-1.6.8 February 13, 2004 1
+1.6.8 May 17, 2004 1
-H The -\b-H\bH (_\bH_\bO_\bM_\bE) option sets the HOME environment vari
able to the homedir of the target user (root by
- default) as specified in _\bp_\ba_\bs_\bs_\bw_\bd(4). By default, s\bsu\bud\bdo\bo
+ default) as specified in passwd(4). By default, s\bsu\bud\bdo\bo
does not modify HOME.
-K The -\b-K\bK (sure _\bk_\bi_\bl_\bl) option to s\bsu\bud\bdo\bo removes the user's
-1.6.8 February 13, 2004 2
+1.6.8 May 17, 2004 2
-h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes s\bsu\bud\bdo\bo to print a usage mes
sage and exit.
- -i The -i (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs the shell
+ -i The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs the shell
specified in the passwd(4) entry of the user that the
command is being run as. The command name argument
given to the shell begins with a - to tell the shell
-1.6.8 February 13, 2004 3
+1.6.8 May 17, 2004 3
fully qualified or the _\bf_\bq_\bd_\bn sudoers option is
set)
- %% two consecutive % characters are collasped
+ %% two consecutive % characters are collapsed
into a single % character
-s The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by the
_\bS_\bH_\bE_\bL_\bL environment variable if it is set or the shell
- as specified in _\bp_\ba_\bs_\bs_\bw_\bd(4).
+ as specified in passwd(4).
-u The -\b-u\bu (_\bu_\bs_\be_\br) option causes s\bsu\bud\bdo\bo to run the specified
command as a user other than _\br_\bo_\bo_\bt. To specify a _\bu_\bi_\bd
-1.6.8 February 13, 2004 4
+1.6.8 May 17, 2004 4
-1.6.8 February 13, 2004 5
+1.6.8 May 17, 2004 5
user an effective root shell.
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
- Note: the following examples assume suitable _\bs_\bu_\bd_\bo_\be_\br_\bs(4)
+ Note: the following examples assume suitable sudoers(4)
entries.
To get a file listing of an unreadable directory:
% sudo ls /usr/local/protected
To list the home directory of user yazza on a machine
- where the filesystem holding ~yazza is not exported as
+ where the file system holding ~yazza is not exported as
root:
% sudo -u yazza ls ~yazza
-1.6.8 February 13, 2004 6
+1.6.8 May 17, 2004 6
is specified)
VISUAL Default editor to use in -e (sudoedit) mode
- =head1 FILES
+F\bFI\bIL\bLE\bES\bS
/etc/sudoers List of who can run what
/var/run/sudo Directory containing timestamps
-1.6.8 February 13, 2004 7
+1.6.8 May 17, 2004 7
user to run commands via shell escapes, thus avoiding
s\bsu\bud\bdo\bo's checks. However, on most systems it is possible to
prevent shell escapes with s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality.
- See the _\bs_\bu_\bd_\bo_\be_\br_\bs(4) manual for details.
+ See the sudoers(4) manual for details.
If users have sudo ALL there is nothing to prevent them
from creating their own program that gives them a root
setuid shell scripts are generally safe).
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\bg_\br_\be_\bp(1), _\bs_\bu(1), _\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), _\bs_\bu_\bd_\bo_\be_\br_\bs(4),
- _\bp_\ba_\bs_\bs_\bw_\bd(5), _\bv_\bi_\bs_\bu_\bd_\bo(1m)
+ _\bg_\br_\be_\bp(1), _\bs_\bu(1), _\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), sudoers(4),
+ passwd(4), visudo(1m)
-1.6.8 February 13, 2004 8
+1.6.8 May 17, 2004 8
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.\" $Sudo$
-.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.13
+.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
.\"
.\" Standard preamble:
.\" ========================================================================
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "February 13, 2004" "1.6.8" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "May 17, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
.IX Item "-H"
The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable
to the homedir of the target user (root by default) as specified
-in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR.
+in passwd(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR.
