on the target user unless MAIL is explicitly preserved in sudoers.
more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
+ * If env_reset is enabled in sudoers (the default), sudo will now set
+ the MAIL environment variable based on the target user unless MAIL is
+ explicitly preserved in sudoers. Previously MAIL was passed unchanged.
+
What's new in Sudo 1.7.3?
* Support for logging I/O for the command being run.
for d in /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then
timedir="$d/sudo"
- break;
+ break
fi
done
fi
fi
])
+dnl
+dnl Determine the mail spool location
+dnl NOTE: must be run *after* check for paths.h
+dnl
+AC_DEFUN(SUDO_MAILDIR, [
+maildir=no
+if test X"$ac_cv_header_paths_h" = X"yes"; then
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
+#include <paths.h>
+int main() {char *p = _PATH_MAILDIR;}], [])], [maildir=yes], [])
+fi
+if test $maildir = no; then
+ # Solaris has maillock.h which defines MAILDIR
+ AC_CHECK_HEADERS(maillock.h, [
+ SUDO_DEFINE(_PATH_MAILDIR, MAILDIR)
+ maildir=yes
+ ])
+ if test $maildir = no; then
+ for d in /var/mail /var/spool/mail /usr/spool/mail; do
+ if test -d "$d"; then
+ maildir=yes
+ SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "$d")
+ break
+ fi
+ done
+ if test $maildir = no; then
+ # unable to find mail dir, hope for the best
+ SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "/var/mail")
+ fi
+ fi
+fi
+])
+
dnl
dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support
dnl tracing that we use to define paths for pathnames.h so autoheader doesn't
/* Define to 1 if you have the `lrand48' function. */
#undef HAVE_LRAND48
+/* Define to 1 if you have the <maillock.h> header file. */
+#undef HAVE_MAILLOCK_H
+
/* Define to 1 if you have the <malloc.h> header file. */
#undef HAVE_MALLOC_H
if test "$ac_cv_sys_posix_termios" != "yes"; then
as_fn_error "Must have POSIX termios to build sudo" "$LINENO" 5
fi
+
+maildir=no
+if test X"$ac_cv_header_paths_h" = X"yes"; then
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+#include <paths.h>
+int main() {char *p = _PATH_MAILDIR;}
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ maildir=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+if test $maildir = no; then
+ # Solaris has maillock.h which defines MAILDIR
+ for ac_header in maillock.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "maillock.h" "ac_cv_header_maillock_h" "$ac_includes_default"
+if test "x$ac_cv_header_maillock_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_MAILLOCK_H 1
+_ACEOF
+
+ cat >>confdefs.h <<\EOF
+#define _PATH_MAILDIR MAILDIR
+EOF
+
+ maildir=yes
+
+fi
+
+done
+
+ if test $maildir = no; then
+ for d in /var/mail /var/spool/mail /usr/spool/mail; do
+ if test -d "$d"; then
+ maildir=yes
+ cat >>confdefs.h <<EOF
+#define _PATH_MAILDIR "$d"
+EOF
+
+ break
+ fi
+ done
+ if test $maildir = no; then
+ # unable to find mail dir, hope for the best
+ cat >>confdefs.h <<EOF
+#define _PATH_MAILDIR "/var/mail"
+EOF
+
+ fi
+ fi
+fi
+
if test ${with_logincap-'no'} != "no"; then
for ac_header in login_cap.h
do :
for d in /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then
timedir="$d/sudo"
- break;
+ break
fi
done
fi
if test "$ac_cv_sys_posix_termios" != "yes"; then
AC_MSG_ERROR([Must have POSIX termios to build sudo])
fi
+SUDO_MAILDIR
if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
case "$OS" in
-1.8.0b1 July 1, 2010 1
+1.8.0b1 July 19, 2010 1
-1.8.0b1 July 1, 2010 2
+1.8.0b1 July 19, 2010 2
-1.8.0b1 July 1, 2010 3
+1.8.0b1 July 19, 2010 3
-1.8.0b1 July 1, 2010 4
+1.8.0b1 July 19, 2010 4
-1.8.0b1 July 1, 2010 5
+1.8.0b1 July 19, 2010 5
-1.8.0b1 July 1, 2010 6
+1.8.0b1 July 19, 2010 6
-1.8.0b1 July 1, 2010 7
+1.8.0b1 July 19, 2010 7
EDITOR Default editor to use in -\b-e\be (sudoedit) mode if neither
SUDO_EDITOR nor VISUAL is set
+ MAIL In -\b-i\bi mode or when _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is enabled in _\bs_\bu_\bd_\bo_\be_\br_\bs, set
+ to the mail spool of the target user
+
HOME In -\b-i\bi, -\b-s\bs or -\b-H\bH mode (or if sudo was configured with
the --enable-shell-sets-home option), set to homedir of
the target user
F\bFI\bIL\bLE\bES\bS
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf s\bsu\bud\bdo\bo plugin and path configuration
-E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
- Note: the following examples assume a properly configured security
- policy.
