sudo - execute a command as another user
S\bS\bS\bSY\bY\bY\bYN\bN\bN\bNO\bO\bO\bOP\bP\bP\bPS\bS\bS\bSI\bI\bI\bIS\bS\bS\bS
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo -\b-\b-\b-V\bV\bV\bV | -\b-\b-\b-h\bh\bh\bh | -\b-\b-\b-l\bl\bl\bl | -\b-\b-\b-L\bL\bL\bL | -\b-\b-\b-v\bv\bv\bv | -\b-\b-\b-k\bk\bk\bk | -\b-\b-\b-K\bK\bK\bK | -\b-\b-\b-s\bs\bs\bs | [ -\b-\b-\b-H\bH\bH\bH ] [-\b-\b-\b-S\bS\bS\bS ]
- [ -\b-\b-\b-b\bb\bb\bb ] | [ -\b-\b-\b-p\bp\bp\bp _\bp_\br_\bo_\bm_\bp_\bt ] [ -\b-\b-\b-c\bc\bc\bc _\bc_\bl_\ba_\bs_\bs|_\b- ] [ -\b-\b-\b-a\ba\ba\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be ] [
- -\b-\b-\b-u\bu\bu\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd ] _\bc_\bo_\bm_\bm_\ba_\bn_\bd
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo -\b-\b-\b-V\bV\bV\bV | -\b-\b-\b-h\bh\bh\bh | -\b-\b-\b-l\bl\bl\bl | -\b-\b-\b-L\bL\bL\bL | -\b-\b-\b-v\bv\bv\bv | -\b-\b-\b-k\bk\bk\bk | -\b-\b-\b-K\bK\bK\bK | -\b-\b-\b-s\bs\bs\bs | [ -\b-\b-\b-H\bH\bH\bH ] [-\b-\b-\b-P\bP\bP\bP ]
+ [-\b-\b-\b-S\bS\bS\bS ] [ -\b-\b-\b-b\bb\bb\bb ] | [ -\b-\b-\b-p\bp\bp\bp _\bp_\br_\bo_\bm_\bp_\bt ] [ -\b-\b-\b-c\bc\bc\bc _\bc_\bl_\ba_\bs_\bs|_\b- ] [ -\b-\b-\b-a\ba\ba\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be
+ ] [ -\b-\b-\b-u\bu\bu\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd ] _\bc_\bo_\bm_\bm_\ba_\bn_\bd
D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows a permitted user to execute a _\bc_\bo_\bm_\bm_\ba_\bn_\bd as the
default) as specified in _\bp_\ba_\bs_\bs_\bw_\bd(4). By default, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
does not modify HOME.
+ -P The -\b-\b-\b-P\bP\bP\bP (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\bg_\br_\bo_\bu_\bp _\bv_\be_\bc_\bt_\bo_\br) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to
+ preserve the user's group vector unaltered. By
+ default, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will initialize the group vector to the
+ list of groups the target user is in. The real and
+ effective group IDs, however, are still set to match
+ the target user.
+
-S The -\b-\b-\b-S\bS\bS\bS (_\bs_\bt_\bd_\bi_\bn) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to read the password
from standard input instead of the terminal device.
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo tries to be safe when executing external commands.
Variables that control how dynamic loading and binding is
done can be used to subvert the program that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo runs.
- To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only),
- and LIBPATH (AIX only) environment variables are removed
- from the environment passed on to all commands executed.
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will also remove the IFS, ENV, BASH_ENV, KRB_CONF,
- KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN,
- RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO,
- TERMINFO_DIRS and TERMPATH variables as they too can pose
sudo(1m) MAINTENANCE COMMANDS sudo(1m)
+ To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only),
+ and LIBPATH (AIX only) environment variables are removed
+ from the environment passed on to all commands executed.
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will also remove the IFS, ENV, BASH_ENV, KRB_CONF,
+ KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN,
+ RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO,
+ TERMINFO_DIRS and TERMPATH variables as they too can pose
a threat. If the TERMCAP variable is set and is a path
name, it too is ignored. Additionally, if the LC_* or
LANGUAGE variables contain the / or % characters, they are
timestamp with a bogus date on systems that allow users to
give away files.
