-26/Mar/2000 1.6.3 1
+1/Apr/2000 1.6.3 1
-26/Mar/2000 1.6.3 2
+1/Apr/2000 1.6.3 2
-26/Mar/2000 1.6.3 3
+1/Apr/2000 1.6.3 3
-26/Mar/2000 1.6.3 4
+1/Apr/2000 1.6.3 4
-26/Mar/2000 1.6.3 5
+1/Apr/2000 1.6.3 5
password. This flag is off by default.
env_editor If set, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will use the value of the
- EDITOR or VISUAL environment falling back on
- the default editor. Note that this may create
- a security hole as most editors allow a user
- to get a shell (which would be a root shell
- and not be logged).
+ EDITOR or VISUAL environment variables before
+ falling back on the default editor list. Note
+ that this may create a security hole as it
+ allows the user to run any arbitrary command
+ as root without logging. A safer alternative
+ is to place a colon-separated list of editors
-
-26/Mar/2000 1.6.3 6
+1/Apr/2000 1.6.3 6
sudoers(4) FILE FORMATS sudoers(4)
+ in the editor variable. v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will then only
+ use the EDITOR or VISUAL if they match a value
+ specified in editor. This flag is off by
+ default.
+
rootpw If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will prompt for the root password
instead of the password of the invoking user.
+ This flag is off by default.
runaspw If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will prompt for the password of
the user defined by the _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt option
(defaults to root) instead of the password of
- the invoking user.
+ the invoking user. This flag is off by
+ default.
targetpw If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will prompt for the password of
the user specified by the -u flag (defaults to
root) instead of the password of the invoking
- user.
+ user. This flag is off by default.
set_logname Normally, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will set the LOGNAME and USER
environment variables to the name of the
If set, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will apply the defaults specified
for the target user's login class if one
exists. Only available if s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is configured
- with the --with-logincap option.
+ with the --with-logincap option. This flag is
+ off by default.
I\bI\bI\bIn\bn\bn\bnt\bt\bt\bte\be\be\beg\bg\bg\bge\be\be\ber\br\br\brs\bs\bs\bs:
log. The default is 80 (use 0 or negate to
disable word wrap).
- timestamp_timeout
- Number of minutes that can elapse before s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
- will ask for a passwd again. The default is
- 5, set this to 0 to always prompt for a
- password.
- passwd_timeout
- Number of minutes before the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo password
- prompt times out. The default is 5, set this
-26/Mar/2000 1.6.3 7
+1/Apr/2000 1.6.3 7
sudoers(4) FILE FORMATS sudoers(4)
+ timestamp_timeout
+ Number of minutes that can elapse before s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
+ will ask for a passwd again. The default is
+ 5, set this to 0 to always prompt for a
+ password.
+
+ passwd_timeout
+ Number of minutes before the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo password
+ prompt times out. The default is 5, set this
to 0 for no password timeout.
umask Umask to use when running the root command.
Syslog priority to use when user authenticates
unsuccessfully. Defaults to "alert".
- editor Path to the editor to be used by v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo. The
- default is the path to vi on your system.
+ editor A colon (':') separated list of editors
+ allowed to be used with v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo. v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will
- S\bS\bS\bSt\bt\bt\btr\br\br\bri\bi\bi\bin\bn\bn\bng\bg\bg\bgs\bs\bs\bs t\bt\bt\bth\bh\bh\bha\ba\ba\bat\bt\bt\bt c\bc\bc\bca\ba\ba\ban\bn\bn\bn b\bb\bb\bbe\be\be\be u\bu\bu\bus\bs\bs\bse\be\be\bed\bd\bd\bd i\bi\bi\bin\bn\bn\bn a\ba\ba\ba b\bb\bb\bbo\bo\bo\boo\bo\bo\bol\bl\bl\ble\be\be\bea\ba\ba\ban\bn\bn\bn c\bc\bc\bco\bo\bo\bon\bn\bn\bnt\bt\bt\bte\be\be\bex\bx\bx\bxt\bt\bt\bt:
- logfile Path to the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo log file (not the syslog log
- file). Setting a path turns on logging to a
- file, negating this option turns it off.
