# include <project.h>
# include <sys/task.h>
#endif
+#ifdef HAVE_SELINUX
+# include <selinux/selinux.h>
+#endif
#include "sudo.h"
#include "sudo_usage.h"
#ifndef PROFILING
if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
exit(0);
- else
+ else {
+#ifdef HAVE_SELINUX
+ if (is_selinux_enabled() > 0 && user_role != NULL)
+ selinux_exec(user_role, user_type, NewArgv,
+ ISSET(sudo_mode, MODE_LOGIN_SHELL));
+#endif
execv(safe_cmnd, NewArgv);
+ }
#else
exit(0);
#endif /* PROFILING */
case 'E':
SET(rval, MODE_PRESERVE_ENV);
break;
+#ifdef HAVE_SELINUX
+ case 'r':
+ /* Must have an associated SELinux role. */
+ if (NewArgv[1] == NULL)
+ usage(1);
+
+ user_role = NewArgv[1];
+
+ NewArgc--;
+ NewArgv++;
+ break;
+ case 't':
+ /* Must have an associated SELinux type. */
+ if (NewArgv[1] == NULL)
+ usage(1);
+
+ user_type = NewArgv[1];
+
+ NewArgc--;
+ NewArgv++;
+ break;
+#endif
case '-':
NewArgc--;
NewArgv++;
s\bsu\bud\bdo\bo -\b-l\bl [-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-U\bU _\bu_\bs_\be_\br_\bn_\ba_\bm_\be] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
s\bsu\bud\bdo\bo [-\b-b\bbE\bEH\bHP\bPS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-] [-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd]
- [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be] [{-\b-i\bi | -\b-s\bs] [<_\bc_\bo_\bm_\bm_\ba_\bn_\bd}]
+ [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-r\br _\br_\bo_\bl_\be] [-\b-t\bt _\bt_\by_\bp_\be] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be]
+ [{-\b-i\bi | -\b-s\bs] [<_\bc_\bo_\bm_\bm_\ba_\bn_\bd}]
s\bsu\bud\bdo\boe\bed\bdi\bit\bt [-\b-S\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-] [-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd]
[-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] file ...
s\bsu\bud\bdo\bo can log both successful and unsuccessful attempts (as well as
errors) to _\bs_\by_\bs_\bl_\bo_\bg(3), a log file, or both. By default s\bsu\bud\bdo\bo will log
- via _\bs_\by_\bs_\bl_\bo_\bg(3) but this is changeable at configure time or via the
-1.7 January 21, 2008 1
+1.7 February 9, 2008 1
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- _\bs_\bu_\bd_\bo_\be_\br_\bs file.
+ via _\bs_\by_\bs_\bl_\bo_\bg(3) but this is changeable at configure time or via the _\bs_\bu_\bd_\bo_\b-
+ _\be_\br_\bs file.
O\bOP\bPT\bTI\bIO\bON\bNS\bS
s\bsu\bud\bdo\bo accepts the following command line options:
2. The editor specified by the VISUAL or EDITOR environ-
ment variables is run to edit the temporary files. If
- neither VISUAL nor EDITOR are set, the program listed
-1.7 January 21, 2008 2
+1.7 February 9, 2008 2
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ neither VISUAL nor EDITOR are set, the program listed
in the _\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs variable is used.
3. If they have been modified, the temporary files are
to change to that user's home directory before running the
shell. It also initializes the environment, leaving _\bD_\bI_\bS_\b-
_\bP_\bL_\bA_\bY and _\bT_\bE_\bR_\bM unchanged, setting _\bH_\bO_\bM_\bE, _\bS_\bH_\bE_\bL_\bL, _\bU_\bS_\bE_\bR, _\bL_\bO_\bG_\b-
- _\bN_\bA_\bM_\bE, and _\bP_\bA_\bT_\bH, as well as the contents of _\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\b-
- _\bm_\be_\bn_\bt. All other environment variables are removed.
+ _\bN_\bA_\bM_\bE, and _\bP_\bA_\bT_\bH, as well as the contents of _\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt
+ on Linux and AIX systems. All other environment variables
+ are removed.