.IP "\-K" 4
.IX Item "-K"
The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
.IP "\-i" 4
.IX Item "-i"
-The \f(CW\*(C`\-i\*(C'\fR (\fIsimulate initial login\fR) option runs the shell specified
+The \fB\-i\fR (\fIsimulate initial login\fR) option runs the shell specified
in the passwd(@mansectform@) entry of the user that the command is
being run as. The command name argument given to the shell begins
with a \f(CW\*(C`\-\*(C'\fR to tell the shell to run as a login shell. \fBsudo\fR
.ie n .IP "\*(C`%%\*(C'" 8
.el .IP "\f(CW\*(C`%%\*(C'\fR" 8
.IX Item "%%"
-two consecutive \f(CW\*(C`%\*(C'\fR characters are collasped into a single \f(CW\*(C`%\*(C'\fR character
+two consecutive \f(CW\*(C`%\*(C'\fR characters are collapsed into a single \f(CW\*(C`%\*(C'\fR character
.RE
.RS 4
.RE
.IX Item "-s"
The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
environment variable if it is set or the shell as specified
-in \fIpasswd\fR\|(@mansectform@).
+in passwd(@mansectform@).
.IP "\-u" 4
.IX Item "-u"
The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
the user an effective root shell.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
-Note: the following examples assume suitable \fIsudoers\fR\|(@mansectform@) entries.
+Note: the following examples assume suitable sudoers(@mansectform@) entries.
.PP
To get a file listing of an unreadable directory:
.PP
.Ve
.PP
To list the home directory of user yazza on a machine where the
-filesystem holding ~yazza is not exported as root:
+file system holding ~yazza is not exported as root:
.PP
.Vb 1
\& % sudo -u yazza ls ~yazza
\& is specified)
.Ve
.PP
-.Vb 2
+.Vb 1
\& VISUAL Default editor to use in -e (sudoedit) mode
-\&=head1 FILES
.Ve
-.PP
+.SH "FILES"
+.IX Header "FILES"
.Vb 2
\& @sysconfdir@/sudoers List of who can run what
\& @timedir@ Directory containing timestamps
Also, many programs (such as editors) allow the user to run commands
via shell escapes, thus avoiding \fBsudo\fR's checks. However, on
most systems it is possible to prevent shell escapes with \fBsudo\fR's
-\&\fInoexec\fR functionality. See the \fIsudoers\fR\|(@mansectform@) manual for details.
+\&\fInoexec\fR functionality. See the sudoers(@mansectform@) manual for details.
.PP
If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from creating
their own program that gives them a root shell regardless of any '!'
are generally safe).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIsudoers\fR\|(@mansectform@), \fIpasswd\fR\|(5), \fIvisudo\fR\|(@mansectsu@)
+\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \fIlogin_cap\fR\|(3), sudoers(@mansectform@),
+passwd(@mansectform@), visudo(@mansectsu@)
-1.6.8 May 16, 2004 1
+1.6.8 May 17, 2004 1
-1.6.8 May 16, 2004 2
+1.6.8 May 17, 2004 2
netmask may be specified either in dotted quad notation
(e.g. 255.255.255.0) or CIDR notation (number of bits,
e.g. 24). A hostname may include shell-style wildcards
- (see `Wildcards' section below), but unless the hostname
+ (see the Wildcards section below), but unless the hostname
command on your machine returns the fully qualified host
name, you'll need to use the _\bf_\bq_\bd_\bn option for wildcards to
be useful.
A Cmnd_List is a list of one or more commandnames, direc
tories, and other aliases. A commandname is a fully qual
ified filename which may include shell-style wildcards
- (see `Wildcards' section below). A simple filename allows
- the user to run the command with any arguments he/she
- wishes. However, you may also specify command line argu
- ments (including wildcards). Alternately, you can specify
- "" to indicate that the command may only be run w\bwi\bit\bth\bho\bou\but\bt
- command line arguments. A directory is a fully qualified
- pathname ending in a '/'. When you specify a directory in
- a Cmnd_List, the user will be able to run any file within
- that directory (but not in any subdirectories therein).
