sudo, sudoedit - execute a command as another user
S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
- s\bsu\bud\bdo\bo [-\b-D\bD _\bl_\be_\bv_\be_\bl] -\b-h\bh | -\b-K\bK | -\b-k\bk | -\b-L\bL | -\b-V\bV
+ s\bsu\bud\bdo\bo [-\b-D\bD _\bl_\be_\bv_\be_\bl] -\b-h\bh | -\b-K\bK | -\b-k\bk | -\b-V\bV
s\bsu\bud\bdo\bo -\b-v\bv [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-D\bD _\bl_\be_\bv_\be_\bl] [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd]
[-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd]
-1.8.0a1 May 11, 2010 1
+1.8.0a2 May 28, 2010 1
-1.8.0a1 May 11, 2010 2
+1.8.0a2 May 28, 2010 2
-1.8.0a1 May 11, 2010 3
+1.8.0a2 May 28, 2010 3
prompt for a password (if one is required by _\bs_\bu_\bd_\bo_\be_\br_\bs) and
will not update the user's time stamp file.
- -L The -\b-L\bL (_\bl_\bi_\bs_\bt defaults) option will list the parameters that
- may be set in a _\bD_\be_\bf_\ba_\bu_\bl_\bt_\bs line along with a short
- description for each. This option will be removed from a
- future version of s\bsu\bud\bdo\bo.
-
-l[l] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
If no _\bc_\bo_\bm_\bm_\ba_\bn_\bd is specified, the -\b-l\bl (_\bl_\bi_\bs_\bt) option will list
the allowed (and forbidden) commands for the invoking user
preserve the invoking user's group vector unaltered. By
default, s\bsu\bud\bdo\bo will initialize the group vector to the list
of groups the target user is in. The real and effective
+ group IDs, however, are still set to match the target user.
+ -p _\bp_\br_\bo_\bm_\bp_\bt The -\b-p\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the default
+ password prompt and use a custom one. The following
+ percent (`%') escapes are supported:
-1.8.0a1 May 11, 2010 4
+1.8.0a2 May 28, 2010 4
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- group IDs, however, are still set to match the target user.
-
- -p _\bp_\br_\bo_\bm_\bp_\bt The -\b-p\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the default
- password prompt and use a custom one. The following
- percent (`%') escapes are supported:
%H expanded to the local host name including the domain
name (on if the machine's host name is fully qualified
-V The -\b-V\bV (_\bv_\be_\br_\bs_\bi_\bo_\bn) option causes s\bsu\bud\bdo\bo to print the version
number and exit. If the invoking user is already root the
+ -\b-V\bV option will print out a list of the defaults s\bsu\bud\bdo\bo was
+ compiled with as well as the machine's local network
+ addresses.
+ -v If given the -\b-v\bv (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bsu\bud\bdo\bo will update the
+ user's time stamp, prompting for the user's password if
-1.8.0a1 May 11, 2010 5
+1.8.0a2 May 28, 2010 5
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- -\b-V\bV option will print out a list of the defaults s\bsu\bud\bdo\bo was
- compiled with as well as the machine's local network
- addresses.
- -v If given the -\b-v\bv (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bsu\bud\bdo\bo will update the
- user's time stamp, prompting for the user's password if
necessary. This extends the s\bsu\bud\bdo\bo timeout for another 5
minutes (or whatever the timeout is set to in _\bs_\bu_\bd_\bo_\be_\br_\bs) but
does not run a command.
blacklist all potentially dangerous environment variables, use of the
default _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt behavior is encouraged.
+ In all cases, environment variables with a value beginning with () are
+ removed as they could be interpreted as b\bba\bas\bsh\bh functions. The list of
+ environment variables that s\bsu\bud\bdo\bo allows or denies is contained in the
+ output of sudo -V when run as root.
-1.8.0a1 May 11, 2010 6
+1.8.0a2 May 28, 2010 6
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- In all cases, environment variables with a value beginning with () are
- removed as they could be interpreted as b\bba\bas\bsh\bh functions. The list of
- environment variables that s\bsu\bud\bdo\bo allows or denies is contained in the
- output of sudo -V when run as root.
