modified. This flag is off by default.
mail_always Send mail to the _\bm_\ba_\bi_\bl_\bt_\bo user every time a
- users runs sudo. This flag is off by default.
+ users runs s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo. This flag is off by default.
mail_no_user
If set, mail will be sent to the _\bm_\ba_\bi_\bl_\bt_\bo user
mail_no_perms
If set, mail will be sent to the _\bm_\ba_\bi_\bl_\bt_\bo user
- if the invoking user allowed to use sudo but
+ if the invoking user allowed to use s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo but
the command they are trying is not listed in
their _\bs_\bu_\bd_\bo_\be_\br_\bs file entry. This flag is off by
may be overridden via the PASSWD and NOPASSWD
tags. This flag is on by default.
- root_sudo If set, root is allowed to run sudo too.
+ root_sudo If set, root is allowed to run s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo too.
Disabling this prevents users from "chaining"
- sudo commands to get a root shell by doing
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo commands to get a root shell by doing
something like "sudo sudo /bin/sh". This flag
is on by default.
instead of myhost you would use
myhost.mydomain.edu. You may still use the
short form if you wish (and even mix the two).
- Beware that turning on _\bf_\bq_\bd_\bn requires sudo to
+ Beware that turning on _\bf_\bq_\bd_\bn requires s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to
make DNS lookups which may make s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo unusable
if DNS stops working (for example if the
machine is not plugged into the network).
you shouldn't need to set _\bf_\bq_\bf_\bn. This flag is
off by default.
- insults If set, sudo will insult users when they enter
+ insults If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will insult users when they enter
an incorrect password. This flag is off by
default.
- requiretty If set, sudo will only run when the user is
+ requiretty If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will only run when the user is
logged in to a real tty. This will disallow
things like "rsh somehost sudo ls" since
_\br_\bs_\bh(1) does not allocate a tty. Because it is
flag to prevent a user from entering a visible
password. This flag is off by default.
- env_editor If set, visudo will use the value of the
+ env_editor If set, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will use the value of the
EDITOR or VISUAL environment falling back on
the default editor. Note that this may create
a security hole as most editors allow a user
to get a shell (which would be a root shell
and not be logged).
- rootpw If set, sudo will prompt for the root password
+ rootpw If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will prompt for the root password
instead of the password of the invoking user.
- runaspw If set, sudo will prompt for the password of
+ runaspw If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will prompt for the password of
the user defined by the _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt option
(defaults to root) instead of the password of
the invoking user.
sudoers(5) FILE FORMATS sudoers(5)
- targetpw If set, sudo will prompt for the password of
+ targetpw If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will prompt for the password of
the user specified by the -u flag (defaults to
root) instead of the password of the invoking
user.
+ set_logname Normally, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will set the LOGNAME and USER
+ environment variables to the name of the
+ target user (usually root unless the -u flag
+ is given). However, since some programs
+ (including the RCS revision control system)
+ use LOGNAME to determine the real identity of
+ the user, it may be desirable to change this
+ behavior. This can be done by negating the
+ set_logname option.
+
use_loginclass
- If set, sudo will apply the defaults specified
+ If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will apply the defaults specified
for the target user's login class if one
- exists. Only available if sudo is configured
+ exists. Only available if s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is configured
with the --with-logincap option.
I\bI\bI\bIn\bn\bn\bnt\bt\bt\bte\be\be\beg\bg\bg\bge\be\be\ber\br\br\brs\bs\bs\bs:
passwd_tries
The number of tries a user gets to enter
- his/her password before sudo logs the failure
+ his/her password before s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo logs the failure
and exits. The default is 3.