+ (see the Wildcards section below). A simple filename
+ allows the user to run the command with any arguments
+ he/she wishes. However, you may also specify command line
+ arguments (including wildcards). Alternately, you can
+ specify "" to indicate that the command may only be run
+ w\bwi\bit\bth\bho\bou\but\bt command line arguments. A directory is a fully
+ qualified pathname ending in a '/'. When you specify a
+ directory in a Cmnd_List, the user will be able to run any
+ file within that directory (but not in any subdirectories
+ therein).
If a Cmnd has associated command line arguments, then the
arguments in the Cmnd must match exactly those given by
the user on the command line (or match the wildcards if
there are any). Note that the following characters must
- be escaped with a '\' if they are used in command argu
- ments: ',', ':', '=', '\'. The special command "sudoedit"
+ be escaped with a '\' if they are used in command
-1.6.8 May 16, 2004 3
+1.6.8 May 17, 2004 3
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- is used to permit a user to run s\bsu\bud\bdo\bo with the -\b-e\be flag (or
- as s\bsu\bud\bdo\boe\bed\bdi\bit\bt). It may take command line arguments just as
- a normal command does.
+ arguments: ',', ':', '=', '\'. The special command
+ "sudoedit" is used to permit a user to run s\bsu\bud\bdo\bo with the
+ -\b-e\be flag (or as s\bsu\bud\bdo\boe\bed\bdi\bit\bt). It may take command line argu
+ ments just as a normal command does.
D\bDe\bef\bfa\bau\bul\blt\bts\bs
scheme (S\bS/\b/K\bKe\bey\by or O\bOP\bPI\bIE\bE), a two-line prompt is
used to make it easier to cut and paste the
challenge to a local window. It's not as
- pretty as the default but some people find it
-1.6.8 May 16, 2004 4
+1.6.8 May 17, 2004 4
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ pretty as the default but some people find it
more convenient. This flag is _\bo_\bf_\bf by default.
ignore_dot If set, s\bsu\bud\bdo\bo will ignore '.' or '' (current
may be overridden via the PASSWD and NOPASSWD
tags. This flag is _\bo_\bn by default.
- root_sudo If set, root is allowed to run s\bsu\bud\bdo\bo too.
-1.6.8 May 16, 2004 5
+1.6.8 May 17, 2004 5
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- Disabling this prevents users from "chaining"
+ root_sudo If set, root is allowed to run s\bsu\bud\bdo\bo too. Dis
+ abling this prevents users from "chaining"
s\bsu\bud\bdo\bo commands to get a root shell by doing
something like "sudo sudo /bin/sh". Note,
however, that turning off _\br_\bo_\bo_\bt_\b__\bs_\bu_\bd_\bo will also
that they are not allowed to run it, which can
be confusing. This flag is _\bo_\bf_\bf by default.
- preserve_groups
- By default s\bsu\bud\bdo\bo will initialize the group
-1.6.8 May 16, 2004 6
+
+1.6.8 May 17, 2004 6
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- vector to the list of groups the target user
- is in. When _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, the
- user's existing group vector is left unal
- tered. The real and effective group IDs, how
- ever, are still set to match the target user.
- This flag is _\bo_\bf_\bf by default.
+ preserve_groups
+ By default s\bsu\bud\bdo\bo will initialize the group vec
+ tor to the list of groups the target user is
+ in. When _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, the user's
+ existing group vector is left unaltered. The
+ real and effective group IDs, however, are
+ still set to match the target user. This flag
+ is _\bo_\bf_\bf by default.
fqdn Set this flag if you want to put fully quali
fied hostnames in the _\bs_\bu_\bd_\bo_\be_\br_\bs file. I.e.,
rootpw If set, s\bsu\bud\bdo\bo will prompt for the root password
instead of the password of the invoking user.
- This flag is _\bo_\bf_\bf by default.
-
-1.6.8 May 16, 2004 7
+1.6.8 May 17, 2004 7
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ This flag is _\bo_\bf_\bf by default.