-1.8.0b1 July 1, 2010 8
+1.8.0b1 July 19, 2010 8
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
+ Note: the following examples assume a properly configured security
+ policy.
+
To get a file listing of an unreadable directory:
$ sudo ls /usr/local/protected
programs (such as editors) allow the user to run commands via shell
escapes, thus avoiding s\bsu\bud\bdo\bo's checks. However, on most systems it is
possible to prevent shell escapes with the _\bs_\bu_\bd_\bo_\be_\br_\bs(4) module's _\bn_\bo_\be_\bx_\be_\bc
- functionality.
- It is not meaningful to run the cd command directly via sudo, e.g.,
+1.8.0b1 July 19, 2010 9
-1.8.0b1 July 1, 2010 9
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ functionality.
+ It is not meaningful to run the cd command directly via sudo, e.g.,
$ sudo cd /usr/local/protected
-
-
-
-
-1.8.0b1 July 1, 2010 10
+1.8.0b1 July 19, 2010 10
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "July 1, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "July 19, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.IX Item "EDITOR"
Default editor to use in \fB\-e\fR (sudoedit) mode if neither \f(CW\*(C`SUDO_EDITOR\*(C'\fR
nor \f(CW\*(C`VISUAL\*(C'\fR is set
+.ie n .IP "\*(C`MAIL\*(C'" 16
+.el .IP "\f(CW\*(C`MAIL\*(C'\fR" 16
+.IX Item "MAIL"
+In \fB\-i\fR mode or when \fIenv_reset\fR is enabled in \fIsudoers\fR, set
+to the mail spool of the target user
.ie n .IP "\*(C`HOME\*(C'" 16
.el .IP "\f(CW\*(C`HOME\*(C'\fR" 16
.IX Item "HOME"
Default editor to use in B<-e> (sudoedit) mode if neither C<SUDO_EDITOR>
nor C<VISUAL> is set
+=item C<MAIL>
+
+In B<-i> mode or when I<env_reset> is enabled in I<sudoers>, set
+to the mail spool of the target user
+
=item C<HOME>
In B<-i>, B<-s> or B<-H> mode (or if sudo was configured with the
-1.8.0b1 July 16, 2010 1
+1.8.0b1 July 19, 2010 1
By default, the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is enabled. This causes commands to
be executed with a minimal environment containing TERM, PATH, HOME,
- SHELL, LOGNAME, USER and USERNAME in addition to variables from the
- invoking process permitted by the _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and _\be_\bn_\bv_\b__\bk_\be_\be_\bp options. This
- is effectively a whitelist for environment variables.
+ MAIL, SHELL, LOGNAME, USER and USERNAME in addition to variables from
+ the invoking process permitted by the _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and _\be_\bn_\bv_\b__\bk_\be_\be_\bp options.
+ This is effectively a whitelist for environment variables.
If, however, the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is disabled, any variables not
explicitly denied by the _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and _\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be options are inherited
As a special case, If s\bsu\bud\bdo\bo's -\b-i\bi option (initial login) is specified,
_\bs_\bu_\bd_\bo_\be_\br_\bs will initialize the environment regardless of the value of
_\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt. The _\bD_\bI_\bS_\bP_\bL_\bA_\bY, _\bP_\bA_\bT_\bH and _\bT_\bE_\bR_\bM variables remain unchanged;
- _\bH_\bO_\bM_\bE, _\bS_\bH_\bE_\bL_\bL, _\bU_\bS_\bE_\bR, and _\bL_\bO_\bG_\bN_\bA_\bM_\bE are set based on the target user. On
- Linux and AIX systems the contents of _\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt are also
+ _\bH_\bO_\bM_\bE, _\bM_\bA_\bI_\bL, _\bS_\bH_\bE_\bL_\bL, _\bU_\bS_\bE_\bR, and _\bL_\bO_\bG_\bN_\bA_\bM_\bE are set based on the target user.
+ On Linux and AIX systems the contents of _\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt are also
included. All other environment variables are removed.
