is implied.
B<sudo> determines who is an authorized user by consulting the file
-F<@sysconfdir@/sudoers>. By giving B<sudo> the B<-v> flag, a user
-can update the time stamp without running a I<command>. The password
-prompt itself will also time out if the user's password is not
-entered within C<@password_timeout@> minutes (unless overridden via
-I<sudoers>).
+F<@sysconfdir@/sudoers>. By running B<sudo> with the B<-v> option,
+a user can update the time stamp without running a I<command>. The
+password prompt itself will also time out if the user's password
+is not entered within C<@password_timeout@> minutes (unless overridden
+via I<sudoers>).
If a user who is not listed in the I<sudoers> file tries to run a
command via B<sudo>, mail is sent to the proper authorities, as
defined at configure time or in the I<sudoers> file (defaults to
C<@mailto@>). Note that the mail will not be sent if an unauthorized
-user tries to run sudo with the B<-l> or B<-v> flags. This allows
+user tries to run sudo with the B<-l> or B<-v> option. This allows
users to determine for themselves whether or not they are allowed
to use B<sudo>.
is set, B<sudo> will use this value to determine who the actual
user is. This can be used by a user to log commands through sudo
even when a root shell has been invoked. It also allows the B<-e>
-flag to remain useful even when being run via a sudo-run script or
+option to remain useful even when being run via a sudo-run script or
program. Note however, that the sudoers lookup is still done for
root, not the user specified by C<SUDO_USER>.
I<command> is specified and is permitted by I<sudoers>, the
fully-qualified path to the command is displayed along with any
command line arguments. If I<command> is specified but not allowed,
-B<sudo> will exit with a return value of 1. If the B<-l> flag is
+B<sudo> will exit with a status value of 1. If the B<-l> option is
specified with an B<l> argument (i.e. B<-ll>), or if B<-l>
is specified multiple times, a longer list format is used.
=item --
-The B<--> flag indicates that B<sudo> should stop processing command
-line arguments. It is most useful in conjunction with the B<-s> flag.
+The B<--> option indicates that B<sudo> should stop processing command
+line arguments. It is most useful in conjunction with the B<-s> option.
=back
=head1 RETURN VALUES
-Upon successful execution of a program, the return value from B<sudo>
-will simply be the return value of the program that was executed.
+Upon successful execution of a program, the exit status from B<sudo>
+will simply be the exit status of the program that was executed.
Otherwise, B<sudo> quits with an exit value of 1 if there is a
configuration/permission problem or if B<sudo> cannot execute the
(or match the wildcards if there are any). Note that the following
characters must be escaped with a '\' if they are used in command
arguments: ',', ':', '=', '\'. The special command C<"sudoedit">
-is used to permit a user to run B<sudo> with the B<-e> flag (or
+is used to permit a user to run B<sudo> with the B<-e> option (or
as B<sudoedit>). It may take command line arguments just as
a normal command does.
may be run as. A fully-specified C<Runas_Spec> consists of two
C<Runas_List>s (as defined above) separated by a colon (':') and
enclosed in a set of parentheses. The first C<Runas_List> indicates
-which users the command may be run as via B<sudo>'s B<-u> flag.
+which users the command may be run as via B<sudo>'s B<-u> option.
The second defines a list of groups that can be specified via
-B<sudo>'s B<-g> flag. If both C<Runas_List>s are specified, the
+B<sudo>'s B<-g> option. If both C<Runas_List>s are specified, the
command may be run with any combination of users and groups listed
in their respective C<Runas_List>s. If only the first is specified,
-the command may be run as any user in the list but no B<-g> flag
+the command may be run as any user in the list but no B<-g> option
may be specified. If the first C<Runas_List> is empty but the
second is specified, the command may be run as the invoking user
with the group set to any listed in the C<Runas_List>. If no
If set, B<sudo> will set the C<HOME> environment variable to the home
directory of the target user (which is root unless the B<-u> option is used).
-This effectively means that the B<-H> flag is always implied.
+This effectively means that the B<-H> option is always implied.
This flag is I<off> by default.
=item authenticate
=item set_home
-If set and B<sudo> is invoked with the B<-s> flag the C<HOME>
+If set and B<sudo> is invoked with the B<-s> option the C<HOME>
environment variable will be set to the home directory of the target
user (which is root unless the B<-u> option is used). This effectively
-makes the B<-s> flag imply B<-H>. This flag is I<off> by default.
+makes the B<-s> option imply B<-H>. This flag is I<off> by default.
=item set_logname
Normally, B<sudo> will set the C<LOGNAME>, C<USER> and C<USERNAME>
environment variables to the name of the target user (usually root
-unless the B<-u> flag is given). However, since some programs
+unless the B<-u> option is given). However, since some programs
(including the RCS revision control system) use C<LOGNAME> to
determine the real identity of the user, it may be desirable to
change this behavior. This can be done by negating the set_logname
=item shell_noargs
If set and B<sudo> is invoked with no arguments it acts as if the
-B<-s> flag had been given. That is, it runs a shell as root (the
+B<-s> option had been given. That is, it runs a shell as root (the
shell is determined by the C<SHELL> environment variable if it is
set, falling back on the shell listed in the invoking user's
/etc/passwd entry if not). This flag is I<off> by default.
=item targetpw
If set, B<sudo> will prompt for the password of the user specified by
-the B<-u> flag (defaults to C<root>) instead of the password of the
+the B<-u> option (defaults to C<root>) instead of the password of the
invoking user. Note that this precludes the use of a uid not listed
-in the passwd database as an argument to the B<-u> flag.
+in the passwd database as an argument to the B<-u> option.
This flag is I<off> by default.
=item tty_tickets
=item runas_default
-The default user to run commands as if the B<-u> flag is not specified
+The default user to run commands as if the B<-u> option is not specified
on the command line. This defaults to C<@runas_default@>.
Note that if I<runas_default> is set it B<must> occur before
any C<Runas_Alias> specifications.
=item listpw
This option controls when a password will be required when a
-user runs B<sudo> with the B<-l> flag. It has the following possible values:
+user runs B<sudo> with the B<-l> option. It has the following possible values:
=over 8
=item always
-The user must always enter a password to use the B<-l> flag.
+The user must always enter a password to use the B<-l> option.
=item any
=item never
-The user need never enter a password to use the B<-l> flag.
+The user need never enter a password to use the B<-l> option.
=back
=item verifypw
This option controls when a password will be required when a user runs
-B<sudo> with the B<-v> flag. It has the following possible values:
+B<sudo> with the B<-v> option. It has the following possible values:
=over 8
=item always
-The user must always enter a password to use the B<-v> flag.
+The user must always enter a password to use the B<-v> option.
=item any
=item never
-The user need never enter a password to use the B<-v> flag.
+The user need never enter a password to use the B<-v> option.
=back
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
On the I<ALPHA> machines, user B<john> may su to anyone except root
-but he is not allowed to give L<su(1)> any flags.
+but he is not allowed to specify any options to the L<su(1)> command.
jen ALL, !SERVERS = ALL
projects / sudo / commitdiff