.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "@mansectsu@" "July 16, 2013" "Sudo @PACKAGE_VERSION@" "Programmer's Manual"
+.TH "SUDOERS" "@mansectsu@" "August 6, 2013" "Sudo @PACKAGE_VERSION@" "Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudo\fR
allows or denies is
contained in the output of
-\(lq\fRsudo -V\fR\(rq
+``\fRsudo -V\fR''
when run as root.
.PP
Note that the dynamic linker on most operating systems will remove
operators, which many readers will recognize from regular
expressions.
Do not, however, confuse them with
-\(lqwildcard\(rq
+``wildcard''
characters, which have different meanings.
.TP 6n
\fR\&?\fR
\fRNAME\fR
is a string of uppercase letters, numbers,
and underscore characters
-(\(oq_\(cq).
+(`_').
A
\fRNAME\fR
\fBmust\fR
uppercase letter.
It is possible to put several alias definitions
of the same type on a single line, joined by a colon
-(\(oq:\&\(cq).
+(`:\&').
E.g.,
.nf
.sp
\fRUser_List\fR
is made up of one or more user names, user IDs
(prefixed with
-\(oq#\(cq),
+`#'),
system group names and IDs (prefixed with
-\(oq%\(cq
+`%'
and
-\(oq%#\(cq
+`%#'
respectively), netgroups (prefixed with
-\(oq+\(cq),
+`+'),
non-Unix group names and IDs (prefixed with
-\(oq%:\(cq
+`%:'
and
-\(oq%:#\(cq
+`%:#'
respectively) and
\fRUser_Alias\fRes.
Each list item may be prefixed with zero or more
-\(oq\&!\(cq
+`\&!'
operators.
An odd number of
-\(oq\&!\(cq
+`\&!'
operators negate the value of
the item; an even number just cancel each other out.
.PP
.PP
Note that quotes around group names are optional.
Unquoted strings must use a backslash
-(\(oq\e\(cq)
+(`\e')
to escape spaces and special characters.
See
\fIOther special characters and reserved words\fR
\fRHost_List\fR
is made up of one or more host names, IP addresses,
network numbers, netgroups (prefixed with
-\(oq+\(cq)
+`+')
and other aliases.
Again, the value of an item may be negated with the
-\(oq\&!\(cq
+`\&!'
operator.
If you do not specify a netmask along with the network number,
\fBsudo\fR
only inspects actual network interfaces; this means that IP address
127.0.0.1 (localhost) will never match.
Also, the host name
-\(lqlocalhost\(rq
+``localhost''
will only match if that is the actual host name, which is usually
only the case for non-networked systems.
.nf
command line arguments.
A directory is a
fully qualified path name ending in a
-\(oq/\(cq.
+`/'.
When you specify a directory in a
\fRCmnd_List\fR,
the user will be able to run any file within that directory
must match exactly those given by the user on the command line
(or match the wildcards if there are any).
Note that the following characters must be escaped with a
-\(oq\e\(cq
+`\e'
if they are used in command arguments:
-\(oq,\&\(cq,
-\(oq:\&\(cq,
-\(oq=\&\(cq,
-\(oq\e\(cq.
+`,\&',
+`:\&',
+`=\&',
+`\e'.
The built-in command
-\(lq\fRsudoedit\fR\(rq
+``\fRsudoedit\fR''
is used to permit a user to run
\fBsudo\fR
with the
\fBsudoedit\fR).
It may take command line arguments just as a normal command does.
Note that
-\(lq\fRsudoedit\fR\(rq
+``\fRsudoedit\fR''
is a command built into
\fBsudo\fR
itself and must be specified in
or
\fBlists\fR.
Flags are implicitly boolean and can be turned off via the
-\(oq\&!\(cq
+`\&!'
operator.
Some integer, string and list parameters may also be
used in a boolean context to disable them.
(\&"")
when they contain multiple words.
Special characters may be escaped with a backslash
-(\(oq\e\(cq).
+(`\e').
.PP
Lists have two additional assignment operators,
\fR+=\fR
but this can be changed on a per-command basis.
.PP
The basic structure of a user specification is
-\(lqwho where = (as_whom) what\(rq.
+``who where = (as_whom) what''.
Let's break that down into its constituent parts:
.SS "Runas_Spec"
A
consists of two
\fRRunas_List\fRs
(as defined above) separated by a colon
-(\(oq:\&\(cq)
+(`:\&')
and enclosed in a set of parentheses.
