consistent and works around a bug in Pod::Man.
time (five minutes by default).
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo determines who is an authorized user by consulting
- the file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. By giving s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo the `-v' flag a
- user can update the time stamp without running a _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b.
- The password prompt itself will also time out if the
- user's password is not entered with N minutes (again, this
- is defined at configure time and defaults to 5 minutes).
+ the file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. By giving s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo the -\b-\b-\b-v\bv\bv\bv flag a user
+ can update the time stamp without running a _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b. The
+ password prompt itself will also time out if the user's
+ password is not entered with N minutes (again, this is
+ defined at configure time and defaults to 5 minutes).
If a user that is not listed in the _\bs_\bu_\bd_\bo_\be_\br_\bs file tries to
run a command via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo, mail is sent to the proper author
ities, as defined at configure time (defaults to root).
Note that the mail will not be sent if an unauthorized
- user tries to run sudo with the `-l' or `-v' flags. This
+ user tries to run sudo with the -\b-\b-\b-l\bl\bl\bl or -\b-\b-\b-v\bv\bv\bv flags. This
allows users to determine for themselves whether or not
they are allowed to use s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo.
O\bO\bO\bOP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bNS\bS\bS\bS
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following command line options:
- -V The `-V' (_\bv_\be_\br_\bs_\bi_\bo_\bn) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print the
- version number and exit.
+ -V The -\b-\b-\b-V\bV\bV\bV (_\bv_\be_\br_\bs_\bi_\bo_\bn) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print the ver
+ sion number and exit.
- -l The `-l' (_\bl_\bi_\bs_\bt) option will list out the allowed (and
+ -l The -\b-\b-\b-l\bl\bl\bl (_\bl_\bi_\bs_\bt) option will list out the allowed (and
forbidden) commands for the user on the current host.
- -L The `-L' (_\bl_\bi_\bs_\bt defaults) option will list out the
- parameters that may be set in a _\bD_\be_\bf_\ba_\bu_\bl_\bt_\bs line along
- with a short description for each. This option is
- useful in conjunction with _\bg_\br_\be_\bp(1).
+ -L The -\b-\b-\b-L\bL\bL\bL (_\bl_\bi_\bs_\bt defaults) option will list out the param
+ eters that may be set in a _\bD_\be_\bf_\ba_\bu_\bl_\bt_\bs line along with a
+ short description for each. This option is useful in
+ conjunction with _\bg_\br_\be_\bp(1).
-April 7, 2000 1.6.3 1
+April 22, 2000 1.6.3 1
sudo(1m) MAINTENANCE COMMANDS sudo(1m)
- -h The `-h' (_\bh_\be_\bl_\bp) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print a usage
- message and exit.
+ -h The -\b-\b-\b-h\bh\bh\bh (_\bh_\be_\bl_\bp) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print a usage mes
+ sage and exit.
- -v If given the `-v' (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will update
+ -v If given the -\b-\b-\b-v\bv\bv\bv (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will update
the user's timestamp, prompting for the user's pass
word if necessary. This extends the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo timeout to
for another N minutes (where N is defined at installa
tion time and defaults to 5 minutes) but does not run
a command.
- -k The `-k' (_\bk_\bi_\bl_\bl) option to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo invalidates the user's
+ -k The -\b-\b-\b-k\bk\bk\bk (_\bk_\bi_\bl_\bl) option to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo invalidates the user's
timestamp by setting the time on it to the epoch. The
next time s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run a password will be required.
This option does not require a password and was added
to allow a user to revoke s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo permissions from a
.logout file.
- -K The `-K' (sure _\bk_\bi_\bl_\bl) option to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo removes the user's
+ -K The -\b-\b-\b-K\bK\bK\bK (sure _\bk_\bi_\bl_\bl) option to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo removes the user's
timestamp entirely. This option does not require a
password.
- -b The `-b' (_\bb_\ba_\bc_\bk_\bg_\br_\bo_\bu_\bn_\bd) option tells s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to run the
- given command in the background. Note that if you use
- the `-b' option you cannot use shell job control to
- manipulate the command.
+ -b The -\b-\b-\b-b\bb\bb\bb (_\bb_\ba_\bc_\bk_\bg_\br_\bo_\bu_\bn_\bd) option tells s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to run the given
+ command in the background. Note that if you use the
+ -\b-\b-\b-b\bb\bb\bb option you cannot use shell job control to manipu
+ late the command.
- -p The `-p' (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the
+ -p The -\b-\b-\b-p\bp\bp\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the
default password prompt and use a custom one. If the
password prompt contains the `%u' escape, `%u' will be
replaced with the user's login name. Similarly, `%h'
will be replaced with the local hostname.
- -c The `-c' (_\bc_\bl_\ba_\bs_\bs) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to run the speci
- fied command with resources limited by the specified
- login class. The _\bc_\bl_\ba_\bs_\bs argument can be either a class
- name as defined in /etc/login.conf, or a single '-'
- character. Specifying the _\bc_\bl_\ba_\bs_\bs as '-' means that the
- command should be run restricted by the default login
+ -c The -\b-\b-\b-c\bc\bc\bc (_\bc_\bl_\ba_\bs_\bs) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to run the specified
+ command with resources limited by the specified login
+ class. The _\bc_\bl_\ba_\bs_\bs argument can be either a class name
+ as defined in /etc/login.conf, or a single '-' charac
+ ter. Specifying the _\bc_\bl_\ba_\bs_\bs as '-' means that the com
+ mand should be run restricted by the default login
capibilities of the user the command is run as. If
the _\bc_\bl_\ba_\bs_\bs argument specifies an existing user class,
the command must be run as root, or the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo command
classes where s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo has been configured with the
--with-logincap option.
- -u The `-u' (_\bu_\bs_\be_\br) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to run the speci
- fied command as a user other than _\br_\bo_\bo_\bt. To specify a
- _\bu_\bi_\bd instead of a _\bu_\bs_\be_\br_\bn_\ba_\bm_\be, use "#uid".
+ -u The -\b-\b-\b-u\bu\bu\bu (_\bu_\bs_\be_\br) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to run the specified
+ command as a user other than _\br_\bo_\bo_\bt. To specify a _\bu_\bi_\bd
+ instead of a _\bu_\bs_\be_\br_\bn_\ba_\bm_\be, use "#uid".
- -s The `-s' (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by
- the _\bS_\bH_\bE_\bL_\bL environment variable if it is set or the
- shell as specified in _\bp_\ba_\bs_\bs_\bw_\bd(4).
+ -s The -\b-\b-\b-s\bs\bs\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by the
+ _\bS_\bH_\bE_\bL_\bL environment variable if it is set or the shell
+ as specified in _\bp_\ba_\bs_\bs_\bw_\bd(4).