- Please note that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will only log the command it explic
- itly runs. If a user runs a command such as sudo su or
- sudo sh, subsequent commands run from that shell will _\bn_\bo_\bt
- be logged, nor will s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo's access control affect them.
- The same is true for commands that offer shell escapes
- (including most editors). Because of this, care must be
- taken when giving users access to commands via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to
sudo(1m) MAINTENANCE COMMANDS sudo(1m)
+ Please note that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will only log the command it explic
+ itly runs. If a user runs a command such as sudo su or
+ sudo sh, subsequent commands run from that shell will _\bn_\bo_\bt
+ be logged, nor will s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo's access control affect them.
+ The same is true for commands that offer shell escapes
+ (including most editors). Because of this, care must be
+ taken when giving users access to commands via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to
verify that the command does not inadvertantly give the
user an effective root shell.
E\bE\bE\bEN\bN\bN\bNV\bV\bV\bVI\bI\bI\bIR\bR\bR\bRO\bO\bO\bON\bN\bN\bNM\bM\bM\bME\bE\bE\bEN\bN\bN\bNT\bT\bT\bT
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo utilizes the following environment variables:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+December 14, 2001 1.6.4 5
+
+
+
+
+
+sudo(1m) MAINTENANCE COMMANDS sudo(1m)
+
+
PATH Set to a sane value if SECURE_PATH is set
SHELL Used to determine shell to run with -s option
USER Set to the target user (root unless the -u option
/var/run/sudo Directory containing timestamps
-
-
-December 14, 2001 1.6.4 5
-
-
-
-
-
-sudo(1m) MAINTENANCE COMMANDS sudo(1m)
-
-
A\bA\bA\bAU\bU\bU\bUT\bT\bT\bTH\bH\bH\bHO\bO\bO\bOR\bR\bR\bRS\bS\bS\bS
Many people have worked on s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo over the years; this ver
sion consists of code written primarily by:
cation.
Running shell scripts via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo can expose the same kernel
- bugs that make setuid shell scripts unsafe on some operat
- ing systems (if your OS supports the /dev/fd/ directory,
- setuid shell scripts are generally safe).
+ bugs that make setuid shell scripts unsafe on some
+
+
+
+December 14, 2001 1.6.4 6
+
+
+
+
+
+sudo(1m) MAINTENANCE COMMANDS sudo(1m)
+
+
+ operating systems (if your OS supports the /dev/fd/ direc
+ tory, setuid shell scripts are generally safe).
S\bS\bS\bSE\bE\bE\bEE\bE\bE\bE A\bA\bA\bAL\bL\bL\bLS\bS\bS\bSO\bO\bO\bO
_\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), _\bs_\bu_\bd_\bo_\be_\br_\bs(4), _\bp_\ba_\bs_\bs_\bw_\bd(5), _\bv_\bi_\bs_\bu_\bd_\bo(1m),
-December 14, 2001 1.6.4 6
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+December 14, 2001 1.6.4 7
-December 13, 2001 1.6.4 1
+December 14, 2001 1.6.4 1
-December 13, 2001 1.6.4 2
+December 14, 2001 1.6.4 2
-December 13, 2001 1.6.4 3
+December 14, 2001 1.6.4 3
-December 13, 2001 1.6.4 4
+December 14, 2001 1.6.4 4
-December 13, 2001 1.6.4 5
+December 14, 2001 1.6.4 5
tage is that if the executable is simply not
in the user's PATH, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will tell the user
that they are not allowed to run it, which can
- be confusing. This flag is off by default.
+ be confusing. This flag is _\bo_\bf_\bf by default.
+
+ preserve_groups
+ By default s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will initialize the group vec
+ tor to the list of groups the target user is
+ in. When _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, the user's
+ existing group vector is left unaltered. The
+ real and effective group IDs, however, are
+ still set to match the target user. This flag
+ is _\bo_\bf_\bf by default.
fqdn Set this flag if you want to put fully quali
fied hostnames in the _\bs_\bu_\bd_\bo_\be_\br_\bs file. I.e.:
stops working (for example if the machine is
not plugged into the network). Also note that
you must use the host's official name as DNS
- knows it. That is, you may not use a host
- alias (CNAME entry) due to performance issues
- and the fact that there is no way to get all
- aliases from DNS. If your machine's hostname
- (as returned by the hostname command) is
- already fully qualified you shouldn't need to
- set _\bf_\bq_\bd_\bn. This flag is _\bo_\bf_\bf by default.