- syslog Syslog facility if syslog is being used for
- logging (negate to disable syslog logging).
+1/Apr/2000 1.6.3 8
-26/Mar/2000 1.6.3 8
+sudoers(4) FILE FORMATS sudoers(4)
+ choose the editor that matches the user's USER
+ environment variable if possible, or the first
+ editor in the list that exists and is
+ executable. The default is the path to vi on
+ your system.
-sudoers(4) FILE FORMATS sudoers(4)
+ S\bS\bS\bSt\bt\bt\btr\br\br\bri\bi\bi\bin\bn\bn\bng\bg\bg\bgs\bs\bs\bs t\bt\bt\bth\bh\bh\bha\ba\ba\bat\bt\bt\bt c\bc\bc\bca\ba\ba\ban\bn\bn\bn b\bb\bb\bbe\be\be\be u\bu\bu\bus\bs\bs\bse\be\be\bed\bd\bd\bd i\bi\bi\bin\bn\bn\bn a\ba\ba\ba b\bb\bb\bbo\bo\bo\boo\bo\bo\bol\bl\bl\ble\be\be\bea\ba\ba\ban\bn\bn\bn c\bc\bc\bco\bo\bo\bon\bn\bn\bnt\bt\bt\bte\be\be\bex\bx\bx\bxt\bt\bt\bt:
+ logfile Path to the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo log file (not the syslog log
+ file). Setting a path turns on logging to a
+ file, negating this option turns it off.
+ syslog Syslog facility if syslog is being used for
+ logging (negate to disable syslog logging).
Defaults to "local2".
mailerpath Path to mail program used to send warning
never The user need never enter a password to use
the B<-v> flag.
- always The user must always enter a password to use
- the B<-v> flag.
- The default value is `all'.
- listpw This option controls when a password will be
- required when a user runs s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo with the -\b-\b-\b-l\bl\bl\bl.
- It has the following possible values:
- all All the user's I<sudoers> entries for the
- current host must have the C<NOPASSWD>
- flag set to avoid entering a password.
+1/Apr/2000 1.6.3 9
-26/Mar/2000 1.6.3 9
-
+sudoers(4) FILE FORMATS sudoers(4)
+ always The user must always enter a password to use
+ the B<-v> flag.
+ The default value is `all'.
-sudoers(4) FILE FORMATS sudoers(4)
+ listpw This option controls when a password will be
+ required when a user runs s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo with the -\b-\b-\b-l\bl\bl\bl.
+ It has the following possible values:
+ all All the user's I<sudoers> entries for the
+ current host must have the C<NOPASSWD>
+ flag set to avoid entering a password.
any At least one of the user's I<sudoers> entries
for the current host must have the
Let's break that down into its constituent parts:
+
+
+
+1/Apr/2000 1.6.3 10
+
+
+
+
+
+sudoers(4) FILE FORMATS sudoers(4)
+
+
R\bR\bR\bRu\bu\bu\bun\bn\bn\bna\ba\ba\bas\bs\bs\bs_\b_\b_\b_S\bS\bS\bSp\bp\bp\bpe\be\be\bec\bc\bc\bc
A Runas_Spec is simply a Runas_List (as defined above)
The user d\bd\bd\bdg\bg\bg\bgb\bb\bb\bb may run _\b/_\bb_\bi_\bn_\b/_\bl_\bs, _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl, and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm
-- but only as o\bo\bo\bop\bp\bp\bpe\be\be\ber\br\br\bra\ba\ba\bat\bt\bt\bto\bo\bo\bor\br\br\br. Eg.
-
-
-26/Mar/2000 1.6.3 10
-
-
-
-
-
-sudoers(4) FILE FORMATS sudoers(4)
-
-
sudo -u operator /bin/ls.
It is also possible to override a Runas_Spec later on in
pertain to the current host. This behavior may be
overridden via the verifypw and listpw options.
