be set before sudoers is parsed.
o Fix the "set_home" sudoers option (only worked at compile time).
o Fix "fqdn" sudoers option. We now set host/shost via set_fqdn which
gets called when the "fqdn" option is set in sudoers.
o Move the openlog() to store_syslogfac() so this gets overridden
correctly from the sudoers file.
security hole as most editors allow a user to get a shell (which would
be a root shell and hence, no logging).
+ --enable-noargs-shell
+ If sudo is invoked with no arguments it acts as if the "-s" flag had
+ been given. That is, it runs a shell as root (the shell is determined
+ by the SHELL environment variable, falling back on the shell listed
+ in the invoking user's /etc/passwd entry).
+
The following options are also configurable at runtime:
--with-otp-only
--enable-log-host
Log the hostname in the log file.
- --enable-noargs-shell
- If sudo is invoked with no arguments it acts as if the "-s" flag had
- been given. That is, it runs a shell as root (the shell is determined
- by the SHELL environment variable, falling back on the shell listed
- in the invoking user's /etc/passwd entry).
-
--enable-shell-sets-home
If sudo is invoked with the "-s" flag the HOME environment variable
will be set to the home directory of the target user (which is root
}, {
"log_year", T_FLAG, { 0 },
"Log the year in the (non-syslog) log file"
- }, {
- "shell_noargs", T_FLAG, { 0 },
- "If sudo is invoked with no arguments, start a shell"
}, {
"set_home", T_FLAG, { 0 },
"Set $HOME to the target user when starting a shell with -s"
int op; /* TRUE or FALSE */
{
struct sudo_defs_types *cur;
+ int num;
- for (cur = sudo_defs_table; cur->name; cur++) {
+ for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) {
if (strcmp(var, cur->name) == 0)
break;
}
return(FALSE);
}
cur->sd_un.flag = op;
+
+ /* Special action for I_FQDN. Move to own switch if we get more */
+ if (num == I_FQDN && op)
+ set_fqdn();
break;
}
#ifdef HOST_IN_LOG
def_flag(I_LOG_HOST) = TRUE;
#endif
-#ifdef SHELL_IF_NO_ARGS
- def_flag(I_SHELL_NOARGS) = TRUE;
-#endif
#ifdef SHELL_SETS_HOME
def_flag(I_SET_HOME) = TRUE;
#endif
return(FALSE); /* not found */
/* Store both name and number. */
- if (def->sd_un.str)
+ if (def->sd_un.str) {
free(def->sd_un.str);
+ closelog();
+ }
+ openlog("sudo", 0, fac->num);
def->sd_un.str = estrdup(fac->name);
sudo_defs_table[I_LOGFAC].sd_un.ival = fac->num;
#else
- if (def->sd_un.str)
+ if (def->sd_un.str) {
free(def->sd_un.str);
+ closelog();
+ }
+ openlog("sudo", 0);
def->sd_un.str = estrdup("default");
#endif /* LOG_NFACILITIES */
return(TRUE);
#define I_ROOT_SUDO 15
#define I_LOG_HOST 16
#define I_LOG_YEAR 17
-#define I_SHELL_NOARGS 18
-#define I_SET_HOME 19
-#define I_PATH_INFO 20
-#define I_FQDN 21
-#define I_INSULTS 22
-#define I_REQUIRETTY 23
+#define I_SET_HOME 18
+#define I_PATH_INFO 19
+#define I_FQDN 20
+#define I_INSULTS 21
+#define I_REQUIRETTY 22
/* Integer values */
-#define I_LOGLEN 24 /* wrap log file line after N chars */
-#define I_TS_TIMEOUT 25 /* timestamp stale after N minutes */
-#define I_PW_TIMEOUT 26 /* exit if pass not entered in N minutes */
-#define I_PW_TRIES 27 /* exit after N bad password tries */
-#define I_UMASK 28 /* umask to use or 0777 to use user's */
+#define I_LOGLEN 23 /* wrap log file line after N chars */
+#define I_TS_TIMEOUT 24 /* timestamp stale after N minutes */
+#define I_PW_TIMEOUT 25 /* exit if pass not entered in N minutes */
+#define I_PW_TRIES 26 /* exit after N bad password tries */
+#define I_UMASK 27 /* umask to use or 0777 to use user's */
/* Strings */
-#define I_LOGFILE 29 /* path to logfile (or NULL for none) */
-#define I_MAILERPATH 30 /* path to sendmail or other mailer */
-#define I_MAILERFLAGS 31 /* flags to pass to the mailer */
-#define I_MAILTO 32 /* who to send bitch mail to */
-#define I_MAILSUB 33 /* subject line of mail msg */
-#define I_BADPASS_MSG 34 /* what to say when passwd is wrong */
-#define I_TIMESTAMPDIR 35 /* path to timestamp dir */
-#define I_EXEMPT_GRP 36 /* no password or PATH override for these */
-#define I_PASSPROMPT 37 /* password prompt */
-#define I_RUNAS_DEF 38 /* default user to run commands as */
-#define I_SECURE_PATH 39 /* set $PATH to this if not NULL */
+#define I_LOGFILE 28 /* path to logfile (or NULL for none) */
+#define I_MAILERPATH 29 /* path to sendmail or other mailer */
+#define I_MAILERFLAGS 30 /* flags to pass to the mailer */
+#define I_MAILTO 31 /* who to send bitch mail to */
+#define I_MAILSUB 32 /* subject line of mail msg */
+#define I_BADPASS_MSG 33 /* what to say when passwd is wrong */
+#define I_TIMESTAMPDIR 34 /* path to timestamp dir */
+#define I_EXEMPT_GRP 35 /* no password or PATH override for these */
+#define I_PASSPROMPT 36 /* password prompt */
+#define I_RUNAS_DEF 37 /* default user to run commands as */
+#define I_SECURE_PATH 38 /* set $PATH to this if not NULL */
/*
* Macros for accessing sudo_defs_table.
