-.::sudo(8) MAINTENANCE COMMANDS .::sudo(8)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
N\bN\bN\bNA\bA\bA\bAM\bM\bM\bME\bE\bE\bE
- sudo - execute a command as the superuser
+ sudo - execute a command as another user
S\bS\bS\bSY\bY\bY\bYN\bN\bN\bNO\bO\bO\bOP\bP\bP\bPS\bS\bS\bSI\bI\bI\bIS\bS\bS\bS
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo -\b-\b-\b-V\bV\bV\bV | -\b-\b-\b-h\bh\bh\bh | -\b-\b-\b-l\bl\bl\bl | -\b-\b-\b-v\bv\bv\bv | -\b-\b-\b-k\bk\bk\bk | -\b-\b-\b-K\bK\bK\bK | -\b-\b-\b-s\bs\bs\bs | -\b-\b-\b-H\bH\bH\bH | [ -\b-\b-\b-b\bb\bb\bb ] | [ -\b-\b-\b-r\br\br\br
D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows a permitted user to execute a _\bc_\bo_\bm_\bm_\ba_\bn_\bd as the
- superuser (real and effective uid and gid are set to 0 and
- root's group as set in the passwd file respectively).
+ superuser or another user, as specified in the sudoers
+ file. The real and effective uid and gid are set to match
+ those of the target user as specified in the passwd file
+ (the group vector is also initialized when the target user
+ is not root).
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo determines who is an authorized user by consulting
the file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. By giving s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo the -v flag a user
can update the time stamp without running a _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b. The
password prompt itself will also time out if the user's
password is not entered with N minutes (again, this is
- defined at installation time and defaults to 5 minutes).
+ defined at configure time and defaults to 5 minutes).
- If an unauthorized user executes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo, mail will be sent
- from the user to the local authorities (defined at
- installation time).
+ If a user that is not listed in the _\bs_\bu_\bd_\bo_\be_\br_\bs file tries to
+ run a command via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo, mail is sent to the proper
+ authorities, as defined at configure time (defaults to
+ root). Note that the mail will not be sent if an
+ unauthorized user tries to run sudo with the -l or -v
+ flags. This allows users to determine for themselves
+ whether or not they are allowed to use s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo.
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was designed to log via the 4.3 BSD _\bs_\by_\bs_\bl_\bo_\bg(3)
- facility but can log to a file instead if so desired (or
- to both syslog and a file).
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo can log both successful an unsuccessful attempts (as
+ well as errors) to _\bs_\by_\bs_\bl_\bo_\bg(3), a log file, or both. By
+ default s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will log via _\bs_\by_\bs_\bl_\bo_\bg(3) but this is changeable
+ at configure time.
O\bO\bO\bOP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bNS\bS\bS\bS
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following command line options:
of s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo and a usage message before exiting.
-v If given the -v (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will update
- the user's timestamp file, prompting for the user's
+ the user's timestamp, prompting for the user's
password if necessary. This extends the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo timeout
to for another N minutes (where N is defined at
installation time and defaults to 5 minutes) but does
not run a command.
- -k The -k (_\bk_\bi_\bl_\bl) option to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo invalidates the user's
- timestamp file by setting the time on it to the epoch.
- The next time s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run a password will be required.
- This option does not require a password and was added
- to allow a user to revoke s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo permissions from a
- .logout file.
+1/Aug/1999 1.6 1
-22/Jul/1999 1.6 1
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
-.::sudo(8) MAINTENANCE COMMANDS .::sudo(8)
-
+ -k The -k (_\bk_\bi_\bl_\bl) option to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo invalidates the user's
+ timestamp file by setting the time on it to the epoch.
+ The next time s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run a password will be required.
+ This option does not require a password and was added
+ to allow a user to revoke s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo permissions from a
+ .logout file.
-K The -K (sure _\bk_\bi_\bl_\bl) option to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo removes the user's
timestamp file entirely. This option does not require
-p The -p (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the
default password prompt and use a custom one. If the
password prompt contains the %u escape, %u will be
- replaced by the user's login name. Similarly, %h will
- be replaced by the local hostname.
+ replaced with the user's login name. Similarly, %h
+ will be replaced with the local hostname.
-u The -u (_\bu_\bs_\be_\br) option causes sudo to run the specified
command as a user other than _\br_\bo_\bo_\bt. To specify a _\bu_\bi_\bd
-H The -H (_\bH_\bO_\bM_\bE) option sets the _\bH_\bO_\bM_\bE environment
variable to the homedir of the target user (root by
- default) as specified in _\bp_\ba_\bs_\bs_\bw_\bd(5).