-April 7, 2000 1.6.3 2
+April 22, 2000 1.6.3 2
sudo(1m) MAINTENANCE COMMANDS sudo(1m)
- -H The `-H' (_\bH_\bO_\bM_\bE) option sets the _\bH_\bO_\bM_\bE environment vari
+ -H The -\b-\b-\b-H\bH\bH\bH (_\bH_\bO_\bM_\bE) option sets the _\bH_\bO_\bM_\bE environment vari
able to the homedir of the target user (root by
default) as specified in _\bp_\ba_\bs_\bs_\bw_\bd(4). By default, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
does not modify _\bH_\bO_\bM_\bE.
- -S The `-S' (_\bs_\bt_\bd_\bi_\bn) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to read the pass
- word from standard input instead of the terminal
- device.
+ -S The -\b-\b-\b-S\bS\bS\bS (_\bs_\bt_\bd_\bi_\bn) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to read the password
+ from standard input instead of the terminal device.
- -- The `--' flag indicates that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo should stop process
- ing command line arguments. It is most useful in con
- junction with the `-s' flag.
+ -- The -\b-\b-\b--\b-\b-\b- flag indicates that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo should stop processing
+ command line arguments. It is most useful in conjunc
+ tion with the -\b-\b-\b-s\bs\bs\bs flag.
R\bR\bR\bRE\bE\bE\bET\bT\bT\bTU\bU\bU\bUR\bR\bR\bRN\bN\bN\bN V\bV\bV\bVA\bA\bA\bAL\bL\bL\bLU\bU\bU\bUE\bE\bE\bES\bS\bS\bS
Upon successful execution of a program, the return value
For security reasons, if your OS supports shared libraries
and does not disable user-defined library search paths for
setuid programs (most do), you should either use a linker
- option that disables this behavior or link s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
+ option that disables this behavior or link s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo stati
+ cally.
-April 7, 2000 1.6.3 3
+April 22, 2000 1.6.3 3
sudo(1m) MAINTENANCE COMMANDS sudo(1m)
- statically.
-
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will check the ownership of its timestamp directory
(_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo by default) and ignore the directory's con
tents if it is not owned by root and only writable by
partition. Note that this runs the commands in a sub-
shell to make the `cd' and file redirection work.
+ % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
-April 7, 2000 1.6.3 4
-
+April 22, 2000 1.6.3 4
-sudo(1m) MAINTENANCE COMMANDS sudo(1m)
- % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
+sudo(1m) MAINTENANCE COMMANDS sudo(1m)
E\bE\bE\bEN\bN\bN\bNV\bV\bV\bVI\bI\bI\bIR\bR\bR\bRO\bO\bO\bON\bN\bN\bNM\bM\bM\bME\bE\bE\bEN\bN\bN\bNT\bT\bT\bT
If users have sudo `ALL' there is nothing to prevent them
from creating their own program that gives them a root
+ shell regardless of any '!' elements in the user specifi
+ cation.
-April 7, 2000 1.6.3 5
+April 22, 2000 1.6.3 5
-sudo(1m) MAINTENANCE COMMANDS sudo(1m)
+sudo(1m) MAINTENANCE COMMANDS sudo(1m)
- shell regardless of any '!' elements in the user specifi
- cation.
Running shell scripts via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo can expose the same kernel
bugs that make setuid shell scripts unsafe on some operat
-April 7, 2000 1.6.3 6
+
+
+
+April 22, 2000 1.6.3 6
.\" Automatically generated by Pod::Man version 1.02
-.\" Fri Apr 7 08:37:05 2000
+.\" Sat Apr 22 12:13:37 2000
.\"
.\" Standard preamble:
.\" ======================================================================
.\" ======================================================================
.\"
.IX Title "sudo @mansectsu@"
-.TH sudo @mansectsu@ "1.6.3" "April 7, 2000" "MAINTENANCE COMMANDS"
+.TH sudo @mansectsu@ "1.6.3" "April 22, 2000" "MAINTENANCE COMMANDS"
.UC
.SH "NAME"
sudo \- execute a command as another user
user as specified in the passwd file (the group vector is also
initialized when the target user is not root). By default, \fBsudo\fR
requires that users authenticate themselves with a password
-(NOTE: this is the user's password, not the root password). Once
+(\s-1NOTE:\s0 this is the user's password, not the root password). Once
a user has been authenticated, a timestamp is updated and the
user may then use sudo without a password for a short period of time
(five minutes by default).
.PP
\&\fBsudo\fR determines who is an authorized user by consulting the
-file \fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \f(CW\*(C`\-v\*(C'\fR flag a user
+file \fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user
can update the time stamp without running a \fIcommand.\fR
The password prompt itself will also time out if the user's password is
not entered with N minutes (again, this is defined at configure
a command via \fBsudo\fR, mail is sent to the proper authorities,
as defined at configure time (defaults to root). Note that the
mail will not be sent if an unauthorized user tries to run sudo
-with the \f(CW\*(C`\-l\*(C'\fR or \f(CW\*(C`\-v\*(C'\fR flags. This allows users to determine
+with the \fB\-l\fR or \fB\-v\fR flags. This allows users to determine
for themselves whether or not they are allowed to use \fBsudo\fR.
.PP
\&\fBsudo\fR can log both successful an unsuccessful attempts (as well
\&\fBsudo\fR accepts the following command line options:
.Ip "\-V" 4
.IX Item "-V"
-The \f(CW\*(C`\-V\*(C'\fR (\fIversion\fR) option causes \fBsudo\fR to print the
+The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the
version number and exit.
.Ip "\-l" 4
.IX Item "-l"
-The \f(CW\*(C`\-l\*(C'\fR (\fIlist\fR) option will list out the allowed (and
+The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and
forbidden) commands for the user on the current host.
.Ip "\-L" 4
.IX Item "-L"
-The \f(CW\*(C`\-L\*(C'\fR (\fIlist\fR defaults) option will list out the parameters
+The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters
that may be set in a \fIDefaults\fR line along with a short description
for each. This option is useful in conjunction with \fIgrep\fR\|(1).
.Ip "\-h" 4
.IX Item "-h"
-The \f(CW\*(C`\-h\*(C'\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
+The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
.Ip "\-v" 4
.IX Item "-v"
-If given the \f(CW\*(C`\-v\*(C'\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
+If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
user's timestamp, prompting for the user's password if necessary.
This extends the \fBsudo\fR timeout to for another N minutes
(where N is defined at installation time and defaults to 5
minutes) but does not run a command.
.Ip "\-k" 4
.IX Item "-k"
-The \f(CW\*(C`\-k\*(C'\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
+The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
by setting the time on it to the epoch. The next time \fBsudo\fR is
run a password will be required. This option does not require a password
and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
file.