-
-
-December 13, 2001 1.6.4 6
+December 14, 2001 1.6.4 6
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ knows it. That is, you may not use a host
+ alias (CNAME entry) due to performance issues
+ and the fact that there is no way to get all
+ aliases from DNS. If your machine's hostname
+ (as returned by the hostname command) is
+ already fully qualified you shouldn't need to
+ set _\bf_\bq_\bd_\bn. This flag is _\bo_\bf_\bf by default.
+
insults If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will insult users when they enter
an incorrect password. This flag is _\bo_\bf_\bf by
default.
given). However, since some programs (includ
ing the RCS revision control system) use LOG
NAME to determine the real identity of the
- user, it may be desirable to change this
- behavior. This can be done by negating the
- set_logname option.
-
- stay_setuid Normally, when s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo executes a command the
- real and effective UIDs are set to the target
- user (root by default). This option changes
- that behavior such that the real UID is left
-December 13, 2001 1.6.4 7
+December 14, 2001 1.6.4 7
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ user, it may be desirable to change this
+ behavior. This can be done by negating the
+ set_logname option.
+
+ stay_setuid Normally, when s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo executes a command the
+ real and effective UIDs are set to the target
+ user (root by default). This option changes
+ that behavior such that the real UID is left
as the invoking user's UID. In other words,
this makes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo act as a setuid wrapper. This
can be useful on systems that disable some
timestamp_timeout
Number of minutes that can elapse before s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
will ask for a passwd again. The default is
- 5. Set this to 0 to always prompt for a pass
- word. If set to a value less than 0 the
- user's timestamp will never expire. This can
- be used to allow users to create or delete
- their own timestamps via sudo -v and sudo -k
- respectively.
-
- passwd_timeout
- Number of minutes before the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo password
+ 5. Set this to 0 to always prompt for a
-December 13, 2001 1.6.4 8
+December 14, 2001 1.6.4 8
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ password. If set to a value less than 0 the
+ user's timestamp will never expire. This can
+ be used to allow users to create or delete
+ their own timestamps via sudo -v and sudo -k
+ respectively.
+
+ passwd_timeout
+ Number of minutes before the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo password
prompt times out. The default is 5, set this
to 0 for no password timeout.
editor A colon (':') separated list of editors
allowed to be used with v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo. v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will
choose the editor that matches the user's USER
- environment variable if possible, or the first
- editor in the list that exists and is exe
- cutable. The default is the path to vi on
- your system.
-
- S\bS\bS\bSt\bt\bt\btr\br\br\bri\bi\bi\bin\bn\bn\bng\bg\bg\bgs\bs\bs\bs t\bt\bt\bth\bh\bh\bha\ba\ba\bat\bt\bt\bt c\bc\bc\bca\ba\ba\ban\bn\bn\bn b\bb\bb\bbe\be\be\be u\bu\bu\bus\bs\bs\bse\be\be\bed\bd\bd\bd i\bi\bi\bin\bn\bn\bn a\ba\ba\ba b\bb\bb\bbo\bo\bo\boo\bo\bo\bol\bl\bl\ble\be\be\bea\ba\ba\ban\bn\bn\bn c\bc\bc\bco\bo\bo\bon\bn\bn\bnt\bt\bt\bte\be\be\bex\bx\bx\bxt\bt\bt\bt:
+December 14, 2001 1.6.4 9
-December 13, 2001 1.6.4 9
+sudoers(4) MAINTENANCE COMMANDS sudoers(4)
-sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ environment variable if possible, or the first
+ editor in the list that exists and is exe
+ cutable. The default is the path to vi on
+ your system.
+ S\bS\bS\bSt\bt\bt\btr\br\br\bri\bi\bi\bin\bn\bn\bng\bg\bg\bgs\bs\bs\bs t\bt\bt\bth\bh\bh\bha\ba\ba\bat\bt\bt\bt c\bc\bc\bca\ba\ba\ban\bn\bn\bn b\bb\bb\bbe\be\be\be u\bu\bu\bus\bs\bs\bse\be\be\bed\bd\bd\bd i\bi\bi\bin\bn\bn\bn a\ba\ba\ba b\bb\bb\bbo\bo\bo\boo\bo\bo\bol\bl\bl\ble\be\be\bea\ba\ba\ban\bn\bn\bn c\bc\bc\bco\bo\bo\bon\bn\bn\bnt\bt\bt\bte\be\be\bex\bx\bx\bxt\bt\bt\bt:
logfile Path to the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo log file (not the syslog log
file). Setting a path turns on logging to a
The default value is `all'.