I\bI\bI\bIn\bn\bn\bnt\bt\bt\bte\be\be\beg\bg\bg\bge\be\be\ber\br\br\brs\bs\bs\bs t\bt\bt\bth\bh\bh\bha\ba\ba\bat\bt\bt\bt c\bc\bc\bca\ba\ba\ban\bn\bn\bn b\bb\bb\bbe\be\be\be u\bu\bu\bus\bs\bs\bse\be\be\bed\bd\bd\bd i\bi\bi\bin\bn\bn\bn a\ba\ba\ba b\bb\bb\bbo\bo\bo\boo\bo\bo\bol\bl\bl\ble\be\be\bea\ba\ba\ban\bn\bn\bn c\bc\bc\bco\bo\bo\bon\bn\bn\bnt\bt\bt\bte\be\be\bex\bx\bx\bxt\bt\bt\bt:
password.
passwd_timeout
- Number of minutes before the sudo password
+ Number of minutes before the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo password
prompt times out. The default is 5, set this
to 0 for no password timeout.
S\bS\bS\bSt\bt\bt\btr\br\br\bri\bi\bi\bin\bn\bn\bng\bg\bg\bgs\bs\bs\bs:
- mailsub Subject of the mail sent to the _\bm_\ba_\bi_\bl_\bt_\bo user.
- The escape %h will expand to the hostname of
- the machine. Default is "*** SECURITY
- information for %h ***".
-
- badpass_message
- Message that is displayed if a user enters an
- incorrect password. The default is "Sorry,
- try again." unless insults are enabled.
-
sudoers(5) FILE FORMATS sudoers(5)
+ mailsub Subject of the mail sent to the _\bm_\ba_\bi_\bl_\bt_\bo user.
+ The escape %h will expand to the hostname of
+ the machine. Default is "*** SECURITY
+ information for %h ***".
+
+ badpass_message
+ Message that is displayed if a user enters an
+ incorrect password. The default is "Sorry,
+ try again." unless insults are enabled.
+
timestampdir
The directory in which s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo stores its
timestamp files. The default is _\b@_\bT_\bI_\bM_\bE_\bD_\bI_\bR_\b@.
Syslog priority to use when user authenticates
unsuccessfully. Defaults to "alert".
- editor Path to the editor to be used by visudo. The
+ editor Path to the editor to be used by v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo. The
default is the path to vi on your system.
S\bS\bS\bSt\bt\bt\btr\br\br\bri\bi\bi\bin\bn\bn\bng\bg\bg\bgs\bs\bs\bs t\bt\bt\bth\bh\bh\bha\ba\ba\bat\bt\bt\bt c\bc\bc\bca\ba\ba\ban\bn\bn\bn b\bb\bb\bbe\be\be\be u\bu\bu\bus\bs\bs\bse\be\be\bed\bd\bd\bd i\bi\bi\bin\bn\bn\bn a\ba\ba\ba b\bb\bb\bbo\bo\bo\boo\bo\bo\bol\bl\bl\ble\be\be\bea\ba\ba\ban\bn\bn\bn c\bc\bc\bco\bo\bo\bon\bn\bn\bnt\bt\bt\bte\be\be\bex\bx\bx\bxt\bt\bt\bt:
- logfile Path to the sudo log file (not the syslog log
+ logfile Path to the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo log file (not the syslog log
file). Setting a path turns on logging to a
file, negating this option turns it off.
mailerflags Flags to use when invoking mailer. Defaults to
-t.
- mailto Address to send warning and erorr mail to.
- Defaults to "root".
-
- exempt_group
- Users in this group are exempt from password
- and PATH requirements. This is not set by
- default.
-
-
-
22/Mar/2000 1.6.3 8
sudoers(5) FILE FORMATS sudoers(5)
+ mailto Address to send warning and erorr mail to.
+ Defaults to "root".
+
+ exempt_group
+ Users in this group are exempt from password
+ and PATH requirements. This is not set by
+ default.
+
secure_path Path used for every command run from s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo. If
- you don't trust the people running sudo to
+ you don't trust the people running s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to
have a sane PATH environment variable you may
want to use this. Another use is if you want
to have the "root path" be separate from the
"user path." This is not set by default.
verifypw This option controls when a password will be
- required when a user runs sudo with the -\b-\b-\b-v\bv\bv\bv.
+ required when a user runs s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo with the -\b-\b-\b-v\bv\bv\bv.
It has the following possible values:
all All the user's I<sudoers> entries for the
The default value is `all'.
listpw This option controls when a password will be
- required when a user runs sudo with the -\b-\b-\b-l\bl\bl\bl.
