S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
s\bsu\bud\bdo\bo -\b-h\bh | -\b-K\bK | -\b-k\bk | -\b-L\bL | -\b-V\bV | -\b-v\bv
- s\bsu\bud\bdo\bo -\b-l\bl [-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-U\bU _\bu_\bs_\be_\br_\bn_\ba_\bm_\be] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ s\bsu\bud\bdo\bo -\b-l\bl[\b[l\bl]\b] [-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-U\bU _\bu_\bs_\be_\br_\bn_\ba_\bm_\be] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [_\bc_\bo_\bm_\b-
+ _\bm_\ba_\bn_\bd]
s\bsu\bud\bdo\bo [-\b-b\bbE\bEH\bHP\bPS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-] [-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd]
[-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-r\br _\br_\bo_\bl_\be] [-\b-t\bt _\bt_\by_\bp_\be] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be]
SUDO_USER.
s\bsu\bud\bdo\bo can log both successful and unsuccessful attempts (as well as
- errors) to _\bs_\by_\bs_\bl_\bo_\bg(3), a log file, or both. By default s\bsu\bud\bdo\bo will log
-1.7 February 9, 2008 1
+1.7 February 15, 2008 1
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ errors) to _\bs_\by_\bs_\bl_\bo_\bg(3), a log file, or both. By default s\bsu\bud\bdo\bo will log
via _\bs_\by_\bs_\bl_\bo_\bg(3) but this is changeable at configure time or via the _\bs_\bu_\bd_\bo_\b-
_\be_\br_\bs file.
1. Temporary copies are made of the files to be edited
with the owner set to the invoking user.
- 2. The editor specified by the VISUAL or EDITOR environ-
- ment variables is run to edit the temporary files. If
+ 2. The editor specified by the VISUAL or EDITOR
-1.7 February 9, 2008 2
+1.7 February 15, 2008 2
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- neither VISUAL nor EDITOR are set, the program listed
- in the _\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs variable is used.
+ environment variables is run to edit the temporary
+ files. If neither VISUAL nor EDITOR are set, the pro-
+ gram listed in the _\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs variable is used.
3. If they have been modified, the temporary files are
copied back to their original location and the tempo-
-k The -\b-k\bk (_\bk_\bi_\bl_\bl) option to s\bsu\bud\bdo\bo invalidates the user's times-
tamp by setting the time on it to the Epoch. The next time
- s\bsu\bud\bdo\bo is run a password will be required. This option does
-1.7 February 9, 2008 3
+1.7 February 15, 2008 3
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ s\bsu\bud\bdo\bo is run a password will be required. This option does
not require a password and was added to allow a user to
revoke s\bsu\bud\bdo\bo permissions from a .logout file.
description for each. This option is useful in conjunction
with _\bg_\br_\be_\bp(1).
- -l [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ -l[l] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
If no _\bc_\bo_\bm_\bm_\ba_\bn_\bd is specified, the -\b-l\bl (_\bl_\bi_\bs_\bt) option will list
the allowed (and forbidden) commands for the invoking user
(or the user specified by the -\b-U\bU option) on the current
host. If a _\bc_\bo_\bm_\bm_\ba_\bn_\bd is specified and is permitted by _\bs_\bu_\bd_\bo_\b-
_\be_\br_\bs, the fully-qualified path to the command is displayed
- along with any command line arguments. If _\bc_\bo_\bm_\bm_\ba_\bn_\bd is not
- allowed, s\bsu\bud\bdo\bo will exit with a return value of 1.
+ along with any command line arguments. If _\bc_\bo_\bm_\bm_\ba_\bn_\bd is spec-
+ ified but not allowed, s\bsu\bud\bdo\bo will exit with a return value
+ of 1. If the -\b-l\bl flag is specified with an l\bl argument (i.e.
+ -\b-l\bll\bl), or if -\b-l\bl is specified multiple times, a longer list
+ format is used.
