s\bsu\bud\bdo\bo [-\b-b\bbE\bEH\bHP\bPS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-]
[-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd]
- [V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be] {-\b-i\bi | -\b-s\bs | _\bc_\bo_\bm_\bm_\ba_\bn_\bd}
+ [V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be] [{-\b-i\bi | -\b-s\bs] [<_\bc_\bo_\bm_\bm_\ba_\bn_\bd}]
s\bsu\bud\bdo\boe\bed\bdi\bit\bt [-\b-S\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-]
[-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] file
-1.7 November 21, 2007 1
+1.7 December 10, 2007 1
-1.7 November 21, 2007 2
+1.7 December 10, 2007 2
-1.7 November 21, 2007 3
+1.7 December 10, 2007 3
-h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes s\bsu\bud\bdo\bo to print a
usage message and exit.
- -i The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs
+ -i [command]
+ The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs
the shell specified in the _\bp_\ba_\bs_\bs_\bw_\bd(4) entry of
- the user that the command is being run as.
- The command name argument given to the shell
- begins with a `-' to tell the shell to run as
- a login shell. s\bsu\bud\bdo\bo attempts to change to
- that user's home directory before running the
- shell. It also initializes the environment,
- leaving _\bD_\bI_\bS_\bP_\bL_\bA_\bY and _\bT_\bE_\bR_\bM unchanged, setting
- _\bH_\bO_\bM_\bE, _\bS_\bH_\bE_\bL_\bL, _\bU_\bS_\bE_\bR, _\bL_\bO_\bG_\bN_\bA_\bM_\bE, and _\bP_\bA_\bT_\bH, and
- unsetting all other environment variables.
+ the target user as a login shell. This means
+ that login-specific resource files such as
+ .profile or .login will be read by the shell.
+ If a command is specified, it is passed to the
+ shell for execution. Otherwise, an interac-
+ tive shell is executed. s\bsu\bud\bdo\bo attempts to
+ change to that user's home directory before
+ running the shell. It also initializes the
+ environment, leaving _\bD_\bI_\bS_\bP_\bL_\bA_\bY and _\bT_\bE_\bR_\bM
+ unchanged, setting _\bH_\bO_\bM_\bE, _\bS_\bH_\bE_\bL_\bL, _\bU_\bS_\bE_\bR, _\bL_\bO_\bG_\bN_\bA_\bM_\bE,
+ and _\bP_\bA_\bT_\bH, and unsetting all other environment
+ variables.
-K The -\b-K\bK (sure _\bk_\bi_\bl_\bl) option is like -\b-k\bk except
that it removes the user's timestamp entirely.
1.
-P The -\b-P\bP (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\bg_\br_\bo_\bu_\bp _\bv_\be_\bc_\bt_\bo_\br) option causes
- s\bsu\bud\bdo\bo to preserve the invoking user's group
- vector unaltered. By default, s\bsu\bud\bdo\bo will ini-
- tialize the group vector to the list of groups
- the target user is in. The real and effective
-1.7 November 21, 2007 4
+1.7 December 10, 2007 4
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ s\bsu\bud\bdo\bo to preserve the invoking user's group
+ vector unaltered. By default, s\bsu\bud\bdo\bo will ini-
+ tialize the group vector to the list of groups
+ the target user is in. The real and effective
group IDs, however, are still set to match the
target user.
%% two consecutive % characters are collapsed
into a single % character
+ The prompt specified by the -\b-p\bp option will
+ override the system password prompt on systems
+ that support PAM unless the _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\b-
+ _\br_\bi_\bd_\be flag is disabled in _\bs_\bu_\bd_\bo_\be_\br_\bs.
+
-S The -\b-S\bS (_\bs_\bt_\bd_\bi_\bn) option causes s\bsu\bud\bdo\bo to read the
password from the standard input instead of
the terminal device.
- -s The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified
+ -s [command]
+ The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified
by the _\bS_\bH_\bE_\bL_\bL environment variable if it is set
- or the shell as specified in _\bp_\ba_\bs_\bs_\bw_\bd(4).
+ or the shell as specified in _\bp_\ba_\bs_\bs_\bw_\bd(4). If a
+ command is specified, it is passed to the
+ shell for execution. Otherwise, an interac-
+ tive shell is executed.