+ required when a user runs s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo with the -\b-\b-\b-l\bl\bl\bl.
It has the following possible values:
all All the user's I<sudoers> entries for the
always The user must always enter a password to use
the B<-l> flag.
- The default value is `any'.
-
- When logging via _\bs_\by_\bs_\bl_\bo_\bg(3), sudo accepts the following
- values for the syslog facility (the value of the s\bs\bs\bsy\by\by\bys\bs\bs\bsl\bl\bl\blo\bo\bo\bog\bg\bg\bg
- Parameter): a\ba\ba\bau\bu\bu\but\bt\bt\bth\bh\bh\bhp\bp\bp\bpr\br\br\bri\bi\bi\biv\bv\bv\bv (if your OS supports it), a\ba\ba\bau\bu\bu\but\bt\bt\bth\bh\bh\bh,
- d\bd\bd\bda\ba\ba\bae\be\be\bem\bm\bm\bmo\bo\bo\bon\bn\bn\bn, u\bu\bu\bus\bs\bs\bse\be\be\ber\br\br\br, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl0\b0\b0\b0, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl1\b1\b1\b1, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl2\b2\b2\b2, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl3\b3\b3\b3, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl4\b4\b4\b4,
- l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl5\b5\b5\b5, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl6\b6\b6\b6, and l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl7\b7\b7\b7. The following syslog
-
22/Mar/2000 1.6.3 9
sudoers(5) FILE FORMATS sudoers(5)
+ The default value is `any'.
+
+ When logging via _\bs_\by_\bs_\bl_\bo_\bg(3), s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following
+ values for the syslog facility (the value of the s\bs\bs\bsy\by\by\bys\bs\bs\bsl\bl\bl\blo\bo\bo\bog\bg\bg\bg
+ Parameter): a\ba\ba\bau\bu\bu\but\bt\bt\bth\bh\bh\bhp\bp\bp\bpr\br\br\bri\bi\bi\biv\bv\bv\bv (if your OS supports it), a\ba\ba\bau\bu\bu\but\bt\bt\bth\bh\bh\bh,
+ d\bd\bd\bda\ba\ba\bae\be\be\bem\bm\bm\bmo\bo\bo\bon\bn\bn\bn, u\bu\bu\bus\bs\bs\bse\be\be\ber\br\br\br, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl0\b0\b0\b0, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl1\b1\b1\b1, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl2\b2\b2\b2, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl3\b3\b3\b3, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl4\b4\b4\b4,
+ l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl5\b5\b5\b5, l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl6\b6\b6\b6, and l\bl\bl\blo\bo\bo\boc\bc\bc\bca\ba\ba\bal\bl\bl\bl7\b7\b7\b7. The following syslog
priorities are supported: a\ba\ba\bal\bl\bl\ble\be\be\ber\br\br\brt\bt\bt\bt, c\bc\bc\bcr\br\br\bri\bi\bi\bit\bt\bt\bt, d\bd\bd\bde\be\be\beb\bb\bb\bbu\bu\bu\bug\bg\bg\bg, e\be\be\bem\bm\bm\bme\be\be\ber\br\br\brg\bg\bg\bg, e\be\be\ber\br\br\brr\br\br\br,
i\bi\bi\bin\bn\bn\bnf\bf\bf\bfo\bo\bo\bo, n\bn\bn\bno\bo\bo\bot\bt\bt\bti\bi\bi\bic\bc\bc\bce\be\be\be, and w\bw\bw\bwa\ba\ba\bar\br\br\brn\bn\bn\bni\bi\bi\bin\bn\bn\bng\bg\bg\bg.
Then user d\bd\bd\bdg\bg\bg\bgb\bb\bb\bb is now allowed to run _\b/_\bb_\bi_\bn_\b/_\bl_\bs as o\bo\bo\bop\bp\bp\bpe\be\be\ber\br\br\bra\ba\ba\bat\bt\bt\bto\bo\bo\bor\br\br\br,
but _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm as r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt.