The first
\fRRunas_List\fR
.fi
.PP
In addition, there are several
-\(lqspecial\(rq
+``special''
privilege strings:
.TP 10n
none
.PP
Privileges can be excluded from a set by prefixing the privilege
name with either an
-\(oq\&!\(cq
+`\&!'
or
-\(oq\-\(cq
+`\-'
character.
.SS "Tag_Spec"
A command may have zero or more tags associated with it.
\fRPASSWD\fR
tag can be used to reverse things.
For example:
+.RS
.nf
.sp
-.RS 2n
+.RS 0n
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
.RE
.fi
-.RS 2n
.sp
would allow the user
\fBray\fR
without a password the entry would be:
.nf
.sp
-.RS 2n
+.RS 0n
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
.RE
.fi
\fRNOPASSWD\fR
tag is applied to any of the entries for a user on the current host,
he or she will be able to run
-\(lq\fRsudo -l\fR\(rq
+``\fRsudo -l\fR''
without a password.
Additionally, a user may only run
-\(lq\fRsudo -v\fR\(rq
+``\fRsudo -v\fR''
without a password if the
\fRNOPASSWD\fR
tag is present for all a user's entries that pertain to the current host.
and
\fIlistpw\fR
options.
+.PP
.RE
+.PD 0
.TP 2n
\fINOEXEC\fR and \fIEXEC\fR
.sp
and
\fI/usr/bin/vi\fR
but shell escapes will be disabled.
+.RS
.nf
.sp
-.RS 2n
+.RS 0n
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
.RE
.fi
-.RS 2n
.sp
See the
\fIPreventing shell escapes\fR
section below for more details on how
\fRNOEXEC\fR
works and whether or not it will work on your system.
+.PD
+.PP
.RE
+.PD 0
.TP 2n
\fISETENV\fR and \fINOSETENV\fR
.sp
tag is implied for that command; this default may be overridden by use of the
\fRNOSETENV\fR
tag.
+.PD
.TP 2n
\fILOG_INPUT\fR and \fINOLOG_INPUT\fR
.sp
.TP 10n
\fR\ex\fR
For any character
-\(oqx\(cq,
+`x',
evaluates to
-\(oqx\(cq.
+`x'.
This is used to escape special characters such as:
-\(oq*\(cq,
-\(oq\&?\(cq,
-\(oq[\&\(cq,
+`*',
+`\&?',
+`[\&',
and
-\(oq]\&\(cq.
+`]\&'.
.PP
Character classes may also be used if your system's
glob(3)
fnmatch(3)
functions support them.
However, because the
-\(oq:\&\(cq
+`:\&'
character has special meaning in
\fIsudoers\fR,
it must be
Would match any file name beginning with a letter.
.PP
Note that a forward slash
-(\(oq/\(cq)
+(`/')
will
\fBnot\fR
be matched by
Wildcards in command line arguments should be used with care.
Because command line arguments are matched as a single, concatenated
string, a wildcard such as
-\(oq\&?\(cq
+`\&?'
or
-\(oq*\(cq
+`*'
can match multiple words.
For example, while a sudoers entry like:
.nf
Command line arguments to the
\fIsudoedit\fR
built-in command should always be path names, so a forward slash
-(\(oq/\(cq)
+(`/')
will not be matched by a wildcard.
.SS "Including other files from within sudoers"
It is possible to include other
.PP
If the path to the include file is not fully-qualified (does not
begin with a
-\(oq/\(cq,
+`/',
it must be located in the same directory as the sudoers file it was
included from.
For example, if
\fR%h\fR
escape, signifying the short form of the host name.
In other words, if the machine's host name is
-\(lqxerxes\(rq,
+``xerxes'',
then
.nf
.sp
will read each file in
\fI/etc/sudoers.d\fR,
skipping file names that end in
-\(oq~\(cq
+`~'
or contain a
-\(oq.\&\(cq
+`.\&'
character to avoid causing problems with package manager or editor
temporary/backup files.
Files are parsed in sorted lexical order.
flag to edit the files directly.
.SS "Other special characters and reserved words"
The pound sign
-(\(oq#\(cq)
+(`#')
is used to indicate a comment (unless it is part of a #include
directive or unless it occurs in the context of a user name and is
followed by one or more digits, in which case it is treated as a
command on the system.