-U _\bu_\bs_\be_\br The -\b-U\bU (_\bo_\bt_\bh_\be_\br _\bu_\bs_\be_\br) option is used in conjunc-
tion with the -\b-l\bl option to specify the user
-u _\bu_\bs_\be_\br The -\b-u\bu (_\bu_\bs_\be_\br) option causes s\bsu\bud\bdo\bo to run the
specified command as a user other than _\br_\bo_\bo_\bt.
To specify a _\bu_\bi_\bd instead of a _\bu_\bs_\be_\br _\bn_\ba_\bm_\be, use
+
+
+
+1.7 December 10, 2007 5
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
_\b#_\bu_\bi_\bd. When running commands as a _\bu_\bi_\bd, many
shells require that the '#' be escaped with a
backslash ('\'). Note that if the _\bt_\ba_\br_\bg_\be_\bt_\bp_\bw
with as well as the machine's local network
addresses.
-
-
-1.7 November 21, 2007 5
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
-v If given the -\b-v\bv (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bsu\bud\bdo\bo will
update the user's timestamp, prompting for the
user's password if necessary. This extends
and one of the directories in your PATH is on a machine
that is currently unreachable.
+
+
+
+1.7 December 10, 2007 6
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
S\bSE\bEC\bCU\bUR\bRI\bIT\bTY\bY N\bNO\bOT\bTE\bES\bS
s\bsu\bud\bdo\bo tries to be safe when executing external commands.
If, however, the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is disabled in _\bs_\bu_\bd_\bo_\be_\br_\bs,
any variables not explicitly denied by the _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and
-
-
-
-1.7 November 21, 2007 6
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
_\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be options are inherited from the invoking pro-
cess. In this case, _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and _\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be behave like
a blacklist. Since it is not possible to blacklist all
its contents, the only damage that can be done is to
"hide" files by putting them in the timestamp dir. This
is unlikely to happen since once the timestamp dir is
+
+
+
+1.7 December 10, 2007 7
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
owned by root and inaccessible by any other user, the user
placing files there would be unable to get them back out.
To get around this issue you can use a directory that is
timestamp with a bogus date on systems that allow users to
give away files.
-
-
-1.7 November 21, 2007 7
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
Please note that s\bsu\bud\bdo\bo will normally only log the command
it explicitly runs. If a user runs a command such as sudo
su or sudo sh, subsequent commands run from that shell
sudo
SUDO_GID Set to the gid of the user who invoked
- sudo
- SUDO_PS1 If set, PS1 will be set to its value
- USER Set to the target user (root unless the -\b-u\bu
- option is specified)
- VISUAL Default editor to use in -\b-e\be (sudoedit)
- mode
+1.7 December 10, 2007 8
-F\bFI\bIL\bLE\bES\bS
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
- _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo Directory containing timestamps
-
-1.7 November 21, 2007 8
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ sudo
+ SUDO_PS1 If set, PS1 will be set to its value
+ USER Set to the target user (root unless the -\b-u\bu
+ option is specified)
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ VISUAL Default editor to use in -\b-e\be (sudoedit)
+ mode
+F\bFI\bIL\bLE\bES\bS
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
+ _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo Directory containing timestamps
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
Note: the following examples assume suitable _\bs_\bu_\bd_\bo_\be_\br_\bs(4)
See the HISTORY file in the s\bsu\bud\bdo\bo distribution or visit
http://www.sudo.ws/sudo/history.html for a short history
+
+
+
+1.7 December 10, 2007 9
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
of s\bsu\bud\bdo\bo.
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
It is not meaningful to run the cd command directly via
sudo, e.g.,
-
-
-
-1.7 November 21, 2007 9
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
$ sudo cd /usr/local/protected
since when the command exits the parent process (your
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.7 November 21, 2007 10
+1.7 December 10, 2007 10
-1.7 November 21, 2007 1
+1.7 December 10, 2007 1
-1.7 November 21, 2007 2
+1.7 December 10, 2007 2
-1.7 November 21, 2007 3
+1.7 December 10, 2007 3
-1.7 November 21, 2007 4
+1.7 December 10, 2007 4
-1.7 November 21, 2007 5
+1.7 December 10, 2007 5
-1.7 November 21, 2007 6
+1.7 December 10, 2007 6
-1.7 November 21, 2007 7
+1.7 December 10, 2007 7
-1.7 November 21, 2007 8
+1.7 December 10, 2007 8
-1.7 November 21, 2007 9
+1.7 December 10, 2007 9
-1.7 November 21, 2007 10
+1.7 December 10, 2007 10
-1.7 November 21, 2007 11
+1.7 December 10, 2007 11
they are not allowed to run it, which can
be confusing. This flag is _\bo_\bn by default.