- N\bN\bN\bNO\bO\bO\bOP\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD a\ba\ba\ban\bn\bn\bnd\bd\bd\bd P\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD
-
- By default, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo requires that a user authenticate him or
- herself before running a command. This behavior can be
- modified via the NOPASSWD tag. Like a Runas_Spec, the
- NOPASSWD tag sets a default for the commands that follow
- it in the Cmnd_Spec_List. Conversely, the PASSWD tag can
sudoers(5) FILE FORMATS sudoers(5)
+ N\bN\bN\bNO\bO\bO\bOP\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD a\ba\ba\ban\bn\bn\bnd\bd\bd\bd P\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD
+
+ By default, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo requires that a user authenticate him or
+ herself before running a command. This behavior can be
+ modified via the NOPASSWD tag. Like a Runas_Spec, the
+ NOPASSWD tag sets a default for the commands that follow
+ it in the Cmnd_Spec_List. Conversely, the PASSWD tag can
be used to reverse things. For example:
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
line arguments, however, as slash d\bd\bd\bdo\bo\bo\boe\be\be\bes\bs\bs\bs get matched by
wildcards. This is to make a path like:
- /usr/bin/*
-
- match /usr/bin/who but not /usr/bin/X11/xterm.
-
-
-
-
sudoers(5) FILE FORMATS sudoers(5)
+ /usr/bin/*
+
+ match /usr/bin/who but not /usr/bin/X11/xterm.
+
E\bE\bE\bEx\bx\bx\bxc\bc\bc\bce\be\be\bep\bp\bp\bpt\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bns\bs\bs\bs t\bt\bt\bto\bo\bo\bo w\bw\bw\bwi\bi\bi\bil\bl\bl\bld\bd\bd\bdc\bc\bc\bca\ba\ba\bar\br\br\brd\bd\bd\bd r\br\br\bru\bu\bu\bul\bl\bl\ble\be\be\bes\bs\bs\bs:\b:\b:\b:
The following exceptions apply to the above rules:
Below are example _\bs_\bu_\bd_\bo_\be_\br_\bs entries. Admittedly, some of
these are a bit contrived. First, we define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
- # User alias specification
- User_Alias FULLTIMERS = millert, mikef, dowdy
- User_Alias PARTTIMERS = bostley, jwfox, crawl
- User_Alias WEBMASTERS = will, wendy, wim
sudoers(5) FILE FORMATS sudoers(5)
+ # User alias specification
+ User_Alias FULLTIMERS = millert, mikef, dowdy
+ User_Alias PARTTIMERS = bostley, jwfox, crawl
+ User_Alias WEBMASTERS = will, wendy, wim
+
# Runas alias specification
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Cmnd_Alias SU = /usr/bin/su
Here we override some of the compiled in default values.
- We want sudo to log via _\bs_\by_\bs_\bl_\bo_\bg(3) using the _\ba_\bu_\bt_\bh facility
+ We want s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to log via _\bs_\by_\bs_\bl_\bo_\bg(3) using the _\ba_\bu_\bt_\bh facility
in all cases. We don't want to subject the full time
staff to the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo lecture, and user m\bm\bm\bmi\bi\bi\bil\bl\bl\bll\bl\bl\ble\be\be\ber\br\br\brt\bt\bt\bt need not give
a password. In addition, on the machines in the _\bS_\bE_\bR_\bV_\bE_\bR_\bS
%wheel ALL = (ALL) ALL
We let r\br\br\bro\bo\bo\boo\bo\bo\bot\bt\bt\bt and any user in group w\bw\bw\bwh\bh\bh\bhe\be\be\bee\be\be\bel\bl\bl\bl run any command on
- any host as any user.
-
- FULLTIMERS ALL = NOPASSWD: ALL
-
- Full time sysadmins (m\bm\bm\bmi\bi\bi\bil\bl\bl\bll\bl\bl\ble\be\be\ber\br\br\brt\bt\bt\bt, m\bm\bm\bmi\bi\bi\bik\bk\bk\bke\be\be\bef\bf\bf\bf, and d\bd\bd\bdo\bo\bo\bow\bw\bw\bwd\bd\bd\bdy\by\by\by) may run
sudoers(5) FILE FORMATS sudoers(5)
+ any host as any user.