+ default) as specified in _\bp_\ba_\bs_\bs_\bw_\bd(5). By default, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
+ does not modify _\bH_\bO_\bM_\bE.
-- The -- flag indicates that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo should stop processing
command line arguments. It is most useful in
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo quits with an exit value of 1 if there is a
configuration/permission problem or if s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot execute
the given command. In the latter case the error string is
- printed to stderr via _\bp_\be_\br_\br_\bo_\br(3). If s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot _\bs_\bt_\ba_\bt(2)
- one or more entries in the user's PATH the error is
- printed on stderr via _\bp_\be_\br_\br_\bo_\br(3). (If the directory does
- not exist or if it is not really a directory, the entry is
- ignored and no error is printed.) This should not happen
- under normal circumstances. The most common reason for
- _\bs_\bt_\ba_\bt(3) to return "permission denied" is if you are
- running an automounter and one of the directories in your
- PATH is on a machine that is currently unreachable.
+ printed to stderr. If s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot _\bs_\bt_\ba_\bt(2) one or more
+ entries in the user's PATH an error is printed on stderr.
+ (If the directory does not exist or if it is not really a
+ directory, the entry is ignored and no error is printed.)
+ This should not happen under normal circumstances. The
-S\bS\bS\bSE\bE\bE\bEC\bC\bC\bCU\bU\bU\bUR\bR\bR\bRI\bI\bI\bIT\bT\bT\bTY\bY\bY\bY N\bN\bN\bNO\bO\bO\bOT\bT\bT\bTE\bE\bE\bES\bS\bS\bS
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo tries to be safe when executing external commands.
- Variables that control how dynamic loading and binding is
+1/Aug/1999 1.6 2
-22/Jul/1999 1.6 2
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
-.::sudo(8) MAINTENANCE COMMANDS .::sudo(8)
+ most common reason for _\bs_\bt_\ba_\bt(2) to return "permission
+ denied" is if you are running an automounter and one of
+ the directories in your PATH is on a machine that is
+ currently unreachable.
+S\bS\bS\bSE\bE\bE\bEC\bC\bC\bCU\bU\bU\bUR\bR\bR\bRI\bI\bI\bIT\bT\bT\bTY\bY\bY\bY N\bN\bN\bNO\bO\bO\bOT\bT\bT\bTE\bE\bE\bES\bS\bS\bS
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo tries to be safe when executing external commands.
+ Variables that control how dynamic loading and binding is
done can be used to subvert the program that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo runs.
To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only),
and LIBPATH (AIX only) environment variables are removed
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will check the ownership of its timestamp directory
(_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo or _\b/_\bt_\bm_\bp_\b/_\b._\bo_\bd_\bu_\bs by default) and ignore the
directory's contents if it is not owned by root and only
- read, writable, and executable by root. On systems that
- allow users to give files away to root (via chown), if the
- timestamp directory is located in a directory writable by
- anyone (ie: _\b/_\bt_\bm_\bp), it is possible for a user to create the
- timestamp directory before s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run. However, because
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo checks the ownership and mode of the directory, the
- only damage that can be done is to "hide" files by putting
- them in the timestamp dir. This is unlikely to happen
- since once the timestamp dir is owned by root and
- inaccessible by any other user the user placing files
- there would be unable to get them back out. To get around
- this issue you can use a directory that is not world-
- writable for the timestamps (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo for instance)
- or create /tmp/.odus with the appropriate owner (root) and
- permissions (0700) in the system startup files.
-
- sudo will not honor timestamp files set far in the future.
- Timestamp files with a date greater than current_time + 2
- * TIMEOUT will be ignored and sudo will log and complain.
+ writable by root. On systems that allow non-root users to
+ give away files via _\bc_\bh_\bo_\bw_\bn(2), if the timestamp directory
+ is located in a directory writable by anyone (ie: _\b/_\bt_\bm_\bp),
+ it is possible for a user to create the timestamp
+ directory before s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run. However, because s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
+ checks the ownership and mode of the directory and its
+ contents, the only damage that can be done is to "hide"
+ files by putting them in the timestamp dir. This is
+ unlikely to happen since once the timestamp dir is owned
+ by root and inaccessible by any other user the user
+ placing files there would be unable to get them back out.