.PP
An exclamation point
-(\(oq\&!\(cq)
+(`\&!')
can be used as a logical
\fInot\fR
operator in a list or
\fRCmnd\fR.
This allows one to exclude certain values.
For the
-\(oq\&!\(cq
+`\&!'
operator to be effective, there must be something for it to exclude.
For example, to match all users except for root one would use:
.nf
.PP
it would explicitly deny root but not match any other users.
This is different from a true
-\(lqnegation\(rq
+``negation''
operator.
.PP
Note, however, that using a
-\(oq\&!\(cq
+`\&!'
in conjunction with the built-in
\fBALL\fR
alias to allow a user to run
-\(lqall but a few\(rq
+``all but a few''
commands rarely works as intended (see
\fISECURITY NOTES\fR
below).
.PP
Long lines can be continued with a backslash
-(\(oq\e\(cq)
+(`\e')
as the last character on the line.
.PP
White space between elements in a list as well as special syntactic
characters in a
\fIUser Specification\fR
-(\(oq=\&\(cq,
-\(oq:\&\(cq,
-\(oq(\&\(cq,
-\(oq)\&\(cq)
+(`=\&',
+`:\&',
+`(\&',
+`)\&')
is optional.
.PP
The following characters must be escaped with a backslash
-(\(oq\e\(cq)
+(`\e')
when used as part of a word (e.g.\& a user name or host name):
-\(oq\&!\(cq,
-\(oq=\&\(cq,
-\(oq:\&\(cq,
-\(oq,\&\(cq,
-\(oq(\&\(cq,
-\(oq)\&\(cq,
-\(oq\e\(cq.
+`\&!',
+`=\&',
+`:\&',
+`,\&',
+`(\&',
+`)\&',
+`\e'.
.SH "SUDOERS OPTIONS"
\fBsudo\fR's
behavior can be modified by
\fI../bin/ls\fR.
This has security implications when path names that include globbing
characters are used with the negation operator,
-\(oq!\&\(cq,
+`!\&',
as such rules can be trivially bypassed.
As such, this option should not be used when
\fIsudoers\fR
In other words, instead of myhost you would use myhost.mydomain.edu.
You may still use the short form if you wish (and even mix the two).
This option is only effective when the
-\(lqcanonical\(rq
+``canonical''
host name, as returned by the
\fBgetaddrinfo\fR()
or
If the system is configured to use the
\fI/etc/hosts\fR
file in preference to DNS, the
-\(lqcanonical\(rq
+``canonical''
host name may not be fully-qualified.
The order that sources are queried for hosts name resolution
is usually specified in the
In the
\fI/etc/hosts\fR
file, the first host name of the entry is considered to be the
-\(lqcanonical\(rq
+``canonical''
name; subsequent names are aliases that are not used by
\fBsudoers\fR.
For example, the following hosts file line for the machine
-\(lqxyzzy\(rq
+``xyzzy''
has the fully-qualified domain name as the
-\(lqcanonical\(rq
+``canonical''
host name, and the short version as an alias.
.sp
-.RS 24n
+.RS 6n
192.168.1.1 xyzzy.sudo.ws xyzzy
.RE
-.RS 18n
.sp
If the machine's hosts file entry is not formatted properly, the
\fIfqdn\fR
unusable if DNS stops working (for example if the machine is disconnected
from the network).
Also note that just like with the hosts file, you must use the
-\(lqcanonical\(rq
+``canonical''
name as DNS knows it.
That is, you may not use a host alias
(\fRCNAME\fR
This flag is
\fI@fqdn@\fR
by default.
-.RE
.TP 18n
ignore_dot
If set,
using a unique session ID that is included in the normal
\fBsudo\fR
log line, prefixed with
-\(lq\fRTSID=\fR\(rq.
+``\fRTSID=\fR''.
The
\fIiolog_file\fR
option may be used to control the format of the session ID.
using a unique session ID that is included in the normal
\fBsudo\fR
log line, prefixed with
-\(lq\fRTSID=\fR\(rq.
+``\fRTSID=\fR''.
The
\fIiolog_file\fR
option may be used to control the format of the session ID.
\fIpassprompt\fR
will normally only be used if the password prompt provided by systems
such as PAM matches the string
-\(lqPassword:\(rq.