- listpw This option controls when a password will be
- required when a user runs s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo with the -\b-\b-\b-l\bl\bl\bl.
- It has the following possible values:
-
- all All the user's I<sudoers> entries for the
- current host must have the C<NOPASSWD>
- flag set to avoid entering a password.
-December 13, 2001 1.6.4 10
+December 14, 2001 1.6.4 10
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ listpw This option controls when a password will be
+ required when a user runs s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo with the -\b-\b-\b-l\bl\bl\bl.
+ It has the following possible values:
+
+ all All the user's I<sudoers> entries for the
+ current host must have the C<NOPASSWD>
+ flag set to avoid entering a password.
+
any At least one of the user's I<sudoers> entries
for the current host must have the
C<NOPASSWD> flag set to avoid entering a
the =, +=, -=, and <!> operators respectively.
This list has no default members.
- When logging via _\bs_\by_\bs_\bl_\bo_\bg(3), s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following
- values for the syslog facility (the value of the s\bs\bs\bsy\by\by\bys\bs\bs\bsl\bl\bl\blo\bo\bo\bog\bg\bg\bg
- Parameter): a\ba\ba\bau\bu\bu\but\bt\bt\bth\bh\bh\bhp\bp\bp\bpr\br\br\bri\bi\bi\biv\bv\bv\bv (if your OS supports it), a\ba\ba\bau\bu\bu\but\bt\bt\bth\bh\bh\bh, d\bd\bd\bda\ba\ba\bae\be\be\be\b\b\b
- m\bm\bm\bmo\bo\bo\bon\bn\bn\bn, u\bu\bu\bus\bs\bs\bse\be\be\ber\br\br\br, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl0\b0\b0\b0, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl1\b1\b1\b1, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl2\b2\b2\b2, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl3\b3\b3\b3, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl4\b4\b4\b4, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl5\b5\b5\b5,
- l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl6\b6\b6\b6, and l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl7\b7\b7\b7. The following syslog priorities are
- supported: a\ba\ba\bal\bl\bl\ble\be\be\ber\br\br\brt\bt\bt\bt, c\bc\bc\bcr\br\br\bri\bi\bi\bit\bt\bt\bt, d\bd\bd\bde\be\be\beb\bb\bb\bbu\bu\bu\bug\bg\bg\bg, e\be\be\bem\bm\bm\bme\be\be\ber\br\br\brg\bg\bg\bg, e\be\be\ber\br\br\brr\br\br\br, i\bi\bi\bin\bn\bn\bnf\bf\bf\bfo\bo\bo\bo, n\bn\bn\bno\bo\bo\bot\bt\bt\bti\bi\bi\bic\bc\bc\bce\be\be\be,
- and w\bw\bw\bwa\ba\ba\bar\br\br\brn\bn\bn\bni\bi\bi\bin\bn\bn\bng\bg\bg\bg.