/* Setup defaults data structures. */
init_defaults();
- /* Initialize syslog(3) if we are using it. */
- if (def_str(I_LOGFACSTR)) {
-#ifdef LOG_NFACILITIES
- openlog("sudo", 0, def_ival(I_LOGFAC));
-#else
- openlog("sudo", 0);
-#endif /* LOG_NFACILITIES */
- }
-
if (sudo_mode & MODE_SHELL)
user_cmnd = "shell";
else
exit(1);
}
+ /* May need to set $HOME to target user. */
+ if ((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME))
+ sudo_mode |= MODE_RESET_HOME;
+
/* Bail if a tty is required and we don't have one. */
if (def_flag(I_REQUIRETTY)) {
if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1)
int sudo_mode;
{
char *p, thost[MAXHOSTNAMELEN];
- struct hostent *hp;
/* Sanity check command from user. */
if (user_cmnd == NULL && strlen(NewArgv[0]) >= MAXPATHLEN) {
log_error(USE_ERRNO|MSG_ONLY, "can't get hostname");
} else
user_host = estrdup(thost);
- if (def_flag(I_FQDN)) {
- if (!(hp = gethostbyname(user_host))) {
- log_error(USE_ERRNO|MSG_ONLY|NO_EXIT,
- "unable to lookup %s via gethostbyname()", user_host);
+ if (def_flag(I_FQDN))
+ set_fqdn();
+ else {
+ if ((p = strchr(user_host, '.'))) {
+ *p = '\0';
+ user_shost = estrdup(user_host);
+ *p = '.';
} else {
- free(user_host);
- user_host = estrdup(hp->h_name);
+ user_shost = user_host;
}
}
- if ((p = strchr(user_host, '.'))) {
- *p = '\0';
- user_shost = estrdup(user_host);
- *p = '.';
- } else {
- user_shost = user_host;
- }
if ((p = ttyname(STDIN_FILENO)) || (p = ttyname(STDOUT_FILENO))) {
if (strncmp(p, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
NewArgv = Argv + 1;
NewArgc = Argc - 1;
- if (Argc < 2) { /* no options and no command */
- if (!def_flag(I_SHELL_NOARGS))
- usage(1);
+#ifdef SHELL_IF_NO_ARGS
+ if (NewArgc == 0) { /* no options and no command */
rval |= MODE_SHELL;
return(rval);
}
+#endif
while (NewArgc > 0 && NewArgv[0][0] == '-') {
if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') {
if (excl && excl != 's')
usage_excl(1);
excl = 's';
- if (def_flag(I_SET_HOME))
- rval |= MODE_RESET_HOME;
break;
case 'H':
rval |= MODE_RESET_HOME;
case '-':
NewArgc--;
NewArgv++;
- if (def_flag(I_SHELL_NOARGS) && rval == MODE_RUN)
+#ifdef SHELL_IF_NO_ARGS
+ if (rval == MODE_RUN)
rval |= MODE_SHELL;
+#endif
return(rval);
case '\0':
(void) fprintf(stderr, "%s: '-' requires an argument\n",
#endif /* POSIX_SIGNALS */
}
+/*
+ * Look up the fully qualified domain name and set user_host and user_shost.