+
+ FULLTIMERS ALL = NOPASSWD: ALL
+
+ Full time sysadmins (m\bm\bm\bmi\bi\bi\bil\bl\bl\bll\bl\bl\ble\be\be\ber\br\br\brt\bt\bt\bt, m\bm\bm\bmi\bi\bi\bik\bk\bk\bke\be\be\bef\bf\bf\bf, and d\bd\bd\bdo\bo\bo\bow\bw\bw\bwd\bd\bd\bdy\by\by\by) may run
any command on any host without authenticating themselves.
PARTTIMERS ALL = ALL
jim +biglab = ALL
- The user j\bj\bj\bji\bi\bi\bim\bm\bm\bm may run any command on machines in the _\bb_\bi_\bg_\bl_\ba_\bb
- netgroup. S\bS\bS\bSu\bu\bu\bud\bd\bd\bdo\bo\bo\bo knows that "biglab" is a netgroup due to
- the '+' prefix.
-
-
22/Mar/2000 1.6.3 14
sudoers(5) FILE FORMATS sudoers(5)
+ The user j\bj\bj\bji\bi\bi\bim\bm\bm\bm may run any command on machines in the _\bb_\bi_\bg_\bl_\ba_\bb
+ netgroup. S\bS\bS\bSu\bu\bu\bud\bd\bd\bdo\bo\bo\bo knows that "biglab" is a netgroup due to
+ the '+' prefix.
+
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
Users in the s\bs\bs\bse\be\be\bec\bc\bc\bcr\br\br\bre\be\be\bet\bt\bt\bta\ba\ba\bar\br\br\bri\bi\bi\bie\be\be\bes\bs\bs\bs netgroup need to help manage the
Any user may mount or unmount a CD-ROM on the machines in
the CDROM Host_Alias (orion, perseus, hercules) without
entering a password. This is a bit tedious for users to
- type, so it is a prime candiate for encapsulating in a
- shell script.
-
-
sudoers(5) FILE FORMATS sudoers(5)
+ type, so it is a prime candiate for encapsulating in a
+ shell script.
+
S\bS\bS\bSE\bE\bE\bEC\bC\bC\bCU\bU\bU\bUR\bR\bR\bRI\bI\bI\bIT\bT\bT\bTY\bY\bY\bY N\bN\bN\bNO\bO\bO\bOT\bT\bT\bTE\bE\bE\bES\bS\bS\bS
It is generally not effective to "subtract" commands from
ALL using the '!' operator. A user can trivially
-
-
-
22/Mar/2000 1.6.3 16
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
-''' Revision 1.2 2000/03/23 00:35:59 millert
-''' Add FreeBSD login.conf support (untested on BSD/OS) based on a patch from
-''' Michael D. Marchionna.
-''' configure now does substitution on the man pages, allowing us to
-''' fix up the paths and set the section correctly. Based on an idea
-''' from Michael D. Marchionna.
+''' Revision 1.3 2000/03/23 03:20:57 millert
+''' Document set_logname option and enbolden refs to sudo and visudo.
'''
'''
.de Sh
If set, \fBsudo\fR will ignore \*(L'.\*(R' or \*(L'\*(R' (current dir) in \f(CW$PATH\fR;
the \f(CW$PATH\fR itself is not modified. This flag is off by default.
.Ip "mail_always" 12
-Send mail to the \fImailto\fR user every time a users runs sudo.
+Send mail to the \fImailto\fR user every time a users runs \fBsudo\fR.
This flag is off by default.
.Ip "mail_no_user" 12
If set, mail will be sent to the \fImailto\fR user if the invoking
commands on the current host. This flag is off by default.
.Ip "mail_no_perms" 12
If set, mail will be sent to the \fImailto\fR user if the invoking
-user allowed to use sudo but the command they are trying is not
+user allowed to use \fBsudo\fR but the command they are trying is not
listed in their \fIsudoers\fR file entry. This flag is off by default.
.Ip "tty_tickets" 12
If set, users must authenticate on a per-tty basis. Normally,
may be overridden via the \f(CWPASSWD\fR and \f(CWNOPASSWD\fR tags.
