-1.8.0b1 July 1, 2010 1
+1.8.0b1 July 2, 2010 1
-1.8.0b1 July 1, 2010 2
+1.8.0b1 July 2, 2010 2
-1.8.0b1 July 1, 2010 3
+1.8.0b1 July 2, 2010 3
space.
The nonunix_group syntax depends on the underlying implementation. For
- instance, the QAS AD backend supports the following formats:
+ instance, the QAS AD plugin supports the following formats:
+\bo Group in the same domain: "Group Name"
-1.8.0b1 July 1, 2010 4
+1.8.0b1 July 2, 2010 4
-1.8.0b1 July 1, 2010 5
+1.8.0b1 July 2, 2010 5
-1.8.0b1 July 1, 2010 6
+1.8.0b1 July 2, 2010 6
-1.8.0b1 July 1, 2010 7
+1.8.0b1 July 2, 2010 7
-1.8.0b1 July 1, 2010 8
+1.8.0b1 July 2, 2010 8
-1.8.0b1 July 1, 2010 9
+1.8.0b1 July 2, 2010 9
-1.8.0b1 July 1, 2010 10
+1.8.0b1 July 2, 2010 10
-1.8.0b1 July 1, 2010 11
+1.8.0b1 July 2, 2010 11
-1.8.0b1 July 1, 2010 12
+1.8.0b1 July 2, 2010 12
-1.8.0b1 July 1, 2010 13
+1.8.0b1 July 2, 2010 13
-1.8.0b1 July 1, 2010 14
+1.8.0b1 July 2, 2010 14
-1.8.0b1 July 1, 2010 15
+1.8.0b1 July 2, 2010 15
-1.8.0b1 July 1, 2010 16
+1.8.0b1 July 2, 2010 16
-1.8.0b1 July 1, 2010 17
+1.8.0b1 July 2, 2010 17
-1.8.0b1 July 1, 2010 18
+1.8.0b1 July 2, 2010 18
-1.8.0b1 July 1, 2010 19
+1.8.0b1 July 2, 2010 19
Users in this group are exempt from password and PATH
requirements. This is not set by default.
+ group_plugin
+ A string containing a _\bs_\bu_\bd_\bo_\be_\br_\bs group plugin with optional
+ arguments. This can be used to implement support for the
+ nonunix_group syntax described earlier. The string should
+ consist of the plugin path, either fully-qualified or
+ relative to the _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc directory, followed by
+ any configuration arguments the plugin requires. These
+ arguments (if any) will be passed to the plugin's
+ initialization function. If arguments are present, the
+ string must be enclosed in double quotes (").
+
+ For example, given _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b-_\bg_\br_\bo_\bu_\bp, a group file in Unix
+ group format, the sample group plugin can be used:
+
+ Defaults sudo_plugin="sample_group.so /etc/sudo-group"
+
+ For more information see _\bs_\bu_\bd_\bo_\b__\bp_\bl_\bu_\bg_\bi_\bn(4).
+
lecture This option controls when a short lecture will be printed
along with the password prompt. It has the following
possible values:
will be used in place of the standard lecture if the named
file exists. By default, s\bsu\bud\bdo\bo uses a built-in lecture.
+
+
+
+1.8.0b1 July 2, 2010 20
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
listpw This option controls when a password will be required when
a user runs s\bsu\bud\bdo\bo with the -\b-l\bl option. It has the following
possible values:
never The user need never enter a password to use the -\b-l\bl
option.
-
-
-
-1.8.0b1 July 1, 2010 20
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
If no value is specified, a value of _\ba_\bn_\by is implied.
Negating the option results in a value of _\bn_\be_\bv_\be_\br being used.
The default value is _\ba_\bn_\by.
a user runs s\bsu\bud\bdo\bo with the -\b-v\bv option. It has the following
possible values:
+
+
+1.8.0b1 July 2, 2010 21
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
all All the user's _\bs_\bu_\bd_\bo_\be_\br_\bs entries for the current host
must have the NOPASSWD flag set to avoid entering a
password.
