-1.8.0b3 January 28, 2011 1
+1.8.0b3 February 3, 2011 1
-1.8.0b3 January 28, 2011 2
+1.8.0b3 February 3, 2011 2
-1.8.0b3 January 28, 2011 3
+1.8.0b3 February 3, 2011 3
-1.8.0b3 January 28, 2011 4
+1.8.0b3 February 3, 2011 4
-1.8.0b3 January 28, 2011 5
+1.8.0b3 February 3, 2011 5
-1.8.0b3 January 28, 2011 6
+1.8.0b3 February 3, 2011 6
The user d\bdg\bgb\bb may run _\b/_\bb_\bi_\bn_\b/_\bl_\bs, _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl, and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm -- but only
as o\bop\bpe\ber\bra\bat\bto\bor\br. E.g.,
- $ sudo -u operator /bin/ls.
+ $ sudo -u operator /bin/ls
It is also possible to override a Runas_Spec later on in an entry. If
we modify the entry like so:
dgb boulder = (operator : operator) /bin/ls, (root) /bin/kill, \
/usr/bin/lprm
- In the following example, user t\btc\bcm\bm may run commands that access a modem
- device file with the dialer group. Note that in this example only the
- group will be set, the command still runs as user t\btc\bcm\bm.
+ Note that while the group portion of the Runas_Spec permits the user to
+ run as command with that group, it does not force the user to do so.
+ If no group is specified on the command line, the command will run with
-1.8.0b3 January 28, 2011 7
+1.8.0b3 February 3, 2011 7
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ the group listed in the target user's password database entry. The
+ following would all be permitted by the sudoers entry above:
+
+ $ sudo -u operator /bin/ls
+ $ sudo -u operator -g operator /bin/ls
+ $ sudo -g operator /bin/ls
+
+ In the following example, user t\btc\bcm\bm may run commands that access a modem
+ device file with the dialer group.
+
tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu, \
/usr/local/bin/minicom
+ Note that in this example only the group will be set, the command still
+ runs as user t\btc\bcm\bm. E.g.
+
+ $ sudo -g dialer /usr/bin/cu
+
+ Multiple users and groups may be present in a Runas_Spec, in which case
+ the user may select any combination of users and groups via the -\b-u\bu and
+ -\b-g\bg options. In this example:
+
+ alan ALL = (root, bin : operator, system) ALL
+
+ user a\bal\bla\ban\bn may run any command as either user root or bin, optionally
+ setting the group to operator or system.
+
S\bSE\bEL\bLi\bin\bnu\bux\bx_\b_S\bSp\bpe\bec\bc
On systems with SELinux support, _\bs_\bu_\bd_\bo_\be_\br_\bs entries may optionally have an
SELinux role and/or type associated with a command. If a role or type
would allow the user r\bra\bay\by to run _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl, _\b/_\bb_\bi_\bn_\b/_\bl_\bs, and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm
as r\bro\boo\bot\bt on the machine rushmore without authenticating himself. If we
+
+
+
+1.8.0b3 February 3, 2011 8
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
only want r\bra\bay\by to be able to run _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl without a password the entry
would be:
In the following example, user a\baa\bar\bro\bon\bn may run _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be and
_\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bv_\bi but shell escapes will be disabled.
-
-
-
-1.8.0b3 January 28, 2011 8
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
See the "PREVENTING SHELL ESCAPES" section below for more details on
basis. For more information, see the description of _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt in the
"SUDOERS OPTIONS" section below.
+
+
+
+
+1.8.0b3 February 3, 2011 9
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
W\bWi\bil\bld\bdc\bca\bar\brd\bds\bs
s\bsu\bud\bdo\bo allows shell-style _\bw_\bi_\bl_\bd_\bc_\ba_\br_\bd_\bs (aka meta or glob characters) to be
used in host names, path names and command line arguments in the
Would match any file name beginning with a letter.