This flag is on by default.
.Ip "root_sudo" 12
-If set, root is allowed to run sudo too. Disabling this prevents users
-from \*(L"chaining\*(R" sudo commands to get a root shell by doing something
+If set, root is allowed to run \fBsudo\fR too. Disabling this prevents users
+from \*(L"chaining\*(R" \fBsudo\fR commands to get a root shell by doing something
like \f(CW"sudo sudo /bin/sh"\fR.
This flag is on by default.
.Ip "log_host" 12
Set this flag if you want to put fully qualified hostnames in the
\fIsudoers\fR file. Ie: instead of myhost you would use myhost.mydomain.edu.
You may still use the short form if you wish (and even mix the two).
-Beware that turning on \fIfqdn\fR requires sudo to make \s-1DNS\s0 lookups
+Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups
which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example
if the machine is not plugged into the network). Also note that
you must use the host's official name as \s-1DNS\s0 knows it. That is,
command) is already fully qualified you shouldn't need to set
\fIfqfn\fR. This flag is off by default.
.Ip "insults" 12
-If set, sudo will insult users when they enter an incorrect
+If set, \fBsudo\fR will insult users when they enter an incorrect
password. This flag is off by default.
.Ip "requiretty" 12
-If set, sudo will only run when the user is logged in to a real
+If set, \fBsudo\fR will only run when the user is logged in to a real
tty. This will disallow things like \f(CW"rsh somehost sudo ls"\fR since
\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn
of echo when there is no tty present, some sites may with to set
this flag to prevent a user from entering a visible password. This
flag is off by default.
.Ip "env_editor" 12
-If set, visudo will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 environment
+If set, \fBvisudo\fR will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 environment
falling back on the default editor. Note that this may create a
security hole as most editors allow a user to get a shell (which
would be a root shell and not be logged).
.Ip "rootpw" 12
-If set, sudo will prompt for the root password instead of the password
+If set, \fBsudo\fR will prompt for the root password instead of the password
of the invoking user.
.Ip "runaspw" 12
-If set, sudo will prompt for the password of the user defined by the
+If set, \fBsudo\fR will prompt for the password of the user defined by the
\fIrunas_default\fR option (defaults to root) instead of the password
of the invoking user.
.Ip "targetpw" 12
-If set, sudo will prompt for the password of the user specified by
+If set, \fBsudo\fR will prompt for the password of the user specified by
the \f(CW-u\fR flag (defaults to root) instead of the password of the
invoking user.
+.Ip "set_logname" 12
+Normally, \fBsudo\fR will set the \f(CWLOGNAME\fR and \f(CWUSER\fR environment variables
+to the name of the target user (usually root unless the \f(CW-u\fR flag is given).
+However, since some programs (including the \s-1RCS\s0 revision control system)
+use \f(CWLOGNAME\fR to determine the real identity of the user, it may be desirable
+to change this behavior. This can be done by negating the set_logname option.
.Ip "use_loginclass" 12
-If set, sudo will apply the defaults specified for the target user's
-login class if one exists. Only available if sudo is configured with
+If set, \fBsudo\fR will apply the defaults specified for the target user's
+login class if one exists. Only available if \fBsudo\fR is configured with
the --with-logincap option.
.PP
\fBIntegers\fR:
.Ip "passwd_tries" 12
The number of tries a user gets to enter his/her password before
-sudo logs the failure and exits. The default is 3.
+\fBsudo\fR logs the failure and exits. The default is 3.
.PP
\fBIntegers that can be used in a boolean context\fR:
.Ip "loglinelen" 12
Number of minutes that can elapse before \fBsudo\fR will ask for a passwd
again. The default is 5, set this to 0 to always prompt for a password.
.Ip "passwd_timeout" 12
-Number of minutes before the sudo password prompt times out.
+Number of minutes before the \fBsudo\fR password prompt times out.
The default is 5, set this to 0 for no password timeout.
.Ip "umask" 12
Umask to use when running the root command. Set this to 0777 to
Syslog priority to use when user authenticates unsuccessfully.