-
-December 13, 2001 1.6.4 11
+December 14, 2001 1.6.4 11
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ When logging via _\bs_\by_\bs_\bl_\bo_\bg(3), s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following
+ values for the syslog facility (the value of the s\bs\bs\bsy\by\by\bys\bs\bs\bsl\bl\bl\blo\bo\bo\bog\bg\bg\bg
+ Parameter): a\ba\ba\bau\bu\bu\but\bt\bt\bth\bh\bh\bhp\bp\bp\bpr\br\br\bri\bi\bi\biv\bv\bv\bv (if your OS supports it), a\ba\ba\bau\bu\bu\but\bt\bt\bth\bh\bh\bh, d\bd\bd\bda\ba\ba\bae\be\be\be\b\b\b
+ m\bm\bm\bmo\bo\bo\bon\bn\bn\bn, u\bu\bu\bus\bs\bs\bse\be\be\ber\br\br\br, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl0\b0\b0\b0, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl1\b1\b1\b1, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl2\b2\b2\b2, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl3\b3\b3\b3, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl4\b4\b4\b4, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl5\b5\b5\b5,
+ l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl6\b6\b6\b6, and l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl7\b7\b7\b7. The following syslog priorities are
+ supported: a\ba\ba\bal\bl\bl\ble\be\be\ber\br\br\brt\bt\bt\bt, c\bc\bc\bcr\br\br\bri\bi\bi\bit\bt\bt\bt, d\bd\bd\bde\be\be\beb\bb\bb\bbu\bu\bu\bug\bg\bg\bg, e\be\be\bem\bm\bm\bme\be\be\ber\br\br\brg\bg\bg\bg, e\be\be\ber\br\br\brr\br\br\br, i\bi\bi\bin\bn\bn\bnf\bf\bf\bfo\bo\bo\bo, n\bn\bn\bno\bo\bo\bot\bt\bt\bti\bi\bi\bic\bc\bc\bce\be\be\be,
+ and w\bw\bw\bwa\ba\ba\bar\br\br\brn\bn\bn\bni\bi\bi\bin\bn\bn\bng\bg\bg\bg.
+
U\bU\bU\bUs\bs\bs\bse\be\be\ber\br\br\br S\bS\bS\bSp\bp\bp\bpe\be\be\bec\bc\bc\bci\bi\bi\bif\bf\bf\bfi\bi\bi\bic\bc\bc\bca\ba\ba\bat\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bn
User_Spec ::= User_list Host_List '=' Cmnd_Spec_List \
Then user d\bd\bd\bdg\bg\bg\bgb\bb\bb\bb is now allowed to run _\b/_\bb_\bi_\bn_\b/_\bl_\bs as o\bo\bo\bop\bp\bp\bpe\be\be\ber\br\br\bra\ba\ba\bat\bt\bt\bto\bo\bo\bor\br\br\br,
but _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm as r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt.
- N\bN\bN\bNO\bO\bO\bOP\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD a\ba\ba\ban\bn\bn\bnd\bd\bd\bd P\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD
- By default, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo requires that a user authenticate him or
- herself before running a command. This behavior can be
- modified via the NOPASSWD tag. Like a Runas_Spec, the
- NOPASSWD tag sets a default for the commands that follow
- it in the Cmnd_Spec_List. Conversely, the PASSWD tag can
- be used to reverse things. For example:
- ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
-December 13, 2001 1.6.4 12
+December 14, 2001 1.6.4 12
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ N\bN\bN\bNO\bO\bO\bOP\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD a\ba\ba\ban\bn\bn\bnd\bd\bd\bd P\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD
+
+ By default, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo requires that a user authenticate him or
+ herself before running a command. This behavior can be
+ modified via the NOPASSWD tag. Like a Runas_Spec, the
+ NOPASSWD tag sets a default for the commands that follow
+ it in the Cmnd_Spec_List. Conversely, the PASSWD tag can
+ be used to reverse things. For example:
+
+ ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
+
would allow the user r\br\br\bra\ba\ba\bay\by\by\by to run _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl, _\b/_\bb_\bi_\bn_\b/_\bl_\bs, and
_\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm as root on the machine rushmore as r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt
without authenticating himself. If we only want r\br\br\bra\ba\ba\bay\by\by\by to be
line arguments, however, as slash d\bd\bd\bdo\bo\bo\boe\be\be\bes\bs\bs\bs get matched by
wildcards. This is to make a path like:
- /usr/bin/*
- match /usr/bin/who but not /usr/bin/X11/xterm.
- E\bE\bE\bEx\bx\bx\bxc\bc\bc\bce\be\be\bep\bp\bp\bpt\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bns\bs\bs\bs t\bt\bt\bto\bo\bo\bo w\bw\bw\bwi\bi\bi\bil\bl\bl\bld\bd\bd\bdc\bc\bc\bca\ba\ba\bar\br\br\brd\bd\bd\bd r\br\br\bru\bu\bu\bul\bl\bl\ble\be\be\bes\bs\bs\bs:\b:\b:\b:
- The following exceptions apply to the above rules:
+December 14, 2001 1.6.4 13
- """" If the empty string "" is the only command line
- argument in the _\bs_\bu_\bd_\bo_\be_\br_\bs entry it means that com
- mand is not allowed to be run with a\ba\ba\ban\bn\bn\bny\by\by\by arguments.
