Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
- Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
- 'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
- 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:')
+ Tag_Spec ::= ('NOEXEC:' | 'EXEC:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
+ 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:' |
+ 'NOPASSWD:' | 'PASSWD:' | 'SETENV:' | 'NOSETENV:')
A u\bus\bse\ber\br s\bsp\bpe\bec\bci\bif\bfi\bic\bca\bat\bti\bio\bon\bn determines which commands a user may run (and as
what user) on specified hosts. By default, commands are run as r\bro\boo\bot\bt, but
T\bTa\bag\bg_\b_S\bSp\bpe\bec\bc
A command may have zero or more tags associated with it. There are ten
- possible tag values: NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV, NOSETENV,
- LOG_INPUT, NOLOG_INPUT, LOG_OUTPUT, NOLOG_OUTPUT, MAIL and NOMAIL. Once
+ possible tag values: NOEXEC, EXEC, LOG_INPUT, NOLOG_INPUT, LOG_OUTPUT,
+ NOLOG_OUTPUT, MAIL, NOMAIL, NOPASSWD, PASSWD, SETENV, and NOSETENV. Once
a tag is set on a Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit
the tag unless it is overridden by the opposite tag (in other words,
PASSWD overrides NOPASSWD and NOEXEC overrides EXEC).
+ _\bN_\bO_\bE_\bX_\bE_\bC and _\bE_\bX_\bE_\bC
+
+ If s\bsu\bud\bdo\bo has been compiled with _\bn_\bo_\be_\bx_\be_\bc support and the underlying
+ operating system supports it, the NOEXEC tag can be used to prevent a
+ dynamically-linked executable from running further commands itself.
+
+ In the following example, user a\baa\bar\bro\bon\bn may run _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be and
+ _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bv_\bi but shell escapes will be disabled.
+
+ aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+
+ See the _\bP_\br_\be_\bv_\be_\bn_\bt_\bi_\bn_\bg _\bs_\bh_\be_\bl_\bl _\be_\bs_\bc_\ba_\bp_\be_\bs section below for more details on how
+ NOEXEC works and whether or not it will work on your system.
+
+ _\bL_\bO_\bG_\b__\bI_\bN_\bP_\bU_\bT and _\bN_\bO_\bL_\bO_\bG_\b__\bI_\bN_\bP_\bU_\bT
+
+ These tags override the value of the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt option on a per-command
+ basis. For more information, see the description of _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt in the
+ _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bO_\bP_\bT_\bI_\bO_\bN_\bS section below.
+
+ _\bL_\bO_\bG_\b__\bO_\bU_\bT_\bP_\bU_\bT and _\bN_\bO_\bL_\bO_\bG_\b__\bO_\bU_\bT_\bP_\bU_\bT
+
+ These tags override the value of the _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt option on a per-command
+ basis. For more information, see the description of _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt in the
+ _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bO_\bP_\bT_\bI_\bO_\bN_\bS section below.
+
+ _\bM_\bA_\bI_\bL and _\bN_\bO_\bM_\bA_\bI_\bL
+
+ These tags provide fine-grained control over whether mail will be sent
+ when a user runs a command by overriding the value of the
+ _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bl_\b__\bc_\bm_\bn_\bd_\bs option on a per-command basis. They have no effect when
+ s\bsu\bud\bdo\bo is run with the -\b-l\bl or -\b-v\bv options. A _\bN_\bO_\bM_\bA_\bI_\bL tag will also override
+ the _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bw_\ba_\by_\bs and _\bm_\ba_\bi_\bl_\b__\bn_\bo_\b__\bp_\be_\br_\bm_\bs options. For more information, see
+ the descriptions of _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bl_\b__\bc_\bm_\bn_\bd_\bs, _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bw_\ba_\by_\bs, and _\bm_\ba_\bi_\bl_\b__\bn_\bo_\b__\bp_\be_\br_\bm_\bs in
+ the _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bO_\bP_\bT_\bI_\bO_\bN_\bS section below.
+
_\bN_\bO_\bP_\bA_\bS_\bS_\bW_\bD and _\bP_\bA_\bS_\bS_\bW_\bD
By default, s\bsu\bud\bdo\bo requires that a user authenticate him or herself
entries that pertain to the current host. This behavior may be
overridden via the _\bv_\be_\br_\bi_\bf_\by_\bp_\bw and _\bl_\bi_\bs_\bt_\bp_\bw options.
- _\bN_\bO_\bE_\bX_\bE_\bC and _\bE_\bX_\bE_\bC
-
- If s\bsu\bud\bdo\bo has been compiled with _\bn_\bo_\be_\bx_\be_\bc support and the underlying
- operating system supports it, the NOEXEC tag can be used to prevent a
- dynamically-linked executable from running further commands itself.