+``Password:''.
If
\fIpassprompt_override\fR
is set,
\fBsudo\fR
too.
Disabling this prevents users from
-\(lqchaining\(rq
+``chaining''
\fBsudo\fR
commands to get a root shell by doing something like
-\(lq\fRsudo sudo /bin/sh\fR\(rq.
+``\fRsudo sudo /bin/sh\fR''.
Note, however, that turning off
\fIroot_sudo\fR
will also prevent root from running
\fBsudo\fR
will prompt for a password even when it would be visible on the screen.
This makes it possible to run things like
-\(lq\fRssh somehost sudo ls\fR\(rq
+``\fRssh somehost sudo ls\fR''
since by default,
ssh(1)
does
\fR0\fR
the user's time stamp will never expire.
This can be used to allow users to create or delete their own time stamps via
-\(lq\fRsudo -v\fR\(rq
+``\fRsudo -v\fR''
and
-\(lq\fRsudo -k\fR\(rq
+``\fRsudo -k\fR''
respectively.
.TP 18n
umask
.TP 18n
editor
A colon
-(\(oq:\&\(cq)
+(`:\&')
separated list of editors allowed to be used with
\fBvisudo\fR.
\fBvisudo\fR
\fI@iolog_dir@\fR.
.sp
The following percent
-(\(oq%\(cq)
+(`%')
escape sequences are supported:
-.PP
-.RS 18n
-.PD 0
+.RS
.TP 6n
\fR%{seq}\fR
expanded to a monotonically increasing base-36 sequence number, such as 0100A5,
where every two digits are used to form a new directory, e.g.\&
\fI01/00/A5\fR
-.PD
.TP 6n
\fR%{user}\fR
expanded to the invoking user's login name
function will be expanded.
.sp
To include a literal
-\(oq%\(cq
+`%'
character, the string
-\(oq%%\(cq
+`%%'
should be used.
+.PP
.RE
+.PD 0
.TP 18n
iolog_file
The path name, relative to
\fIiolog_file\fR
may contain directory components.
The default is
-\(lq\fR%{seq}\fR\(rq.
+``\fR%{seq}\fR''.
.sp
See the
\fIiolog_dir\fR
option above for a list of supported percent
-(\(oq%\(cq)
+(`%')
escape sequences.
.sp
In addition to the escape sequences, path names that end in six or
ends in six or
more
\fRX\fRs.
+.PD
.TP 18n
limitprivs
The default Solaris limit privileges to use when constructing a new
\fR%h\fR
will expand to the host name of the machine.
Default is
-\(lq\fR@mailsub@\fR\(rq.
+``\fR@mailsub@\fR''.
.TP 18n
maxseq
The maximum sequence number that will be substituted for the
-\(lq\fR%{seq}\fR\(rq
+``\fR%{seq}\fR''
escape in the I/O log file (see the
\fIiolog_dir\fR
description above for more information).
While the value substituted for
-\(lq\fR%{seq}\fR\(rq
+``\fR%{seq}\fR''
is in base 36,
\fImaxseq\fR
itself should be expressed in decimal.
Values larger than 2176782336 (which corresponds to the
base 36 sequence number
-\(lqZZZZZZ\(rq)
+``ZZZZZZ'')
will be silently truncated to 2176782336.
The default value is 2176782336.
.sp
Once the local sequence number reaches the value of
\fImaxseq\fR,
it will
-\(lqroll over\(rq
+``roll over''
to zero, after which
\fBsudoers\fR
will truncate and re-use any existing I/O log pathnames.
sudo.conf(@mansectform@)
file.
.TP 18n
+pam_login_service
+.br
+On systems that use PAM for authentication, this is the service
+name used when the
+\fB\-i\fR
+option is specified.
+The default value is
+``\fR@pam_login_service@\fR''.
+See the description of
+\fIpam_service\fR
+for more information.
+.TP 18n
+pam_service
+On systems that use PAM for authentication, the service name
+specifies the PAM policy to apply.
+This usually corresponds to an entry in the
+\fIpam.conf\fR
+file or a file in the
+\fI/etc/pam.d\fR
+directory.
+The default value is
+``\fRsudo\fR''.
+.TP 18n
passprompt
The default prompt to use when asking for a password; can be overridden via the
\fB\-p\fR
\fRSUDO_PROMPT\fR
environment variable.