-December 13, 2001 1.6.4 13
+sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ /usr/bin/*
+ match /usr/bin/who but not /usr/bin/X11/xterm.
-sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ E\bE\bE\bEx\bx\bx\bxc\bc\bc\bce\be\be\bep\bp\bp\bpt\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bns\bs\bs\bs t\bt\bt\bto\bo\bo\bo w\bw\bw\bwi\bi\bi\bil\bl\bl\bld\bd\bd\bdc\bc\bc\bca\ba\ba\bar\br\br\brd\bd\bd\bd r\br\br\bru\bu\bu\bul\bl\bl\ble\be\be\bes\bs\bs\bs:\b:\b:\b:
+ The following exceptions apply to the above rules:
+
+ """" If the empty string "" is the only command line
+ argument in the _\bs_\bu_\bd_\bo_\be_\br_\bs entry it means that com
+ mand is not allowed to be run with a\ba\ba\ban\bn\bn\bny\by\by\by arguments.
O\bO\bO\bOt\bt\bt\bth\bh\bh\bhe\be\be\ber\br\br\br s\bs\bs\bsp\bp\bp\bpe\be\be\bec\bc\bc\bci\bi\bi\bia\ba\ba\bal\bl\bl\bl c\bc\bc\bch\bh\bh\bha\ba\ba\bar\br\br\bra\ba\ba\bac\bc\bc\bct\bt\bt\bte\be\be\ber\br\br\brs\bs\bs\bs a\ba\ba\ban\bn\bn\bnd\bd\bd\bd r\br\br\bre\be\be\bes\bs\bs\bse\be\be\ber\br\br\brv\bv\bv\bve\be\be\bed\bd\bd\bd w\bw\bw\bwo\bo\bo\bor\br\br\brd\bd\bd\bds\bs\bs\bs:\b:\b:\b:
Below are example _\bs_\bu_\bd_\bo_\be_\br_\bs entries. Admittedly, some of
these are a bit contrived. First, we define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
- # User alias specification
- User_Alias FULLTIMERS = millert, mikef, dowdy
- User_Alias PARTTIMERS = bostley, jwfox, crawl
- User_Alias WEBMASTERS = will, wendy, wim
-
- # Runas alias specification
- Runas_Alias OP = root, operator
- Runas_Alias DB = oracle, sybase
+December 14, 2001 1.6.4 14
-December 13, 2001 1.6.4 14
-
-
+sudoers(4) MAINTENANCE COMMANDS sudoers(4)
-sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ # User alias specification
+ User_Alias FULLTIMERS = millert, mikef, dowdy
+ User_Alias PARTTIMERS = bostley, jwfox, crawl
+ User_Alias WEBMASTERS = will, wendy, wim
+ # Runas alias specification
+ Runas_Alias OP = root, operator
+ Runas_Alias DB = oracle, sybase
# Host alias specification
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
%wheel ALL = (ALL) ALL
We let r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt and any user in group w\bw\bw\bwh\bh\bh\bhe\be\be\bee\be\be\bel\bl\bl\bl run any command on
- any host as any user.
- FULLTIMERS ALL = NOPASSWD: ALL
- Full time sysadmins (m\bm\bm\bmi\bi\bi\bil\bl\bl\bll\bl\bl\ble\be\be\ber\br\br\brt\bt\bt\bt, m\bm\bm\bmi\bi\bi\bik\bk\bk\bke\be\be\bef\bf\bf\bf, and d\bd\bd\bdo\bo\bo\bow\bw\bw\bwd\bd\bd\bdy\by\by\by) may run
- any command on any host without authenticating themselves.
- PARTTIMERS ALL = ALL
+December 14, 2001 1.6.4 15
-December 13, 2001 1.6.4 15
+sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ any host as any user.
+ FULLTIMERS ALL = NOPASSWD: ALL
-sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ Full time sysadmins (m\bm\bm\bmi\bi\bi\bil\bl\bl\bll\bl\bl\ble\be\be\ber\br\br\brt\bt\bt\bt, m\bm\bm\bmi\bi\bi\bik\bk\bk\bke\be\be\bef\bf\bf\bf, and d\bd\bd\bdo\bo\bo\bow\bw\bw\bwd\bd\bd\bdy\by\by\by) may run
+ any command on any host without authenticating themselves.
