.man.cat:
@rm -f $(srcdir)/$@
$(NROFF) -man $< > $(srcdir)/$@
- @chmod 444 $(srcdir)/$@
sudo: $(PARSEOBJS) $(SUDOBJS) $(LIBOBJS)
$(CC) -o $@ $(PARSEOBJS) $(SUDOBJS) $(LIBOBJS) $(SUDO_LDFLAGS) $(SUDO_LIBS)
sudo.html: $(srcdir)/sudo.pod
@rm -f $(srcdir)/$@
pod2html --title="Sudo Manual" --infile=$< --outfile=$(srcdir)/$@
- @chmod 444 $(srcdir)/$@
sudo.man: $(srcdir)/sudo.pod
@rm -f $(srcdir)/$@
pod2man --section=$(mansect8) --release=$(VERSION) --center="MAINTENANCE COMMANDS" $< > $(srcdir)/$@
- @chmod 444 $(srcdir)/$@
sudo.cat: $(srcdir)/sudo.man
visudo.html: $(srcdir)/visudo.pod
@rm -f $(srcdir)/$@
pod2html --title="Visudo Manual" --infile=$< --outfile=$(srcdir)/$@
- @chmod 444 $(srcdir)/$@
visudo.man: $(srcdir)/visudo.pod
@rm -f $(srcdir)/$@
pod2man --section=$(mansect8) --release=$(VERSION) --center="MAINTENANCE COMMANDS" $< > $(srcdir)/$@
- @chmod 444 $(srcdir)/$@
visudo.cat: $(srcdir)/visudo.man
sudoers.html: $(srcdir)/sudoers.pod
@rm -f $(srcdir)/$@
pod2html --title="Sudoers Manual" --infile=$< --outfile=$(srcdir)/$@
- @chmod 444 $(srcdir)/$@
sudoers.man: $(srcdir)/sudoers.pod
@rm -f $(srcdir)/$@
pod2man --section=$(mansect5) --release=$(VERSION) --center="FILE FORMATS" $< > $(srcdir)/$@
- @chmod 444 $(srcdir)/$@
sudoers.cat: $(srcdir)/sudoers.man
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo determines who is an authorized user by consulting
the file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. By giving s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo the -v flag a user
can update the time stamp without running a _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b. The
- password prompt itself will also time out if the password
- is not entered with N minutes (again, this is defined at
- installation time and defaults to 5 minutes).
+ password prompt itself will also time out if the user's
+ password is not entered with N minutes (again, this is
+ defined at installation time and defaults to 5 minutes).
If an unauthorized user executes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo, mail will be sent
from the user to the local authorities (defined at
of s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo and a usage message before exiting.
-v If given the -v (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will update
- the user's timestamp file, prompting for a password if
- necessary. This extends the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo timeout to for
- another N minutes (where N is defined at installation
- time and defaults to 5 minutes) but does not run a
- command.
+ the user's timestamp file, prompting for the user's
+ password if necessary. This extends the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo timeout
+ to for another N minutes (where N is defined at
+ installation time and defaults to 5 minutes) but does
+ not run a command.
-k The -k (_\bk_\bi_\bl_\bl) option to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo removes the user's
- timestamp file, thus requiring a password the next
- time s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run. This option does not require a
+ timestamp file, thus requiring the user's password the
+ next time s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run. This option does not require a
password and was added to allow a user to revoke s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
permissions from a .logout file.
-26/Jan/99 1.5.8 1
+6/Feb/99 1.5.8 1
-26/Jan/99 1.5.8 2
+6/Feb/99 1.5.8 2
-26/Jan/99 1.5.8 3
+6/Feb/99 1.5.8 3
-26/Jan/99 1.5.8 4
+6/Feb/99 1.5.8 4
-26/Jan/99 1.5.8 5
+6/Feb/99 1.5.8 5
<H1><A NAME="SYNOPSIS">SYNOPSIS
</A></H1>
-<STRONG>sudo</STRONG> <STRONG>-V</STRONG> | <STRONG>-h</STRONG> | <STRONG>-l</STRONG> | <STRONG>-v</STRONG> | <STRONG>-k</STRONG> | <STRONG>-s</STRONG> | <STRONG>-H</STRONG> | [ <STRONG>-b</STRONG> ] | [ <STRONG>-p</STRONG> prompt ] [ <STRONG>-u</STRONG> username/#uid] <EM>command</EM>
+<STRONG>sudo</STRONG> <STRONG>-V</STRONG> | <STRONG>-h</STRONG> | <STRONG>-l</STRONG> | <STRONG>-v</STRONG> | <STRONG>-k</STRONG> | <STRONG>-s</STRONG> | <STRONG>-H</STRONG> | [ <STRONG>-b</STRONG> ] | [ <STRONG>-r</STRONG> realm ] | [ <STRONG>-p</STRONG> prompt ] [ <STRONG>-u</STRONG> username/#uid] <EM>command</EM>
<P>
<STRONG>sudo</STRONG> determines who is an authorized user by consulting the file <EM>/etc/sudoers</EM>. By giving <STRONG>sudo</STRONG> the <CODE>-v</CODE> flag a user can update the time stamp without running a <EM>command.</EM>
-The password prompt itself will also time out if the password is not
+The password prompt itself will also time out if the user's password is not
entered with N minutes (again, this is defined at installation time and
defaults to 5 minutes).