- W\bW\bW\bWi\bi\bi\bil\bl\bl\bld\bd\bd\bdc\bc\bc\bca\ba\ba\bar\br\br\brd\bd\bd\bds\bs\bs\bs (\b(\b(\b(a\ba\ba\bak\bk\bk\bka\ba\ba\ba m\bm\bm\bme\be\be\bet\bt\bt\bta\ba\ba\ba c\bc\bc\bch\bh\bh\bha\ba\ba\bar\br\br\bra\ba\ba\bac\bc\bc\bct\bt\bt\bte\be\be\ber\br\br\brs\bs\bs\bs)\b)\b)\b):\b:\b:\b:
-
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows shell-style _\bw_\bi_\bl_\bd_\bc_\ba_\br_\bd_\bs to be used in pathnames
- as well as command line arguments in the _\bs_\bu_\bd_\bo_\be_\br_\bs file.
- Wildcard matching is done via the P\bP\bP\bPO\bO\bO\bOS\bS\bS\bSI\bI\bI\bIX\bX\bX\bX fnmatch(3)
- routine. Note that these are _\bn_\bo_\bt regular expressions.
- * Matches any set of zero or more characters.
- ? Matches any single character.
- [...] Matches any character in the specified range.
+1/Apr/2000 1.6.3 11
-26/Mar/2000 1.6.3 11
+sudoers(4) FILE FORMATS sudoers(4)
+ W\bW\bW\bWi\bi\bi\bil\bl\bl\bld\bd\bd\bdc\bc\bc\bca\ba\ba\bar\br\br\brd\bd\bd\bds\bs\bs\bs (\b(\b(\b(a\ba\ba\bak\bk\bk\bka\ba\ba\ba m\bm\bm\bme\be\be\bet\bt\bt\bta\ba\ba\ba c\bc\bc\bch\bh\bh\bha\ba\ba\bar\br\br\bra\ba\ba\bac\bc\bc\bct\bt\bt\bte\be\be\ber\br\br\brs\bs\bs\bs)\b)\b)\b):\b:\b:\b:
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows shell-style _\bw_\bi_\bl_\bd_\bc_\ba_\br_\bd_\bs to be used in pathnames
+ as well as command line arguments in the _\bs_\bu_\bd_\bo_\be_\br_\bs file.
+ Wildcard matching is done via the P\bP\bP\bPO\bO\bO\bOS\bS\bS\bSI\bI\bI\bIX\bX\bX\bX fnmatch(3)
+ routine. Note that these are _\bn_\bo_\bt regular expressions.
+ * Matches any set of zero or more characters.
-sudoers(4) FILE FORMATS sudoers(4)
+ ? Matches any single character.
+ [...] Matches any character in the specified range.
[!...] Matches any character n\bn\bn\bno\bo\bo\bot\bt\bt\bt in the specified range.
dangerous since in a command context, it allows the user
to run a\ba\ba\ban\bn\bn\bny\by\by\by command on the system.
+
+
+
+1/Apr/2000 1.6.3 12
+
+
+
+
+
+sudoers(4) FILE FORMATS sudoers(4)
+
+
An exclamation point ('!') can be used as a logical _\bn_\bo_\bt
operator both in an _\ba_\bl_\bi_\ba_\bs and in front of a Cmnd. This
allows one to exclude certain values. Note, however, that
syntactic characters in a _\bU_\bs_\be_\br _\bS_\bp_\be_\bc_\bi_\bf_\bi_\bc_\ba_\bt_\bi_\bo_\bn ('=', ':',
'(', ')') is optional.
-
-
-26/Mar/2000 1.6.3 12
-
-
-
-
-
-sudoers(4) FILE FORMATS sudoers(4)
-
-
The following characters must be escaped with a backslash
('\') when used as part of a word (eg. a username or
hostname): '@', '!', '=', ':', ',', '(', ')', '\'.
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
+
+
+
+1/Apr/2000 1.6.3 13
+
+
+
+
+
+sudoers(4) FILE FORMATS sudoers(4)
+
+
Here we override some of the compiled in default values.
We want s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to log via _\bs_\by_\bs_\bl_\bo_\bg(3) using the _\ba_\bu_\bt_\bh facility
in all cases. We don't want to subject the full time
Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log
-
-
-26/Mar/2000 1.6.3 13
-
-
-
-
-
-sudoers(4) FILE FORMATS sudoers(4)
-
-
The _\bU_\bs_\be_\br _\bs_\bp_\be_\bc_\bi_\bf_\bi_\bc_\ba_\bt_\bi_\bo_\bn is the part that actually
determines who may run what.