+ To get around this issue you can use a directory that is
+ not world-writable for the timestamps (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo for
+ instance) or create /tmp/.odus with the appropriate owner
+ (root) and permissions (0700) in the system startup files.
+
+ sudo will not honor timestamps set far in the future.
+ Timestamps with a date greater than current_time + 2 *
+ TIMEOUT will be ignored and sudo will log and complain.
This is done to keep a user from creating his/her own
- timestamp file with a bogus date on system that allow
- users to give away files.
+ timestamp with a bogus date on system that allow users to
+ give away files.
-F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
- /etc/sudoers file of authorized users.
-E\bE\bE\bEN\bN\bN\bNV\bV\bV\bVI\bI\bI\bIR\bR\bR\bRO\bO\bO\bON\bN\bN\bNM\bM\bM\bME\bE\bE\bEN\bN\bN\bNT\bT\bT\bT V\bV\bV\bVA\bA\bA\bAR\bR\bR\bRI\bI\bI\bIA\bA\bA\bAB\bB\bB\bBL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
-
+1/Aug/1999 1.6 3
-22/Jul/1999 1.6 3
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
+F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
+ /etc/sudoers List of who can run what
+ /var/run/sudo Directory containing timestamps
+ /tmp/.odus Same as above if no /var/run exists
-.::sudo(8) MAINTENANCE COMMANDS .::sudo(8)
-
-
+E\bE\bE\bEN\bN\bN\bNV\bV\bV\bVI\bI\bI\bIR\bR\bR\bRO\bO\bO\bON\bN\bN\bNM\bM\bM\bME\bE\bE\bEN\bN\bN\bNT\bT\bT\bT V\bV\bV\bVA\bA\bA\bAR\bR\bR\bRI\bI\bI\bIA\bA\bA\bAB\bB\bB\bBL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
PATH Set to a sane value if SECURE_PATH is set
SHELL Used to determine shell to run with -s option
USER Set to the target user (root unless the -u option
is specified)
- HOME In -s mode, set to homedir of root (or runas user)
- if built with the SHELL_SETS_HOME option
- SUDO_PROMPT Replaces the default password prompt
+ HOME In -s or -H mode (or if sudo was configured with
+ the --enable-shell-sets-home option), set to
+ homedir of the target user.
+ SUDO_PROMPT Used as the default password prompt
SUDO_COMMAND Set to the command run by sudo
SUDO_USER Set to the login of the user who invoked sudo
SUDO_UID Set to the uid of the user who invoked sudo
history of s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo.
Please send all bugs, comments, and changes to sudo-
- bugs@courtesan.com.
+ bugs@courtesan.com. Be sure to include the version of
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo you are using and the platform you are running it on.
D\bD\bD\bDI\bI\bI\bIS\bS\bS\bSC\bC\bC\bCL\bL\bL\bLA\bA\bA\bAI\bI\bI\bIM\bM\bM\bME\bE\bE\bER\bR\bR\bR
- This program is distributed in the hope that it will be
- useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- PURPOSE. See the LICENSE file distributed with sudo for
- more details.
+ S\bS\bS\bSu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is provided ``AS IS'' and any express or implied
+ warranties, including, but not limited to, the implied
+ warranties of merchantability and fitness for a particular
+ purpose are disclaimed. See the LICENSE file distributed
+ with s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo for complete details.
C\bC\bC\bCA\bA\bA\bAV\bV\bV\bVE\bE\bE\bEA\bA\bA\bAT\bT\bT\bTS\bS\bS\bS
There is no easy way to prevent a user from gaining a root
specification.
Running shell scripts via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo can expose the same kernel
- bugs that make setuid shell scripts unsafe on some
- operating systems.
-
-S\bS\bS\bSE\bE\bE\bEE\bE\bE\bE A\bA\bA\bAL\bL\bL\bLS\bS\bS\bSO\bO\bO\bO
- _\bs_\bu_\bd_\bo_\be_\br_\bs(5), _\bv_\bi_\bs_\bu_\bd_\bo(8), _\bs_\bu(1).
-
-
+1/Aug/1999 1.6 4
-22/Jul/1999 1.6 4
-
-
-
-
-
-.::sudo(8) MAINTENANCE COMMANDS .::sudo(8)
-
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
+ bugs that make setuid shell scripts unsafe on some
+ operating systems.