+ passprompt_override
+ The password prompt specified by
+ _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will normally only be used if
+ the passwod prompt provided by systems
+ such as PAM matches the string "Pass-
+ word:". If _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be is set,
+ _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will always be used. This flag
+ is _\bo_\bf_\bf by default.
+
preserve_groups By default s\bsu\bud\bdo\bo will initialize the group
vector to the list of groups the target
user is in. When _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set,
root_sudo If set, root is allowed to run s\bsu\bud\bdo\bo too.
Disabling this prevents users from "chain-
ing" s\bsu\bud\bdo\bo commands to get a root shell by
- doing something like "sudo sudo /bin/sh".
- Note, however, that turning off _\br_\bo_\bo_\bt_\b__\bs_\bu_\bd_\bo
- will also prevent root and from running
- s\bsu\bud\bdo\boe\bed\bdi\bit\bt. Disabling _\br_\bo_\bo_\bt_\b__\bs_\bu_\bd_\bo provides no
- real additional security; it exists purely
- for historical reasons. This flag is _\bo_\bn
- by default.
-
- rootpw If set, s\bsu\bud\bdo\bo will prompt for the root
-1.7 November 21, 2007 12
+1.7 December 10, 2007 12
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ doing something like "sudo sudo /bin/sh".
+ Note, however, that turning off _\br_\bo_\bo_\bt_\b__\bs_\bu_\bd_\bo
+ will also prevent root and from running
+ s\bsu\bud\bdo\boe\bed\bdi\bit\bt. Disabling _\br_\bo_\bo_\bt_\b__\bs_\bu_\bd_\bo provides no
+ real additional security; it exists purely
+ for historical reasons. This flag is _\bo_\bn
+ by default.
+
+ rootpw If set, s\bsu\bud\bdo\bo will prompt for the root
password instead of the password of the
invoking user. This flag is _\bo_\bf_\bf by
default.
shell_noargs If set and s\bsu\bud\bdo\bo is invoked with no argu-
ments it acts as if the -\b-s\bs flag had been
- given. That is, it runs a shell as root
- (the shell is determined by the SHELL
- environment variable if it is set, falling
- back on the shell listed in the invoking
- user's /etc/passwd entry if not). This
- flag is _\bo_\bf_\bf by default.
-
- stay_setuid Normally, when s\bsu\bud\bdo\bo executes a command the
- real and effective UIDs are set to the
-1.7 November 21, 2007 13
+1.7 December 10, 2007 13
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ given. That is, it runs a shell as root
+ (the shell is determined by the SHELL
+ environment variable if it is set, falling
+ back on the shell listed in the invoking
+ user's /etc/passwd entry if not). This
+ flag is _\bo_\bf_\bf by default.
+
+ stay_setuid Normally, when s\bsu\bud\bdo\bo executes a command the
+ real and effective UIDs are set to the
target user (root by default). This
option changes that behavior such that the
real UID is left as the invoking user's
to start closing. The default is 3.
passwd_tries The number of tries a user gets to enter
- his/her password before s\bsu\bud\bdo\bo logs the
- failure and exits. The default is 3.
- I\bIn\bnt\bte\beg\bge\ber\brs\bs t\bth\bha\bat\bt c\bca\ban\bn b\bbe\be u\bus\bse\bed\bd i\bin\bn a\ba b\bbo\boo\bol\ble\bea\ban\bn c\bco\bon\bnt\bte\bex\bxt\bt:
- loglinelen Number of characters per line for the file
- log. This value is used to decide when to
- wrap lines for nicer log files. This has
- no effect on the syslog log file, only the
+1.7 December 10, 2007 14
-1.7 November 21, 2007 14
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ his/her password before s\bsu\bud\bdo\bo logs the
+ failure and exits. The default is 3.