Negating the option results in a value of _\bn_\be_\bv_\be_\br being used.
The default value is _\ba_\bl_\bl.
-
-
-1.8.0b1 July 1, 2010 21
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
L\bLi\bis\bst\bts\bs t\bth\bha\bat\bt c\bca\ban\bn b\bbe\be u\bus\bse\bed\bd i\bin\bn a\ba b\bbo\boo\bol\ble\bea\ban\bn c\bco\bon\bnt\bte\bex\bxt\bt:
env_check Environment variables to be removed from the user's
be a double-quoted, space-separated list or a single
value without double-quotes. The list can be replaced,
added to, deleted from, or disabled by using the =, +=,
+
+
+
+1.8.0b1 July 2, 2010 22
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
-=, and ! operators respectively. The default list of
variables to keep is displayed when s\bsu\bud\bdo\bo is run by root
with the _\b-_\bV option.
_\b/_\be_\bt_\bc_\b/_\bn_\be_\bt_\bg_\br_\bo_\bu_\bp List of network groups
-
-
-
-1.8.0b1 July 1, 2010 22
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
_\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo I/O log files
_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo Directory containing time stamps for the
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
+
+
+
+1.8.0b1 July 2, 2010 23
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Additionally, on the machines in the _\bS_\bE_\bR_\bV_\bE_\bR_\bS Host_Alias, we keep an
additional local log file and make sure we log the year in each log
line since the log entries will be kept around for several years.
-
-
-
-1.8.0b1 July 1, 2010 23
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
Lastly, we disable shell escapes for the commands in the PAGERS
Cmnd_Alias (_\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be, _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bp_\bg and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\be_\bs_\bs).
The user j\bja\bac\bck\bk may run any command on the machines in the _\bC_\bS_\bN_\bE_\bT_\bS alias
(the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of
those networks, only 128.138.204.0 has an explicit netmask (in CIDR
+
+
+
+1.8.0b1 July 2, 2010 24
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
notation) indicating it is a class C network. For the other networks
in _\bC_\bS_\bN_\bE_\bT_\bS, the local machine's netmask will be used during matching.
joe ALL = /usr/bin/su operator
-
-
-
-1.8.0b1 July 1, 2010 24
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
The user j\bjo\boe\be may only _\bs_\bu(1) to operator.
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+
+
+1.8.0b1 July 2, 2010 25
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
On the _\bA_\bL_\bP_\bH_\bA machines, user j\bjo\boh\bhn\bn may su to anyone except root but he is
not allowed to specify any options to the _\bs_\bu(1) command.
The user s\bst\bte\bev\bve\be may run any command in the directory
/usr/local/op_commands/ but only as user operator.
-
-
-1.8.0b1 July 1, 2010 25
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
matt valkyrie = KILL
On his personal workstation, valkyrie, m\bma\bat\btt\bt needs to be able to kill
Furthermore, if the _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb option is in use, it is not possible to
reliably negate commands where the path name includes globbing (aka
+
+
+
+1.8.0b1 July 2, 2010 26
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
wildcard) characters. This is because the C library's _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3)
function cannot resolve relative paths. While this is typically only
an inconvenience for rules that grant privileges, it can result in a
since it is not uncommon for a program to allow shell escapes, which
lets a user bypass s\bsu\bud\bdo\bo's access control and logging. Common programs
that permit shell escapes include shells (obviously), editors,
-
-
-
-1.8.0b1 July 1, 2010 26
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
paginators, mail and terminal programs.
There are two basic approaches to this problem:
error. Unfortunately, there is no foolproof way to know
whether or not _\bn_\bo_\be_\bx_\be_\bc will work at compile-time. _\bn_\bo_\be_\bx_\be_\bc
should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
+
+
+
+1.8.0b1 July 2, 2010 27
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
MacOS X, and HP-UX 11.x. It is known n\bno\bot\bt to work on AIX and
UnixWare. _\bn_\bo_\be_\bx_\be_\bc is expected to work on most operating
systems that support the LD_PRELOAD environment variable.
unsure whether or not your system is capable of supporting
_\bn_\bo_\be_\bx_\be_\bc you can always just try it out and see if it works.