/usr/oper/bin/
The o\bo\bo\bop\bp\bp\bpe\be\be\ber\br\br\bra\ba\ba\bat\bt\bt\bto\bo\bo\bor\br\br\br user may run commands limited to simple
- maintenance. Here, those are commands related to backups,
- killing processes, the printing system, shutting down the
- system, and any commands in the directory _\b/_\bu_\bs_\br_\b/_\bo_\bp_\be_\br_\b/_\bb_\bi_\bn_\b/.
- joe ALL = /usr/bin/su operator
- The user j\bj\bj\bjo\bo\bo\boe\be\be\be may only _\bs_\bu(1) to operator.
- pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
+1/Apr/2000 1.6.3 14
- The user p\bp\bp\bpe\be\be\bet\bt\bt\bte\be\be\be is allowed to change anyone's password
- except for root on the _\bH_\bP_\bP_\bA machines. Note that this
- assumes _\bp_\ba_\bs_\bs_\bw_\bd(1) does not take multiple usernames on the
- command line.
-26/Mar/2000 1.6.3 14
+sudoers(4) FILE FORMATS sudoers(4)
+ maintenance. Here, those are commands related to backups,
+ killing processes, the printing system, shutting down the
+ system, and any commands in the directory _\b/_\bu_\bs_\br_\b/_\bo_\bp_\be_\br_\b/_\bb_\bi_\bn_\b/.
+ joe ALL = /usr/bin/su operator
+ The user j\bj\bj\bjo\bo\bo\boe\be\be\be may only _\bs_\bu(1) to operator.
-sudoers(4) FILE FORMATS sudoers(4)
+ pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
+ The user p\bp\bp\bpe\be\be\bet\bt\bt\bte\be\be\be is allowed to change anyone's password
+ except for root on the _\bH_\bP_\bP_\bA machines. Note that this
+ assumes _\bp_\ba_\bs_\bs_\bw_\bd(1) does not take multiple usernames on the
+ command line.
bob SPARC = (OP) ALL : SGI = (OP) ALL
any commands in the directory /usr/bin/ except for those
commands belonging to the _\bS_\bU and _\bS_\bH_\bE_\bL_\bL_\bS Cmnd_Aliases.
- steve CSNETS = (operator) /usr/local/op_commands/
- The user s\bs\bs\bst\bt\bt\bte\be\be\bev\bv\bv\bve\be\be\be may run any command in the directory
- /usr/local/op_commands/ but only as user operator.
- matt valkyrie = KILL
-
- On his personal workstation, valkyrie, m\bm\bm\bma\ba\ba\bat\bt\bt\btt\bt\bt\bt needs to be
- able to kill hung processes.
+1/Apr/2000 1.6.3 15
- WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
- On the host www, any user in the _\bW_\bE_\bB_\bM_\bA_\bS_\bT_\bE_\bR_\bS User_Alias
- (will, wendy, and wim), may run any command as user www
-26/Mar/2000 1.6.3 15
+sudoers(4) FILE FORMATS sudoers(4)
+ steve CSNETS = (operator) /usr/local/op_commands/
+ The user s\bs\bs\bst\bt\bt\bte\be\be\bev\bv\bv\bve\be\be\be may run any command in the directory
+ /usr/local/op_commands/ but only as user operator.
+ matt valkyrie = KILL
-sudoers(4) FILE FORMATS sudoers(4)
+ On his personal workstation, valkyrie, m\bm\bm\bma\ba\ba\bat\bt\bt\btt\bt\bt\bt needs to be
+ able to kill hung processes.
+ WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
+ On the host www, any user in the _\bW_\bE_\bB_\bM_\bA_\bS_\bT_\bE_\bR_\bS User_Alias
+ (will, wendy, and wim), may run any command as user www
(which owns the web pages) or simply _\bs_\bu(1) to www.
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
hostname be fully qualified as returned by the hostname
command or use the _\bf_\bq_\bd_\bn option in _\bs_\bu_\bd_\bo_\be_\br_\bs.