-
-
-
-1.8.0b3 January 28, 2011 9
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
Note that a forward slash ('/') will n\bno\bot\bt be matched by wildcards used
in the path name. When matching the command line arguments, however, a
slash d\bdo\boe\bes\bs get matched by wildcards. This is to make a path like:
#include /etc/sudoers.local
When s\bsu\bud\bdo\bo reaches this line it will suspend processing of the current
+
+
+
+1.8.0b3 February 3, 2011 10
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
file (_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs) and switch to _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bl_\bo_\bc_\ba_\bl. Upon reaching
the end of _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bl_\bo_\bc_\ba_\bl, the rest of _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs will be
processed. Files that are included may themselves include other files.
sorted lexical order. That is, _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bd_\b/_\b0_\b1_\b__\bf_\bi_\br_\bs_\bt will be parsed
before _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bd_\b/_\b1_\b0_\b__\bs_\be_\bc_\bo_\bn_\bd. Be aware that because the sorting is
lexical, not numeric, _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bd_\b/_\b1_\b__\bw_\bh_\bo_\bo_\bp_\bs would be loaded a\baf\bft\bte\ber\br
-
-
-
-1.8.0b3 January 28, 2011 10
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bd_\b/_\b1_\b0_\b__\bs_\be_\bc_\bo_\bn_\bd. Using a consistent number of leading zeroes
in the file names can be used to avoid such problems.
ALL alias to allow a user to run "all but a few" commands rarely works
as intended (see SECURITY NOTES below).
+
+
+
+1.8.0b3 February 3, 2011 11
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
Long lines can be continued with a backslash ('\') as the last
character on the line.
enabled, so _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be is only effective for
configurations where either _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is disabled or
HOME is present in the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list. This flag is _\bo_\bf_\bf
-
-
-
-1.8.0b3 January 28, 2011 11
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
by default.
authenticate If set, users must authenticate themselves via a
use the EDITOR or VISUAL if they match a value
specified in editor. This flag is _\bo_\bf_\bf by default.
+
+
+
+1.8.0b3 February 3, 2011 12
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
env_reset If set, s\bsu\bud\bdo\bo will reset the environment to only contain
the LOGNAME, MAIL, SHELL, USER, USERNAME and the SUDO_*
variables. Any variables in the caller's environment
the negation operator, '!', as such rules can be
trivially bypassed. As such, this option should not be
used when _\bs_\bu_\bd_\bo_\be_\br_\bs contains rules that contain negated
-
-
-
-1.8.0b3 January 28, 2011 12
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
path names which include globbing characters. This
flag is _\bo_\bf_\bf by default.
prevent the usage of local sudoers files so that only
LDAP is used. This thwarts the efforts of rogue
operators who would attempt to add roles to
+
+
+
+1.8.0b3 February 3, 2011 13
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. When this option is present,
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs does not even need to exist. Since this
option tells s\bsu\bud\bdo\bo how to behave when no specific LDAP
mail_always Send mail to the _\bm_\ba_\bi_\bl_\bt_\bo user every time a users runs
s\bsu\bud\bdo\bo. This flag is _\bo_\bf_\bf by default.
-
-
-1.8.0b3 January 28, 2011 13
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
mail_badpass Send mail to the _\bm_\ba_\bi_\bl_\bt_\bo user if the user running s\bsu\bud\bdo\bo
does not enter the correct password. This flag is _\bo_\bf_\bf
by default.
path_info Normally, s\bsu\bud\bdo\bo will tell the user when a command could
not be found in their PATH environment variable. Some
sites may wish to disable this as it could be used to
+
+
+
+1.8.0b3 February 3, 2011 14
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
gather information on the location of executables that
the normal user does not have access to. The
disadvantage is that if the executable is simply not in
the return (or enter) key. Some users become confused
by this as it appears to them that s\bsu\bud\bdo\bo has hung at
this point. When _\bp_\bw_\bf_\be_\be_\bd_\bb_\ba_\bc_\bk is set, s\bsu\bud\bdo\bo will provide
-
-
-
-1.8.0b3 January 28, 2011 14
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
visual feedback when the user presses a key. Note that
this does have a security impact as an onlooker may be
able to determine the length of the password being
instead of the password of the invoking user. This
flag is _\bo_\bf_\bf by default.