.Ip "\-K" 4
.IX Item "-K"
-The \f(CW\*(C`\-K\*(C'\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
+The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
entirely. This option does not require a password.
.Ip "\-b" 4
.IX Item "-b"
-The \f(CW\*(C`\-b\*(C'\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
-command in the background. Note that if you use the \f(CW\*(C`\-b\*(C'\fR
+The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
+command in the background. Note that if you use the \fB\-b\fR
option you cannot use shell job control to manipulate the command.
.Ip "\-p" 4
.IX Item "-p"
-The \f(CW\*(C`\-p\*(C'\fR (\fIprompt\fR) option allows you to override the default
+The \fB\-p\fR (\fIprompt\fR) option allows you to override the default
password prompt and use a custom one. If the password prompt
contains the \f(CW\*(C`%u\*(C'\fR escape, \f(CW\*(C`%u\*(C'\fR will be replaced with the user's
login name. Similarly, \f(CW\*(C`%h\*(C'\fR will be replaced with the local
hostname.
.Ip "\-c" 4
.IX Item "-c"
-The \f(CW\*(C`\-c\*(C'\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
+The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
with resources limited by the specified login class. The \fIclass\fR
argument can be either a class name as defined in /etc/login.conf,
or a single '\-' character. Specifying the \fIclass\fR as '\-' means
capibilities of the user the command is run as. If the \fIclass\fR
argument specifies an existing user class, the command must be run
as root, or the \fBsudo\fR command must be run from a shell that is already
-root. This option is only available on systems with BSD login classes
+root. This option is only available on systems with \s-1BSD\s0 login classes
where \fBsudo\fR has been configured with the \-\-with-logincap option.
.Ip "\-u" 4
.IX Item "-u"
-The \f(CW\*(C`\-u\*(C'\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
+The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a
\&\fIusername\fR, use \*(L"#uid\*(R".
.Ip "\-s" 4
.IX Item "-s"
-The \f(CW\*(C`\-s\*(C'\fR (\fIshell\fR) option runs the shell specified by the \fISHELL\fR
+The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
environment variable if it is set or the shell as specified
in \fIpasswd\fR\|(@mansectform@).
.Ip "\-H" 4
.IX Item "-H"
-The \f(CW\*(C`\-H\*(C'\fR (\fIHOME\fR) option sets the \fIHOME\fR environment variable
+The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable
to the homedir of the target user (root by default) as specified
-in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \fIHOME\fR.
+in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR.
.Ip "\-S" 4
.IX Item "-S"
-The \f(CW\*(C`\-S\*(C'\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
+The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
standard input instead of the terminal device.
.Ip "\-\-" 4
-The \f(CW\*(C`\-\-\*(C'\fR flag indicates that \fBsudo\fR should stop processing command
-line arguments. It is most useful in conjunction with the \f(CW\*(C`\-s\*(C'\fR flag.
+The \fB\--\fR flag indicates that \fBsudo\fR should stop processing command
+line arguments. It is most useful in conjunction with the \fB\-s\fR flag.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Upon successful execution of a program, the return value from \fBsudo\fR
\&\fBsudo\fR tries to be safe when executing external commands. Variables
that control how dynamic loading and binding is done can be used
to subvert the program that \fBsudo\fR runs. To combat this the
-\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (HP-UX only), and \f(CW\*(C`LIBPATH\*(C'\fR (AIX
+\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (\s-1HP-UX\s0 only), and \f(CW\*(C`LIBPATH\*(C'\fR (\s-1AIX\s0
only) environment variables are removed from the environment passed
on to all commands executed. \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR,
\&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRB5_CONFIG\*(C'\fR, \f(CW\*(C`LOCALDOMAIN\*(C'\fR,
.PP
To prevent command spoofing, \fBsudo\fR checks \*(L".\*(R" and "" (both denoting
current directory) last when searching for a command in the user's
-PATH (if one or both are in the PATH). Note, however, that the
+\&\s-1PATH\s0 (if one or both are in the \s-1PATH\s0). Note, however, that the
actual \f(CW\*(C`PATH\*(C'\fR environment variable is \fInot\fR modified and is passed
unchanged to the program that \fBsudo\fR executes.
.PP
-For security reasons, if your OS supports shared libraries and does
+For security reasons, if your \s-1OS\s0 supports shared libraries and does
not disable user-defined library search paths for setuid programs
(most do), you should either use a linker option that disables this
behavior or link \fBsudo\fR statically.
\& Todd Miller
\& Chris Jepeway
.Ve
-See the HISTORY file in the \fBsudo\fR distribution for a short history
+See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution for a short history
of \fBsudo\fR.
.SH "BUGS"
.IX Header "BUGS"
at http://www.courtesan.com/sudo/bugs/
.SH "DISCLAIMER"
.IX Header "DISCLAIMER"
-\&\fBSudo\fR is provided ``AS IS'' and any express or implied warranties,
+\&\fBSudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed.
-See the LICENSE file distributed with \fBsudo\fR for complete details.
+See the \s-1LICENSE\s0 file distributed with \fBsudo\fR for complete details.
.SH "CAVEATS"
.IX Header "CAVEATS"
There is no easy way to prevent a user from gaining a root shell if
.PP
Running shell scripts via \fBsudo\fR can expose the same kernel bugs
that make setuid shell scripts unsafe on some operating systems
-(if your OS supports the /dev/fd/ directory, setuid shell scripts
+(if your \s-1OS\s0 supports the /dev/fd/ directory, setuid shell scripts
are generally safe).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
(five minutes by default).
B<sudo> determines who is an authorized user by consulting the
-file F<@sysconfdir@/sudoers>. By giving B<sudo> the C<-v> flag a user
+file F<@sysconfdir@/sudoers>. By giving B<sudo> the B<-v> flag a user
can update the time stamp without running a I<command.>
The password prompt itself will also time out if the user's password is
not entered with N minutes (again, this is defined at configure
a command via B<sudo>, mail is sent to the proper authorities,
as defined at configure time (defaults to root). Note that the
mail will not be sent if an unauthorized user tries to run sudo
-with the C<-l> or C<-v> flags. This allows users to determine
+with the B<-l> or B<-v> flags. This allows users to determine
for themselves whether or not they are allowed to use B<sudo>.
B<sudo> can log both successful an unsuccessful attempts (as well
=item -V
-The C<-V> (I<version>) option causes B<sudo> to print the
+The B<-V> (I<version>) option causes B<sudo> to print the
version number and exit.
=item -l
-The C<-l> (I<list>) option will list out the allowed (and
+The B<-l> (I<list>) option will list out the allowed (and
forbidden) commands for the user on the current host.