+
+
+
+
+1/Apr/2000 1.6.3 16
+
+
+
+
+
+sudoers(4) FILE FORMATS sudoers(4)
+
+
F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
/etc/sudoers List of who can run what
/etc/group Local groups file
-26/Mar/2000 1.6.3 16
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+1/Apr/2000 1.6.3 17
-26/Mar/2000 1.6.3 17
+1/Apr/2000 1.6.3 18
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
-''' Revision 1.5 2000/03/27 03:26:23 millert
-''' Use @mansectsu@ and @mansectform@ in the man page bodies as well.
+''' Revision 1.6 2000/04/01 21:23:28 millert
+''' Visudo now checks for the existence of an editor and gives a sensible
+''' error if it does not exist.
+'''
+''' The path to the editor for visudo is now a colon-separated list of
+''' allowable editors. If the user has $EDITOR set and it matches
+''' one of the allowed editors that editor will be used. If not,
+''' the first editor in the list that actually exists is used.
'''
'''
.de Sh
.nr % 0
.rr F
.\}
-.TH sudoers @mansectform@ "1.6.3" "26/Mar/2000" "FILE FORMATS"
+.TH sudoers @mansectform@ "1.6.3" "1/Apr/2000" "FILE FORMATS"
.UC
.if n .hy 0
.if n .na
this flag to prevent a user from entering a visible password. This
flag is off by default.
.Ip "env_editor" 12
-If set, \fBvisudo\fR will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 environment
-falling back on the default editor. Note that this may create a
-security hole as most editors allow a user to get a shell (which
-would be a root shell and not be logged).
+If set, \fBvisudo\fR will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0
+environment variables before falling back on the default editor list.
+Note that this may create a security hole as it allows the user to
+run any arbitrary command as root without logging. A safer alternative
+is to place a colon-separated list of editors in the \f(CWeditor\fR
+variable. \fBvisudo\fR will then only use the \s-1EDITOR\s0 or \s-1VISUAL\s0 if
+they match a value specified in \f(CWeditor\fR. This flag is off by
+default.
.Ip "rootpw" 12
If set, \fBsudo\fR will prompt for the root password instead of the password
-of the invoking user.
+of the invoking user. This flag is off by default.
.Ip "runaspw" 12
If set, \fBsudo\fR will prompt for the password of the user defined by the
\fIrunas_default\fR option (defaults to root) instead of the password
-of the invoking user.
+of the invoking user. This flag is off by default.
.Ip "targetpw" 12
If set, \fBsudo\fR will prompt for the password of the user specified by
the \f(CW-u\fR flag (defaults to root) instead of the password of the
-invoking user.
+invoking user. This flag is off by default.
.Ip "set_logname" 12
Normally, \fBsudo\fR will set the \f(CWLOGNAME\fR and \f(CWUSER\fR environment variables
to the name of the target user (usually root unless the \f(CW-u\fR flag is given).
.Ip "use_loginclass" 12
If set, \fBsudo\fR will apply the defaults specified for the target user's
login class if one exists. Only available if \fBsudo\fR is configured with
-the --with-logincap option.
+the --with-logincap option. This flag is off by default.
.PP
\fBIntegers\fR:
.Ip "passwd_tries" 12
Syslog priority to use when user authenticates unsuccessfully.
Defaults to \*(L"alert\*(R".
.Ip "editor" 12
-Path to the editor to be used by \fBvisudo\fR. The default is the path
-to vi on your system.
+A colon (':') separated list of editors allowed to be used with
+\fBvisudo\fR. \fBvisudo\fR will choose the editor that matches the user's
+\s-1USER\s0 environment variable if possible, or the first editor in the
+list that exists and is executable. The default is the path to vi
+on your system.
.PP
\fBStrings that can be used in a boolean context\fR:
.Ip "logfile" 12
{
char buf[MAXPATHLEN*2]; /* buffer used for copying files */
char *Editor; /* editor to use */
+ char *UserEditor; /* editor user wants to use */
+ char *EditorPath; /* colon-separated list of editors */
int sudoers_fd; /* sudoers file descriptor */
int stmp_fd; /* stmp file descriptor */
int n; /* length parameter */
(void) close(stmp_fd);
/*
- * If we are allowing EDITOR and VISUAL envariables set Editor
- * base on whichever exists...