+ */
+void
+set_fqdn()
+{
+ struct hostent *hp;
+ char *p;
+
+ if (def_flag(I_FQDN)) {
+ if (!(hp = gethostbyname(user_host))) {
+ log_error(USE_ERRNO|MSG_ONLY|NO_EXIT,
+ "unable to lookup %s via gethostbyname()", user_host);
+ } else {
+ free(user_host);
+ user_host = estrdup(hp->h_name);
+ }
+ }
+ if (user_shost != user_host)
+ free(user_shost);
+ if ((p = strchr(user_host, '.'))) {
+ *p = '\0';
+ user_shost = estrdup(user_host);
+ *p = '.';
+ } else {
+ user_shost = user_host;
+ }
+}
+
/*
* Tell which options are mutually exclusive and exit.
*/
void dump_auth_methods __P((void));
int lock_file __P((int, int));
int touch __P((char *, time_t));
+void set_fqdn __P((void));
YY_DECL;
/* Only provide extern declarations outside of sudo.c. */
-28/Nov/1999 1.6 1
+2/Dec/1999 1.6 1
-28/Nov/1999 1.6 2
+2/Dec/1999 1.6 2
-28/Nov/1999 1.6 3
+2/Dec/1999 1.6 3
-28/Nov/1999 1.6 4
+2/Dec/1999 1.6 4
sudoers(5) FILE FORMATS sudoers(5)
- shell_noargs
- If sudo is invoked with no arguments, start a
- shell
-
set_home Set $HOME to the target user when starting a
shell with -s
syslog_goodpri
Syslog priority to use when user authenticates
+ successfully
+
+ syslog_badpri
+ Syslog priority to use when user authenticates
-28/Nov/1999 1.6 5
+2/Dec/1999 1.6 5
sudoers(5) FILE FORMATS sudoers(5)
- successfully
-
- syslog_badpri
- Syslog priority to use when user authenticates
unsuccessfully
S\bS\bS\bSt\bt\bt\btr\br\br\bri\bi\bi\bin\bn\bn\bng\bg\bg\bgs\bs\bs\bs t\bt\bt\bth\bh\bh\bha\ba\ba\bat\bt\bt\bt c\bc\bc\bca\ba\ba\ban\bn\bn\bn b\bb\bb\bbe\be\be\be u\bu\bu\bus\bs\bs\bse\be\be\bed\bd\bd\bd i\bi\bi\bin\bn\bn\bn a\ba\ba\ba b\bb\bb\bbo\bo\bo\boo\bo\bo\bol\bl\bl\ble\be\be\bea\ba\ba\ban\bn\bn\bn c\bc\bc\bco\bo\bo\bon\bn\bn\bnt\bt\bt\bte\be\be\bex\bx\bx\bxt\bt\bt\bt:
A Runas_Spec is simply a Runas_List (as defined above)
enclosed in a set of parentheses. If you do not specify a
+ Runas_Spec in the user specification, a default Runas_Spec
+ of r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt will be used. A Runas_Spec sets the default for
+ commands that follow it. What this means is that for the
+ entry:
-28/Nov/1999 1.6 6
+2/Dec/1999 1.6 6
sudoers(5) FILE FORMATS sudoers(5)
- Runas_Spec in the user specification, a default Runas_Spec
- of r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt will be used. A Runas_Spec sets the default for
- commands that follow it. What this means is that for the
- entry:
-
dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who
The user d\bd\bd\bdg\bg\bg\bgb\bb\bb\bb may run _\b/_\bb_\bi_\bn_\b/_\bl_\bs, _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl, and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm
[...] Matches any character in the specified range.
+ [!...] Matches any character n\bn\bn\bno\bo\bo\bot\bt\bt\bt in the specified range.
+ \x For any character "x", evaluates to "x". This is
+ used to escape special characters such as: "*",
+ "?", "[", and "}".
-28/Nov/1999 1.6 7
+2/Dec/1999 1.6 7
-sudoers(5) FILE FORMATS sudoers(5)
+sudoers(5) FILE FORMATS sudoers(5)
- [!...] Matches any character n\bn\bn\bno\bo\bo\bot\bt\bt\bt in the specified range.
-
- \x For any character "x", evaluates to "x". This is
- used to escape special characters such as: "*",
- "?", "[", and "}".
Note that a forward slash ('/') will n\bn\bn\bno\bo\bo\bot\bt\bt\bt be matched by
wildcards used in the pathname. When matching the command
syntactic characters in a _\bU_\bs_\be_\br _\bS_\bp_\be_\bc_\bi_\bf_\bi_\bc_\ba_\bt_\bi_\bo_\bn ('=', ':',
'(', ')') is optional.
+ The following characters must be escaped with a backslash
+ ('\') when used as part of a word (eg. a username or
+ hostname): '@', '!', '=', ':', ',', '(', ')', '\'.
-28/Nov/1999 1.6 8
+2/Dec/1999 1.6 8
-sudoers(5) FILE FORMATS sudoers(5)
- The following characters must be escaped with a backslash
- ('\') when used as part of a word (eg. a username or
- hostname): '@', '!', '=', ':', ',', '(', ')', '\'.