+ I\bIn\bnt\bte\beg\bge\ber\brs\bs t\bth\bha\bat\bt c\bca\ban\bn b\bbe\be u\bus\bse\bed\bd i\bin\bn a\ba b\bbo\boo\bol\ble\bea\ban\bn c\bco\bon\bnt\bte\bex\bxt\bt:
+ loglinelen Number of characters per line for the file
+ log. This value is used to decide when to
+ wrap lines for nicer log files. This has
+ no effect on the syslog log file, only the
file log. The default is 80 (use 0 or
negate the option to disable word wrap).
SECURITY information for %h ***.
noexec_file Path to a shared library containing dummy
- versions of the _\be_\bx_\be_\bc_\bv_\b(_\b), _\be_\bx_\be_\bc_\bv_\be_\b(_\b) and _\bf_\be_\bx_\b-
- _\be_\bc_\bv_\be_\b(_\b) library functions that just return
- an error. This is used to implement the
- _\bn_\bo_\be_\bx_\be_\bc functionality on systems that sup-
- port LD_PRELOAD or its equivalent.
- Defaults to
- _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo_\b__\bn_\bo_\be_\bx_\be_\bc_\b._\bs_\bo.
-
- passprompt The default prompt to use when asking for
- a password; can be overridden via the -\b-p\bp
+ versions of the _\be_\bx_\be_\bc_\bv_\b(_\b), _\be_\bx_\be_\bc_\bv_\be_\b(_\b) and
-1.7 November 21, 2007 15
+1.7 December 10, 2007 15
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ _\bf_\be_\bx_\be_\bc_\bv_\be_\b(_\b) library functions that just
+ return an error. This is used to imple-
+ ment the _\bn_\bo_\be_\bx_\be_\bc functionality on systems
+ that support LD_PRELOAD or its equivalent.
+ Defaults to
+ _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo_\b__\bn_\bo_\be_\bx_\be_\bc_\b._\bs_\bo.
+
+ passprompt The default prompt to use when asking for
+ a password; can be overridden via the -\b-p\bp
option or the SUDO_PROMPT environment
variable. The following percent (`%')
escapes are supported:
S\bSt\btr\bri\bin\bng\bgs\bs t\bth\bha\bat\bt c\bca\ban\bn b\bbe\be u\bus\bse\bed\bd i\bin\bn a\ba b\bbo\boo\bol\ble\bea\ban\bn c\bco\bon\bnt\bte\bex\bxt\bt:
- exempt_group
- Users in this group are exempt from password
- and PATH requirements. This is not set by
- default.
- lecture This option controls when a short lecture will
- be printed along with the password prompt. It
- has the following possible values:
+1.7 December 10, 2007 16
-1.7 November 21, 2007 16
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ exempt_group
+ Users in this group are exempt from password
+ and PATH requirements. This is not set by
+ default.
+ lecture This option controls when a short lecture will
+ be printed along with the password prompt. It
+ has the following possible values:
always Always lecture the user.
logfile Path to the s\bsu\bud\bdo\bo log file (not the syslog log
file). Setting a path turns on logging to a
file; negating this option turns it off. By
- default, s\bsu\bud\bdo\bo logs via syslog.
- mailerflags Flags to use when invoking mailer. Defaults to
- -\b-t\bt.
- mailerpath Path to mail program used to send warning
- mail. Defaults to the path to sendmail found
- at configure time.
+1.7 December 10, 2007 17
-1.7 November 21, 2007 17
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ default, s\bsu\bud\bdo\bo logs via syslog.
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ mailerflags Flags to use when invoking mailer. Defaults to
+ -\b-t\bt.
+ mailerpath Path to mail program used to send warning
+ mail. Defaults to the path to sendmail found
+ at configure time.
mailto Address to send warning and error mail to.
