-December 17, 2001 1.6.4 1
+December 30, 2001 1.6.4 1
-December 17, 2001 1.6.4 2
+December 30, 2001 1.6.4 2
-December 17, 2001 1.6.4 3
+December 30, 2001 1.6.4 3
-December 17, 2001 1.6.4 4
+December 30, 2001 1.6.4 4
-December 17, 2001 1.6.4 5
+December 30, 2001 1.6.4 5
-December 17, 2001 1.6.4 6
+December 30, 2001 1.6.4 6
-December 17, 2001 1.6.4 7
+December 30, 2001 1.6.4 7
-December 17, 2001 1.6.4 8
+December 30, 2001 1.6.4 8
-December 17, 2001 1.6.4 9
+December 30, 2001 1.6.4 9
-December 17, 2001 1.6.4 10
+December 30, 2001 1.6.4 10
L\bL\bL\bLi\bi\bi\bis\bs\bs\bst\bt\bt\bts\bs\bs\bs t\bt\bt\bth\bh\bh\bha\ba\ba\bat\bt\bt\bt c\bc\bc\bca\ba\ba\ban\bn\bn\bn b\bb\bb\bbe\be\be\be u\bu\bu\bus\bs\bs\bse\be\be\bed\bd\bd\bd i\bi\bi\bin\bn\bn\bn a\ba\ba\ba b\bb\bb\bbo\bo\bo\boo\bo\bo\bol\bl\bl\ble\be\be\bea\ba\ba\ban\bn\bn\bn c\bc\bc\bco\bo\bo\bon\bn\bn\bnt\bt\bt\bte\be\be\bex\bx\bx\bxt\bt\bt\bt:
- env_check A double-quoted, space-separated list of envi
- ronment variables to be removed from the
+ env_check Environment variables to be removed from the
user's environment if the variable's value
contains % or / characters. This can be used
to guard against printf-style format vulnera
- bilties in poorly-written programs. The list
- can be replaced, added to, deleted from, or
- disabled by using the =, +=, -=, and ! opera
- tors respectively. The default list of envi
- ronment variable to check is printed when s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
- is run by root with the _\b-_\bV option.
-
- env_delete A double-quoted, space-separated list of envi
- ronment variables to be removed from the
- user's environment. The list can be replaced,
- added to, deleted from, or disabled by using
- the =, +=, -=, and ! operators respectively.
- The default list of environment variable to
- remove is printed when s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run by root
- with the _\b-_\bV option.
-
- env_keep A double-quoted, space-separated list of envi
- ronment variables to be preserved in the
+ bilties in poorly-written programs. The argu
+ ment may be a double-quoted, space-separated
+ list or a single value without double-quotes.
+ The list can be replaced, added to, deleted
+ from, or disabled by using the =, +=, -=, and
+ ! operators respectively. The default list of
+ environment variable to check is printed when
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run by root with the _\b-_\bV option.
+
+ env_delete Environment variables to be removed from the
+ user's environment. The argument may be a
+ double-quoted, space-separated list or a sin
+ gle value without double-quotes. The list can
+ be replaced, added to, deleted from, or dis
+ abled by using the =, +=, -=, and ! operators
+ respectively. The default list of environment
+ variable to remove is printed when s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run
+ by root with the _\b-_\bV option.
+
+ env_keep Environment variables to be preserved in the
user's environment when the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option
- is in effect. This allows fine-grained con
- trol over the environment s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo-spawned
+ is in effect. This allows fine-grained
-December 17, 2001 1.6.4 11
+December 30, 2001 1.6.4 11
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
- processes will get. The list can be replaced,
- added to, deleted from, or disabled by using
- the =, +=, -=, and ! operators respectively.
- This list has no default members.
+ control over the environment s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo-spawned pro
+ cesses will receive. The argument may be a
+ double-quoted, space-separated list or a sin
+ gle value without double-quotes. The list can
+ be replaced, added to, deleted from, or dis
+ abled by using the =, +=, -=, and ! operators
+ respectively. This list has no default mem
+ bers.
