.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "January 21, 2004" "1.6.8" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "January 22, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers \- list of which users may execute what
.SH "DESCRIPTION"
on your system.
.IP "noexec_file" 12
.IX Item "noexec_file"
-Path to a shared library containing a dummy version of the \fIexecve()\fR
-library function that just returns an error. This is used to
-implement the \fInoexec\fR functionality on systems that support
-\&\f(CW\*(C`LD_PRELOAD\*(C'\fR or its equivalent. Defaults to \fI@noexec_file@\fR.
+Path to a shared library containing dummy versions of the \fIexecv()\fR,
+\&\fIexecve()\fR and \fIfexecve()\fR library functions that just return an error.
+This is used to implement the \fInoexec\fR functionality on systems that
+support \f(CW\*(C`LD_PRELOAD\*(C'\fR or its equivalent. Defaults to \fI@noexec_file@\fR.
.PP
\&\fBStrings that can be used in a boolean context\fR:
.IP "lecture" 12
the following as root:
.PP
.Vb 1
-\& # sudo -V | grep "dummy execve"
+\& # sudo -V | grep "dummy exec"
.Ve
.PP
-If this results in output beginning with:
+If the resulting output contains a line that begins with:
.PP
.Vb 1
-\& File containing a dummy execve() function
+\& File containing dummy exec functions
.Ve
.PP
-then \fBsudo\fR may be able to replace the standard library function
-\&\fIexecve()\fR with its own that simply returns an error. Unfortunately,
-there is no foolproof way to know whether or not \fInoexec\fR will
-work at compile\-time. \fINoexec\fR should work on SunOS, Solaris,
-*BSD, Linux, \s-1IRIX\s0, Tru64 \s-1UNIX\s0, MacOS X, and HP-UX 11.x. It is known
-\&\fBnot\fR to work on \s-1AIX\s0 and UnixWare. \fINoexec\fR is expected to work
-on most operating systems that support the \f(CW\*(C`LD_PRELOAD\*(C'\fR environment
-variable. Check your operating system's manual pages for the dynamic
-linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see if
-\&\f(CW\*(C`LD_PRELOAD\*(C'\fR is supported.
+then \fBsudo\fR may be able to replace the exec family of functions
+in the standard library with its own that simply return an error.
+Unfortunately, there is no foolproof way to know whether or not
+\&\fInoexec\fR will work at compile\-time. \fINoexec\fR should work on
+SunOS, Solaris, *BSD, Linux, \s-1IRIX\s0, Tru64 \s-1UNIX\s0, MacOS X, and HP-UX
+11.x. It is known \fBnot\fR to work on \s-1AIX\s0 and UnixWare. \fINoexec\fR
+is expected to work on most operating systems that support the
+\&\f(CW\*(C`LD_PRELOAD\*(C'\fR environment variable. Check your operating system's
+manual pages for the dynamic linker (usually ld.so, ld.so.1, dyld,
+dld.sl, rld, or loader) to see if \f(CW\*(C`LD_PRELOAD\*(C'\fR is supported.
.PP
To enable \fInoexec\fR for a command, use the \f(CW\*(C`NOEXEC\*(C'\fR tag as documented
in the User Specification section above. If you are unsure whether
=item noexec_file
-Path to a shared library containing a dummy version of the execve()
-library function that just returns an error. This is used to
-implement the I<noexec> functionality on systems that support
-C<LD_PRELOAD> or its equivalent. Defaults to F<@noexec_file@>.
+Path to a shared library containing dummy versions of the execv(),
+execve() and fexecve() library functions that just return an error.
+This is used to implement the I<noexec> functionality on systems that
+support C<LD_PRELOAD> or its equivalent. Defaults to F<@noexec_file@>.
=back
To tell whether or not B<sudo> supports I<noexec>, you can run
the following as root:
- # sudo -V | grep "dummy execve"
+ # sudo -V | grep "dummy exec"
-If this results in output beginning with:
+If the resulting output contains a line that begins with:
- File containing a dummy execve() function
+ File containing dummy exec functions
-then B<sudo> may be able to replace the standard library function
-execve() with its own that simply returns an error. Unfortunately,
-there is no foolproof way to know whether or not I<noexec> will
-work at compile-time. I<Noexec> should work on SunOS, Solaris,
-*BSD, Linux, IRIX, Tru64 UNIX, MacOS X, and HP-UX 11.x. It is known
-B<not> to work on AIX and UnixWare. I<Noexec> is expected to work
-on most operating systems that support the C<LD_PRELOAD> environment
-variable. Check your operating system's manual pages for the dynamic
-linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see if
-C<LD_PRELOAD> is supported.
+then B<sudo> may be able to replace the exec family of functions
+in the standard library with its own that simply return an error.
+Unfortunately, there is no foolproof way to know whether or not
+I<noexec> will work at compile-time. I<Noexec> should work on
+SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, MacOS X, and HP-UX
+11.x. It is known B<not> to work on AIX and UnixWare. I<Noexec>
+is expected to work on most operating systems that support the
+C<LD_PRELOAD> environment variable. Check your operating system's
+manual pages for the dynamic linker (usually ld.so, ld.so.1, dyld,
+dld.sl, rld, or loader) to see if C<LD_PRELOAD> is supported.
To enable I<noexec> for a command, use the C<NOEXEC> tag as documented
in the User Specification section above. If you are unsure whether
projects / sudo / commitdiff