The address should be enclosed in double
L\bLi\bis\bst\bts\bs t\bth\bha\bat\bt c\bca\ban\bn b\bbe\be u\bus\bse\bed\bd i\bin\bn a\ba b\bbo\boo\bol\ble\bea\ban\bn c\bco\bon\bnt\bte\bex\bxt\bt:
env_check Environment variables to be removed from
- the user's environment if the variable's
- value contains % or / characters. This
- can be used to guard against printf-style
- format vulnerabilities in poorly-written
- programs. The argument may be a dou-
- ble-quoted, space-separated list or a sin-
- gle value without double-quotes. The list
- can be replaced, added to, deleted from,
- or disabled by using the =, +=, -=, and !
-1.7 November 21, 2007 18
+1.7 December 10, 2007 18
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ the user's environment if the variable's
+ value contains % or / characters. This
+ can be used to guard against printf-style
+ format vulnerabilities in poorly-written
+ programs. The argument may be a dou-
+ ble-quoted, space-separated list or a sin-
+ gle value without double-quotes. The list
+ can be replaced, added to, deleted from,
+ or disabled by using the =, +=, -=, and !
operators respectively. Regardless of
whether the env_reset option is enabled or
disabled, variables specified by env_check
supported: a\bal\ble\ber\brt\bt, c\bcr\bri\bit\bt, d\bde\beb\bbu\bug\bg, e\bem\bme\ber\brg\bg, e\ber\brr\br, i\bin\bnf\bfo\bo, n\bno\bot\bti\bic\bce\be,
and w\bwa\bar\brn\bni\bin\bng\bg.
-F\bFI\bIL\bLE\bES\bS
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
- _\b/_\be_\bt_\bc_\b/_\bg_\br_\bo_\bu_\bp Local groups file
- _\b/_\be_\bt_\bc_\b/_\bn_\be_\bt_\bg_\br_\bo_\bu_\bp List of network groups
-E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
- Below are example _\bs_\bu_\bd_\bo_\be_\br_\bs entries. Admittedly, some of
- these are a bit contrived. First, we define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
+1.7 December 10, 2007 19
-1.7 November 21, 2007 19
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+F\bFI\bIL\bLE\bES\bS
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
+ _\b/_\be_\bt_\bc_\b/_\bg_\br_\bo_\bu_\bp Local groups file
+ _\b/_\be_\bt_\bc_\b/_\bn_\be_\bt_\bg_\br_\bo_\bu_\bp List of network groups
+E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
+ Below are example _\bs_\bu_\bd_\bo_\be_\br_\bs entries. Admittedly, some of
+ these are a bit contrived. First, we define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
disable shell escapes for the commands in the PAGERS
Cmnd_Alias (_\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be, _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bp_\bg and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\be_\bs_\bs).
- # Override built-in defaults
- Defaults syslog=auth
- Defaults>root !set_logname
- Defaults:FULLTIMERS !lecture
- Defaults:millert !authenticate
- Defaults@SERVERS log_year, logfile=/var/log/sudo.log
- Defaults!PAGERS noexec
-
-
-1.7 November 21, 2007 20
+1.7 December 10, 2007 20
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ # Override built-in defaults
+ Defaults syslog=auth
+ Defaults>root !set_logname
+ Defaults:FULLTIMERS !lecture
+ Defaults:millert !authenticate
+ Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+ Defaults!PAGERS noexec
+
The _\bU_\bs_\be_\br _\bs_\bp_\be_\bc_\bi_\bf_\bi_\bc_\ba_\bt_\bi_\bo_\bn is the part that actually deter-
mines who may run what.
The user j\bjo\boe\be may only _\bs_\bu(1) to operator.
- pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
- The user p\bpe\bet\bte\be is allowed to change anyone's password
- except for root on the _\bH_\bP_\bP_\bA machines. Note that this
- assumes _\bp_\ba_\bs_\bs_\bw_\bd(1) does not take multiple usernames on the
- command line.
- bob SPARC = (OP) ALL : SGI = (OP) ALL
+1.7 December 10, 2007 21
-1.7 November 21, 2007 21
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
+ The user p\bpe\bet\bte\be is allowed to change anyone's password
+ except for root on the _\bH_\bP_\bP_\bA machines. Note that this
+ assumes _\bp_\ba_\bs_\bs_\bw_\bd(1) does not take multiple usernames on the
+ command line.