=item -L
-The C<-L> (I<list> defaults) option will list out the parameters
+The B<-L> (I<list> defaults) option will list out the parameters
that may be set in a I<Defaults> line along with a short description
for each. This option is useful in conjunction with grep(1).
=item -h
-The C<-h> (I<help>) option causes B<sudo> to print a usage message and exit.
+The B<-h> (I<help>) option causes B<sudo> to print a usage message and exit.
=item -v
-If given the C<-v> (I<validate>) option, B<sudo> will update the
+If given the B<-v> (I<validate>) option, B<sudo> will update the
user's timestamp, prompting for the user's password if necessary.
This extends the B<sudo> timeout to for another N minutes
(where N is defined at installation time and defaults to 5
=item -k
-The C<-k> (I<kill>) option to B<sudo> invalidates the user's timestamp
+The B<-k> (I<kill>) option to B<sudo> invalidates the user's timestamp
by setting the time on it to the epoch. The next time B<sudo> is
run a password will be required. This option does not require a password
and was added to allow a user to revoke B<sudo> permissions from a .logout
=item -K
-The C<-K> (sure I<kill>) option to B<sudo> removes the user's timestamp
+The B<-K> (sure I<kill>) option to B<sudo> removes the user's timestamp
entirely. This option does not require a password.
=item -b
-The C<-b> (I<background>) option tells B<sudo> to run the given
-command in the background. Note that if you use the C<-b>
+The B<-b> (I<background>) option tells B<sudo> to run the given
+command in the background. Note that if you use the B<-b>
option you cannot use shell job control to manipulate the command.
=item -p
-The
C<-p> (I<prompt>) option allows you to override the default
+The
B<-p> (I<prompt>) option allows you to override the default
password prompt and use a custom one. If the password prompt
contains the C<%u> escape, C<%u> will be replaced with the user's
login name. Similarly, C<%h> will be replaced with the local
=item -c
-The C<-c> (I<class>) option causes B<sudo> to run the specified command
+The B<-c> (I<class>) option causes B<sudo> to run the specified command
with resources limited by the specified login class. The I<class>
argument can be either a class name as defined in /etc/login.conf,
or a single '-' character. Specifying the I<class> as '-' means
=item -u
-The C<-u> (I<user>) option causes B<sudo> to run the specified command
+The B<-u> (I<user>) option causes B<sudo> to run the specified command
as a user other than I<root>. To specify a I<uid> instead of a
I<username>, use "#uid".
=item -s
-The C<-s> (I<shell>) option runs the shell specified by the I<SHELL>
+The B<-s> (I<shell>) option runs the shell specified by the I<SHELL>
environment variable if it is set or the shell as specified
in passwd(5).
=item -H
-The C<-H> (I<HOME>) option sets the I<HOME> environment variable
+The B<-H> (I<HOME>) option sets the I<HOME> environment variable
to the homedir of the target user (root by default) as specified
in passwd(5). By default, B<sudo> does not modify I<HOME>.
=item -S
-The C<-S> (I<stdin>) option causes B<sudo> to read the password from
+The B<-S> (I<stdin>) option causes B<sudo> to read the password from
standard input instead of the terminal device.
=item --
-The C<--> flag indicates that B<sudo> should stop processing command
-line arguments. It is most useful in conjunction with the C<-s> flag.
+The B<--> flag indicates that B<sudo> should stop processing command
+line arguments. It is most useful in conjunction with the B<-s> flag.
=back
-April 7, 2000 1.6.3 1
+April 22, 2000 1.6.3 1
-April 7, 2000 1.6.3 2
+April 22, 2000 1.6.3 2
-April 7, 2000 1.6.3 3
+April 22, 2000 1.6.3 3
-April 7, 2000 1.6.3 4
+April 22, 2000 1.6.3 4
shell_noargs
If set and s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is invoked with no arguments
- it acts as if the `-s' flag had been given.
+ it acts as if the -\b-\b-\b-s\bs\bs\bs flag had been given.
That is, it runs a shell as root (the shell is
determined by the `SHELL' environment variable
if it is set, falling back on the shell listed
in the invoking user's /etc/passwd entry if
not). This flag is off by default.
- set_home If set and s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is invoked with the `-s' flag
+ set_home If set and s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is invoked with the -\b-\b-\b-s\bs\bs\bs flag
the `HOME' environment variable will be set to
the home directory of the target user (which
-April 7, 2000 1.6.3 5
+April 22, 2000 1.6.3 5
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
- is root unless the `-u' option is used). This
- effectively makes the `-s' flag imply `-H'.
- This flag is off by default.
+ is root unless the -\b-\b-\b-u\bu\bu\bu option is used). This
+ effectively makes the -\b-\b-\b-s\bs\bs\bs flag imply -\b-\b-\b-H\bH\bH\bH. This
+ flag is off by default.
path_info Normally, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will tell the user when a com
mand could not be found in their `$PATH'.
-April 7, 2000 1.6.3 6
+April 22, 2000 1.6.3 6
default.
targetpw If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will prompt for the password of
- the user specified by the `-u' flag (defaults
- to root) instead of the password of the invok
- ing user. This flag is off by default.
+ the user specified by the -\b-\b-\b-u\bu\bu\bu flag (defaults to
+ root) instead of the password of the invoking
+ user. This flag is off by default.
set_logname Normally, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will set the `LOGNAME' and
`USER' environment variables to the name of
- the target user (usually root unless the `-u'
+ the target user (usually root unless the -\b-\b-\b-u\bu\bu\bu
flag is given). However, since some programs
(including the RCS revision control system)
use `LOGNAME' to determine the real identity
-April 7, 2000 1.6.3 7
+April 22, 2000 1.6.3 7
tamp files. The default is _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo.
passprompt The default prompt to use when asking for a
- password; can be overridden via the `-p'
- option or the `SUDO_PROMPT' environment vari
- able. Supports two escapes: "%u" expands to
- the user's login name and "%h" expands to the
+ password; can be overridden via the -\b-\b-\b-p\bp\bp\bp option
+ or the `SUDO_PROMPT' environment variable.
+ Supports two escapes: "%u" expands to the
+ user's login name and "%h" expands to the
local hostname. The default value is "Pass
word:".
runas_default
- The default user to run commands as if the
- `-u' flag is not specified on the command
- line. This defaults to "root".
+ The default user to run commands as if the -\b-\b-\b-u\bu\bu\bu
+ flag is not specified on the command line.
+ This defaults to "root".
syslog_goodpri
Syslog priority to use when user authenticates
-April 7, 2000 1.6.3 8
+April 22, 2000 1.6.3 8
at configure time.
mailerflags Flags to use when invoking mailer. Defaults to
- `-t'.