Defaults to \*(L"alert\*(R".
.Ip "editor" 12
-Path to the editor to be used by visudo. The default is the path
+Path to the editor to be used by \fBvisudo\fR. The default is the path
to vi on your system.
.PP
\fBStrings that can be used in a boolean context\fR:
.Ip "logfile" 12
-Path to the sudo log file (not the syslog log file). Setting a path
+Path to the \fBsudo\fR log file (not the syslog log file). Setting a path
turns on logging to a file, negating this option turns it off.
.Ip "syslog" 12
Syslog facility if syslog is being used for logging (negate to
This is not set by default.
.Ip "secure_path" 12
Path used for every command run from \fBsudo\fR. If you don't trust the
-people running sudo to have a sane \f(CWPATH\fR environment variable you may
+people running \fBsudo\fR to have a sane \f(CWPATH\fR environment variable you may
want to use this. Another use is if you want to have the \*(L"root path\*(R"
be separate from the \*(L"user path.\*(R" This is not set by default.
.Ip "verifypw" 12
This option controls when a password will be required when a
-user runs sudo with the \fB\-v\fR. It has the following possible values:
+user runs \fBsudo\fR with the \fB\-v\fR. It has the following possible values:
.Sp
.Vb 3
\& all All the user's I<sudoers> entries for the
The default value is `all\*(R'.
.Ip "listpw" 12
This option controls when a password will be required when a
-user runs sudo with the \fB\-l\fR. It has the following possible values:
+user runs \fBsudo\fR with the \fB\-l\fR. It has the following possible values:
.Sp
.Vb 3
\& all All the user's I<sudoers> entries for the
.Ve
The default value is `any\*(R'.
.PP
-When logging via \fIsyslog\fR\|(3), sudo accepts the following values for the syslog
+When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values for the syslog
facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your \s-1OS\s0
supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR,
\fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. The following
\& Cmnd_Alias SU = /usr/bin/su
.Ve
Here we override some of the compiled in default values. We want
-sudo to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all cases.
+\fBsudo\fR to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all cases.
We don't want to subject the full time staff to the \fBsudo\fR lecture,
and user \fBmillert\fR need not give a password. In addition, on the
machines in the \fISERVERS\fR \f(CWHost_Alias\fR, we keep an additional
.IX Item "targetpw"
+.IX Item "set_logname"
+
.IX Item "use_loginclass"
.IX Item "passwd_tries"
=item mail_always
-Send mail to the I<mailto> user every time a users runs sudo.
+Send mail to the I<mailto> user every time a users runs B<sudo>.
This flag is off by default.
=item mail_no_user
=item mail_no_perms
If set, mail will be sent to the I<mailto> user if the invoking
-user allowed to use sudo but the command they are trying is not
+user allowed to use B<sudo> but the command they are trying is not
listed in their I<sudoers> file entry. This flag is off by default.
=item tty_tickets
=item root_sudo
-If set, root is allowed to run sudo too. Disabling this prevents users
-from "chaining" sudo commands to get a root shell by doing something
+If set, root is allowed to run B<sudo> too. Disabling this prevents users
+from "chaining" B<sudo> commands to get a root shell by doing something
like C<"sudo sudo /bin/sh">.
This flag is on by default.
Set this flag if you want to put fully qualified hostnames in the
I<sudoers> file. Ie: instead of myhost you would use myhost.mydomain.edu.
You may still use the short form if you wish (and even mix the two).
-Beware that turning on I<fqdn> requires sudo to make DNS lookups
+Beware that turning on I<fqdn> requires B<sudo> to make DNS lookups
which may make B<sudo> unusable if DNS stops working (for example
if the machine is not plugged into the network). Also note that
you must use the host's official name as DNS knows it. That is,
=item insults
-If set, sudo will insult users when they enter an incorrect
+If set, B<sudo> will insult users when they enter an incorrect
password. This flag is off by default.