-
-
-
-1.8.0b1 July 1, 2010 27
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
Note that restricting shell escapes is not a panacea. Programs running
as root are still capable of many potentially hazardous operations
(such as changing or overwriting files) that could lead to unintended
command with s\bsu\bud\bdo\bo after authenticating, logout, login again, and run
s\bsu\bud\bdo\bo without authenticating so long as the time stamp file's
modification time is within 5 minutes (or whatever the timeout is set
+
+
+
+1.8.0b1 July 2, 2010 28
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
to in _\bs_\bu_\bd_\bo_\be_\br_\bs). When the _\bt_\bt_\by_\b__\bt_\bi_\bc_\bk_\be_\bt_\bs option is enabled, the time stamp
has per-tty granularity but still may outlive the user's session. On
Linux systems where the devpts filesystem is used, Solaris systems with
specification.
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\br_\bs_\bh(1), _\bs_\bu(1), _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3), _\bg_\bl_\bo_\bb(3), _\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bl_\bd_\ba_\bp(4), _\bs_\bu_\bd_\bo(1m),
- _\bv_\bi_\bs_\bu_\bd_\bo(1m)
-
-
-
-
-1.8.0b1 July 1, 2010 28
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
+ _\br_\bs_\bh(1), _\bs_\bu(1), _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3), _\bg_\bl_\bo_\bb(3), _\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bl_\bd_\ba_\bp(4), _\bs_\bu_\bd_\bo_\b__\bp_\bl_\bu_\bg_\bi_\bn(4),
+ _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bs_\bu_\bd_\bo(1m)
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
The _\bs_\bu_\bd_\bo_\be_\br_\bs file should a\bal\blw\bwa\bay\bys\bs be edited by the v\bvi\bis\bsu\bud\bdo\bo command which
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.8.0b1 July 1, 2010 29
+1.8.0b1 July 2, 2010 29
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "July 1, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "July 2, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
escaped hex mode, e.g. \ex20 for space.
.PP
The \f(CW\*(C`nonunix_group\*(C'\fR syntax depends on the underlying implementation.
-For instance, the \s-1QAS\s0 \s-1AD\s0 backend supports the following formats:
+For instance, the \s-1QAS\s0 \s-1AD\s0 plugin supports the following formats:
.IP "\(bu" 4
Group in the same domain: \*(L"Group Name\*(R"
.IP "\(bu" 4
.IX Item "exempt_group"
Users in this group are exempt from password and \s-1PATH\s0 requirements.
This is not set by default.
+.IP "group_plugin" 12
+.IX Item "group_plugin"
+A string containing a \fIsudoers\fR group plugin with optional arguments.
+This can be used to implement support for the \f(CW\*(C`nonunix_group\*(C'\fR
+syntax described earlier. The string should consist of the plugin
+path, either fully-qualified or relative to the \fI@prefix@/libexec\fR
+directory, followed by any configuration arguments the plugin
+requires. These arguments (if any) will be passed to the plugin's
+initialization function. If arguments are present, the string must
+be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR).
+.Sp
+For example, given \fI/etc/sudo\-group\fR, a group file in Unix group
+format, the sample group plugin can be used:
+.Sp
+.Vb 1
+\& Defaults sudo_plugin="sample_group.so /etc/sudo\-group"
+.Ve
+.Sp
+For more information see \fIsudo_plugin\fR\|(@mansectform@).
.IP "lecture" 12
.IX Item "lecture"
This option controls when a short lecture will be printed along with
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIglob\fR\|(3), \fIsudoers.ldap\fR\|(@mansectform@),
-\&\fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)
+\&\fIsudo_plugin\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)
.SH "CAVEATS"
.IX Header "CAVEATS"
The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR
projects / sudo / commitdiff