When logging via _\bs_\by_\bs_\bl_\bo_\bg(3), s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following
values for the syslog facility (the value of the s\bs\bs\bsy\by\by\bys\bs\bs\bsl\bl\bl\blo\bo\bo\bog\bg\bg\bg
It is also possible to override a Runas_Spec later on in
an entry. If we modify the entry like so:
- dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
-
- Then user d\bd\bd\bdg\bg\bg\bgb\bb\bb\bb is now allowed to run _\b/_\bb_\bi_\bn_\b/_\bl_\bs as o\bo\bo\bop\bp\bp\bpe\be\be\ber\br\br\bra\ba\ba\bat\bt\bt\bto\bo\bo\bor\br\br\br,
-
-December 17, 2001 1.6.4 12
+December 30, 2001 1.6.4 12
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
+
+ Then user d\bd\bd\bdg\bg\bg\bgb\bb\bb\bb is now allowed to run _\b/_\bb_\bi_\bn_\b/_\bl_\bs as o\bo\bo\bop\bp\bp\bpe\be\be\ber\br\br\bra\ba\ba\bat\bt\bt\bto\bo\bo\bor\br\br\br,
but _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm as r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt.
N\bN\bN\bNO\bO\bO\bOP\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD a\ba\ba\ban\bn\bn\bnd\bd\bd\bd P\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD
used to escape special characters such as: "*",
"?", "[", and "}".
- Note that a forward slash ('/') will n\bn\bn\bno\bo\bo\bot\bt\bt\bt be matched by
- wildcards used in the pathname. When matching the command
- line arguments, however, as slash d\bd\bd\bdo\bo\bo\boe\be\be\bes\bs\bs\bs get matched by
-December 17, 2001 1.6.4 13
+December 30, 2001 1.6.4 13
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ Note that a forward slash ('/') will n\bn\bn\bno\bo\bo\bot\bt\bt\bt be matched by
+ wildcards used in the pathname. When matching the command
+ line arguments, however, as slash d\bd\bd\bdo\bo\bo\boe\be\be\bes\bs\bs\bs get matched by
wildcards. This is to make a path like:
/usr/bin/*
E\bE\bE\bEX\bX\bX\bXA\bA\bA\bAM\bM\bM\bMP\bP\bP\bPL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
Below are example _\bs_\bu_\bd_\bo_\be_\br_\bs entries. Admittedly, some of
- these are a bit contrived. First, we define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
-
-
-December 17, 2001 1.6.4 14
+December 30, 2001 1.6.4 14
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ these are a bit contrived. First, we define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
+
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
- We let r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt and any user in group w\bw\bw\bwh\bh\bh\bhe\be\be\bee\be\be\bel\bl\bl\bl run any command on
-
-December 17, 2001 1.6.4 15
+December 30, 2001 1.6.4 15
sudoers(4) MAINTENANCE COMMANDS sudoers(4)
+ We let r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt and any user in group w\bw\bw\bwh\bh\bh\bhe\be\be\bee\be\be\bel\bl\bl\bl run any command on
any host as any user.