+ -\b-\b-\b-t\bt\bt\bt.
mailto Address to send warning and erorr mail to.
Defaults to "root".
the "user path." This is not set by default.
verifypw This option controls when a password will be
- required when a user runs s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo with the -\b-\b-\b-v\bv\bv\bv.
- It has the following possible values:
+ required when a user runs s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo with the -\b-\b-\b-v\bv\bv\bv
+ flag. It has the following possible values:
all All the user's I<sudoers> entries for the
current host must have the C<NOPASSWD>
-April 7, 2000 1.6.3 9
+April 22, 2000 1.6.3 9
-April 7, 2000 1.6.3 10
+April 22, 2000 1.6.3 10
By default, if the `NOPASSWD' tag is applied to any of the
entries for a user on the current host, he or she will be
- able to run `sudo -l' without a password. Additionally, a
- user may only run `sudo -v' without a password if the
+ able to run `sudo \-l' without a password. Additionally,
+ a user may only run `sudo \-v' without a password if the
`NOPASSWD' tag is present for all a user's entries that
pertain to the current host. This behavior may be over
ridden via the verifypw and listpw options.
-April 7, 2000 1.6.3 11
+April 22, 2000 1.6.3 11
-April 7, 2000 1.6.3 12
+April 22, 2000 1.6.3 12
-April 7, 2000 1.6.3 13
+April 22, 2000 1.6.3 13
-April 7, 2000 1.6.3 14
+April 22, 2000 1.6.3 14
-April 7, 2000 1.6.3 15
+April 22, 2000 1.6.3 15
-April 7, 2000 1.6.3 16
+April 22, 2000 1.6.3 16
-April 7, 2000 1.6.3 17
+April 22, 2000 1.6.3 17
.\" Automatically generated by Pod::Man version 1.02
-.\" Fri Apr 7 08:37:06 2000
+.\" Sat Apr 22 12:13:37 2000
.\"
.\" Standard preamble:
.\" ======================================================================
.\" ======================================================================
.\"
.IX Title "sudoers @mansectform@"
-.TH sudoers @mansectform@ "1.6.3" "April 7, 2000" "MAINTENANCE COMMANDS"
+.TH sudoers @mansectform@ "1.6.3" "April 22, 2000" "MAINTENANCE COMMANDS"
.UC
.SH "NAME"
sudoers \- list of which users may execute what
The \fIsudoers\fR file is composed two types of entries:
aliases (basically variables) and user specifications
(which specify who may run what). The grammar of \fIsudoers\fR
-will be described below in Extended Backus-Naur Form (EBNF).
-Don't despair if you don't know what EBNF is, it is fairly
+will be described below in Extended Backus-Naur Form (\s-1EBNF\s0).
+Don't despair if you don't know what \s-1EBNF\s0 is, it is fairly
simple and the definitions below are annotated.
-.Sh "Quick guide to EBNF"
+.Sh "Quick guide to \s-1EBNF\s0"
.IX Subsection "Quick guide to EBNF"
-EBNF is a concise and exact way of describing the grammar of a language.
-Each EBNF definition is made up of \fIproduction rules\fR. Eg.
+\&\s-1EBNF\s0 is a concise and exact way of describing the grammar of a language.
+Each \s-1EBNF\s0 definition is made up of \fIproduction rules\fR. Eg.
.PP
.Vb 1
\& symbol ::= definition | alternate1 | alternate2 ...
.Ve
Each \fIproduction rule\fR references others and thus makes up a
-grammar for the language. EBNF also contains the following
+grammar for the language. \s-1EBNF\s0 also contains the following
operators, which many readers will recognize from regular
expressions. Do not, however, confuse them with \*(L"wildcard\*(R"
characters, which have different meanings.
\& '!'* '+'netgroup |
\& '!'* Host_Alias
.Ve
-A \f(CW\*(C`Host_List\*(C'\fR is made up of one or more hostnames, IP addresses,
+A \f(CW\*(C`Host_List\*(C'\fR is made up of one or more hostnames, \s-1IP\s0 addresses,
network numbers, netgroups (prefixed with '+') and other aliases.
Again, the value of an item may be negated with the '!' operator.
If you do not specify a netmask with a network number, the netmask
of the host's ethernet \fIinterface\fR\|(s) will be used when matching.
The netmask may be specified either in dotted quad notation (eg.
-255.255.255.0) or CIDR notation (number of bits, eg. 24). A hostname
+255.255.255.0) or \s-1CIDR\s0 notation (number of bits, eg. 24). A hostname
may include shell-style wildcards (see `Wildcards' section below),
but unless the \f(CW\*(C`hostname\*(C'\fR command on your machine returns the fully
qualified hostname, you'll need to use the \fIfqdn\fR option for wildcards
\&\fBFlags\fR:
.Ip "long_otp_prompt" 12
.IX Item "long_otp_prompt"
-When validating with a One Time Password scheme (\fBS/Key\fR or \fBOPIE\fR),
+When validating with a One Time Password scheme (\fBS/Key\fR or \fB\s-1OPIE\s0\fR),
a two-line prompt is used to make it easier to cut and paste the
challenge to a local window. It's not as pretty as the default but
some people find it more convenient. This flag is off by default.
.Ip "shell_noargs" 12
.IX Item "shell_noargs"
If set and \fBsudo\fR is invoked with no arguments it acts as if the
-\&\f(CW\*(C`\-s\*(C'\fR flag had been given. That is, it runs a shell as root (the
+\&\fB\-s\fR flag had been given. That is, it runs a shell as root (the
shell is determined by the \f(CW\*(C`SHELL\*(C'\fR environment variable if it is
set, falling back on the shell listed in the invoking user's
/etc/passwd entry if not). This flag is off by default.
.Ip "set_home" 12
.IX Item "set_home"
-If set and \fBsudo\fR is invoked with the \f(CW\*(C`\-s\*(C'\fR flag the \f(CW\*(C`HOME\*(C'\fR
+If set and \fBsudo\fR is invoked with the \fB\-s\fR flag the \f(CW\*(C`HOME\*(C'\fR
environment variable will be set to the home directory of the target
-user (which is root unless the \f(CW\*(C`\-u\*(C'\fR option is used). This effectively
-makes the \f(CW\*(C`\-s\*(C'\fR flag imply \f(CW\*(C`\-H\*(C'\fR. This flag is off by default.
+user (which is root unless the \fB\-u\fR option is used). This effectively
+makes the \fB\-s\fR flag imply \fB\-H\fR. This flag is off by default.
.Ip "path_info" 12
.IX Item "path_info"
Normally, \fBsudo\fR will tell the user when a command could not be
Set this flag if you want to put fully qualified hostnames in the
\&\fIsudoers\fR file. Ie: instead of myhost you would use myhost.mydomain.edu.