The following percent
-(\(oq%\(cq)
+(`%')
escape sequences are supported:
-.PP
-.RS 18n
-.PD 0
+.RS
.TP 6n
\fR%H\fR
expanded to the local host name including the domain name
(only if the machine's host name is fully qualified or the
\fIfqdn\fR
option is set)
-.PD
.TP 6n
\fR%h\fR
expanded to the local host name without the domain name
character
.PP
The default value is
-\(lq\fR@passprompt@\fR\(rq.
+``\fR@passprompt@\fR''.
+.PP
.RE
+.PD 0
.TP 18n
privs
The default Solaris privileges to use when constructing a new
This option is only available if
\fBsudoers\fR
is built on Solaris 10 or higher.
+.PD
.TP 18n
role
The default SELinux role to use when constructing a new security
sending email.
Note that changing the locale may affect how sudoers is interpreted.
Defaults to
-\(lq\fRC\fR\(rq.
+``\fRC\fR''.
.TP 18n
timestampdir
The directory in which
option specifies the fully qualified path to a file containing variables
to be set in the environment of the program being run.
Entries in this file should either be of the form
-\(lq\fRVARIABLE=value\fR\(rq
+``\fRVARIABLE=value\fR''
or
-\(lq\fRexport VARIABLE=value\fR\(rq.
+``\fRexport VARIABLE=value\fR''.
The value may optionally be surrounded by single or double quotes.
Variables in this file are subject to other
\fBsudo\fR
This option controls when a short lecture will be printed along with
the password prompt.
It has the following possible values:
-.PP
-.RS 14n
-.PD 0
+.RS
.TP 8n
always
Always lecture the user.
-.PD
.TP 8n
never
Never lecture the user.
being used.
The default value is
\fI@lecture@\fR.
+.PP
.RE
+.PD 0
.TP 14n
lecture_file
Path to a file containing an alternate
By default,
\fBsudo\fR
uses a built-in lecture.
+.PD
.TP 14n
listpw
This option controls when a password will be required when a user runs
\fB\-l\fR
option.
It has the following possible values:
-.PP
-.RS 14n
-.PD 0
+.RS
.TP 10n
all
All the user's
the
\fRNOPASSWD\fR
flag set to avoid entering a password.
-.PD
.TP 10n
always
The user must always enter a password to use the
being used.
The default value is
\fIany\fR.
+.PP
.RE
+.PD 0
.TP 14n
logfile
Path to the
By default,
\fBsudo\fR
logs via syslog.
+.PD
.TP 14n
mailerflags
Flags to use when invoking mailer. Defaults to
.TP 14n
mailfrom
Address to use for the
-\(lqfrom\(rq
+``from''
address when sending warning and error mail.
The address should be enclosed in double quotes
(\&"")
\fRPATH\fR
environment variable you may want to use this.
Another use is if you want to have the
-\(lqroot path\(rq
+``root path''
be separate from the
-\(lquser path\(rq.
+``user path''.
Users in the group specified by the
\fIexempt_group\fR
option are not affected by
\fB\-v\fR
option.
It has the following possible values:
-.PP
-.RS 14n
-.PD 0
+.RS
.TP 8n
all
All the user's
entries for the current host must have the
\fRNOPASSWD\fR
flag set to avoid entering a password.
-.PD
.TP 8n
always
The user must always enter a password to use the
env_check
Environment variables to be removed from the user's environment if
the variable's value contains
-\(oq%\(cq
+`%'
or
-\(oq/\(cq
+`/'
characters.
This can be used to guard against printf-style format vulnerabilities
in poorly-written programs.
to the plugin.
For example, if the group file to be used is
\fI/etc/sudo-group\fR:
+.RS
.nf
.sp
-.RS 10n
+.RS 0n
Defaults group_plugin="group_file.so /etc/sudo-group"
.RE
.fi
+.PP
+.RE
+.PD 0
.TP 10n
system_group
The
This plugin can be used in instances where the user belongs to
groups not present in the user's supplemental group vector.
This plugin takes no options:
+.RS
.nf
.sp
-.RS 10n
+.RS 0n
Defaults group_plugin=system_group.so
.RE
.fi
+.RE
+.PD
.PP
The group provider plugin API is described in detail in
sudo_plugin(@mansectsu@).
date
The date the command was run.