+
runaspw If set, s\bsu\bud\bdo\bo will prompt for the password of
the user defined by the _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt option
(defaults to root) instead of the password of
use_loginclass
If set, s\bsu\bud\bdo\bo will apply the defaults specified
for the target user's login class if one
- exists. Only available if s\bsu\bud\bdo\bo is configured
- with the --with-logincap option. This flag is
-1.6.8 May 16, 2004 8
+1.6.8 May 17, 2004 8
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ exists. Only available if s\bsu\bud\bdo\bo is configured
+ with the --with-logincap option. This flag is
_\bo_\bf_\bf by default.
noexec If set, all commands run via sudo will behave
as if the NOEXEC tag has been set, unless
overridden by a EXEC tag. See the description
- of _\bN_\bO_\bE_\bX_\bE_\bC _\ba_\bn_\bd _\bE_\bX_\bE_\bC below as well as the P\bPR\bRE\bE\b
- V\bVE\bEN\bNT\bTI\bIN\bNG\bG S\bSH\bHE\bEL\bLL\bL E\bES\bSC\bCA\bAP\bPE\bES\bS section at the end of
+ of _\bN_\bO_\bE_\bX_\bE_\bC _\ba_\bn_\bd _\bE_\bX_\bE_\bC below as well as the "PRE
+ VENTING SHELL ESCAPES" section at the end of
this manual. This flag is _\bo_\bf_\bf by default.
I\bIn\bnt\bte\beg\bge\ber\brs\bs:
the machine. Default is *** SECURITY informa
tion for %h ***.
- badpass_message
- Message that is displayed if a user enters an
- incorrect password. The default is Sorry, try
-1.6.8 May 16, 2004 9
+
+1.6.8 May 17, 2004 9
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ badpass_message
+ Message that is displayed if a user enters an
+ incorrect password. The default is Sorry, try
again. unless insults are enabled.
timestampdir
editor A colon (':') separated list of editors
allowed to be used with v\bvi\bis\bsu\bud\bdo\bo. v\bvi\bis\bsu\bud\bdo\bo will
- choose the editor that matches the user's USER
- environment variable if possible, or the first
- editor in the list that exists and is
-1.6.8 May 16, 2004 10
+1.6.8 May 17, 2004 10
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- executable. The default is the path to vi on
+ choose the editor that matches the user's USER
+ environment variable if possible, or the first
+ editor in the list that exists and is exe
+ cutable. The default is the path to vi on
your system.
noexec_file Path to a shared library containing dummy ver
quotes (") to protect against sudo interpret
ing the @ sign. Defaults to root.
- exempt_group
- Users in this group are exempt from password
- and PATH requirements. This is not set by
-1.6.8 May 16, 2004 11
+1.6.8 May 17, 2004 11
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ exempt_group
+ Users in this group are exempt from password
+ and PATH requirements. This is not set by
default.
verifypw This option controls when a password will be
contains % or / characters. This can be used
to guard against printf-style format vulnera
bilities in poorly-written programs. The
- argument may be a double-quoted, space-sepa
- rated list or a single value without dou
- ble-quotes. The list can be replaced, added
-1.6.8 May 16, 2004 12
+1.6.8 May 17, 2004 12
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ argument may be a double-quoted, space-sepa
+ rated list or a single value without dou
+ ble-quotes. The list can be replaced, added
to, deleted from, or disabled by using the =,
+=, -=, and ! operators respectively. The
default list of environment variables to check
Runas_Spec ::= '(' Runas_List ')'
- Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:')
- A u\bus\bse\ber\br s\bsp\bpe\bec\bci\bif\bfi\bic\bca\bat\bti\bio\bon\bn determines which commands a user may
-
-1.6.8 May 16, 2004 13
+1.6.8 May 17, 2004 13
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:')
+
+ A u\bus\bse\ber\br s\bsp\bpe\bec\bci\bif\bfi\bic\bca\bat\bti\bio\bon\bn determines which commands a user may
run (and as what user) on specified hosts. By default,
commands are run as r\bro\boo\bot\bt, but this can be changed on a
per-command basis.
The user d\bdg\bgb\bb may run _\b/_\bb_\bi_\bn_\b/_\bl_\bs, _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl, and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm
-- but only as o\bop\bpe\ber\bra\bat\bto\bor\br. E.g.,
- sudo -u operator /bin/ls.