You may still use the short form if you wish (and even mix the two).
-Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make DNS lookups
-which may make \fBsudo\fR unusable if DNS stops working (for example
+Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups
+which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example
if the machine is not plugged into the network). Also note that
-you must use the host's official name as DNS knows it. That is,
+you must use the host's official name as \s-1DNS\s0 knows it. That is,
you may not use a host alias (\f(CW\*(C`CNAME\*(C'\fR entry) due to performance
issues and the fact that there is no way to get all aliases from
-DNS. If your machine's hostname (as returned by the \f(CW\*(C`hostname\*(C'\fR
+\&\s-1DNS\s0. If your machine's hostname (as returned by the \f(CW\*(C`hostname\*(C'\fR
command) is already fully qualified you shouldn't need to set
\&\fIfqfn\fR. This flag is off by default.
.Ip "insults" 12
flag is off by default.
.Ip "env_editor" 12
.IX Item "env_editor"
-If set, \fBvisudo\fR will use the value of the EDITOR or VISUAL
+If set, \fBvisudo\fR will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0
environment variables before falling back on the default editor list.
Note that this may create a security hole as it allows the user to
run any arbitrary command as root without logging. A safer alternative
is to place a colon-separated list of editors in the \f(CW\*(C`editor\*(C'\fR
-variable. \fBvisudo\fR will then only use the EDITOR or VISUAL if
+variable. \fBvisudo\fR will then only use the \s-1EDITOR\s0 or \s-1VISUAL\s0 if
they match a value specified in \f(CW\*(C`editor\*(C'\fR. This flag is off by
default.
.Ip "rootpw" 12
.Ip "targetpw" 12
.IX Item "targetpw"
If set, \fBsudo\fR will prompt for the password of the user specified by
-the \f(CW\*(C`\-u\*(C'\fR flag (defaults to root) instead of the password of the
+the \fB\-u\fR flag (defaults to root) instead of the password of the
invoking user. This flag is off by default.
.Ip "set_logname" 12
.IX Item "set_logname"
Normally, \fBsudo\fR will set the \f(CW\*(C`LOGNAME\*(C'\fR and \f(CW\*(C`USER\*(C'\fR environment variables
-to the name of the target user (usually root unless the \f(CW\*(C`\-u\*(C'\fR flag is given).
-However, since some programs (including the RCS revision control system)
+to the name of the target user (usually root unless the \fB\-u\fR flag is given).
+However, since some programs (including the \s-1RCS\s0 revision control system)
use \f(CW\*(C`LOGNAME\*(C'\fR to determine the real identity of the user, it may be desirable
to change this behavior. This can be done by negating the set_logname option.
.Ip "use_loginclass" 12
.IX Item "mailsub"
Subject of the mail sent to the \fImailto\fR user. The escape \f(CW\*(C`%h\*(C'\fR
will expand to the hostname of the machine.
-Default is \*(L"*** SECURITY information for \f(CW%h\fR ***\*(R".
+Default is \*(L"*** \s-1SECURITY\s0 information for \f(CW%h\fR ***\*(R".
.Ip "badpass_message" 12
.IX Item "badpass_message"
Message that is displayed if a user enters an incorrect password.
.Ip "passprompt" 12
.IX Item "passprompt"
The default prompt to use when asking for a password; can be overridden
-via the \f(CW\*(C`\-p\*(C'\fR option or the \f(CW\*(C`SUDO_PROMPT\*(C'\fR environment variable. Supports
+via the \fB\-p\fR option or the \f(CW\*(C`SUDO_PROMPT\*(C'\fR environment variable. Supports
two escapes: \*(L"%u\*(R" expands to the user's login name and \*(L"%h\*(R" expands
to the local hostname. The default value is \*(L"Password:\*(R".
.Ip "runas_default" 12
.IX Item "runas_default"
-The default user to run commands as if the \f(CW\*(C`\-u\*(C'\fR flag is not specified
+The default user to run commands as if the \fB\-u\fR flag is not specified
on the command line. This defaults to \*(L"root\*(R".
.Ip "syslog_goodpri" 12
.IX Item "syslog_goodpri"
.IX Item "editor"
A colon (':') separated list of editors allowed to be used with
\&\fBvisudo\fR. \fBvisudo\fR will choose the editor that matches the user's
-USER environment variable if possible, or the first editor in the
+\&\s-1USER\s0 environment variable if possible, or the first editor in the
list that exists and is executable. The default is the path to vi
on your system.
.PP
Defaults to the path to sendmail found at configure time.
.Ip "mailerflags" 12
.IX Item "mailerflags"
-Flags to use when invoking mailer. Defaults to \f(CW\*(C`\-t\*(C'\fR.
+Flags to use when invoking mailer. Defaults to \fB\-t\fR.
.Ip "mailto" 12
.IX Item "mailto"
Address to send warning and erorr mail to. Defaults to \*(L"root\*(R".
.Ip "exempt_group" 12
.IX Item "exempt_group"
-Users in this group are exempt from password and PATH requirements.
+Users in this group are exempt from password and \s-1PATH\s0 requirements.
This is not set by default.
.Ip "secure_path" 12
.IX Item "secure_path"
be separate from the \*(L"user path.\*(R" This is not set by default.
.Ip "verifypw" 12
.IX Item "verifypw"
-This option controls when a password will be required when a
-user runs \fBsudo\fR with the \fB\-v\fR. It has the following possible values:
+This option controls when a password will be required when a user runs
+\&\fBsudo\fR with the \fB\-v\fR flag. It has the following possible values:
.Sp
.Vb 3
\& all All the user's I<sudoers> entries for the
The default value is `any'.
.PP
When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values for the syslog
-facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your OS
+facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your \s-1OS\s0
supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR,
\&\fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. The following
syslog priorities are supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR,
.Ve
Then user \fBdgb\fR is now allowed to run \fI/bin/ls\fR as \fBoperator\fR,
but \fI/bin/kill\fR and \fI/usr/bin/lprm\fR as \fBroot\fR.
-.Sh "NOPASSWD and PASSWD"
+.Sh "\s-1NOPASSWD\s0 and \s-1PASSWD\s0"
.IX Subsection "NOPASSWD and PASSWD"
By default, \fBsudo\fR requires that a user authenticate him or herself
before running a command. This behavior can be modified via the
.PP
By default, if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is applied to any of the entries
for a user on the current host, he or she will be able to run
-\&\f(CW\*(C`sudo \-l\*(C'\fR without a password. Additionally, a user may only run
-\&\f(CW\*(C`sudo \-v\*(C'\fR without a password if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is present
+\&\f(CW\*(C`sudo \e-l\*(C'\fR without a password. Additionally, a user may only run
+\&\f(CW\*(C`sudo \e-v\*(C'\fR without a password if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is present
for all a user's entries that pertain to the current host.