-K The -\b-K\bK (sure _\bk_\bi_\bl_\bl) option is like -\b-k\bk except that it removes
the user's timestamp entirely. Like -\b-k\bk, this option does
-k The -\b-k\bk (_\bk_\bi_\bl_\bl) option to s\bsu\bud\bdo\bo invalidates the user's times-
tamp by setting the time on it to the Epoch. The next time
s\bsu\bud\bdo\bo is run a password will be required. This option does
- not require a password and was added to allow a user to
- revoke s\bsu\bud\bdo\bo permissions from a .logout file.
-1.7 January 21, 2008 3
+1.7 February 9, 2008 3
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ not require a password and was added to allow a user to
+ revoke s\bsu\bud\bdo\bo permissions from a .logout file.
+
-L The -\b-L\bL (_\bl_\bi_\bs_\bt defaults) option will list out the parameters
that may be set in a _\bD_\be_\bf_\ba_\bu_\bl_\bt_\bs line along with a short
description for each. This option is useful in conjunction
system password prompt on systems that support PAM unless
the _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be flag is disabled in _\bs_\bu_\bd_\bo_\be_\br_\bs.
+ -r _\br_\bo_\bl_\be The -\b-r\br (_\br_\bo_\bl_\be) option causes the new (SELinux) security con-
+ text to have the role specified by _\br_\bo_\bl_\be.
+
-S The -\b-S\bS (_\bs_\bt_\bd_\bi_\bn) option causes s\bsu\bud\bdo\bo to read the password from
the standard input instead of the terminal device.
- -s [command]
- The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by the _\bS_\bH_\bE_\bL_\bL
- environment variable if it is set or the shell as specified
- in _\bp_\ba_\bs_\bs_\bw_\bd(4). If a command is specified, it is passed to
- the shell for execution. Otherwise, an interactive shell
-
-1.7 January 21, 2008 4
+1.7 February 9, 2008 4
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ -s [command]
+ The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by the _\bS_\bH_\bE_\bL_\bL
+ environment variable if it is set or the shell as specified
+ in _\bp_\ba_\bs_\bs_\bw_\bd(4). If a command is specified, it is passed to
+ the shell for execution. Otherwise, an interactive shell
is executed.
+ -t _\bt_\by_\bp_\be The -\b-t\bt (_\bt_\by_\bp_\be) option causes the new (SELinux) security con-
+ text to have the type specified by _\bt_\by_\bp_\be. If no type is
+ specified, the default type is derived from the specified
+ role.
+
-U _\bu_\bs_\be_\br The -\b-U\bU (_\bo_\bt_\bh_\be_\br _\bu_\bs_\be_\br) option is used in conjunction with the
-\b-l\bl option to specify the user whose privileges should be
listed. Only root or a user with s\bsu\bud\bdo\bo ALL on the current
Upon successful execution of a program, the return value from s\bsu\bud\bdo\bo will
simply be the return value of the program that was executed.
- Otherwise, s\bsu\bud\bdo\bo quits with an exit value of 1 if there is a configura-
- tion/permission problem or if s\bsu\bud\bdo\bo cannot execute the given command.
- In the latter case the error string is printed to stderr. If s\bsu\bud\bdo\bo can-
- not _\bs_\bt_\ba_\bt(2) one or more entries in the user's PATH an error is printed
- on stderr. (If the directory does not exist or if it is not really a
- directory, the entry is ignored and no error is printed.) This should
- not happen under normal circumstances. The most common reason for
- _\bs_\bt_\ba_\bt(2) to return "permission denied" is if you are running an auto-
- mounter and one of the directories in your PATH is on a machine that is
- currently unreachable.
-1.7 January 21, 2008 5
+1.7 February 9, 2008 5
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ Otherwise, s\bsu\bud\bdo\bo quits with an exit value of 1 if there is a configura-
+ tion/permission problem or if s\bsu\bud\bdo\bo cannot execute the given command.
+ In the latter case the error string is printed to stderr. If s\bsu\bud\bdo\bo can-
+ not _\bs_\bt_\ba_\bt(2) one or more entries in the user's PATH an error is printed
+ on stderr. (If the directory does not exist or if it is not really a
+ directory, the entry is ignored and no error is printed.) This should
+ not happen under normal circumstances. The most common reason for
+ _\bs_\bt_\ba_\bt(2) to return "permission denied" is if you are running an auto-
+ mounter and one of the directories in your PATH is on a machine that is
+ currently unreachable.