+
+
+1.8.0b3 February 3, 2011 15
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
set_home If enabled and s\bsu\bud\bdo\bo is invoked with the -\b-s\bs option the
HOME environment variable will be set to the home
directory of the target user (which is root unless the
command line via the -\b-E\bE option. Additionally,
environment variables set via the command line are not
subject to the restrictions imposed by _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk,
-
-
-
-1.8.0b3 January 28, 2011 15
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
_\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be, or _\be_\bn_\bv_\b__\bk_\be_\be_\bp. As such, only trusted users
should be allowed to set variables in this manner.
This flag is _\bo_\bf_\bf by default.
not listed in the passwd database as an argument to the
-\b-u\bu option. This flag is _\bo_\bf_\bf by default.
+
+
+1.8.0b3 February 3, 2011 16
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
log_input If set, s\bsu\bud\bdo\bo will run the command in a _\bp_\bs_\be_\bu_\bd_\bo _\bt_\bt_\by and
log all user input. If the standard input is not
connected to the user's tty, due to I/O redirection or
Output logs may be viewed with the _\bs_\bu_\bd_\bo_\br_\be_\bp_\bl_\ba_\by(1m)
utility, which can also be used to list or search the
-
-
-
-1.8.0b3 January 28, 2011 16
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
available logs.
tty_tickets If set, users must authenticate on a per-tty basis.
visiblepw By default, s\bsu\bud\bdo\bo will refuse to run if the user must
enter a password but it is not possible to disable echo
+
+
+
+1.8.0b3 February 3, 2011 17
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
on the terminal. If the _\bv_\bi_\bs_\bi_\bb_\bl_\be_\bp_\bw flag is set, s\bsu\bud\bdo\bo
will prompt for a password even when it would be
visible on the screen. This makes it possible to run
loglinelen Number of characters per line for the file log. This
value is used to decide when to wrap lines for nicer
log files. This has no effect on the syslog log file,
-
-
-
-1.8.0b3 January 28, 2011 17
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
only the file log. The default is 80 (use 0 or negate
the option to disable word wrap).
S\bSt\btr\bri\bin\bng\bgs\bs:
+
+
+1.8.0b3 February 3, 2011 18
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
badpass_message Message that is displayed if a user enters an incorrect
password. The default is Sorry, try again. unless
insults are enabled.
%{seq}
expanded to a monotonically increasing base-36
-
-
-
-1.8.0b3 January 28, 2011 18
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
sequence number, such as 0100A5, where every two
digits are used to form a new directory, e.g.
_\b0_\b1_\b/_\b0_\b0_\b/_\bA_\b5
Path names that end in six or more Xs will have the Xs
replaced with a unique combination of digits and
- letters, similar to the _\bm_\bk_\bt_\be_\bm_\bp_\b(_\b) function.
- iolog_file The path name, relative to _\bi_\bo_\bl_\bo_\bg_\b__\bd_\bi_\br, in which to store
- input/output logs when the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt or _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt
- options are enabled or when the LOG_INPUT or LOG_OUTPUT
- tags are present for a command. Note that _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be
- may contain directory components. The default is
- "%{seq}".
+
+
+1.8.0b3 February 3, 2011 19
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
+ letters, similar to the _\bm_\bk_\bt_\be_\bm_\bp_\b(_\b) function.
+
+ iolog_file The path name, relative to _\bi_\bo_\bl_\bo_\bg_\b__\bd_\bi_\br, in which to store
+ input/output logs when the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt or _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt
+ options are enabled or when the LOG_INPUT or LOG_OUTPUT
+ tags are present for a command. Note that _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be
+ may contain directory components. The default is
+ "%{seq}".
See the _\bi_\bo_\bl_\bo_\bg_\b__\bd_\bi_\br option above for a list of supported
percent (`%') escape sequences.
