sudo - execute a command as another user
S\bS\bS\bSY\bY\bY\bYN\bN\bN\bNO\bO\bO\bOP\bP\bP\bPS\bS\bS\bSI\bI\bI\bIS\bS\bS\bS
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo -\b-\b-\b-V\bV\bV\bV | -\b-\b-\b-h\bh\bh\bh | -\b-\b-\b-l\bl\bl\bl | -\b-\b-\b-v\bv\bv\bv | -\b-\b-\b-k\bk\bk\bk | -\b-\b-\b-K\bK\bK\bK | -\b-\b-\b-s\bs\bs\bs | -\b-\b-\b-H\bH\bH\bH | [ -\b-\b-\b-b\bb\bb\bb ] | [ -\b-\b-\b-r\br\br\br
- realm ] | [ -\b-\b-\b-p\bp\bp\bp prompt ] [ -\b-\b-\b-u\bu\bu\bu username/#uid] _\bc_\bo_\bm_\bm_\ba_\bn_\bd
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo -\b-\b-\b-V\bV\bV\bV | -\b-\b-\b-h\bh\bh\bh | -\b-\b-\b-l\bl\bl\bl | -\b-\b-\b-L\bL\bL\bL | -\b-\b-\b-v\bv\bv\bv | -\b-\b-\b-k\bk\bk\bk | -\b-\b-\b-K\bK\bK\bK | -\b-\b-\b-s\bs\bs\bs | -\b-\b-\b-H\bH\bH\bH | [ -\b-\b-\b-b\bb\bb\bb ] |
+ [ -\b-\b-\b-r\br\br\br realm ] | [ -\b-\b-\b-p\bp\bp\bp prompt ] [ -\b-\b-\b-u\bu\bu\bu username/#uid] _\bc_\bo_\bm_\bm_\ba_\bn_\bd
D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows a permitted user to execute a _\bc_\bo_\bm_\bm_\ba_\bn_\bd as the
-l The -l (_\bl_\bi_\bs_\bt) option will list out the allowed (and
forbidden) commands for the user on the current host.
+ -L The -L (_\bl_\bi_\bs_\bt defaults) option will list out the
+ parameters that may be set in a _\bD_\be_\bf_\ba_\bu_\bl_\bt_\bs line along
+ with a short description for each. This option is
+ useful in conjunction with _\bg_\br_\be_\bp(1).
+
-h The -h (_\bh_\be_\bl_\bp) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print a usage
message and exit.
-v If given the -v (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will update
the user's timestamp, prompting for the user's
- password if necessary. This extends the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo timeout
- to for another N minutes (where N is defined at
- installation time and defaults to 5 minutes) but does
- not run a command.
-
-25/Aug/1999 1.6 1
+11/Oct/1999 1.6 1
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
+ password if necessary. This extends the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo timeout
+ to for another N minutes (where N is defined at
+ installation time and defaults to 5 minutes) but does
+ not run a command.
+
-k The -k (_\bk_\bi_\bl_\bl) option to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo invalidates the user's
timestamp by setting the time on it to the epoch. The
next time s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run a password will be required.
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo quits with an exit value of 1 if there is a
configuration/permission problem or if s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot execute
the given command. In the latter case the error string is
- printed to stderr. If s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot _\bs_\bt_\ba_\bt(2) one or more
- entries in the user's PATH an error is printed on stderr.
- (If the directory does not exist or if it is not really a
- directory, the entry is ignored and no error is printed.)
- This should not happen under normal circumstances. The
-25/Aug/1999 1.6 2
+11/Oct/1999 1.6 2
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
+ printed to stderr. If s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot _\bs_\bt_\ba_\bt(2) one or more
+ entries in the user's PATH an error is printed on stderr.
+ (If the directory does not exist or if it is not really a
+ directory, the entry is ignored and no error is printed.)
+ This should not happen under normal circumstances. The
most common reason for _\bs_\bt_\ba_\bt(2) to return "permission
denied" is if you are running an automounter and one of
the directories in your PATH is on a machine that is
(root) and permissions (0700) in the system startup files.
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will not honor timestamps set far in the future.
- Timestamps with a date greater than current_time + 2 *
- TIMEOUT will be ignored and sudo will log and complain.
- This is done to keep a user from creating his/her own
- timestamp with a bogus date on system that allow users to
- give away files.
-25/Aug/1999 1.6 3
+11/Oct/1999 1.6 3
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
+ Timestamps with a date greater than current_time + 2 *
+ TIMEOUT will be ignored and sudo will log and complain.
+ This is done to keep a user from creating his/her own
+ timestamp with a bogus date on system that allow users to
+ give away files.
+
E\bE\bE\bEX\bX\bX\bXA\bA\bA\bAM\bM\bM\bMP\bP\bP\bPL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
Note: the following examples assume suitable _\bs_\bu_\bd_\bo_\be_\br_\bs(5)
entries.
SUDO_PS1 If set, PS1 will be set to its value
-F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
- /etc/sudoers List of who can run what
- /var/run/sudo Directory containing timestamps
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo utilizes the following environment variables:
+11/Oct/1999 1.6 4
-25/Aug/1999 1.6 4
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
-SUDO(8) MAINTENANCE COMMANDS SUDO(8)
+F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
+ /etc/sudoers List of who can run what
+ /var/run/sudo Directory containing timestamps
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo utilizes the following environment variables:
PATH Set to a sane value if SECURE_PATH is set
SHELL Used to determine shell to run with -s option
shell if that user has access to commands allowing shell
escapes.
- If users have sudo ALL there is nothing to prevent them
- from creating their own program that gives them a root
- shell regardless of any '!' elements in the user
- specification.
-
- Running shell scripts via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo can expose the same kernel
-25/Aug/1999 1.6 5
+11/Oct/1999 1.6 5
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
+ If users have sudo ALL there is nothing to prevent them
+ from creating their own program that gives them a root
+ shell regardless of any '!' elements in the user
+ specification.
+
+ Running shell scripts via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo can expose the same kernel
bugs that make setuid shell scripts unsafe on some
operating systems (if your OS supports the /dev/fd/
directory, setuid shell scripts are generally safe).
-
-
-
-
-
-
-25/Aug/1999 1.6 6
+11/Oct/1999 1.6 6
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
-''' Revision 1.36 1999/08/26 09:10:11 millert
-''' rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more standard and add "EXAMPLES" section
+''' Revision 1.37 1999/10/12 00:05:39 millert
+''' document -L flag
'''
'''
.de Sh
.nr % 0
.rr F
.\}
-.TH SUDO 8 "1.6" "25/Aug/1999" "MAINTENANCE COMMANDS"
+.TH SUDO 8 "1.6" "11/Oct/1999" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.if n .na
.SH "NAME"
sudo \- execute a command as another user
.SH "SYNOPSIS"
-\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \fB\-H\fR |
+\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \fB\-H\fR |
[ \fB\-b\fR ] | [ \fB\-r\fR realm ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
.SH "DESCRIPTION"
\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
.Ip "-l" 4
The \f(CW-l\fR (\fIlist\fR) option will list out the allowed (and
forbidden) commands for the user on the current host.
+.Ip "-L" 4
+The \f(CW-L\fR (\fIlist\fR defaults) option will list out the parameters
+that may be set in a \fIDefaults\fR line along with a short description
+for each. This option is useful in conjunction with \fIgrep\fR\|(1).
.Ip "-h" 4
The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
.Ip "-v" 4
.IX Item "-l"
+.IX Item "-L"
+
.IX Item "-h"
.IX Item "-v"
projects / sudo / commitdiff