+
S\bSE\bEC\bCU\bUR\bRI\bIT\bTY\bY N\bNO\bOT\bTE\bES\bS
s\bsu\bud\bdo\bo tries to be safe when executing external commands.
allow non-root users to give away files via _\bc_\bh_\bo_\bw_\bn(2), if the timestamp
directory is located in a directory writable by anyone (e.g., _\b/_\bt_\bm_\bp), it
is possible for a user to create the timestamp directory before s\bsu\bud\bdo\bo is
- run. However, because s\bsu\bud\bdo\bo checks the ownership and mode of the direc-
- tory and its contents, the only damage that can be done is to "hide"
- files by putting them in the timestamp dir. This is unlikely to happen
- since once the timestamp dir is owned by root and inaccessible by any
- other user, the user placing files there would be unable to get them
- back out. To get around this issue you can use a directory that is not
- world-writable for the timestamps (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo for instance) or cre-
- ate _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo with the appropriate owner (root) and permissions
- (0700) in the system startup files.
+ run. However, because s\bsu\bud\bdo\bo checks the ownership and mode of the
- s\bsu\bud\bdo\bo will not honor timestamps set far in the future. Timestamps with
- a date greater than current_time + 2 * TIMEOUT will be ignored and sudo
-
-1.7 January 21, 2008 6
+1.7 February 9, 2008 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ directory and its contents, the only damage that can be done is to
+ "hide" files by putting them in the timestamp dir. This is unlikely to
+ happen since once the timestamp dir is owned by root and inaccessible
+ by any other user, the user placing files there would be unable to get
+ them back out. To get around this issue you can use a directory that
+ is not world-writable for the timestamps (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo for instance)
+ or create _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo with the appropriate owner (root) and permis-
+ sions (0700) in the system startup files.
+
+ s\bsu\bud\bdo\bo will not honor timestamps set far in the future. Timestamps with
+ a date greater than current_time + 2 * TIMEOUT will be ignored and sudo
will log and complain. This is done to keep a user from creating
his/her own timestamp with a bogus date on systems that allow users to
give away files.
USER Set to the target user (root unless the -\b-u\bu option is
specified)
- VISUAL Default editor to use in -\b-e\be (sudoedit) mode
-
-F\bFI\bIL\bLE\bES\bS
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
- _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo Directory containing timestamps
- _\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt Initial environment for -\b-i\bi m\bmo\bod\bde\be
-E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
- Note: the following examples assume suitable _\bs_\bu_\bd_\bo_\be_\br_\bs(4) entries.
+1.7 February 9, 2008 7
-1.7 January 21, 2008 7
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ VISUAL Default editor to use in -\b-e\be (sudoedit) mode
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+F\bFI\bIL\bLE\bES\bS
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
+ _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo Directory containing timestamps
+ _\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt Initial environment for -\b-i\bi m\bmo\bod\bde\be o\bon\bn L\bLi\bin\bnu\bux\bx a\ban\bnd\bd A\bAI\bIX\bX
+E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
+ Note: the following examples assume suitable _\bs_\bu_\bd_\bo_\be_\br_\bs(4) entries.
To get a file listing of an unreadable directory:
possible to prevent shell escapes with s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality.
See the _\bs_\bu_\bd_\bo_\be_\br_\bs(4) manual for details.
- It is not meaningful to run the cd command directly via sudo, e.g.,
- $ sudo cd /usr/local/protected
- since when the command exits the parent process (your shell) will still
- be the same. Please see the EXAMPLES section for more information.
- If users have sudo ALL there is nothing to prevent them from creating
- their own program that gives them a root shell regardless of any '!'
- elements in the user specification.
+1.7 February 9, 2008 8
-1.7 January 21, 2008 8
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ It is not meaningful to run the cd command directly via sudo, e.g.,
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ $ sudo cd /usr/local/protected
+ since when the command exits the parent process (your shell) will still
+ be the same. Please see the EXAMPLES section for more information.
+
+ If users have sudo ALL there is nothing to prevent them from creating
+ their own program that gives them a root shell regardless of any '!'
+ elements in the user specification.