+ $ sudo -u operator /bin/ls.
It is also possible to override a Runas_Spec later on in
an entry. If we modify the entry like so:
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
would allow the user r\bra\bay\by to run _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl, _\b/_\bb_\bi_\bn_\b/_\bl_\bs, and
- _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm as root on the machine rushmore as r\bro\boo\bot\bt
- without authenticating himself. If we only want r\bra\bay\by to be
- able to run _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl without a password the entry would
-1.6.8 May 16, 2004 14
+1.6.8 May 17, 2004 14
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm as root on the machine rushmore as r\bro\boo\bot\bt
+ without authenticating himself. If we only want r\bra\bay\by to be
+ able to run _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl without a password the entry would
be:
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
- See the P\bPR\bRE\bEV\bVE\bEN\bNT\bTI\bIN\bNG\bG S\bSH\bHE\bEL\bLL\bL E\bES\bSC\bCA\bAP\bPE\bES\bS section below for more
+ See the "PREVENTING SHELL ESCAPES" section below for more
details on how _\bn_\bo_\be_\bx_\be_\bc works and whether or not it will
work on your system.
- W\bWi\bil\bld\bdc\bca\bar\brd\bds\bs (\b(a\bak\bka\ba m\bme\bet\bta\ba c\bch\bha\bar\bra\bac\bct\bte\ber\brs\bs)\b):\b:
+ W\bWi\bil\bld\bdc\bca\bar\brd\bds\bs
- s\bsu\bud\bdo\bo allows shell-style _\bw_\bi_\bl_\bd_\bc_\ba_\br_\bd_\bs to be used in pathnames
- as well as command line arguments in the _\bs_\bu_\bd_\bo_\be_\br_\bs file.
- Wildcard matching is done via the P\bPO\bOS\bSI\bIX\bX fnmatch(3) rou
- tine. Note that these are _\bn_\bo_\bt regular expressions.
+ s\bsu\bud\bdo\bo allows shell-style _\bw_\bi_\bl_\bd_\bc_\ba_\br_\bd_\bs (aka meta or glob char
+ acters) to be used in pathnames as well as command line
+ arguments in the _\bs_\bu_\bd_\bo_\be_\br_\bs file. Wildcard matching is done
+ via the P\bPO\bOS\bSI\bIX\bX _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3) routine. Note that these are _\bn_\bo_\bt
+ regular expressions.
* Matches any set of zero or more characters.
used to escape special characters such as: "*",
"?", "[", and "}".
- Note that a forward slash ('/') will n\bno\bot\bt be matched by
- wildcards used in the pathname. When matching the command
- line arguments, however, a slash d\bdo\boe\bes\bs get matched by wild
- cards. This is to make a path like:
-1.6.8 May 16, 2004 15
+1.6.8 May 17, 2004 15
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ Note that a forward slash ('/') will n\bno\bot\bt be matched by
+ wildcards used in the pathname. When matching the command
+ line arguments, however, a slash d\bdo\boe\bes\bs get matched by wild
+ cards. This is to make a path like:
+
/usr/bin/*
match _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bw_\bh_\bo but not _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bX_\b1_\b1_\b/_\bx_\bt_\be_\br_\bm.
- E\bEx\bxc\bce\bep\bpt\bti\bio\bon\bns\bs t\bto\bo w\bwi\bil\bld\bdc\bca\bar\brd\bd r\bru\bul\ble\bes\bs:\b:
+ E\bEx\bxc\bce\bep\bpt\bti\bio\bon\bns\bs t\bto\bo w\bwi\bil\bld\bdc\bca\bar\brd\bd r\bru\bul\ble\bes\bs
The following exceptions apply to the above rules:
argument in the _\bs_\bu_\bd_\bo_\be_\br_\bs entry it means that com
mand is not allowed to be run with a\ban\bny\by arguments.