-
- In the following example, user a\baa\bar\bro\bon\bn may run _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be and
- _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bv_\bi but shell escapes will be disabled.
-
- aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
-
- See the _\bP_\br_\be_\bv_\be_\bn_\bt_\bi_\bn_\bg _\bs_\bh_\be_\bl_\bl _\be_\bs_\bc_\ba_\bp_\be_\bs section below for more details on how
- NOEXEC works and whether or not it will work on your system.
-
_\bS_\bE_\bT_\bE_\bN_\bV and _\bN_\bO_\bS_\bE_\bT_\bE_\bN_\bV
These tags override the value of the _\bs_\be_\bt_\be_\bn_\bv option on a per-command
tag is implied for that command; this default may be overridden by use
of the NOSETENV tag.
- _\bL_\bO_\bG_\b__\bI_\bN_\bP_\bU_\bT and _\bN_\bO_\bL_\bO_\bG_\b__\bI_\bN_\bP_\bU_\bT
-
- These tags override the value of the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt option on a per-command
- basis. For more information, see the description of _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt in the
- _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bO_\bP_\bT_\bI_\bO_\bN_\bS section below.
-
- _\bL_\bO_\bG_\b__\bO_\bU_\bT_\bP_\bU_\bT and _\bN_\bO_\bL_\bO_\bG_\b__\bO_\bU_\bT_\bP_\bU_\bT
-
- These tags override the value of the _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt option on a per-command
- basis. For more information, see the description of _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt in the
- _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bO_\bP_\bT_\bI_\bO_\bN_\bS section below.
-
- _\bM_\bA_\bI_\bL and _\bN_\bO_\bM_\bA_\bI_\bL
-
- These tags provide fine-grained control over whether mail will be sent
- when a user runs a command by overriding the value of the
- _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bl_\b__\bc_\bm_\bn_\bd_\bs option on a per-command basis. They have no effect when
- s\bsu\bud\bdo\bo is run with the -\b-l\bl or -\b-v\bv options. A _\bN_\bO_\bM_\bA_\bI_\bL tag will also override
- the _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bw_\ba_\by_\bs and _\bm_\ba_\bi_\bl_\b__\bn_\bo_\b__\bp_\be_\br_\bm_\bs options. For more information, see
- the descriptions of _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bl_\b__\bc_\bm_\bn_\bd_\bs, _\bm_\ba_\bi_\bl_\b__\ba_\bl_\bw_\ba_\by_\bs, and _\bm_\ba_\bi_\bl_\b__\bn_\bo_\b__\bp_\be_\br_\bm_\bs in
- the _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bO_\bP_\bT_\bI_\bO_\bN_\bS section below.
-
W\bWi\bil\bld\bdc\bca\bar\brd\bds\bs
s\bsu\bud\bdo\bo allows shell-style _\bw_\bi_\bl_\bd_\bc_\ba_\br_\bd_\bs (aka meta or glob characters) to be
used in host names, path names and command line arguments in the _\bs_\bu_\bd_\bo_\be_\br_\bs
Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
-Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
- 'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
- 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:')
+Tag_Spec ::= ('NOEXEC:' | 'EXEC:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
+ 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:' |
+ 'NOPASSWD:' | 'PASSWD:' | 'SETENV:' | 'NOSETENV:')
.RE
.fi
.PP
A command may have zero or more tags associated with it.
There are
ten possible tag values:
-\fRNOPASSWD\fR,
-\fRPASSWD\fR,
\fRNOEXEC\fR,
\fREXEC\fR,
-\fRSETENV\fR,
-\fRNOSETENV\fR,
\fRLOG_INPUT\fR,
\fRNOLOG_INPUT\fR,
\fRLOG_OUTPUT\fR,
\fRNOLOG_OUTPUT\fR,
-\fRMAIL\fR
+\fRMAIL\fR,
+\fRNOMAIL\fR,
+\fRNOPASSWD\fR,
+\fRPASSWD\fR,
+\fRSETENV\fR,
and
-\fRNOMAIL\fR.
+\fRNOSETENV\fR.
Once a tag is set on a
\fRCmnd\fR,
subsequent
overrides
\fREXEC\fR).
.TP 2n
+\fINOEXEC\fR and \fIEXEC\fR
+.sp
+If
+\fBsudo\fR
+has been compiled with
+\fInoexec\fR
+support and the underlying operating system supports it, the
+\fRNOEXEC\fR
+tag can be used to prevent a dynamically-linked executable from
+running further commands itself.
+.sp
+In the following example, user
+\fBaaron\fR
+may run
+\fI/usr/bin/more\fR
+and
+\fI/usr/bin/vi\fR
+but shell escapes will be disabled.