+
+ bob SPARC = (OP) ALL : SGI = (OP) ALL
The user b\bbo\bob\bb may run anything on the _\bS_\bP_\bA_\bR_\bC and _\bS_\bG_\bI
machines as any user listed in the _\bO_\bP Runas_Alias (r\bro\boo\bot\bt
matt valkyrie = KILL
- On his personal workstation, valkyrie, m\bma\bat\btt\bt needs to be
- able to kill hung processes.
- WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
- On the host www, any user in the _\bW_\bE_\bB_\bM_\bA_\bS_\bT_\bE_\bR_\bS User_Alias
- (will, wendy, and wim), may run any command as user www
- (which owns the web pages) or simply _\bs_\bu(1) to www.
+1.7 December 10, 2007 22
-1.7 November 21, 2007 22
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ On his personal workstation, valkyrie, m\bma\bat\btt\bt needs to be
+ able to kill hung processes.
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
+ On the host www, any user in the _\bW_\bE_\bB_\bM_\bA_\bS_\bT_\bE_\bR_\bS User_Alias
+ (will, wendy, and wim), may run any command as user www
+ (which owns the web pages) or simply _\bs_\bu(1) to www.
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
grams that do not if often unworkable.
noexec Many systems that support shared libraries have
- the ability to override default library func-
- tions by pointing an environment variable (usu-
- ally LD_PRELOAD) to an alternate shared library.
- On such systems, s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality can
- be used to prevent a program run by s\bsu\bud\bdo\bo from
- executing any other programs. Note, however,
- that this applies only to native dynamically-
- linked executables. Statically-linked executa-
- bles and foreign executables running under
-1.7 November 21, 2007 23
+1.7 December 10, 2007 23
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ the ability to override default library func-
+ tions by pointing an environment variable (usu-
+ ally LD_PRELOAD) to an alternate shared library.
+ On such systems, s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality can
+ be used to prevent a program run by s\bsu\bud\bdo\bo from
+ executing any other programs. Note, however,
+ that this applies only to native dynamically-
+ linked executables. Statically-linked executa-
+ bles and foreign executables running under
binary emulation are not affected.
To tell whether or not s\bsu\bud\bdo\bo supports _\bn_\bo_\be_\bx_\be_\bc, you
Note that restricting shell escapes is not a panacea.
Programs running as root are still capable of many poten-
tially hazardous operations (such as changing or overwrit-
- ing files) that could lead to unintended privilege escala-
- tion. In the specific case of an editor, a safer approach
- is to give the user permission to run s\bsu\bud\bdo\boe\bed\bdi\bit\bt.
+ ing files) that could lead to unintended privilege
-S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\br_\bs_\bh(1), _\bs_\bu(1), _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3), _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bs_\bu_\bd_\bo(8)
-C\bCA\bAV\bVE\bEA\bAT\bTS\bS
- The _\bs_\bu_\bd_\bo_\be_\br_\bs file should a\bal\blw\bwa\bay\bys\bs be edited by the v\bvi\bis\bsu\bud\bdo\bo
- command which locks the file and does grammatical
+1.7 December 10, 2007 24
-1.7 November 21, 2007 24
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ escalation. In the specific case of an editor, a safer
+ approach is to give the user permission to run s\bsu\bud\bdo\boe\bed\bdi\bit\bt.
+S\bSE\bEE\bE A\bAL\bLS\bSO\bO
+ _\br_\bs_\bh(1), _\bs_\bu(1), _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3), _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bs_\bu_\bd_\bo(8)
- checking. It is imperative that _\bs_\bu_\bd_\bo_\be_\br_\bs be free of syntax
+C\bCA\bAV\bVE\bEA\bAT\bTS\bS
+ The _\bs_\bu_\bd_\bo_\be_\br_\bs file should a\bal\blw\bwa\bay\bys\bs be edited by the v\bvi\bis\bsu\bud\bdo\bo
+ command which locks the file and does grammatical check-
+ ing. It is imperative that _\bs_\bu_\bd_\bo_\be_\br_\bs be free of syntax
errors since s\bsu\bud\bdo\bo will not run with a syntactically incor-
rect _\bs_\bu_\bd_\bo_\be_\br_\bs file.
-
-
-
-
-
-
-
-
-
-1.7 November 21, 2007 25
+1.7 December 10, 2007 25
projects / sudo / commitdiff