- O\bOt\bth\bhe\ber\br s\bsp\bpe\bec\bci\bia\bal\bl c\bch\bha\bar\bra\bac\bct\bte\ber\brs\bs a\ban\bnd\bd r\bre\bes\bse\ber\brv\bve\bed\bd w\bwo\bor\brd\bds\bs:\b:
+ O\bOt\bth\bhe\ber\br s\bsp\bpe\bec\bci\bia\bal\bl c\bch\bha\bar\bra\bac\bct\bte\ber\brs\bs a\ban\bnd\bd r\bre\bes\bse\ber\brv\bve\bed\bd w\bwo\bor\brd\bds\bs
The pound sign ('#') is used to indicate a comment (unless
it occurs in the context of a user name and is followed by
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
Below are example _\bs_\bu_\bd_\bo_\be_\br_\bs entries. Admittedly, some of
- these are a bit contrived. First, we define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
-
-
-
-
-1.6.8 May 16, 2004 16
+1.6.8 May 17, 2004 16
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ these are a bit contrived. First, we define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
+
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
- Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt
- Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
+ Cmnd_Alias HALT = /usr/sbin/halt
+ Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
-
-
-1.6.8 May 16, 2004 17
+1.6.8 May 17, 2004 17
The user l\bli\bis\bsa\ba may run any command on any host in the
_\bC_\bU_\bN_\bE_\bT_\bS alias (the class B network 128.138.0.0).
- operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\
- /usr/oper/bin/
+ operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
+ sudoedit /etc/printcap, /usr/oper/bin/
The o\bop\bpe\ber\bra\bat\bto\bor\br user may run commands limited to simple main
tenance. Here, those are commands related to backups,
-1.6.8 May 16, 2004 18
+1.6.8 May 17, 2004 18
-1.6.8 May 16, 2004 19
+1.6.8 May 17, 2004 19
To tell whether or not s\bsu\bud\bdo\bo supports _\bn_\bo_\be_\bx_\be_\bc, you can run
the following as root:
- # sudo -V | grep "dummy exec"
+ \# sudo -V | grep "dummy exec"
If the resulting output contains a line that begins with:
-1.6.8 May 16, 2004 20
+1.6.8 May 17, 2004 20
Note that disabling shell escapes is not a panacea. Pro
grams running as root are still capable of many poten
- tially hazardous operations (such as chaning or overwrit
+ tially hazardous operations (such as changing or overwrit
ing files) that could lead to unintended privilege escala
tion. In the specific case of an editor, a safer approach
- is to give the user permission to run the s\bsu\bud\bdo\boe\bed\bdi\bit\bt pro
- gram.
+ is to give the user permission to run s\bsu\bud\bdo\boe\bed\bdi\bit\bt.
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
The _\bs_\bu_\bd_\bo_\be_\br_\bs file should a\bal\blw\bwa\bay\bys\bs be edited by the v\bvi\bis\bsu\bud\bdo\bo
/etc/netgroup List of network groups
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\br_\bs_\bh(1), _\bs_\bu(1), _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3), _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bs_\bu_\bd_\bo(8)
+ _\br_\bs_\bh(1), _\bs_\bu(1), _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3), sudo(1m), visudo(1m)
+
-1.6.8 May 16, 2004 21
+1.6.8 May 17, 2004 21
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "May 16, 2004" "1.6.8" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "May 17, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers \- list of which users may execute what
.SH "DESCRIPTION"
of the host's ethernet interface(s) will be used when matching.
The netmask may be specified either in dotted quad notation (e.g.
255.255.255.0) or \s-1CIDR\s0 notation (number of bits, e.g. 24). A hostname
-may include shell-style wildcards (see `Wildcards' section below),
+may include shell-style wildcards (see the Wildcards section below),
but unless the \f(CW\*(C`hostname\*(C'\fR command on your machine returns the fully
qualified hostname, you'll need to use the \fIfqdn\fR option for wildcards
to be useful.