+.nf
+.sp
+.RS 2n
+aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+.RE
+.fi
+.RS 2n
+.sp
+See the
+\fIPreventing shell escapes\fR
+section below for more details on how
+\fRNOEXEC\fR
+works and whether or not it will work on your system.
+.RE
+.TP 2n
+\fILOG_INPUT\fR and \fINOLOG_INPUT\fR
+.sp
+These tags override the value of the
+\fIlog_input\fR
+option on a per-command basis.
+For more information, see the description of
+\fIlog_input\fR
+in the
+\fISUDOERS OPTIONS\fR
+section below.
+.TP 2n
+\fILOG_OUTPUT\fR and \fINOLOG_OUTPUT\fR
+.sp
+These tags override the value of the
+\fIlog_output\fR
+option on a per-command basis.
+For more information, see the description of
+\fIlog_output\fR
+in the
+\fISUDOERS OPTIONS\fR
+section below.
+.TP 2n
+\fIMAIL\fR and \fINOMAIL\fR
+.sp
+These tags provide fine-grained control over whether
+mail will be sent when a user runs a command by
+overriding the value of the
+\fImail_all_cmnds\fR
+option on a per-command basis.
+They have no effect when
+\fBsudo\fR
+is run with the
+\fB\-l\fR
+or
+\fB\-v\fR
+options.
+A
+\fINOMAIL\fR
+tag will also override the
+\fImail_always\fR
+and
+\fImail_no_perms\fR
+options.
+For more information, see the descriptions of
+\fImail_all_cmnds\fR,
+\fImail_always\fR,
+and
+\fImail_no_perms\fR
+in the
+\fISUDOERS OPTIONS\fR
+section below.
+.TP 2n
\fINOPASSWD\fR and \fIPASSWD\fR
.sp
By default,
options.
.RE
.TP 2n
-\fINOEXEC\fR and \fIEXEC\fR
-.sp
-If
-\fBsudo\fR
-has been compiled with
-\fInoexec\fR
-support and the underlying operating system supports it, the
-\fRNOEXEC\fR
-tag can be used to prevent a dynamically-linked executable from
-running further commands itself.
-.sp
-In the following example, user
-\fBaaron\fR
-may run
-\fI/usr/bin/more\fR
-and
-\fI/usr/bin/vi\fR
-but shell escapes will be disabled.
-.nf
-.sp
-.RS 2n
-aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
-.RE
-.fi
-.RS 2n
-.sp
-See the
-\fIPreventing shell escapes\fR
-section below for more details on how
-\fRNOEXEC\fR
-works and whether or not it will work on your system.
-.RE
-.TP 2n
\fISETENV\fR and \fINOSETENV\fR
.sp
These tags override the value of the
tag is implied for that command; this default may be overridden by use of the
\fRNOSETENV\fR
tag.
-.TP 2n
-\fILOG_INPUT\fR and \fINOLOG_INPUT\fR
-.sp
-These tags override the value of the
-\fIlog_input\fR
-option on a per-command basis.
-For more information, see the description of
-\fIlog_input\fR
-in the
-\fISUDOERS OPTIONS\fR
-section below.
-.TP 2n
-\fILOG_OUTPUT\fR and \fINOLOG_OUTPUT\fR
-.sp
-These tags override the value of the
-\fIlog_output\fR
-option on a per-command basis.
-For more information, see the description of
-\fIlog_output\fR
-in the
-\fISUDOERS OPTIONS\fR
-section below.
-.TP 2n
-\fIMAIL\fR and \fINOMAIL\fR
-.sp
-These tags provide fine-grained control over whether
-mail will be sent when a user runs a command by
-overriding the value of the
-\fImail_all_cmnds\fR
-option on a per-command basis.
-They have no effect when
-\fBsudo\fR
-is run with the
-\fB\-l\fR
-or
-\fB\-v\fR
-options.
-A
-\fINOMAIL\fR
-tag will also override the
-\fImail_always\fR
-and
-\fImail_no_perms\fR
-options.
-For more information, see the descriptions of
-\fImail_all_cmnds\fR,
-\fImail_always\fR,
-and
-\fImail_no_perms\fR
-in the
-\fISUDOERS OPTIONS\fR
-section below.
.SS "Wildcards"
\fBsudo\fR
allows shell-style
Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
-Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
- 'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
- 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:')
+Tag_Spec ::= ('NOEXEC:' | 'EXEC:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
+ 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:' |
+ 'NOPASSWD:' | 'PASSWD:' | 'SETENV:' | 'NOSETENV:')
.Ed
.Pp
A
A command may have zero or more tags associated with it.