-P The -\b-P\bP (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\bg_\br_\bo_\bu_\bp _\bv_\be_\bc_\bt_\bo_\br) option causes s\bsu\bud\bdo\bo to pre-
serve the invoking user's group vector unaltered. By
system password prompt on systems that support PAM unless
the _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be flag is disabled in _\bs_\bu_\bd_\bo_\be_\br_\bs.
- -r _\br_\bo_\bl_\be The -\b-r\br (_\br_\bo_\bl_\be) option causes the new (SELinux) security con-
- text to have the role specified by _\br_\bo_\bl_\be.
-
- -S The -\b-S\bS (_\bs_\bt_\bd_\bi_\bn) option causes s\bsu\bud\bdo\bo to read the password from
- the standard input instead of the terminal device.
+ -r _\br_\bo_\bl_\be The -\b-r\br (_\br_\bo_\bl_\be) option causes the new (SELinux) security
-1.7 February 9, 2008 4
+1.7 February 15, 2008 4
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ context to have the role specified by _\br_\bo_\bl_\be.
+
+ -S The -\b-S\bS (_\bs_\bt_\bd_\bi_\bn) option causes s\bsu\bud\bdo\bo to read the password from
+ the standard input instead of the terminal device.
+
-s [command]
The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by the _\bS_\bH_\bE_\bL_\bL
environment variable if it is set or the shell as specified
matched is ALL, the user may set variables that would overwise be for-
bidden. See _\bs_\bu_\bd_\bo_\be_\br_\bs(4) for more information.
-R\bRE\bET\bTU\bUR\bRN\bN V\bVA\bAL\bLU\bUE\bES\bS
- Upon successful execution of a program, the return value from s\bsu\bud\bdo\bo will
- simply be the return value of the program that was executed.
-
-
-1.7 February 9, 2008 5
+1.7 February 15, 2008 5
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+R\bRE\bET\bTU\bUR\bRN\bN V\bVA\bAL\bLU\bUE\bES\bS
+ Upon successful execution of a program, the return value from s\bsu\bud\bdo\bo will
+ simply be the return value of the program that was executed.
+
Otherwise, s\bsu\bud\bdo\bo quits with an exit value of 1 if there is a configura-
tion/permission problem or if s\bsu\bud\bdo\bo cannot execute the given command.
In the latter case the error string is printed to stderr. If s\bsu\bud\bdo\bo can-
s\bsu\bud\bdo\bo will check the ownership of its timestamp directory (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo
by default) and ignore the directory's contents if it is not owned by
root or if it is writable by a user other than root. On systems that
- allow non-root users to give away files via _\bc_\bh_\bo_\bw_\bn(2), if the timestamp
- directory is located in a directory writable by anyone (e.g., _\b/_\bt_\bm_\bp), it
- is possible for a user to create the timestamp directory before s\bsu\bud\bdo\bo is
- run. However, because s\bsu\bud\bdo\bo checks the ownership and mode of the
-1.7 February 9, 2008 6
+1.7 February 15, 2008 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- directory and its contents, the only damage that can be done is to
- "hide" files by putting them in the timestamp dir. This is unlikely to
- happen since once the timestamp dir is owned by root and inaccessible
- by any other user, the user placing files there would be unable to get
- them back out. To get around this issue you can use a directory that
- is not world-writable for the timestamps (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo for instance)
- or create _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo with the appropriate owner (root) and permis-
- sions (0700) in the system startup files.