Running shell scripts via s\bsu\bud\bdo\bo can expose the same kernel bugs that
make setuid shell scripts unsafe on some operating systems (if your OS
-
-
-
-
-
-
-
-
-
-
-
-1.7 January 21, 2008 9
+1.7 February 9, 2008 9
int ngroups;
GETGROUPS_T *groups;
struct list_member *env_vars;
+#ifdef HAVE_SELINUX
+ char *role;
+ char *type;
+#endif
char cwd[PATH_MAX];
};
#define login_class (sudo_user.class_name)
#define runas_pw (sudo_user._runas_pw)
#define runas_gr (sudo_user._runas_gr)
+#define user_role (sudo_user.role)
+#define user_type (sudo_user.type)
/*
* We used to use the system definition of PASS_MAX or _PASSWD_LEN,
struct group *sudo_getgrnam __P((const char *));
struct group *sudo_fakegrnam __P((const char *));
struct group *sudo_getgrgid __P((gid_t));
+#ifdef HAVE_SELINUX
+void selinux_exec __P((char *, char *, char **, int));
+#endif
YY_DECL;
/* Only provide extern declarations outside of sudo.c. */
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "January 21, 2008" "1.7" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "February 9, 2008" "1.7" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
.PP
\&\fBsudo\fR [\fB\-bEHPS\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR]
[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
-[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fB\s-1VAR\s0\fR=\fIvalue\fR] [{\fB\-i\fR\ |\ \fB\-s\fR]\ [<\fIcommand\fR}]
+[\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
+[\fB\s-1VAR\s0\fR=\fIvalue\fR] [{\fB\-i\fR\ |\ \fB\-s\fR]\ [<\fIcommand\fR}]
.PP
\&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR]
[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
directory before running the shell. It also initializes the
environment, leaving \fI\s-1DISPLAY\s0\fR and \fI\s-1TERM\s0\fR unchanged, setting
\&\fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, \fI\s-1LOGNAME\s0\fR, and \fI\s-1PATH\s0\fR, as well as
-the contents of \fI/etc/environment\fR. All other environment variables
-are removed.
+the contents of \fI/etc/environment\fR on Linux and \s-1AIX\s0 systems.
+All other environment variables are removed.
.IP "\-K" 12
.IX Item "-K"
The \fB\-K\fR (sure \fIkill\fR) option is like \fB\-k\fR except that it removes
password prompt on systems that support \s-1PAM\s0 unless the
\&\fIpassprompt_override\fR flag is disabled in \fIsudoers\fR.
.RE
+.IP "\-r \fIrole\fR" 12
+.IX Item "-r role"
+The \fB\-r\fR (\fIrole\fR) option causes the new (SELinux) security context to
+have the role specified by \fIrole\fR.
.IP "\-S" 12
.IX Item "-S"
The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
environment variable if it is set or the shell as specified in
\&\fIpasswd\fR\|(@mansectform@). If a command is specified, it is passed to the shell
for execution. Otherwise, an interactive shell is executed.
+.IP "\-t \fItype\fR" 12
+.IX Item "-t type"
+The \fB\-t\fR (\fItype\fR) option causes the new (SELinux) security context to
+have the type specified by \fItype\fR. If no type is specified, the default
+type is derived from the specified role.