.PP
A \f(CW\*(C`Cmnd_List\*(C'\fR is a list of one or more commandnames, directories, and other
aliases. A commandname is a fully qualified filename which may include
-shell-style wildcards (see `Wildcards' section below). A simple
+shell-style wildcards (see the Wildcards section below). A simple
filename allows the user to run the command with any arguments he/she
wishes. However, you may also specify command line arguments (including
wildcards). Alternately, you can specify \f(CW""\fR to indicate that the command
.IX Item "noexec"
If set, all commands run via sudo will behave as if the \f(CW\*(C`NOEXEC\*(C'\fR
tag has been set, unless overridden by a \f(CW\*(C`EXEC\*(C'\fR tag. See the
-description of \fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR below as well as the \fB\s-1PREVENTING\s0 \s-1SHELL\s0
-\&\s-1ESCAPES\s0\fR section at the end of this manual. This flag is \fIoff\fR by default.
+description of \fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR below as well as the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section at the end of this manual. This flag is \fIoff\fR by default.
.PP
\&\fBIntegers\fR:
.IP "passwd_tries" 12
to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and
\&\f(CW\*(C`!\*(C'\fR operators respectively. This list has no default members.
.PP
-When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values for the syslog
-facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your \s-1OS\s0
-supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR,
-\&\fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. The following
-syslog priorities are supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR,
-\&\fBerr\fR, \fBinfo\fR, \fBnotice\fR, and \fBwarning\fR.
+When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values
+for the syslog facility (the value of the \fBsyslog\fR Parameter):
+\&\fBauthpriv\fR (if your \s-1OS\s0 supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR,
+\&\fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR, \fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR,
+\&\fBlocal6\fR, and \fBlocal7\fR. The following syslog priorities are
+supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, \fBerr\fR, \fBinfo\fR,
+\&\fBnotice\fR, and \fBwarning\fR.
.Sh "User Specification"
.IX Subsection "User Specification"
.Vb 2
\&\fI/usr/bin/lprm\fR \*(-- but only as \fBoperator\fR. E.g.,
.PP
.Vb 1
-\& sudo -u operator /bin/ls.
+\& $ sudo -u operator /bin/ls.
.Ve
.PP
It is also possible to override a \f(CW\*(C`Runas_Spec\*(C'\fR later on in an
\& aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
.Ve
.PP
-See the \fB\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\fR section below for more details
+See the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section below for more details
on how \fInoexec\fR works and whether or not it will work on your system.
-.Sh "Wildcards (aka meta characters):"
-.IX Subsection "Wildcards (aka meta characters):"
-\&\fBsudo\fR allows shell-style \fIwildcards\fR to be used in pathnames
-as well as command line arguments in the \fIsudoers\fR file. Wildcard
-matching is done via the \fB\s-1POSIX\s0\fR \f(CWfnmatch(3)\fR routine. Note that
-these are \fInot\fR regular expressions.
+.Sh "Wildcards"
+.IX Subsection "Wildcards"
+\&\fBsudo\fR allows shell-style \fIwildcards\fR (aka meta or glob characters)
+to be used in pathnames as well as command line arguments in the
+\&\fIsudoers\fR file. Wildcard matching is done via the \fB\s-1POSIX\s0\fR
+\&\fIfnmatch\fR\|(3) routine. Note that these are \fInot\fR regular expressions.
.ie n .IP "\*(C`*\*(C'" 8
.el .IP "\f(CW\*(C`*\*(C'\fR" 8
.IX Item "*"
.Ve
.PP
match \fI/usr/bin/who\fR but not \fI/usr/bin/X11/xterm\fR.
-.Sh "Exceptions to wildcard rules:"
-.IX Subsection "Exceptions to wildcard rules:"
+.Sh "Exceptions to wildcard rules"
+.IX Subsection "Exceptions to wildcard rules"
The following exceptions apply to the above rules:
.ie n .IP """""" 8
.el .IP "\f(CW``''\fR" 8
If the empty string \f(CW""\fR is the only command line argument in the
\&\fIsudoers\fR entry it means that command is not allowed to be run
with \fBany\fR arguments.
-.Sh "Other special characters and reserved words:"
-.IX Subsection "Other special characters and reserved words:"
+.Sh "Other special characters and reserved words"
+.IX Subsection "Other special characters and reserved words"
The pound sign ('#') is used to indicate a comment (unless it
occurs in the context of a user name and is followed by one or
more digits, in which case it is treated as a uid). Both the
\& Cmnd_Alias KILL = /usr/bin/kill
\& Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
\& Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
-\& Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt
-\& Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
+\& Cmnd_Alias HALT = /usr/sbin/halt
+\& Cmnd_Alias REBOOT = /usr/sbin/reboot
\& Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \e
\& /usr/local/bin/tcsh, /usr/bin/rsh, \e
\& /usr/local/bin/zsh
(the class B network \f(CW128.138.0.0\fR).