+S\bS\bS\bSE\bE\bE\bEE\bE\bE\bE A\bA\bA\bAL\bL\bL\bLS\bS\bS\bSO\bO\bO\bO
+ _\bs_\bu_\bd_\bo_\be_\br_\bs(5), _\bv_\bi_\bs_\bu_\bd_\bo(8), _\bs_\bu(1).
-22/Jul/1999 1.6 5
+1/Aug/1999 1.6 5
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
-''' Revision 1.33 1999/07/22 13:10:46 millert
+''' Revision 1.34 1999/08/01 16:26:16 millert
''' regen
'''
'''
.nr % 0
.rr F
.\}
-.TH .::sudo 8 "1.6" "22/Jul/1999" "MAINTENANCE COMMANDS"
+.TH SUDO 8 "1.6" "1/Aug/1999" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.if n .na
.\}
.rm #[ #] #H #V #F C
.SH "NAME"
-sudo \- execute a command as the superuser
+sudo \- execute a command as another user
.SH "SYNOPSIS"
\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \fB\-H\fR |
[ \fB\-b\fR ] | [ \fB\-r\fR realm ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
.SH "DESCRIPTION"
-\fBsudo\fR allows a permitted user to execute a \fIcommand\fR
-as the superuser (real and effective uid and gid are set
-to \f(CW0\fR and root's group as set in the passwd file respectively).
+\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
+superuser or another user, as specified in the sudoers file. The
+real and effective uid and gid are set to match those of the target
+user as specified in the passwd file (the group vector is also
+initialized when the target user is not root).
.PP
\fBsudo\fR determines who is an authorized user by consulting the
file \fI/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user
can update the time stamp without running a \fIcommand.\fR
The password prompt itself will also time out if the user's password is
-not entered with N minutes (again, this is defined at installation
+not entered with N minutes (again, this is defined at configure
time and defaults to 5 minutes).
.PP
-If an unauthorized user executes \fBsudo\fR, mail will be sent from the
-user to the local authorities (defined at installation time).
+If a user that is not listed in the \fIsudoers\fR file tries to run
+a command via \fBsudo\fR, mail is sent to the proper authorities,
+as defined at configure time (defaults to root). Note that the
+mail will not be sent if an unauthorized user tries to run sudo
+with the \f(CW-l\fR or \f(CW-v\fR flags. This allows users to determine
+for themselves whether or not they are allowed to use \fBsudo\fR.
.PP
-\fBsudo\fR was designed to log via the 4.3 BSD \fIsyslog\fR\|(3) facility but
-can log to a file instead if so desired (or to both syslog and a file).
+\fBsudo\fR can log both successful an unsuccessful attempts (as well
+as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR
+will log via \fIsyslog\fR\|(3) but this is changeable at configure time.
.SH "OPTIONS"
\fBsudo\fR accepts the following command line options:
.Ip "-V" 4
of \fBsudo\fR and a usage message before exiting.
.Ip "-v" 4
If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
-user's timestamp file, prompting for the user's password if necessary.
+user's timestamp, prompting for the user's password if necessary.
This extends the \fBsudo\fR timeout to for another N minutes
(where N is defined at installation time and defaults to 5
minutes) but does not run a command.
.Ip "-p" 4
The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default
password prompt and use a custom one. If the password prompt
-contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced by the user's
-login name. Similarly, \f(CW%h\fR will be replaced by the local
+contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced with the user's
+login name. Similarly, \f(CW%h\fR will be replaced with the local
hostname.
.Ip "-u" 4
The \f(CW-u\fR (\fIuser\fR) option causes sudo to run the specified command
.Ip "-H" 4
The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable
to the homedir of the target user (root by default) as specified
-in \fIpasswd\fR\|(5).
+in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR.
.Ip "--" 4
The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command
line arguments. It is most useful in conjunction with the \f(CW-s\fR flag.
\fBsudo\fR quits with an exit value of 1 if there is a
configuration/permission problem or if \fBsudo\fR cannot execute the
given command. In the latter case the error string is printed to
-stderr via \fIperror\fR\|(3). If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries
-in the user's PATH the error is printed on stderr via \fIperror\fR\|(3).
-(If the directory does not exist or if it is not really a directory,
-the entry is ignored and no error is printed.) This should not
-happen under normal circumstances. The most common reason for
-\fIstat\fR\|(3) to return \*(L"permission denied\*(R" is if you are running an
-automounter and one of the directories in your PATH is on a machine
-that is currently unreachable.