.IP "\-U \fIuser\fR" 12
.IX Item "-U user"
The \fB\-U\fR (\fIother user\fR) option is used in conjunction with the \fB\-l\fR
.ie n .IP "\fI@timedir@\fR\*(C` \*(C'Directory containing timestamps" 4
.el .IP "\fI@timedir@\fR\f(CW\*(C` \*(C'\fRDirectory containing timestamps" 4
.IX Item "@timedir@ Directory containing timestamps"
-.ie n .IP "\fI/etc/environment\fR\*(C` \*(C'\fRInitial environment for \fB\-i mode" 4
-.el .IP "\fI/etc/environment\fR\f(CW\*(C` \*(C'\fRInitial environment for \fB\-i\fR mode" 4
-.IX Item "/etc/environment Initial environment for -i mode"
+.ie n .IP "\fI/etc/environment\fR\*(C` \*(C'\fRInitial environment for \fB\-i mode on Linux and \s-1AIX\s0" 4
+.el .IP "\fI/etc/environment\fR\f(CW\*(C` \*(C'\fRInitial environment for \fB\-i\fR mode on Linux and \s-1AIX\s0" 4
+.IX Item "/etc/environment Initial environment for -i mode on Linux and AIX"
.PD
.SH "EXAMPLES"
.IX Header "EXAMPLES"
B<sudo> [B<-bEHPS>] S<[B<-a> I<auth_type>]> S<[B<-C> I<fd>]>
S<[B<-c> I<class>|I<->]> S<[B<-g> I<groupname>|I<#gid>]> S<[B<-p> I<prompt>]>
-S<[B<-u> I<username>|I<#uid>]> S<[B<VAR>=I<value>]> [S<{B<-i> | B<-s>]
-[<I<command>}>]
+S<[B<-r> I<role>]> S<[B<-t> I<type>]> S<[B<-u> I<username>|I<#uid>]>
+S<[B<VAR>=I<value>]> [S<{B<-i> | B<-s>] [<I<command>}>]
B<sudoedit> [B<-S>] S<[B<-a> I<auth_type>]> S<[B<-C> I<fd>]>
S<[B<-c> I<class>|I<->]> S<[B<-g> I<groupname>|I<#gid>]> S<[B<-p> I<prompt>]>
password prompt on systems that support PAM unless the
I<passprompt_override> flag is disabled in I<sudoers>.
+=item -r I<role>
+
+The B<-r> (I<role>) option causes the new (SELinux) security context to
+have the role specified by I<role>.
+
=item -S
The B<-S> (I<stdin>) option causes B<sudo> to read the password from
L<passwd(5)>. If a command is specified, it is passed to the shell
for execution. Otherwise, an interactive shell is executed.
+=item -t I<type>
+
+The B<-t> (I<type>) option causes the new (SELinux) security context to
+have the type specified by I<type>. If no type is specified, the default
+type is derived from the specified role.
+
=item -U I<user>
The B<-U> (I<other user>) option is used in conjunction with the B<-l>
*/
#define SUDO_USAGE1 " -h | -K | -k | -L | -V | -v"
#define SUDO_USAGE2 " -l [-g groupname|#gid] [-U username] [-u username|#uid] [-g groupname|#gid] [command]"
-#define SUDO_USAGE3 " [-bEHPS] @BSDAUTH_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] [<command>]"
-#define SUDO_USAGE4 " -e [-S] @BSDAUTH_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] file ..."
+#define SUDO_USAGE3 " [-bEHPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] [<command>]"
+#define SUDO_USAGE4 " -e [-S] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] file ..."
#endif /* _SUDO_USAGE_H */
-1.7 January 21, 2008 1
+1.7 February 9, 2008 1
-1.7 January 21, 2008 2
+1.7 February 9, 2008 2
-1.7 January 21, 2008 3
+1.7 February 9, 2008 3
-1.7 January 21, 2008 4
+1.7 February 9, 2008 4
-1.7 January 21, 2008 5
+1.7 February 9, 2008 5
-1.7 January 21, 2008 6
+1.7 February 9, 2008 6
-1.7 January 21, 2008 7
+1.7 February 9, 2008 7
C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg n\bns\bss\bsw\bwi\bit\btc\bch\bh.\b.c\bco\bon\bnf\bf
- Sudo consults the Name Service Switch file, _\b/_\be_\bt_\bc_\b/_\bn_\bs_\bs_\bw_\bi_\bt_\bc_\bh_\b._\bc_\bo_\bn_\bf, to
- specify the _\bs_\bu_\bd_\bo_\be_\br_\bs search order. Sudo looks for a line beginning with
- sudoers: and uses this to determine the search order. Note that s\bsu\bud\bdo\bo
- does not stop searching after the first match and later matches take
- precedence over earlier ones.
+ Unless it is disabled at build time, s\bsu\bud\bdo\bo consults the Name Service
+ Switch file, _\b/_\be_\bt_\bc_\b/_\bn_\bs_\bs_\bw_\bi_\bt_\bc_\bh_\b._\bc_\bo_\bn_\bf, to specify the _\bs_\bu_\bd_\bo_\be_\br_\bs search order.