.PP
.Vb 2
-\& operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\e
-\& /usr/oper/bin/
+\& operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\e
+\& sudoedit /etc/printcap, /usr/oper/bin/
.Ve
.PP
The \fBoperator\fR user may run commands limited to simple maintenance.
the following as root:
.PP
.Vb 1
-\& # sudo -V | grep "dummy exec"
+\& \e# sudo -V | grep "dummy exec"
.Ve
.PP
If the resulting output contains a line that begins with:
.PP
Note that disabling shell escapes is not a panacea. Programs running
as root are still capable of many potentially hazardous operations
-(such as chaning or overwriting files) that could lead to unintended
+(such as changing or overwriting files) that could lead to unintended
privilege escalation. In the specific case of an editor, a safer
-approach is to give the user permission to run the \fBsudoedit\fR
-program.
+approach is to give the user permission to run \fBsudoedit\fR.
.SH "CAVEATS"
.IX Header "CAVEATS"
The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(8)
+\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), sudo(@mansectsu@), visudo(@mansectsu@)
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
v\bvi\bis\bsu\bud\bdo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous
- to _\bv_\bi_\bp_\bw(1m). v\bvi\bis\bsu\bud\bdo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against multi
+ to vipw(1m). v\bvi\bis\bsu\bud\bdo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against multi
ple simultaneous edits, provides basic sanity checks, and
checks for parse errors. If the _\bs_\bu_\bd_\bo_\be_\br_\bs file is currently
being edited you will receive a message to try again
-1.6.8 February 13, 2004 1
+1.6.8 May 17, 2004 1
Many people have worked on _\bs_\bu_\bd_\bo over the years; this ver
sion of v\bvi\bis\bsu\bud\bdo\bo was written by:
- Todd Miller <Todd.Miller@courtesan.com>
+ Todd Miller
-1.6.8 February 13, 2004 2
+1.6.8 May 17, 2004 2
shell if the editor used by v\bvi\bis\bsu\bud\bdo\bo allows shell escapes.
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\bv_\bi(1), _\bs_\bu_\bd_\bo_\be_\br_\bs(4), _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bp_\bw(8)
+ _\bv_\bi(1), sudoers(4), sudo(1m), vipw(1m)
-1.6.8 February 13, 2004 3
+1.6.8 May 17, 2004 3
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.\" $Sudo$
-.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.13
+.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
.\"
.\" Standard preamble:
.\" ========================================================================
.\" ========================================================================
.\"
.IX Title "VISUDO @mansectsu@"
-.TH VISUDO @mansectsu@ "February 13, 2004" "1.6.8" "MAINTENANCE COMMANDS"
+.TH VISUDO @mansectsu@ "May 17, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.SH "NAME"
visudo \- edit the sudoers file
.SH "SYNOPSIS"
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
-\&\fIvipw\fR\|(@mansectsu@). \fBvisudo\fR locks the \fIsudoers\fR file against multiple
+vipw(@mansectsu@). \fBvisudo\fR locks the \fIsudoers\fR file against multiple
simultaneous edits, provides basic sanity checks, and checks
for parse errors. If the \fIsudoers\fR file is currently being
edited you will receive a message to try again later.
\&\fBvisudo\fR was written by:
.PP
.Vb 1
-\& Todd Miller <Todd.Miller@courtesan.com>
+\& Todd Miller
.Ve
.PP
See the \s-1HISTORY\s0 file in the sudo distribution or visit
the editor used by \fBvisudo\fR allows shell escapes.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIvi\fR\|(1), \fIsudoers\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8)
+\&\fIvi\fR\|(1), sudoers(@mansectform@), sudo(@mansectsu@), vipw(@mansectsu@)
projects / sudo / commitdiff