fIfast_glob\fR"
If the
tag as documented
in the User Specification section above.
Here is that example again:
-.RS
.nf
.sp
-.RS 0n
+.RS 10n
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
.RE
.fi
+.RS 10n
.sp
This allows user
\fBaaron\fR
without a leading path.
However, it may take command line arguments just as a normal command does.
For example, to allow user operator to edit the
-``message of the day''
+\(lqmessage of the day\(rq
file:
.nf
.sp
utility functions
.PD 0
.PP
-.PD
For example:
.nf
.sp
Debug sudo /var/log/sudo_debug match@info,nss@info
.RE
.fi
+.PD
.PP
For more information, see the
sudo.conf(@mansectform@)
.SH "DISCLAIMER"
\fBsudo\fR
is provided
-``AS IS''
+\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.9 October 28, 2013 Sudo 1.8.9
+Sudo 1.8.10 February 15, 2014 Sudo 1.8.10
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in
.\"
-.\" Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 2009-2014 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDOREPLAY" "@mansectsu@" "October 28, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDOREPLAY" "@mansectsu@" "February 15, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
[\fB\-h\fR]
[\fB\-d\fR\ \fIdir\fR]
\fB\-l\fR
-[search expression]
+[search\ expression]
.SH "DESCRIPTION"
\fBsudoreplay\fR
plays back or lists the output logs created by
\fBsudoreplay\fR
will act on the following keys:
.TP 14n
-`\fR\en\fR' or `\fR\er\fR'
+\(oq\fR\en\fR\(cq or \(oq\fR\er\fR\(cq
Skip to the next replay event; useful for long pauses.
.TP 14n
-`\fR\ \fR' (space)
+\(oq\fR\ \fR\(cq (space)
Pause output; press any key to resume.
.TP 14n
-`<'
+\(oq<\(cq
Reduce the playback speed by one half.
.TP 14n
-`>'
+\(oq>\(cq
Double the playback speed.
.PP
The options are as follows:
.TP 12n
\fB\-l\fR, \fB\--list\fR [\fIsearch expression\fR]
Enable
-``list mode''.
+\(lqlist mode\(rq.
In this mode,
\fBsudoreplay\fR
will list available sessions in a format similar to the
\fIsearch expression\fR
is specified, it will be used to restrict the IDs that are displayed.
An expression is composed of the following predicates:
-.RS
+.PP
+.RS 12n
+.PD 0
.TP 8n
command \fIpattern\fR
Evaluates to true if the command run matches
be an extended regular expression.
On systems without POSIX regular expression support, a simple sub-string
match is performed instead.
+.PD
.TP 8n
cwd \fIdirectory\fR
Evaluates to true if the command was run with the specified current
and
\fI\&!\fR
operators as well as
-`\&('
+\(oq\&(\(cq
and
-`\&)'
+\(oq\&)\(cq
grouping (note that parentheses must generally be escaped from the shell).
The
\fIand\fR
\fIand\fR
unless separated by an
\fIor\fR.
-.PP
.RE
-.PD 0
.TP 12n
\fB\-m\fR, \fB\--max-wait\fR \fImax_wait\fR
Specify an upper bound on how long to wait between key presses or output data.
seconds.
The value may be specified as a floating point number, e.g.\&
\fI2.5\fR.
-.PD
.TP 12n
\fB\-s\fR, \fB\--speed\fR \fIspeed_factor\fR
This option causes
next Friday
The first second of the Friday in the next (upcoming) week.
Not to be confused with
-``this friday''
+\(lqthis friday\(rq
which would match the friday of the current week.
.TP 8n
last week
The current time but 7 days ago.
This is equivalent to
-``a week ago''.
+\(lqa week ago\(rq.
.TP 8n
a fortnight ago
The current time but 14 days ago.
.PP
Note that relative time specifications do not always work as expected.
For example, the
-``next''
+\(lqnext\(rq
qualifier is intended to be used in conjunction with a day such as
-``next Monday''.
+\(lqnext Monday\(rq.
When used with units of weeks, months, years, etc
the result will be one more than expected.
For example,
-``next week''
+\(lqnext week\(rq
will result in a time exactly two weeks from now, which is probably
not what was intended.
This will be addressed in a future version of
.SH "DISCLAIMER"
\fBsudoreplay\fR
is provided
-``AS IS''
+\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
v\bvi\bis\bsu\bud\bdo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not save the
changes if there is a syntax error. Upon finding an error, v\bvi\bis\bsu\bud\bdo\bo will
print a message stating the line number(s) where the error occurred and
- the user will receive the ``What now?'' prompt. At this point the user
+ the user will receive the ``What now?'' prompt. At this point the user
may enter `e' to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, `x' to exit without saving the
changes, or `Q' to quit and save changes. The `Q' option should be used
with extreme care because if v\bvi\bis\bsu\bud\bdo\bo believes there to be a parse error,
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.9 December 16, 2013 Sudo 1.8.9
+Sudo 1.8.10 February 15, 2014 Sudo 1.8.10
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM visudo.mdoc.in
.\"
-.\" Copyright (c) 1996,1998-2005, 2007-2013
+.\" Copyright (c) 1996,1998-2005, 2007-2014
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "VISUDO" "@mansectsu@" "December 16, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "@mansectsu@" "February 15, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBvisudo\fR
will print a message stating the line number(s)
where the error occurred and the user will receive the
-``What now?''
+\(lqWhat now?\(rq
prompt.
At this point the user may enter
-`e'
+\(oqe\(cq
to re-edit the
\fIsudoers\fR
file,
-`x'
+\(oqx\(cq
to exit without saving the changes, or
-`Q'
+\(oqQ\(cq
to quit and save changes.
The
-`Q'
+\(oqQ\(cq
option should be used with extreme care because if
\fBvisudo\fR
believes there to be a parse error, so will
\fBsudo\fR
again until the error is fixed.
If
-`e'
+\(oqe\(cq
is typed to edit the
\fIsudoers\fR
file after a parse error has been detected, the cursor will be placed on
The lock file used is the specified
\fIsudoers\fR
file with
-``\.tmp''
+\(lq\.tmp\(rq
appended to it.
In
\fIcheck-only\fR
mode only, the argument to
\fB\-f\fR
may be
-`-',
+\(oq-\(cq,
indicating that
\fIsudoers\fR
will be read from the standard input.
Note that it is not possible to differentiate between an
alias and a host name or user name that consists solely of uppercase
letters, digits, and the underscore
-(`_')
+(\(oq_\(cq)
character.
.TP 12n
\fB\-V\fR, \fB\--version\fR
If
\fIfile\fR
is
-`-',
+\(oq-\(cq,
the exported
\fIsudoers\fR
policy will to be written to the standard output.
Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
or you have a user or host name listed that consists solely of
uppercase letters, digits, and the underscore
-(`_')
+(\(oq_\(cq)
character.
In the latter case, you can ignore the warnings
(\fBsudo\fR
.SH "DISCLAIMER"
\fBvisudo\fR
is provided
-``AS IS''
+\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
projects / sudo / commitdiff