S\bSU\bUD\bDO\bOE\bER\bRS\bS F\bFI\bIL\bLE\bE F\bFO\bOR\bRM\bMA\bAT\bT
-1.8.0b1 July 16, 2010 2
+1.8.0b1 July 19, 2010 2
-1.8.0b1 July 16, 2010 3
+1.8.0b1 July 19, 2010 3
-1.8.0b1 July 16, 2010 4
+1.8.0b1 July 19, 2010 4
-1.8.0b1 July 16, 2010 5
+1.8.0b1 July 19, 2010 5
-1.8.0b1 July 16, 2010 6
+1.8.0b1 July 19, 2010 6
-1.8.0b1 July 16, 2010 7
+1.8.0b1 July 19, 2010 7
-1.8.0b1 July 16, 2010 8
+1.8.0b1 July 19, 2010 8
-1.8.0b1 July 16, 2010 9
+1.8.0b1 July 19, 2010 9
-1.8.0b1 July 16, 2010 10
+1.8.0b1 July 19, 2010 10
-1.8.0b1 July 16, 2010 11
+1.8.0b1 July 19, 2010 11
specified in editor. This flag is _\bo_\bf_\bf by default.
env_reset If set, s\bsu\bud\bdo\bo will reset the environment to only contain
- the LOGNAME, SHELL, USER, USERNAME and the SUDO_*
+ the LOGNAME, MAIL, SHELL, USER, USERNAME and the SUDO_*
variables. Any variables in the caller's environment
that match the env_keep and env_check lists are then
added. The default contents of the env_keep and
-1.8.0b1 July 16, 2010 12
+1.8.0b1 July 19, 2010 12
-1.8.0b1 July 16, 2010 13
+1.8.0b1 July 19, 2010 13
-1.8.0b1 July 16, 2010 14
+1.8.0b1 July 19, 2010 14
-1.8.0b1 July 16, 2010 15
+1.8.0b1 July 19, 2010 15
-1.8.0b1 July 16, 2010 16
+1.8.0b1 July 19, 2010 16
-1.8.0b1 July 16, 2010 17
+1.8.0b1 July 19, 2010 17
-1.8.0b1 July 16, 2010 18
+1.8.0b1 July 19, 2010 18
-1.8.0b1 July 16, 2010 19
+1.8.0b1 July 19, 2010 19
-1.8.0b1 July 16, 2010 20
+1.8.0b1 July 19, 2010 20
-1.8.0b1 July 16, 2010 21
+1.8.0b1 July 19, 2010 21
-1.8.0b1 July 16, 2010 22
+1.8.0b1 July 19, 2010 22
-1.8.0b1 July 16, 2010 23
+1.8.0b1 July 19, 2010 23
-1.8.0b1 July 16, 2010 24
+1.8.0b1 July 19, 2010 24
-1.8.0b1 July 16, 2010 25
+1.8.0b1 July 19, 2010 25
-1.8.0b1 July 16, 2010 26
+1.8.0b1 July 19, 2010 26
-1.8.0b1 July 16, 2010 27
+1.8.0b1 July 19, 2010 27
-1.8.0b1 July 16, 2010 28
+1.8.0b1 July 19, 2010 28
-1.8.0b1 July 16, 2010 29
+1.8.0b1 July 19, 2010 29
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "July 16, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "July 19, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.PP
By default, the \fIenv_reset\fR option is enabled. This causes commands
to be executed with a minimal environment containing \f(CW\*(C`TERM\*(C'\fR,
-\&\f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR and \f(CW\*(C`USERNAME\*(C'\fR in
+\&\f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR and \f(CW\*(C`USERNAME\*(C'\fR in
addition to variables from the invoking process permitted by the
\&\fIenv_check\fR and \fIenv_keep\fR options. This is effectively a whitelist
for environment variables.
As a special case, If \fBsudo\fR's \fB\-i\fR option (initial login) is
specified, \fIsudoers\fR will initialize the environment regardless
of the value of \fIenv_reset\fR. The \fI\s-1DISPLAY\s0\fR, \fI\s-1PATH\s0\fR and \fI\s-1TERM\s0\fR
-variables remain unchanged; \fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, and \fI\s-1LOGNAME\s0\fR
-are set based on the target user. On Linux and \s-1AIX\s0 systems the
-contents of \fI/etc/environment\fR are also included. All other
-environment variables are removed.
+variables remain unchanged; \fI\s-1HOME\s0\fR, \fI\s-1MAIL\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR,
+and \fI\s-1LOGNAME\s0\fR are set based on the target user. On Linux and \s-1AIX\s0
+systems the contents of \fI/etc/environment\fR are also included. All
+other environment variables are removed.