+ Sudo looks for a line beginning with sudoers: and uses this to deter-
+ mine the search order. Note that s\bsu\bud\bdo\bo does not stop searching after
+ the first match and later matches take precedence over earlier ones.
The following sources are recognized:
-1.7 January 21, 2008 8
+1.7 February 9, 2008 8
-1.7 January 21, 2008 9
+1.7 February 9, 2008 9
-1.7 January 21, 2008 10
+1.7 February 9, 2008 10
-1.7 January 21, 2008 11
+1.7 February 9, 2008 11
-1.7 January 21, 2008 12
+1.7 February 9, 2008 12
.\" ========================================================================
.\"
.IX Title "SUDOERS.LDAP @mansectform@"
-.TH SUDOERS.LDAP @mansectform@ "January 21, 2008" "1.7" "MAINTENANCE COMMANDS"
+.TH SUDOERS.LDAP @mansectform@ "February 9, 2008" "1.7" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers.ldap \- sudo LDAP configuration
.SH "DESCRIPTION"
See the \f(CW\*(C`ldap.conf\*(C'\fR entry in the \s-1EXAMPLES\s0 section.
.Sh "Configuring nsswitch.conf"
.IX Subsection "Configuring nsswitch.conf"
-Sudo consults the Name Service Switch file, \fI@nsswitch_conf@\fR,
-to specify the \fIsudoers\fR search order. Sudo looks for a line
-beginning with \f(CW\*(C`sudoers:\*(C'\fR and uses this to determine the search
-order. Note that \fBsudo\fR does not stop searching after the first
-match and later matches take precedence over earlier ones.
+Unless it is disabled at build time, \fBsudo\fR consults the Name
+Service Switch file, \fI@nsswitch_conf@\fR, to specify the \fIsudoers\fR
+search order. Sudo looks for a line beginning with \f(CW\*(C`sudoers:\*(C'\fR and
+uses this to determine the search order. Note that \fBsudo\fR does
+not stop searching after the first match and later matches take
+precedence over earlier ones.
.PP
The following sources are recognized:
.PP
=head2 Configuring nsswitch.conf
-Sudo consults the Name Service Switch file, F<@nsswitch_conf@>,
-to specify the I<sudoers> search order. Sudo looks for a line
-beginning with C<sudoers:> and uses this to determine the search
-order. Note that B<sudo> does not stop searching after the first
-match and later matches take precedence over earlier ones.
+Unless it is disabled at build time, B<sudo> consults the Name
+Service Switch file, F<@nsswitch_conf@>, to specify the I<sudoers>
+search order. Sudo looks for a line beginning with C<sudoers:> and
+uses this to determine the search order. Note that B<sudo> does
+not stop searching after the first match and later matches take
+precedence over earlier ones.
The following sources are recognized:
}
fputs(") ", stdout);
}
+#ifdef HAVE_SELINUX
+ if (cs->role)
+ printf("ROLE=%s ", cs->role);
+ if (cs->type)
+ printf("TYPE=%s ", cs->type);
+#endif /* HAVE_SELINUX */
if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd)
printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : "");
if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec)
if (strcmp(yytext, "ALL") == 0) {
LEXTRACE("ALL ");
return(ALL);
- } else {
- if (!fill(yytext, yyleng))
- yyterminate();
- LEXTRACE("ALIAS ");
- return(ALIAS);
}
+#ifdef HAVE_SELINUX