This behavior may be overridden via the verifypw and listpw options.
.Sh "Wildcards (aka meta characters):"
.IX Subsection "Wildcards (aka meta characters):"
\&\fBsudo\fR allows shell-style \fIwildcards\fR to be used in pathnames
as well as command line arguments in the \fIsudoers\fR file. Wildcard
-matching is done via the \fBPOSIX\fR \f(CW\*(C`fnmatch(3)\*(C'\fR routine. Note that
+matching is done via the \fB\s-1POSIX\s0\fR \f(CW\*(C`fnmatch(3)\*(C'\fR routine. Note that
these are \fInot\fR regular expressions.
.Ip "\f(CW\*(C`*\*(C'\fR" 8
.IX Item "*"
comment character and any text after it, up to the end of the line,
are ignored.
.PP
-The reserved word \fBALL\fR is a built in \fIalias\fR that always causes
+The reserved word \fB\s-1ALL\s0\fR is a built in \fIalias\fR that always causes
a match to succeed. It can be used wherever one might otherwise
use a \f(CW\*(C`Cmnd_Alias\*(C'\fR, \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, or \f(CW\*(C`Host_Alias\*(C'\fR.
-You should not try to define your own \fIalias\fR called \fBALL\fR as the
+You should not try to define your own \fIalias\fR called \fB\s-1ALL\s0\fR as the
built in alias will be used in preference to your own. Please note
-that using \fBALL\fR can be dangerous since in a command context, it
+that using \fB\s-1ALL\s0\fR can be dangerous since in a command context, it
allows the user to run \fBany\fR command on the system.
.PP
An exclamation point ('!') can be used as a logical \fInot\fR operator
both in an \fIalias\fR and in front of a \f(CW\*(C`Cmnd\*(C'\fR. This allows one to
exclude certain values. Note, however, that using a \f(CW\*(C`!\*(C'\fR in
conjunction with the built in \f(CW\*(C`ALL\*(C'\fR alias to allow a user to
-run \*(L"all but a few\*(R" commands rarely works as intended (see SECURITY
-NOTES below).
+run \*(L"all but a few\*(R" commands rarely works as intended (see \s-1SECURITY\s0
+\&\s-1NOTES\s0 below).
.PP
Long lines can be continued with a backslash ('\e') as the last
character on the line.
\&\fBsudo\fR to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all cases.
We don't want to subject the full time staff to the \fBsudo\fR lecture,
and user \fBmillert\fR need not give a password. In addition, on the
-machines in the \fISERVERS\fR \f(CW\*(C`Host_Alias\*(C'\fR, we keep an additional
+machines in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, we keep an additional
local log file and make sure we log the year in each log line since
the log entries will be kept around for several years.
.PP
.Vb 1
\& jack CSNETS = ALL
.Ve
-The user \fBjack\fR may run any command on the machines in the \fICSNETS\fR alias
+The user \fBjack\fR may run any command on the machines in the \fI\s-1CSNETS\s0\fR alias
(the networks \f(CW\*(C`128.138.243.0\*(C'\fR, \f(CW\*(C`128.138.204.0\*(C'\fR, and \f(CW\*(C`128.138.242.0\*(C'\fR).
Of those networks, only <128.138.204.0> has an explicit netmask (in
-CIDR notation) indicating it is a class C network. For the other
-networks in \fICSNETS\fR, the local machine's netmask will be used
+\&\s-1CIDR\s0 notation) indicating it is a class C network. For the other
+networks in \fI\s-1CSNETS\s0\fR, the local machine's netmask will be used
during matching.
.PP
.Vb 1
\& lisa CUNETS = ALL
.Ve
-The user \fBlisa\fR may run any command on any host in the \fICUNETS\fR alias
+The user \fBlisa\fR may run any command on any host in the \fI\s-1CUNETS\s0\fR alias
(the class B network \f(CW\*(C`128.138.0.0\*(C'\fR).
.PP
.Vb 2
\& pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
.Ve
The user \fBpete\fR is allowed to change anyone's password except for
-root on the \fIHPPA\fR machines. Note that this assumes \fIpasswd\fR\|(1)
+root on the \fI\s-1HPPA\s0\fR machines. Note that this assumes \fIpasswd\fR\|(1)
does not take multiple usernames on the command line.
.PP
.Vb 1
\& bob SPARC = (OP) ALL : SGI = (OP) ALL
.Ve
-The user \fBbob\fR may run anything on the \fISPARC\fR and \fISGI\fR machines
-as any user listed in the \fIOP\fR \f(CW\*(C`Runas_Alias\*(C'\fR (\fBroot\fR and \fBoperator\fR).
+The user \fBbob\fR may run anything on the \fI\s-1SPARC\s0\fR and \fI\s-1SGI\s0\fR machines
+as any user listed in the \fI\s-1OP\s0\fR \f(CW\*(C`Runas_Alias\*(C'\fR (\fBroot\fR and \fBoperator\fR).
.PP
.Vb 1
\& jim +biglab = ALL
.Vb 1
\& fred ALL = (DB) NOPASSWD: ALL
.Ve
-The user \fBfred\fR can run commands as any user in the \fIDB\fR \f(CW\*(C`Runas_Alias\*(C'\fR
+The user \fBfred\fR can run commands as any user in the \fI\s-1DB\s0\fR \f(CW\*(C`Runas_Alias\*(C'\fR
(\fBoracle\fR or \fBsybase\fR) without giving a password.
.PP
.Vb 1
\& john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
.Ve
-On the \fIALPHA\fR machines, user \fBjohn\fR may su to anyone except root
+On the \fI\s-1ALPHA\s0\fR machines, user \fBjohn\fR may su to anyone except root
but he is not allowed to give \fIsu\fR\|(1) any flags.
.PP
.Vb 1
\& jen ALL, !SERVERS = ALL
.Ve
The user \fBjen\fR may run any command on any machine except for those
-in the \fISERVERS\fR \f(CW\*(C`Host_Alias\*(C'\fR (master, mail, www and ns).
+in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR (master, mail, www and ns).
.PP
.Vb 1
\& jill SERVERS = /usr/bin/, !SU, !SHELLS
.Ve
-For any machine in the \fISERVERS\fR \f(CW\*(C`Host_Alias\*(C'\fR, \fBjill\fR may run
+For any machine in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, \fBjill\fR may run
any commands in the directory /usr/bin/ except for those commands
-belonging to the \fISU\fR and \fISHELLS\fR \f(CW\*(C`Cmnd_Aliases\*(C'\fR.