LD_PRELOAD or its equivalent. Defaults to
_\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo_\b__\bn_\bo_\be_\bx_\be_\bc_\b._\bs_\bo.
-
-
-
-1.8.0b3 January 28, 2011 19
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
passprompt The default prompt to use when asking for a password;
can be overridden via the -\b-p\bp option or the SUDO_PROMPT
environment variable. The following percent (`%')
via command line options. This option is only
available whe s\bsu\bud\bdo\bo is built with SELinux support.
+
+
+1.8.0b3 February 3, 2011 20
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
runas_default The default user to run commands as if the -\b-u\bu option is
not specified on the command line. This defaults to
root. Note that if _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt is set it m\bmu\bus\bst\bt occur
timestampowner The owner of the timestamp directory and the timestamps
stored therein. The default is root.
-
-
-
-1.8.0b3 January 28, 2011 20
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
type The default SELinux type to use when constructing a new
security context to run the command. The default type
may be overridden on a per-command basis in _\bs_\bu_\bd_\bo_\be_\br_\bs or
group_plugin
A string containing a _\bs_\bu_\bd_\bo_\be_\br_\bs group plugin with optional
+
+
+
+1.8.0b3 February 3, 2011 21
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
arguments. This can be used to implement support for the
nonunix_group syntax described earlier. The string should
consist of the plugin path, either fully-qualified or
always Always lecture the user.
-
-
-
-1.8.0b3 January 28, 2011 21
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
never Never lecture the user.
once Only lecture the user the first time they run s\bsu\bud\bdo\bo.
option.
If no value is specified, a value of _\ba_\bn_\by is implied.
+
+
+
+1.8.0b3 February 3, 2011 22
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
Negating the option results in a value of _\bn_\be_\bv_\be_\br being used.
The default value is _\ba_\bn_\by.
s\bsu\bud\bdo\bo interpreting the @ sign. Defaults to root.
secure_path Path used for every command run from s\bsu\bud\bdo\bo. If you don't
-
-
-
-1.8.0b3 January 28, 2011 22
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
trust the people running s\bsu\bud\bdo\bo to have a sane PATH
environment variable you may want to use this. Another use
is if you want to have the "root path" be separate from the
Negating the option results in a value of _\bn_\be_\bv_\be_\br being used.
The default value is _\ba_\bl_\bl.
+
+
+
+1.8.0b3 February 3, 2011 23
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
L\bLi\bis\bst\bts\bs t\bth\bha\bat\bt c\bca\ban\bn b\bbe\be u\bus\bse\bed\bd i\bin\bn a\ba b\bbo\boo\bol\ble\bea\ban\bn c\bco\bon\bnt\bte\bex\bxt\bt:
env_check Environment variables to be removed from the user's
The argument may be a double-quoted, space-separated
list or a single value without double-quotes. The list
can be replaced, added to, deleted from, or disabled by
-
-
-
-1.8.0b3 January 28, 2011 23
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
using the =, +=, -=, and ! operators respectively. The
default list of environment variables to remove is
displayed when s\bsu\bud\bdo\bo is run by root with the _\b-_\bV option.
_\b/_\be_\bt_\bc_\b/_\bn_\be_\bt_\bg_\br_\bo_\bu_\bp List of network groups
+
+
+
+1.8.0b3 February 3, 2011 24
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
_\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo I/O log files
_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo Directory containing time stamps for the
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
-
-
-1.8.0b3 January 28, 2011 24
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
-
# Runas alias specification
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Here we override some of the compiled in default values. We want s\bsu\bud\bdo\bo
to log via _\bs_\by_\bs_\bl_\bo_\bg(3) using the _\ba_\bu_\bt_\bh facility in all cases. We don't
+
+
+
+1.8.0b3 February 3, 2011 25
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
want to subject the full time staff to the s\bsu\bud\bdo\bo lecture, user m\bmi\bil\bll\ble\ber\brt\bt
need not give a password, and we don't want to reset the LOGNAME, USER
or USERNAME environment variables when running commands as root.