.SH "SUDOERS FILE FORMAT"
.IX Header "SUDOERS FILE FORMAT"
The \fIsudoers\fR file is composed of two types of entries: aliases
.IP "env_reset" 16
.IX Item "env_reset"
If set, \fBsudo\fR will reset the environment to only contain the
-\&\s-1LOGNAME\s0, \s-1SHELL\s0, \s-1USER\s0, \s-1USERNAME\s0 and the \f(CW\*(C`SUDO_*\*(C'\fR variables. Any
+\&\s-1LOGNAME\s0, \s-1MAIL\s0, \s-1SHELL\s0, \s-1USER\s0, \s-1USERNAME\s0 and the \f(CW\*(C`SUDO_*\*(C'\fR variables. Any
variables in the caller's environment that match the \f(CW\*(C`env_keep\*(C'\fR
and \f(CW\*(C`env_check\*(C'\fR lists are then added. The default contents of the
\&\f(CW\*(C`env_keep\*(C'\fR and \f(CW\*(C`env_check\*(C'\fR lists are displayed when \fBsudo\fR is
By default, the I<env_reset> option is enabled. This causes commands
to be executed with a minimal environment containing C<TERM>,
-C<PATH>, C<HOME>, C<SHELL>, C<LOGNAME>, C<USER> and C<USERNAME> in
+C<PATH>, C<HOME>, C<MAIL>, C<SHELL>, C<LOGNAME>, C<USER> and C<USERNAME> in
addition to variables from the invoking process permitted by the
I<env_check> and I<env_keep> options. This is effectively a whitelist
for environment variables.
As a special case, If B<sudo>'s B<-i> option (initial login) is
specified, I<sudoers> will initialize the environment regardless
of the value of I<env_reset>. The I<DISPLAY>, I<PATH> and I<TERM>
-variables remain unchanged; I<HOME>, I<SHELL>, I<USER>, and I<LOGNAME>
-are set based on the target user. On Linux and AIX systems the
-contents of F</etc/environment> are also included. All other
-environment variables are removed.
+variables remain unchanged; I<HOME>, I<MAIL>, I<SHELL>, I<USER>,
+and I<LOGNAME> are set based on the target user. On Linux and AIX
+systems the contents of F</etc/environment> are also included. All
+other environment variables are removed.
=head1 SUDOERS FILE FORMAT
=item env_reset
If set, B<sudo> will reset the environment to only contain the
-LOGNAME, SHELL, USER, USERNAME and the C<SUDO_*> variables. Any
+LOGNAME, MAIL, SHELL, USER, USERNAME and the C<SUDO_*> variables. Any
variables in the caller's environment that match the C<env_keep>
and C<env_check> lists are then added. The default contents of the
C<env_keep> and C<env_check> lists are displayed when B<sudo> is
#define _PATH_USRTMP "/usr/tmp/"
#endif /* _PATH_USRTMP */
+#ifndef _PATH_MAILDIR
+#undef _PATH_MAILDIR
+#endif /* _PATH_MAILDIR */
+
#ifndef _PATH_SUDO_SESH
#undef _PATH_SUDO_SESH
#endif /* _PATH_SUDO_SESH */
#define DID_USER 0x0020
#undef DID_USERNAME
#define DID_USERNAME 0x0040
+#undef DID_MAIL
+#define DID_MAIL 0x0080
#undef DID_MAX
#define DID_MAX 0x00ff
#define KEPT_USER 0x2000
#undef KEPT_USERNAME
#define KEPT_USERNAME 0x4000
+#undef KEPT_MAIL
+#define KEPT_MAIL 0x8000
#undef KEPT_MAX
#define KEPT_MAX 0xff00
"HOSTNAME",
"KRB5CCNAME",
"LS_COLORS",
- "MAIL",
"PATH",
"PS1",
"PS2",
if (strncmp(*ep, "LOGNAME=", 8) == 0)
SET(didvar, DID_LOGNAME);
break;
+ case 'M':
+ if (strncmp(*ep, "MAIL=", 5) == 0)
+ SET(didvar, DID_MAIL);
+ break;
case 'P':
if (strncmp(*ep, "PATH=", 5) == 0)
SET(didvar, DID_PATH);
if (!ISSET(didvar, DID_USERNAME))
sudo_setenv("USERNAME", user_name, FALSE);
}
+ /*
+ * Set MAIL to target user in -i mode or if MAIL is not preserved
+ * from user's environment.
+ */
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) {
+ cp = _PATH_MAILDIR;
+ if (cp[sizeof(_PATH_MAILDIR) - 2] == '/')
+ easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name);
+ else
+ easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name);
+ sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
+ }
} else {
/*
* Copy environ entries as long as they don't match env_delete or
projects / sudo / commitdiff