+belonging to the \fI\s-1SU\s0\fR and \fI\s-1SHELLS\s0\fR \f(CW\*(C`Cmnd_Aliases\*(C'\fR.
.PP
.Vb 1
\& steve CSNETS = (operator) /usr/local/op_commands/
.Vb 1
\& WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
.Ve
-On the host www, any user in the \fIWEBMASTERS\fR \f(CW\*(C`User_Alias\*(C'\fR (will,
+On the host www, any user in the \fI\s-1WEBMASTERS\s0\fR \f(CW\*(C`User_Alias\*(C'\fR (will,
wendy, and wim), may run any command as user www (which owns the
web pages) or simply \fIsu\fR\|(1) to www.
.PP
\& ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e
\& /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM
.Ve
-Any user may mount or unmount a CD-ROM on the machines in the CDROM
+Any user may mount or unmount a \s-1CD-ROM\s0 on the machines in the \s-1CDROM\s0
\&\f(CW\*(C`Host_Alias\*(C'\fR (orion, perseus, hercules) without entering a password.
This is a bit tedious for users to type, so it is a prime candiate
for encapsulating in a shell script.
\& bill ALL = ALL, !SU, !SHELLS
.Ve
Doesn't really prevent \fBbill\fR from running the commands listed in
-\&\fISU\fR or \fISHELLS\fR since he can simply copy those commands to a
+\&\fI\s-1SU\s0\fR or \fI\s-1SHELLS\s0\fR since he can simply copy those commands to a
different name, or use a shell escape from an editor or other
program. Therefore, these kind of restrictions should be considered
advisory at best (and reinforced by policy).
=item shell_noargs
If set and B<sudo> is invoked with no arguments it acts as if the
-C<-s> flag had been given. That is, it runs a shell as root (the
+B<-s> flag had been given. That is, it runs a shell as root (the
shell is determined by the C<SHELL> environment variable if it is
set, falling back on the shell listed in the invoking user's
/etc/passwd entry if not). This flag is off by default.
=item set_home
-If set and B<sudo> is invoked with the C<-s> flag the C<HOME>
+If set and B<sudo> is invoked with the B<-s> flag the C<HOME>
environment variable will be set to the home directory of the target
-user (which is root unless the C<-u> option is used). This effectively
-makes the C<-s> flag imply C<-H>. This flag is off by default.
+user (which is root unless the B<-u> option is used). This effectively
+makes the B<-s> flag imply B<-H>. This flag is off by default.
=item path_info
=item targetpw
If set, B<sudo> will prompt for the password of the user specified by
-the C<-u> flag (defaults to root) instead of the password of the
+the B<-u> flag (defaults to root) instead of the password of the
invoking user. This flag is off by default.
=item set_logname
Normally, B<sudo> will set the C<LOGNAME> and C<USER> environment variables
-to the name of the target user (usually root unless the C<-u> flag is given).
+to the name of the target user (usually root unless the B<-u> flag is given).
However, since some programs (including the RCS revision control system)
use C<LOGNAME> to determine the real identity of the user, it may be desirable
to change this behavior. This can be done by negating the set_logname option.
=item passprompt
The default prompt to use when asking for a password; can be overridden
-via the C<-p> option or the C<SUDO_PROMPT> environment variable. Supports
+via the B<-p> option or the C<SUDO_PROMPT> environment variable. Supports
two escapes: "%u" expands to the user's login name and "%h" expands
to the local hostname. The default value is "Password:".
=item runas_default
-The default user to run commands as if the C<-u> flag is not specified
+The default user to run commands as if the B<-u> flag is not specified
on the command line. This defaults to "root".
=item syslog_goodpri
=item mailerflags
-Flags to use when invoking mailer. Defaults to C<-t>.
+Flags to use when invoking mailer. Defaults to B<-t>.
=item mailto
=item verifypw
-This option controls when a password will be required when a
-user runs B<sudo> with the B<-v>. It has the following possible values:
+This option controls when a password will be required when a user runs
+B<sudo> with the B<-v> flag. It has the following possible values:
all All the user's I<sudoers> entries for the
current host must have the C<NOPASSWD>
or username that consists solely of upper case let
ters, digits, and the underscore ('_') character.
- -V The `-V' (version) option causes v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print the
+ -V The -\b-\b-\b-V\bV\bV\bV (version) option causes v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print the
version number and exit.
E\bE\bE\bER\bR\bR\bRR\bR\bR\bRO\bO\bO\bOR\bR\bR\bRS\bS\bS\bS
-April 7, 2000 1.6.3 1
+April 22, 2000 1.6.3 1
-April 7, 2000 1.6.3 2
+April 22, 2000 1.6.3 2
.\" Automatically generated by Pod::Man version 1.02
-.\" Fri Apr 7 08:37:07 2000
+.\" Sat Apr 22 12:13:38 2000
.\"
.\" Standard preamble:
.\" ======================================================================
.\" ======================================================================
.\"
.IX Title "visudo @mansectsu@"
-.TH visudo @mansectsu@ "1.6.3" "April 7, 2000" "MAINTENANCE COMMANDS"
+.TH visudo @mansectsu@ "1.6.3" "April 22, 2000" "MAINTENANCE COMMANDS"
.UC
.SH "NAME"
visudo \- edit the sudoers file
letters, digits, and the underscore ('_') character.
.Ip "\-V" 4
.IX Item "-V"
-The \f(CW\*(C`\-V\*(C'\fR (version) option causes \fBvisudo\fR to print the version number
+The \fB\-V\fR (version) option causes \fBvisudo\fR to print the version number
and exit.
.SH "ERRORS"
.IX Header "ERRORS"
.Vb 1
\& Todd Miller <Todd.Miller@courtesan.com>
.Ve
-See the HISTORY file in the sudo distribution for more details.
+See the \s-1HISTORY\s0 file in the sudo distribution for more details.
.SH "BUGS"
.IX Header "BUGS"
If you feel you have found a bug in sudo, please submit a bug report
at http://www.courtesan.com/sudo/bugs/
.SH "DISCLAIMER"
.IX Header "DISCLAIMER"
-\&\fBVisudo\fR is provided ``AS IS'' and any express or implied warranties,
+\&\fBVisudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed.
-See the LICENSE file distributed with \fBsudo\fR for complete details.
+See the \s-1LICENSE\s0 file distributed with \fBsudo\fR for complete details.
.SH "CAVEATS"
.IX Header "CAVEATS"
There is no easy way to prevent a user from gaining a root shell if
=item -V
-The C<-V> (version) option causes B<visudo> to print the version number
+The B<-V> (version) option causes B<visudo> to print the version number
and exit.
=back
projects / sudo / commitdiff