+
+sudoers(5) FILE FORMATS sudoers(5)
+
E\bE\bE\bEX\bX\bX\bXA\bA\bA\bAM\bM\bM\bMP\bP\bP\bPL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
Below are example _\bs_\bu_\bd_\bo_\be_\br_\bs entries. Admittedly, some of
Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+ The _\bU_\bs_\be_\br _\bs_\bp_\be_\bc_\bi_\bf_\bi_\bc_\ba_\bt_\bi_\bo_\bn is the part that actually
+ determines who may run what.
-28/Nov/1999 1.6 9
+2/Dec/1999 1.6 9
-sudoers(5) FILE FORMATS sudoers(5)
- The _\bU_\bs_\be_\br _\bs_\bp_\be_\bc_\bi_\bf_\bi_\bc_\ba_\bt_\bi_\bo_\bn is the part that actually
- determines who may run what.
+sudoers(5) FILE FORMATS sudoers(5)
+
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
assumes _\bp_\ba_\bs_\bs_\bw_\bd(1) does not take multiple usernames on the
command line.
+ bob SPARC = (OP) ALL : SGI = (OP) ALL
+ The user b\bb\bb\bbo\bo\bo\bob\bb\bb\bb may run anything on the _\bS_\bP_\bA_\bR_\bC and _\bS_\bG_\bI
-28/Nov/1999 1.6 10
+2/Dec/1999 1.6 10
-sudoers(5) FILE FORMATS sudoers(5)
+sudoers(5) FILE FORMATS sudoers(5)
- bob SPARC = (OP) ALL : SGI = (OP) ALL
- The user b\bb\bb\bbo\bo\bo\bob\bb\bb\bb may run anything on the _\bS_\bP_\bA_\bR_\bC and _\bS_\bG_\bI
machines as any user listed in the _\bO_\bP Runas_Alias (r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt
and o\bo\bo\bop\bp\bp\bpe\be\be\ber\br\br\bra\ba\ba\bat\bt\bt\bto\bo\bo\bor\br\br\br).
On the host www, any user in the _\bW_\bE_\bB_\bM_\bA_\bS_\bT_\bE_\bR_\bS User_Alias
(will, wendy, and wim), may run any command as user www
+ (which owns the web pages) or simply _\bs_\bu(1) to www.
-28/Nov/1999 1.6 11
+2/Dec/1999 1.6 11
-sudoers(5) FILE FORMATS sudoers(5)
- (which owns the web pages) or simply _\bs_\bu(1) to www.
+sudoers(5) FILE FORMATS sudoers(5)
+
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
-28/Nov/1999 1.6 12
+
+
+2/Dec/1999 1.6 12
-28/Nov/1999 1.6 13
+2/Dec/1999 1.6 13
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
-''' Revision 1.16 1999/11/29 01:57:04 millert
-''' fix some syntactic goofs
+''' Revision 1.17 1999/12/02 20:31:24 millert
+''' o Kill shell_noargs option, it cannot work since the command needs to
+''' be set before sudoers is parsed.
+''' o Fix the "set_home" sudoers option (only worked at compile time).
+''' o Fix "fqdn" sudoers option. We now set host/shost via set_fqdn which
+''' gets called when the "fqdn" option is set in sudoers.
+''' o Move the openlog() to store_syslogfac() so this gets overridden
+''' correctly from the sudoers file.
'''
'''
.de Sh
.nr % 0
.rr F
.\}
-.TH sudoers 5 "1.6" "28/Nov/1999" "FILE FORMATS"
+.TH sudoers 5 "1.6" "2/Dec/1999" "FILE FORMATS"
.UC
.if n .hy 0
.if n .na
Log the hostname in the (non-syslog) log file
.Ip "log_year" 12
Log the year in the (non-syslog) log file
-.Ip "shell_noargs" 12
-If sudo is invoked with no arguments, start a shell
.Ip "set_home" 12
Set \f(CW$HOME\fR to the target user when starting a shell with \f(CW-s\fR
.Ip "path_info" 12
.IX Item "log_year"
-.IX Item "shell_noargs"
-
.IX Item "set_home"
.IX Item "path_info"
.IX Subsection "Exceptions to wildcard rules:"
-.IX Item "\f(CW""\fR"
+.IX Item \f(CW""\fR
.IX Subsection "Other special characters and reserved words:"
Log the year in the (non-syslog) log file
-=item shell_noargs
-
-If sudo is invoked with no arguments, start a shell
-
=item set_home
Set $HOME to the target user when starting a shell with C<-s>
return(TRUE);
}
+void
+set_fqdn()
+{
+ return;
+}
+
/*
* Assuming a parse error occurred, prompt the user for what they want
* to do now. Returns the first letter of their choice.
projects / sudo / commitdiff