<DT><STRONG><A NAME="item__v">-v
</A></STRONG><DD>
-If given the <CODE>-v</CODE> (<EM>validate</EM>) option, <STRONG>sudo</STRONG> will update the user's timestamp file, prompting for a password if
+If given the <CODE>-v</CODE> (<EM>validate</EM>) option, <STRONG>sudo</STRONG> will update the user's timestamp file, prompting for the user's password if
necessary. This extends the <STRONG>sudo</STRONG> timeout to for another N minutes (where N is defined at installation time
and defaults to 5 minutes) but does not run a command.
<DT><STRONG><A NAME="item__k">-k
</A></STRONG><DD>
-The <CODE>-k</CODE> (<EM>kill</EM>) option to <STRONG>sudo</STRONG> removes the user's timestamp file, thus requiring a password the next time <STRONG>sudo</STRONG> is run. This option does not require a password and was added to allow a
+The <CODE>-k</CODE> (<EM>kill</EM>) option to <STRONG>sudo</STRONG> removes the user's timestamp file, thus requiring the user's password the
+next time <STRONG>sudo</STRONG> is run. This option does not require a password and was added to allow a
user to revoke <STRONG>sudo</STRONG> permissions from a .logout file.
option you cannot use shell job control to manipulate the command.
+<P>
+
+<DT><STRONG><A NAME="item__r">-r
+
+</A></STRONG><DD>
+The <CODE>-r</CODE> (<EM>realm</EM>) option is only available if <STRONG>sudo</STRONG> was configured with <STRONG>Kerberos</STRONG> version 5 support. It allows the user to specify a
+<STRONG>Kerberos</STRONG> realm other than the system default to use when authenticating the user via <STRONG>Kerberos</STRONG>.
+
+
<P>
<DT><STRONG><A NAME="item__p">-p
</A></H1>
<STRONG>sudo</STRONG> tries to be safe when executing external commands. Variables that control
how dynamic loading and binding is done can be used to subvert the program
-that <STRONG>sudo</STRONG> runs. To combat this the <CODE>LD_*</CODE>, <CODE>SHLIB_PATH</CODE> (HP-UX only),
-<CODE>LIBPATH</CODE> (AIX only), and <CODE>_RLD_*</CODE> environment variables are removed from the environment passed on to all
-commands executed.
-<STRONG>sudo</STRONG> will also remove the <CODE>IFS</CODE>, <CODE>ENV</CODE>, <CODE>BASH_ENV</CODE>
-and <CODE>KRB_CONF</CODE> variables as they too can pose a threat.
+that <STRONG>sudo</STRONG> runs. To combat this the
+<CODE>LD_*</CODE>, <CODE>_RLD_*</CODE>, <CODE>SHLIB_PATH</CODE> (HP-UX only), and <CODE>LIBPATH</CODE> (AIX only) environment variables are removed from the environment passed on
+to all commands executed. <STRONG>sudo</STRONG> will also remove the <CODE>IFS</CODE>,
+<CODE>ENV</CODE>, <CODE>BASH_ENV</CODE>, <CODE>KRB_CONF</CODE> and <CODE>KRB5_CONFIG</CODE> variables as they too can pose a threat.
<P>
To prevent command spoofing, <STRONG>sudo</STRONG> checks ``.'' and ``'' (both denoting current directory) last when searching
for a command in the user's PATH (if one or both are in the PATH). Note,
-however, that the actual PATH environment variable is <EM>not</EM> modified and is passed unchanged to the program that
-<STRONG>sudo</STRONG> executes.