+ allow non-root users to give away files via _\bc_\bh_\bo_\bw_\bn(2), if the timestamp
+ directory is located in a directory writable by anyone (e.g., _\b/_\bt_\bm_\bp), it
+ is possible for a user to create the timestamp directory before s\bsu\bud\bdo\bo is
+ run. However, because s\bsu\bud\bdo\bo checks the ownership and mode of the direc-
+ tory and its contents, the only damage that can be done is to "hide"
+ files by putting them in the timestamp dir. This is unlikely to happen
+ since once the timestamp dir is owned by root and inaccessible by any
+ other user, the user placing files there would be unable to get them
+ back out. To get around this issue you can use a directory that is not
+ world-writable for the timestamps (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo for instance) or cre-
+ ate _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo with the appropriate owner (root) and permissions
+ (0700) in the system startup files.
s\bsu\bud\bdo\bo will not honor timestamps set far in the future. Timestamps with
a date greater than current_time + 2 * TIMEOUT will be ignored and sudo
SUDO_GID Set to the gid of the user who invoked sudo
- SUDO_PS1 If set, PS1 will be set to its value
- USER Set to the target user (root unless the -\b-u\bu option is
- specified)
-
-1.7 February 9, 2008 7
+1.7 February 15, 2008 7
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ SUDO_PS1 If set, PS1 will be set to its value
+
+ USER Set to the target user (root unless the -\b-u\bu option is
+ specified)
+
VISUAL Default editor to use in -\b-e\be (sudoedit) mode
F\bFI\bIL\bLE\bES\bS
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
There is no easy way to prevent a user from gaining a root shell if
that user is allowed to run arbitrary commands via s\bsu\bud\bdo\bo. Also, many
- programs (such as editors) allow the user to run commands via shell
- escapes, thus avoiding s\bsu\bud\bdo\bo's checks. However, on most systems it is
- possible to prevent shell escapes with s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality.
- See the _\bs_\bu_\bd_\bo_\be_\br_\bs(4) manual for details.
-
-1.7 February 9, 2008 8
+1.7 February 15, 2008 8
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ programs (such as editors) allow the user to run commands via shell
+ escapes, thus avoiding s\bsu\bud\bdo\bo's checks. However, on most systems it is
+ possible to prevent shell escapes with s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality.
+ See the _\bs_\bu_\bd_\bo_\be_\br_\bs(4) manual for details.
+
It is not meaningful to run the cd command directly via sudo, e.g.,
$ sudo cd /usr/local/protected
-
-
-
-
-
-1.7 February 9, 2008 9
+1.7 February 15, 2008 9
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "February 9, 2008" "1.7" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "February 15, 2008" "1.7" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR | \fB\-v\fR
.PP
-\&\fBsudo\fR \fB\-l\fR [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR]
+\&\fBsudo\fR \fB\-l[l]\fR [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR]
[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fIcommand\fR]
.PP
\&\fBsudo\fR [\fB\-bEHPS\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR]
[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
-[\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
+[\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR]
+[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
[\fB\s-1VAR\s0\fR=\fIvalue\fR] [{\fB\-i\fR\ |\ \fB\-s\fR]\ [<\fIcommand\fR}]
.PP
\&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR]
The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters
that may be set in a \fIDefaults\fR line along with a short description
for each. This option is useful in conjunction with \fIgrep\fR\|(1).
-.IP "\-l [\fIcommand\fR]" 12
-.IX Item "-l [command]"
+.IP "\-l[l] [\fIcommand\fR]" 12
+.IX Item "-l[l] [command]"
If no \fIcommand\fR is specified, the \fB\-l\fR (\fIlist\fR) option will list
the allowed (and forbidden) commands for the invoking user (or the
user specified by the \fB\-U\fR option) on the current host. If a
\&\fIcommand\fR is specified and is permitted by \fIsudoers\fR, the
fully-qualified path to the command is displayed along with any
-command line arguments. If \fIcommand\fR is not allowed, \fBsudo\fR will
-exit with a return value of 1.
+command line arguments. If \fIcommand\fR is specified but not allowed,
+\&\fBsudo\fR will exit with a return value of 1. If the \fB\-l\fR flag is
+specified with an \fBl\fR argument (i.e. \fB\-ll\fR), or if \fB\-l\fR
+is specified multiple times, a longer list format is used.
.IP "\-P" 12
.IX Item "-P"
The \fB\-P\fR (\fIpreserve\fR \fIgroup vector\fR) option causes \fBsudo\fR to
projects / sudo / commitdiff