There are
ten possible tag values:
-.Li NOPASSWD ,
-.Li PASSWD ,
.Li NOEXEC ,
.Li EXEC ,
-.Li SETENV ,
-.Li NOSETENV ,
.Li LOG_INPUT ,
.Li NOLOG_INPUT ,
.Li LOG_OUTPUT ,
.Li NOLOG_OUTPUT ,
-.Li MAIL
+.Li MAIL ,
+.Li NOMAIL ,
+.Li NOPASSWD ,
+.Li PASSWD ,
+.Li SETENV ,
and
-.Li NOMAIL .
+.Li NOSETENV .
Once a tag is set on a
.Li Cmnd ,
subsequent
overrides
.Li EXEC ) .
.Bl -hang -width 0n
+.It Em NOEXEC No and Em EXEC
+.sp
+If
+.Nm sudo
+has been compiled with
+.Em noexec
+support and the underlying operating system supports it, the
+.Li NOEXEC
+tag can be used to prevent a dynamically-linked executable from
+running further commands itself.
+.Pp
+In the following example, user
+.Sy aaron
+may run
+.Pa /usr/bin/more
+and
+.Pa /usr/bin/vi
+but shell escapes will be disabled.
+.Bd -literal
+aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+.Ed
+.Pp
+See the
+.Sx Preventing shell escapes
+section below for more details on how
+.Li NOEXEC
+works and whether or not it will work on your system.
+.It Em LOG_INPUT No and Em NOLOG_INPUT
+.sp
+These tags override the value of the
+.Em log_input
+option on a per-command basis.
+For more information, see the description of
+.Em log_input
+in the
+.Sx SUDOERS OPTIONS
+section below.
+.It Em LOG_OUTPUT No and Em NOLOG_OUTPUT
+.sp
+These tags override the value of the
+.Em log_output
+option on a per-command basis.
+For more information, see the description of
+.Em log_output
+in the
+.Sx SUDOERS OPTIONS
+section below.
+.It Em MAIL No and Em NOMAIL
+.sp
+These tags provide fine-grained control over whether
+mail will be sent when a user runs a command by
+overriding the value of the
+.Em mail_all_cmnds
+option on a per-command basis.
+They have no effect when
+.Nm sudo
+is run with the
+.Fl l
+or
+.Fl v
+options.
+A
+.Em NOMAIL
+tag will also override the
+.Em mail_always
+and
+.Em mail_no_perms
+options.
+For more information, see the descriptions of
+.Em mail_all_cmnds ,
+.Em mail_always ,
+and
+.Em mail_no_perms
+in the
+.Sx SUDOERS OPTIONS
+section below.
.It Em NOPASSWD No and Em PASSWD
.sp
By default,
and
.Em listpw
options.
-.It Em NOEXEC No and Em EXEC
-.sp
-If
-.Nm sudo
-has been compiled with
-.Em noexec
-support and the underlying operating system supports it, the
-.Li NOEXEC
-tag can be used to prevent a dynamically-linked executable from
-running further commands itself.
-.Pp
-In the following example, user
-.Sy aaron
-may run
-.Pa /usr/bin/more
-and
-.Pa /usr/bin/vi
-but shell escapes will be disabled.
-.Bd -literal
-aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
-.Ed
-.Pp
-See the
-.Sx Preventing shell escapes
-section below for more details on how
-.Li NOEXEC
-works and whether or not it will work on your system.
.It Em SETENV No and Em NOSETENV
.sp
These tags override the value of the
tag is implied for that command; this default may be overridden by use of the
.Li NOSETENV
tag.
-.It Em LOG_INPUT No and Em NOLOG_INPUT
-.sp
-These tags override the value of the
-.Em log_input
-option on a per-command basis.
-For more information, see the description of
-.Em log_input
-in the
-.Sx SUDOERS OPTIONS
-section below.
-.It Em LOG_OUTPUT No and Em NOLOG_OUTPUT
-.sp
-These tags override the value of the
-.Em log_output
-option on a per-command basis.
-For more information, see the description of
-.Em log_output
-in the
-.Sx SUDOERS OPTIONS
-section below.
-.It Em MAIL No and Em NOMAIL
-.sp
-These tags provide fine-grained control over whether
-mail will be sent when a user runs a command by
-overriding the value of the
-.Em mail_all_cmnds
-option on a per-command basis.
-They have no effect when
-.Nm sudo
-is run with the
-.Fl l
-or
-.Fl v
-options.
-A
-.Em NOMAIL
-tag will also override the
-.Em mail_always
-and
-.Em mail_no_perms
-options.
-For more information, see the descriptions of
-.Em mail_all_cmnds ,
-.Em mail_always ,
-and
-.Em mail_no_perms
-in the
-.Sx SUDOERS OPTIONS
-section below.
.El
.Ss Wildcards
.Nm sudo
projects / sudo / commitdiff