+however, that the actual PATH environment variable is <EM>not</EM> modified and is passed unchanged to the program that <STRONG>sudo</STRONG> executes.
<P>
-For security reasons, if your OS supports shared libraries,
-<STRONG>sudo</STRONG> should always be statically linked unless the dynamic loader disables
+For security reasons, if your OS supports shared libraries, <STRONG>sudo</STRONG>
+should always be statically linked unless the dynamic loader disables
user-defined library search paths for setuid programs. (Most modern dynamic
loaders do this.)
<STRONG>sudo</STRONG> will check the ownership of its timestamp directory (<EM>/var/run/sudo</EM> or <EM>/tmp/.odus</EM> by default) and ignore the directory's contents if it is not owned by root
and only read, writable, and executable by root. On systems that allow
users to give files away to root (via chown), if the timestamp directory is
-located in a directory writable by anyone (ie: <EM>/tmp</EM>), it is possible for a user to create the timestamp directory before <STRONG>sudo</STRONG> is run. However, because <STRONG>sudo</STRONG> checks the ownership and mode of the directory, the only damage that can be
+located in a directory writable by anyone (ie: <EM>/tmp</EM>), it is possible for a user to create the timestamp directory before <STRONG>sudo</STRONG>
+is run. However, because <STRONG>sudo</STRONG> checks the ownership and mode of the directory, the only damage that can be
done is to ``hide'' files by putting them in the timestamp dir. This is
unlikely to happen since once the timestamp dir is owned by root and
inaccessible by any other user the user placing files there would be unable
<P>
<CODE>sudo</CODE> will not honor timestamp files set far in the future. Timestamp files with
-a date greater than current_time + 2 * <CODE>TIMEOUT</CODE> will be ignored and sudo will log the anomaly. This is done to keep a user
-from creating his/her own timestamp file with a bogus date.
+a date greater than current_time + 2 * <CODE>TIMEOUT</CODE>
+will be ignored and sudo complain about a ``preposterous stampfile date''.
+This is done to keep a user from creating his/her own timestamp file with a
+bogus date.
<P>
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
-''' Revision 1.28 1999/02/01 00:45:02 millert
-''' clarify bad timestamp and fmt
+''' Revision 1.29 1999/02/07 00:47:32 millert
+''' Make it clear that it is the user's password, not root's, that we want.
'''
'''
.de Sh
.nr % 0
.rr F
.\}
-.TH sudo 8 "1.5.8" "26/Jan/99" "MAINTENANCE COMMANDS"
+.TH sudo 8 "1.5.8" "6/Feb/99" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.if n .na
\fBsudo\fR determines who is an authorized user by consulting the
file \fI/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user
can update the time stamp without running a \fIcommand.\fR
-The password prompt itself will also time out if the password is
+The password prompt itself will also time out if the user's password is
not entered with N minutes (again, this is defined at installation
time and defaults to 5 minutes).
.PP
of \fBsudo\fR and a usage message before exiting.
.Ip "-v" 4
If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
-user's timestamp file, prompting for a password if necessary.
+user's timestamp file, prompting for the user's password if necessary.
This extends the \fBsudo\fR timeout to for another N minutes
(where N is defined at installation time and defaults to 5
minutes) but does not run a command.
.Ip "-k" 4
The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR removes the user's timestamp
-file, thus requiring a password the next time \fBsudo\fR is run.
+file, thus requiring the user's password the next time \fBsudo\fR is run.
This option does not require a password and was added to
allow a user to revoke \fBsudo\fR permissions from a .logout file.
.Ip "-b" 4
B<sudo> determines who is an authorized user by consulting the
file I</etc/sudoers>. By giving B<sudo> the C<-v> flag a user
can update the time stamp without running a I<command.>
-The password prompt itself will also time out if the password is
+The password prompt itself will also time out if the user's password is
not entered with N minutes (again, this is defined at installation
time and defaults to 5 minutes).
=item -v
If given the C<-v> (I<validate>) option, B<sudo> will update the
-user's timestamp file, prompting for a password if necessary.
+user's timestamp file, prompting for the user's password if necessary.
This extends the B<sudo> timeout to for another N minutes
(where N is defined at installation time and defaults to 5
minutes) but does not run a command.
=item -k
The C<-k> (I<kill>) option to B<sudo> removes the user's timestamp
-file, thus requiring a password the next time B<sudo> is run.
+file, thus requiring the user's password the next time B<sudo> is run.
This option does not require a password and was added to
allow a user to revoke B<sudo> permissions from a .logout file.
projects / sudo / commitdiff