+ * Check EDITOR and VISUAL environment variables to see which editor
+ * the user wants to use (we may not end up using it though).
+ * If the path is not fully-qualified, make it so and check that
+ * the specified executable actually exists.
*/
- if (!def_flag(I_ENV_EDITOR) ||
- (!(Editor = getenv("EDITOR")) && !(Editor = getenv("VISUAL"))))
- Editor = def_str(I_EDITOR);
+ if ((UserEditor = getenv("EDITOR")) == NULL || *UserEditor == '\0')
+ UserEditor = getenv("VISUAL");
+ if (*UserEditor == '\0')
+ UserEditor = NULL;
+ else if (UserEditor) {
+ if (find_path(UserEditor, &Editor) == FOUND) {
+ UserEditor = Editor;
+ } else {
+ if (def_flag(I_ENV_EDITOR)) {
+ /* If we are honoring $EDITOR this is a fatal error. */
+ (void) fprintf(stderr,
+ "%s: specified editor (%s) doesn't exist!\n",
+ Argv[0], UserEditor);
+ Exit(-1);
+ } else {
+ /* Otherwise, just ignore $EDITOR. */
+ UserEditor = NULL;
+ }
+ }
+ }
+
+ /*
+ * See if we can use the user's choice of editors either because
+ * we allow any $EDITOR or because $EDITOR is in the allowable list.
+ */
+ Editor = NULL;
+ if (def_flag(I_ENV_EDITOR) && UserEditor)
+ Editor = UserEditor;
+ else if (UserEditor) {
+ struct stat editor_sb;
+ struct stat user_editor_sb;
+ char *base, *userbase;
+
+ if (stat(UserEditor, &user_editor_sb) != 0) {
+ /* Should never happen since we already checked above. */
+ (void) fprintf(stderr, "%s: unable to stat editor (%s): %s\n",
+ Argv[0], UserEditor, strerror(errno));
+ Exit(-1);
+ }
+ EditorPath = estrdup(def_str(I_EDITOR));
+ Editor = strtok(EditorPath, ":");
+ do {
+ /*
+ * Both Editor and UserEditor should be fully qualified but
+ * check anyway...
+ */
+ if ((base = strrchr(Editor, '/')) == NULL)
+ continue;
+ if ((userbase = strrchr(UserEditor, '/')) == NULL) {
+ Editor = NULL;
+ break;
+ }
+ base++, userbase++;
+
+ /*
+ * We compare the basenames first and then use stat to match
+ * for sure.
+ */
+ if (strcmp(base, userbase) == 0) {
+ if (stat(Editor, &editor_sb) == 0 && S_ISREG(editor_sb.st_mode)
+ && (editor_sb.st_mode & 0000111) &&
+ editor_sb.st_dev == user_editor_sb.st_dev &&
+ editor_sb.st_ino == user_editor_sb.st_ino)
+ break;
+ }
+ } while ((Editor = strtok(NULL, ":")));
+ free(EditorPath);
+ }
+
+ /*
+ * Can't use $EDITOR, try each element of I_EDITOR until we
+ * find one that exists, is regular, and is executable.
+ */
+ if (Editor == NULL || *Editor == '\0') {
+ EditorPath = estrdup(def_str(I_EDITOR));
+ Editor = strtok(EditorPath, ":");
+ do {
+ if (sudo_goodpath(Editor))
+ break;
+ } while ((Editor = strtok(NULL, ":")));
+
+ /* Bleah, none of the editors existed! */
+ if (Editor == NULL || *Editor == '\0') {
+ (void) fprintf(stderr, "%s: no editor found (editor path = %s)\n",
+ Argv[0], def_str(I_EDITOR));
+ Exit(-1);
+ }
+ }
/*
* Edit the temp file and parse it (for sanity checking)
return;
}
+int
+user_is_exempt()
+{
+ return(TRUE);
+}
+
/*
* Assuming a parse error occurred, prompt the user for what they want
* to do now. Returns the first letter of their choice.
projects / sudo / commitdiff