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
-
-
-1.8.0b3 January 28, 2011 25
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
We let r\bro\boo\bot\bt and any user in group w\bwh\bhe\bee\bel\bl run any command on any host as
any user.
sudoedit /etc/printcap, /usr/oper/bin/
The o\bop\bpe\ber\bra\bat\bto\bor\br user may run commands limited to simple maintenance.
+
+
+
+1.8.0b3 February 3, 2011 26
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
Here, those are commands related to backups, killing processes, the
printing system, shutting down the system, and any commands in the
directory _\b/_\bu_\bs_\br_\b/_\bo_\bp_\be_\br_\b/_\bb_\bi_\bn_\b/.
The user b\bbo\bob\bb may run anything on the _\bS_\bP_\bA_\bR_\bC and _\bS_\bG_\bI machines as any user
listed in the _\bO_\bP Runas_Alias (r\bro\boo\bot\bt and o\bop\bpe\ber\bra\bat\bto\bor\br).
-
-
-1.8.0b3 January 28, 2011 26
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
jim +biglab = ALL
The user j\bji\bim\bm may run any command on machines in the _\bb_\bi_\bg_\bl_\ba_\bb netgroup.
For any machine in the _\bS_\bE_\bR_\bV_\bE_\bR_\bS Host_Alias, j\bji\bil\bll\bl may run any commands in
the directory _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/ except for those commands belonging to the _\bS_\bU
+
+
+
+1.8.0b3 February 3, 2011 27
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
and _\bS_\bH_\bE_\bL_\bL_\bS Cmnd_Aliases.
steve CSNETS = (operator) /usr/local/op_commands/
Any user may mount or unmount a CD-ROM on the machines in the CDROM
Host_Alias (orion, perseus, hercules) without entering a password.
This is a bit tedious for users to type, so it is a prime candidate for
-
-
-
-1.8.0b3 January 28, 2011 27
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
encapsulating in a shell script.
S\bSE\bEC\bCU\bUR\bRI\bIT\bTY\bY N\bNO\bOT\bTE\bES\bS
User j\bjo\boh\bhn\bn can still run /usr/bin/passwd root if _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb is enabled by
changing to _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn and running ./passwd root instead.
+
+
+1.8.0b3 February 3, 2011 28
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
P\bPR\bRE\bEV\bVE\bEN\bNT\bTI\bIN\bNG\bG S\bSH\bHE\bEL\bLL\bL E\bES\bSC\bCA\bAP\bPE\bES\bS
Once s\bsu\bud\bdo\bo executes a program, that program is free to do whatever it
pleases, including run other programs. This can be a security issue
shared library. On such systems, s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality
can be used to prevent a program run by s\bsu\bud\bdo\bo from executing
any other programs. Note, however, that this applies only to
-
-
-
-1.8.0b3 January 28, 2011 28
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
native dynamically-linked executables. Statically-linked
executables and foreign executables running under binary
emulation are not affected.
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+
+
+
+1.8.0b3 February 3, 2011 29
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
This allows user a\baa\bar\bro\bon\bn to run _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bv_\bi
with _\bn_\bo_\be_\bx_\be_\bc enabled. This will prevent those two commands
from executing other commands (such as a shell). If you are
ownership and mode of the directory and its contents, the only damage
that can be done is to "hide" files by putting them in the time stamp
dir. This is unlikely to happen since once the time stamp dir is owned
-
-
-
-1.8.0b3 January 28, 2011 29
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
by root and inaccessible by any other user, the user placing files
there would be unable to get them back out.
If users have sudo ALL there is nothing to prevent them from creating
their own program that gives them a root shell (or making their own
copy of a shell) regardless of any '!' elements in the user
+
+
+
+1.8.0b3 February 3, 2011 30
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
specification.
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
S\bSU\bUP\bPP\bPO\bOR\bRT\bT
Limited free support is available via the sudo-users mailing list, see
-
-
-
-1.8.0b3 January 28, 2011 30
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
the archives.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.8.0b3 January 28, 2011 31
+1.8.0b3 February 3, 2011 31
projects / sudo / commitdiff