FULLTIMERS ALL = NOPASSWD: ALL
-
-December 17, 2001 1.6.4 16
+December 30, 2001 1.6.4 16
-December 17, 2001 1.6.4 17
+December 30, 2001 1.6.4 17
-December 17, 2001 1.6.4 18
+December 30, 2001 1.6.4 18
.\" Automatically generated by Pod::Man version 1.15
-.\" Mon Dec 17 16:34:22 2001
+.\" Sun Dec 30 12:24:30 2001
.\"
.\" Standard preamble:
.\" ======================================================================
.\" ======================================================================
.\"
.IX Title "sudoers @mansectform@"
-.TH sudoers @mansectform@ "1.6.4" "December 17, 2001" "MAINTENANCE COMMANDS"
+.TH sudoers @mansectform@ "1.6.4" "December 30, 2001" "MAINTENANCE COMMANDS"
.UC
.SH "NAME"
sudoers \- list of which users may execute what
\&\fBLists that can be used in a boolean context\fR:
.Ip "env_check" 12
.IX Item "env_check"
-A double-quoted, space-separated list of environment variables to
-be removed from the user's environment if the variable's value
-contains \f(CW\*(C`%\*(C'\fR or \f(CW\*(C`/\*(C'\fR characters. This can be used to guard against
-printf-style format vulnerabilties in poorly-written programs. The
+Environment variables to be removed from the user's environment if
+the variable's value contains \f(CW\*(C`%\*(C'\fR or \f(CW\*(C`/\*(C'\fR characters. This can
+be used to guard against printf-style format vulnerabilties in
+poorly-written programs. The argument may be a double-quoted,
+space-separated list or a single value without double-quotes. The
list can be replaced, added to, deleted from, or disabled by using
the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators respectively. The default
list of environment variable to check is printed when \fBsudo\fR is
run by root with the \fI\-V\fR option.
.Ip "env_delete" 12
.IX Item "env_delete"
-A double-quoted, space-separated list of environment variables to
-be removed from the user's environment. The list can be replaced,
-added to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR,
-and \f(CW\*(C`!\*(C'\fR operators respectively. The default list of environment
+Environment variables to be removed from the user's environment.
+The argument may be a double-quoted, space-separated list or a
+single value without double-quotes. The list can be replaced, added
+to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and
+\&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of environment
variable to remove is printed when \fBsudo\fR is run by root with the
\&\fI\-V\fR option.
.Ip "env_keep" 12
.IX Item "env_keep"
-A double-quoted, space-separated list of environment variables to
-be preserved in the user's environment when the \fIenv_reset\fR option
-is in effect. This allows fine-grained control over the environment
-\&\fBsudo\fR\-spawned processes will get. The list can be replaced, added
+Environment variables to be preserved in the user's environment
+when the \fIenv_reset\fR option is in effect. This allows fine-grained
+control over the environment \fBsudo\fR\-spawned processes will receive.
+The argument may be a double-quoted, space-separated list or a
+single value without double-quotes. The list can be replaced, added
to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and
\&\f(CW\*(C`!\*(C'\fR operators respectively. This list has no default members.
.PP
=item env_check
-A double-quoted, space-separated list of environment variables to
-be removed from the user's environment if the variable's value
-contains C<%> or C</> characters. This can be used to guard against
-printf-style format vulnerabilties in poorly-written programs. The
+Environment variables to be removed from the user's environment if
+the variable's value contains C<%> or C</> characters. This can
+be used to guard against printf-style format vulnerabilties in
+poorly-written programs. The argument may be a double-quoted,
+space-separated list or a single value without double-quotes. The
list can be replaced, added to, deleted from, or disabled by using
the C<=>, C<+=>, C<-=>, and C<!> operators respectively. The default
list of environment variable to check is printed when B<sudo> is
=item env_delete
-A double-quoted, space-separated list of environment variables to
-be removed from the user's environment. The list can be replaced,
-added to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>,
-and C<!> operators respectively. The default list of environment
+Environment variables to be removed from the user's environment.
+The argument may be a double-quoted, space-separated list or a
+single value without double-quotes. The list can be replaced, added
+to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
+C<!> operators respectively. The default list of environment
variable to remove is printed when B<sudo> is run by root with the
I<-V> option.
=item env_keep
-A double-quoted, space-separated list of environment variables to
-be preserved in the user's environment when the I<env_reset> option
-is in effect. This allows fine-grained control over the environment
-B<sudo>-spawned processes will get. The list can be replaced, added
+Environment variables to be preserved in the user's environment
+when the I<env_reset> option is in effect. This allows fine-grained
+control over the environment B<sudo>-spawned processes will receive.
+The argument may be a double-quoted, space-separated list or a
+single value without double-quotes. The list can be replaced, added
to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
C<!> operators respectively. This list has no default members.
projects / sudo / commitdiff