=item requiretty
-If set, sudo will only run when the user is logged in to a real
+If set, B<sudo> will only run when the user is logged in to a real
tty. This will disallow things like C<"rsh somehost sudo ls"> since
rsh(1) does not allocate a tty. Because it is not possible to turn
of echo when there is no tty present, some sites may with to set
=item env_editor
-If set, visudo will use the value of the EDITOR or VISUAL environment
+If set, B<visudo> will use the value of the EDITOR or VISUAL environment
falling back on the default editor. Note that this may create a
security hole as most editors allow a user to get a shell (which
would be a root shell and not be logged).
=item rootpw
-If set, sudo will prompt for the root password instead of the password
+If set, B<sudo> will prompt for the root password instead of the password
of the invoking user.
=item runaspw
-If set, sudo will prompt for the password of the user defined by the
+If set, B<sudo> will prompt for the password of the user defined by the
I<runas_default> option (defaults to root) instead of the password
of the invoking user.
=item targetpw
-If set, sudo will prompt for the password of the user specified by
+If set, B<sudo> will prompt for the password of the user specified by
the C<-u> flag (defaults to root) instead of the password of the
invoking user.
+=item set_logname
+
+Normally, B<sudo> will set the C<LOGNAME> and C<USER> environment variables
+to the name of the target user (usually root unless the C<-u> flag is given).
+However, since some programs (including the RCS revision control system)
+use C<LOGNAME> to determine the real identity of the user, it may be desirable
+to change this behavior. This can be done by negating the set_logname option.
+
=item use_loginclass
-If set, sudo will apply the defaults specified for the target user's
-login class if one exists. Only available if sudo is configured with
+If set, B<sudo> will apply the defaults specified for the target user's
+login class if one exists. Only available if B<sudo> is configured with
the --with-logincap option.
=back
=item passwd_tries
The number of tries a user gets to enter his/her password before
-sudo logs the failure and exits. The default is 3.
+B<sudo> logs the failure and exits. The default is 3.
=back
=item passwd_timeout
-Number of minutes before the sudo password prompt times out.
+Number of minutes before the B<sudo> password prompt times out.
The default is 5, set this to 0 for no password timeout.
=item umask
=item editor
-Path to the editor to be used by visudo. The default is the path
+Path to the editor to be used by B<visudo>. The default is the path
to vi on your system.
=back 12
=item logfile
-Path to the sudo log file (not the syslog log file). Setting a path
+Path to the B<sudo> log file (not the syslog log file). Setting a path
turns on logging to a file, negating this option turns it off.
=item syslog
=item secure_path
Path used for every command run from B<sudo>. If you don't trust the
-people running
sudo to have a sane C<PATH> environment variable you may
+people running
B<sudo> to have a sane C<PATH> environment variable you may
want to use this. Another use is if you want to have the "root path"
be separate from the "user path." This is not set by default.
=item verifypw
This option controls when a password will be required when a
-user runs sudo with the B<-v>. It has the following possible values:
+user runs B<sudo> with the B<-v>. It has the following possible values:
all All the user's I<sudoers> entries for the
current host must have the C<NOPASSWD>
=item listpw
This option controls when a password will be required when a
-user runs sudo with the B<-l>. It has the following possible values:
+user runs B<sudo> with the B<-l>. It has the following possible values:
all All the user's I<sudoers> entries for the
current host must have the C<NOPASSWD>
=back 12
-When logging via syslog(3), sudo accepts the following values for the syslog
+When logging via syslog(3), B<sudo> accepts the following values for the syslog
facility (the value of the B<syslog> Parameter): B<authpriv> (if your OS
supports it), B<auth>, B<daemon>, B<user>, B<local0>, B<local1>, B<local2>,
B<local3>, B<local4>, B<local5>, B<local6>, and B<local7>. The following
Cmnd_Alias SU = /usr/bin/su
Here we override some of the compiled in default values. We want
-
sudo to log via syslog(3) using the I<auth> facility in all cases.
+
B<sudo> to log via syslog(3) using the I<auth> facility in all cases.
We don't want to subject the full time staff to the B<sudo> lecture,
and user B<millert> need not give a password. In addition, on the
machines in the I<SERVERS> C<Host_Alias>, we keep an additional
projects / sudo / commitdiff