+ PARTTIMERS ALL = ALL
Part time sysadmins (b\bb\bb\bbo\bo\bo\bos\bs\bs\bst\bt\bt\btl\bl\bl\ble\be\be\bey\by\by\by, j\bj\bj\bjw\bw\bw\bwf\bf\bf\bfo\bo\bo\box\bx\bx\bx, and c\bc\bc\bcr\br\br\bra\ba\ba\baw\bw\bw\bwl\bl\bl\bl) may run
any command on any host but they must authenticate them
jim +biglab = ALL
- The user j\bj\bj\bji\bi\bi\bim\bm\bm\bm may run any command on machines in the _\bb_\bi_\bg_\bl_\ba_\bb
- netgroup. S\bS\bS\bSu\bu\bu\bud\bd\bd\bdo\bo\bo\bo knows that "biglab" is a netgroup due to
- the '+' prefix.
- +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
- Users in the s\bs\bs\bse\be\be\bec\bc\bc\bcr\br\br\bre\be\be\bet\bt\bt\bta\ba\ba\bar\br\br\bri\bi\bi\bie\be\be\bes\bs\bs\bs netgroup need to help manage the
- printers as well as add and remove users, so they are
- allowed to run those commands on all machines.
+December 14, 2001 1.6.4 16
-December 13, 2001 1.6.4 16
+sudoers(4) MAINTENANCE COMMANDS sudoers(4)
-sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ The user j\bj\bj\bji\bi\bi\bim\bm\bm\bm may run any command on machines in the _\bb_\bi_\bg_\bl_\ba_\bb
+ netgroup. S\bS\bS\bSu\bu\bu\bud\bd\bd\bdo\bo\bo\bo knows that "biglab" is a netgroup due to
+ the '+' prefix.
+ +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+
+ Users in the s\bs\bs\bse\be\be\bec\bc\bc\bcr\br\br\bre\be\be\bet\bt\bt\bta\ba\ba\bar\br\br\bri\bi\bi\bie\be\be\bes\bs\bs\bs netgroup need to help manage the
+ printers as well as add and remove users, so they are
+ allowed to run those commands on all machines.
fred ALL = (DB) NOPASSWD: ALL
Any user may mount or unmount a CD-ROM on the machines in
the CDROM Host_Alias (orion, perseus, hercules) without
entering a password. This is a bit tedious for users to
- type, so it is a prime candidate for encapsulating in a
- shell script.
-S\bS\bS\bSE\bE\bE\bEC\bC\bC\bCU\bU\bU\bUR\bR\bR\bRI\bI\bI\bIT\bT\bT\bTY\bY\bY\bY N\bN\bN\bNO\bO\bO\bOT\bT\bT\bTE\bE\bE\bES\bS\bS\bS
- It is generally not effective to "subtract" commands from
- ALL using the '!' operator. A user can trivially circum
- vent this by copying the desired command to a different
- name and then executing that. For example:
- bill ALL = ALL, !SU, !SHELLS
+December 14, 2001 1.6.4 17
-December 13, 2001 1.6.4 17
+sudoers(4) MAINTENANCE COMMANDS sudoers(4)
-sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ type, so it is a prime candidate for encapsulating in a
+ shell script.
+S\bS\bS\bSE\bE\bE\bEC\bC\bC\bCU\bU\bU\bUR\bR\bR\bRI\bI\bI\bIT\bT\bT\bTY\bY\bY\bY N\bN\bN\bNO\bO\bO\bOT\bT\bT\bTE\bE\bE\bES\bS\bS\bS
+ It is generally not effective to "subtract" commands from
+ ALL using the '!' operator. A user can trivially circum
+ vent this by copying the desired command to a different
+ name and then executing that. For example:
+
+ bill ALL = ALL, !SU, !SHELLS
Doesn't really prevent b\bb\bb\bbi\bi\bi\bil\bl\bl\bll\bl\bl\bl from running the commands
listed in _\bS_\bU or _\bS_\bH_\bE_\bL_\bL_\bS since he can simply copy those com
-
-
-
-
-
-
-
-
-
-
-
-December 13, 2001 1.6.4 18
+December 14, 2001 1.6.4 18
projects / sudo / commitdiff