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
Note that the dynamic linker on most operating systems will remove
variables that can control dynamic linking from the environment of
time stamp has per-tty granularity but still may outlive the user's
session. On Linux systems where the devpts filesystem is used, as well
as other systems that utilize a devfs filesystem that monotonically
+ increase the inode number of devices as they are created (such as Mac
+ OS X), s\bsu\bud\bdo\bo is able to determine when a tty-based time stamp file is
+ stale and will ignore it. Administrators should not rely on this
+ feature as it is not universally available.
+
-1.8.0a1 May 11, 2010 7
+1.8.0a2 May 28, 2010 7
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- increase the inode number of devices as they are created (such as Mac
- OS X), s\bsu\bud\bdo\bo is able to determine when a tty-based time stamp file is
- stale and will ignore it. Administrators should not rely on this
- feature as it is not universally available.
-
Please note that s\bsu\bud\bdo\bo will normally only log the command it explicitly
runs. If a user runs a command such as sudo su or sudo sh, subsequent
commands run from that shell will _\bn_\bo_\bt be logged, nor will s\bsu\bud\bdo\bo's access
VISUAL Default editor to use in -\b-e\be (sudoedit) mode if
SUDO_EDITOR is not set
+F\bFI\bIL\bLE\bES\bS
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
+ _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo Directory containing time stamps
-1.8.0a1 May 11, 2010 8
+1.8.0a2 May 28, 2010 8
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-F\bFI\bIL\bLE\bES\bS
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo Directory containing time stamps
_\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt Initial environment for -\b-i\bi mode on Linux and
AIX
See the HISTORY file in the s\bsu\bud\bdo\bo distribution or visit
http://www.sudo.ws/sudo/history.html for a short history of s\bsu\bud\bdo\bo.
+C\bCA\bAV\bVE\bEA\bAT\bTS\bS
+ There is no easy way to prevent a user from gaining a root shell if
+ that user is allowed to run arbitrary commands via s\bsu\bud\bdo\bo. Also, many
+ programs (such as editors) allow the user to run commands via shell
+
-1.8.0a1 May 11, 2010 9
+1.8.0a2 May 28, 2010 9
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-C\bCA\bAV\bVE\bEA\bAT\bTS\bS
- There is no easy way to prevent a user from gaining a root shell if
- that user is allowed to run arbitrary commands via s\bsu\bud\bdo\bo. Also, many
- programs (such as editors) allow the user to run commands via shell
escapes, thus avoiding s\bsu\bud\bdo\bo's checks. However, on most systems it is
possible to prevent shell escapes with s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality.
See the _\bs_\bu_\bd_\bo_\be_\br_\bs(4) manual for details.
-1.8.0a1 May 11, 2010 10
+
+
+
+
+1.8.0a2 May 28, 2010 10
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "May 25, 2010" "1.8.0a1" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "May 28, 2010" "1.8.0a2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
-\&\fBsudo\fR [\fB\-D\fR\ \fIlevel\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR
+\&\fBsudo\fR [\fB\-D\fR\ \fIlevel\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR
.PP
\&\fBsudo\fR \fB\-v\fR [\fB\-AknS\fR]
.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
time stamp file. As a result, \fBsudo\fR will prompt for a password
(if one is required by \fIsudoers\fR) and will not update the user's
time stamp file.
-.IP "\-L" 12
-.IX Item "-L"
-The \fB\-L\fR (\fIlist\fR defaults) option will list the parameters that
-may be set in a \fIDefaults\fR line along with a short description for
-each. This option will be removed from a future version of \fBsudo\fR.
.IP "\-l[l] [\fIcommand\fR]" 12
.IX Item "-l[l] [command]"
If no \fIcommand\fR is specified, the \fB\-l\fR (\fIlist\fR) option will list
projects / sudo / commitdiff