+ /* XXX - restrict type/role to initial state */
+ if (strcmp(yytext, "TYPE") == 0) {
+ LEXTRACE("TYPE ");
+ return(TYPE);
+ }
+ if (strcmp(yytext, "ROLE") == 0) {
+ LEXTRACE("ROLE ");
+ return(ROLE);
+ }
+#endif /* HAVE_SELINUX */
+ if (!fill(yytext, yyleng))
+ yyterminate();
+ LEXTRACE("ALIAS ");
+ return(ALIAS);
}
YY_BREAK
case 32:
YY_RULE_SETUP
-#line 375 "toke.l"
+#line 385 "toke.l"
{
/* no command args allowed for Defaults!/path */
if (!fill_cmnd(yytext, yyleng))
YY_BREAK
case 33:
YY_RULE_SETUP
-#line 383 "toke.l"
+#line 393 "toke.l"
{
BEGIN GOTCMND;
LEXTRACE("COMMAND ");
YY_BREAK
case 34:
YY_RULE_SETUP
-#line 390 "toke.l"
+#line 400 "toke.l"
{
/* directories can't have args... */
if (yytext[yyleng - 1] == '/') {
YY_BREAK
case 35:
YY_RULE_SETUP
-#line 405 "toke.l"
+#line 415 "toke.l"
{
/* a word */
if (!fill(yytext, yyleng))
YY_BREAK
case 36:
YY_RULE_SETUP
-#line 413 "toke.l"
+#line 423 "toke.l"
{
LEXTRACE("( ");
return ('(');
YY_BREAK
case 37:
YY_RULE_SETUP
-#line 418 "toke.l"
+#line 428 "toke.l"
{
LEXTRACE(") ");
return(')');
YY_BREAK
case 38:
YY_RULE_SETUP
-#line 423 "toke.l"
+#line 433 "toke.l"
{
LEXTRACE(", ");
return(',');
YY_BREAK
case 39:
YY_RULE_SETUP
-#line 428 "toke.l"
+#line 438 "toke.l"
{
LEXTRACE("= ");
return('=');
YY_BREAK
case 40:
YY_RULE_SETUP
-#line 433 "toke.l"
+#line 443 "toke.l"
{
LEXTRACE(": ");
return(':');
YY_BREAK
case 41:
YY_RULE_SETUP
-#line 438 "toke.l"
+#line 448 "toke.l"
{
if (yyleng % 2 == 1)
return('!'); /* return '!' */
YY_BREAK
case 42:
YY_RULE_SETUP
-#line 443 "toke.l"
+#line 453 "toke.l"
{
BEGIN INITIAL;
++sudolineno;
YY_BREAK
case 43:
YY_RULE_SETUP
-#line 450 "toke.l"
+#line 460 "toke.l"
{ /* throw away space/tabs */
sawspace = TRUE; /* but remember for fill_args */
}
YY_BREAK
case 44:
YY_RULE_SETUP
-#line 454 "toke.l"
+#line 464 "toke.l"
{
sawspace = TRUE; /* remember for fill_args */
++sudolineno;
YY_BREAK
case 45:
YY_RULE_SETUP
-#line 460 "toke.l"
+#line 470 "toke.l"
{
BEGIN INITIAL;
++sudolineno;
YY_BREAK
case 46:
YY_RULE_SETUP
-#line 467 "toke.l"
+#line 477 "toke.l"
{
LEXTRACE("ERROR ");
return(ERROR);
case YY_STATE_EOF(STARTDEFS):
case YY_STATE_EOF(INDEFS):
case YY_STATE_EOF(INSTR):
-#line 472 "toke.l"
+#line 482 "toke.l"
{
if (YY_START != INITIAL) {
BEGIN INITIAL;
YY_BREAK
case 47:
YY_RULE_SETUP
-#line 482 "toke.l"
+#line 492 "toke.l"
ECHO;
YY_BREAK
-#line 2173 "lex.yy.c"
+#line 2183 "lex.yy.c"
case YY_END_OF_BUFFER:
{
return 0;
}
#endif
-#line 482 "toke.l"
+#line 492 "toke.l"
static int
_fill(src, len, olen)
if (strcmp(yytext, "ALL") == 0) {
LEXTRACE("ALL ");
return(ALL);
- } else {
- if (!fill(yytext, yyleng))
- yyterminate();
- LEXTRACE("ALIAS ");
- return(ALIAS);
}
+#ifdef HAVE_SELINUX
+ /* XXX - restrict type/role to initial state */
+ if (strcmp(yytext, "TYPE") == 0) {
+ LEXTRACE("TYPE ");
+ return(TYPE);
+ }
+ if (strcmp(yytext, "ROLE") == 0) {
+ LEXTRACE("ROLE ");
+ return(ROLE);
+ }
+#endif /* HAVE_SELINUX */
+ if (!fill(yytext, yyleng))
+ yyterminate();
+ LEXTRACE("ALIAS ");
+ return(ALIAS);
}
<GOTDEFS>({PATH}|sudoedit) {
projects / sudo / commitdiff