Typically, this is in the format
-\(lqMMM, DD, HH:MM:SS\(rq.
+``MMM, DD, HH:MM:SS''.
If logging via
syslog(3),
the actual date format is controlled by the syslog daemon.
.TP 14n
ttyname
The short name of the terminal (e.g.\&
-\(lqconsole\(rq,
-\(lqtty01\(rq,
+``console'',
+``tty01'',
or
-\(lqpts/0\(rq)
+``pts/0'')
\fBsudo\fR
was run on, or
-\(lqunknown\(rq
+``unknown''
if there was no terminal present.
.TP 14n
cwd
Messages are logged using the locale specified by
\fIsudoers_locale\fR,
which defaults to the
-\(lq\fRC\fR\(rq
+``\fRC\fR''
locale.
.SS "Denied command log entries"
If the user is not allowed to run the command, the reason for the denial
Consider either changing the ownership of
\fI@sysconfdir@/sudoers\fR
or adding an argument like
-\(lqsudoers_uid=N\(rq
+``sudoers_uid=N''
(where
-\(oqN\(cq
+`N'
is the user ID that owns the
\fIsudoers\fR
file) to the end of the
If you wish to change the
\fIsudoers\fR
file owner, please add
-\(lqsudoers_uid=N\(rq
+``sudoers_uid=N''
(where
-\(oqN\(cq
+`N'
is the user ID that owns the
\fIsudoers\fR
file) to the
file must not be world-writable, the default file mode
is 0440 (readable by owner and group, writable by none).
The default mode may be changed via the
-\(lqsudoers_mode\(rq
+``sudoers_mode''
option to the
\fBsudoers\fR
\fRPlugin\fR
If you wish to change the
\fIsudoers\fR
file group ownership, please add
-\(lqsudoers_gid=N\(rq
+``sudoers_gid=N''
(where
-\(oqN\(cq
+`N'
is the group ID that owns the
\fIsudoers\fR
file) to the
\fBsudoers\fR
will split up log messages that are larger than 960 characters
(not including the date, hostname, and the string
-\(lqsudo\(rq).
+``sudo'').
When a message is split, additional parts will include the string
-\(lq(command continued)\(rq
+``(command continued)''
after the user name and before the continued command line arguments.
.SS "Notes on logging to a file"
If the
If the
\fIloglinelen\fR
option is set to 0 (or negated with a
-\(oq\&!\(cq),
+`\&!'),
word wrap will be disabled.
.SH "FILES"
.TP 26n
netgroup.
\fBsudo\fR
knows that
-\(lqbiglab\(rq
+``biglab''
is a netgroup due to the
-\(oq+\(cq
+`+'
prefix.
.nf
.sp
This is a bit tedious for users to type, so it is a prime candidate
for encapsulating in a shell script.
.SH "SECURITY NOTES"
-.SS "Limitations of the \(oq!\&\(cq operator"
+.SS "Limitations of the `!\&' operator"
It is generally not effective to
-\(lqsubtract\(rq
+``subtract''
commands from
\fBALL\fR
using the
-\(oq!\&\(cq
+`!\&'
operator.
A user can trivially circumvent this by copying the desired command
to a different name and then executing that.
\fBALL\fR
there is nothing to prevent them from creating their own program that gives
them a root shell (or making their own copy of a shell) regardless of any
-\(oq!\&\(cq
+`!\&'
elements in the user specification.
.SS "Security implications of \fIfast_glob\fR"
If the
tag as documented
in the User Specification section above.
Here is that example again:
+.RS
.nf
.sp
-.RS 10n
+.RS 0n
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
.RE
.fi
-.RS 10n
.sp
This allows user
\fBaaron\fR
\fIsudoers\fR
checks the ownership and mode of the directory and its
contents, the only damage that can be done is to
-\(lqhide\(rq
+``hide''
files by putting them in the time stamp dir.
This is unlikely to happen since once the time stamp dir is owned by root
and inaccessible by any other user, the user placing files there would be
utility functions
.PD 0
.PP
+.PD
For example:
.nf
.sp
Debug sudo /var/log/sudo_debug match@info,nss@info
.RE
.fi
-.PD
.PP
For more information, see the
sudo.conf(@mansectform@)
.SH "DISCLAIMER"
\fBsudo\fR
is provided
-\(lqAS IS\(rq
+``AS IS''
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
projects / sudo / commitdiff