+stderr. If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's
+\f(CWPATH\fR an error is printed on stderr. (If the directory does not
+exist or if it is not really a directory, the entry is ignored and
+no error is printed.) This should not happen under normal
+circumstances. The most common reason for \fIstat\fR\|(2) to return
+\*(L"permission denied\*(R" is if you are running an automounter and one
+of the directories in your \f(CWPATH\fR is on a machine that is currently
+unreachable.
.SH "SECURITY NOTES"
\fBsudo\fR tries to be safe when executing external commands. Variables
that control how dynamic loading and binding is done can be used
only) environment variables are removed from the environment passed
on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR,
\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR, \f(CWKRB5_CONFIG\fR, \f(CWLOCALDOMAIN\fR,
-\f(CWRES_OPTIONS\fR and \f(CWHOSTALIASES\fR variables as they too can pose a threat.
+\f(CWRES_OPTIONS\fR and \f(CWHOSTALIASES\fR variables as they too can pose a
+threat.
.PP
To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting
current directory) last when searching for a command in the user's
PATH (if one or both are in the PATH). Note, however, that the
-actual PATH environment variable is \fInot\fR modified and is passed
+actual \f(CWPATH\fR environment variable is \fInot\fR modified and is passed
unchanged to the program that \fBsudo\fR executes.
.PP
For security reasons, if your OS supports shared libraries and does
.PP
\fBsudo\fR will check the ownership of its timestamp directory
(\fI/var/run/sudo\fR or \fI/tmp/.odus\fR by default) and ignore the
-directory's contents if it is not owned by root and only read,
-writable, and executable by root. On systems that allow users to
-give files away to root (via chown), if the timestamp directory is
-located in a directory writable by anyone (ie: \fI/tmp\fR), it is
-possible for a user to create the timestamp directory before \fBsudo\fR
-is run. However, because \fBsudo\fR checks the ownership and mode of
-the directory, the only damage that can be done is to \*(L"hide\*(R" files
+directory's contents if it is not owned by root and only writable
+by root. On systems that allow non-root users to give away files
+via \fIchown\fR\|(2), if the timestamp directory is located in a directory
+writable by anyone (ie: \fI/tmp\fR), it is possible for a user to
+create the timestamp directory before \fBsudo\fR is run. However,
+because \fBsudo\fR checks the ownership and mode of the directory and
+its contents, the only damage that can be done is to \*(L"hide\*(R" files
by putting them in the timestamp dir. This is unlikely to happen
since once the timestamp dir is owned by root and inaccessible by
any other user the user placing files there would be unable to get
them back out. To get around this issue you can use a directory
that is not world-writable for the timestamps (\fI/var/adm/sudo\fR for
-instance) or create /tmp/.odus with the appropriate owner (root) and
-permissions (0700) in the system startup files.
+instance) or create /tmp/.odus with the appropriate owner (root)
+and permissions (0700) in the system startup files.
.PP
-\f(CWsudo\fR will not honor timestamp files set far in the future.
-Timestamp files with a date greater than current_time + 2 * \f(CWTIMEOUT\fR
+\f(CWsudo\fR will not honor timestamps set far in the future.
+Timestamps with a date greater than current_time + 2 * \f(CWTIMEOUT\fR
will be ignored and sudo will log and complain. This is done to
-keep a user from creating his/her own timestamp file with a bogus
+keep a user from creating his/her own timestamp with a bogus
date on system that allow users to give away files.
.SH "FILES"
.PP
-.Vb 1
-\& /etc/sudoers file of authorized users.
+.Vb 3
+\& /etc/sudoers List of who can run what
+\& /var/run/sudo Directory containing timestamps
+\& /tmp/.odus Same as above if no /var/run exists
.Ve
.SH "ENVIRONMENT VARIABLES"
.PP
-.Vb 12
+.Vb 13
\& PATH Set to a sane value if SECURE_PATH is set
\& SHELL Used to determine shell to run with -s option
\& USER Set to the target user (root unless the -u option
\& is specified)
-\& HOME In -s mode, set to homedir of root (or runas user)
-\& if built with the SHELL_SETS_HOME option
-\& SUDO_PROMPT Replaces the default password prompt
+\& HOME In -s or -H mode (or if sudo was configured with
+\& the --enable-shell-sets-home option), set to
+\& homedir of the target user.
+\& SUDO_PROMPT Used as the default password prompt
\& SUDO_COMMAND Set to the command run by sudo
\& SUDO_USER Set to the login of the user who invoked sudo
\& SUDO_UID Set to the uid of the user who invoked sudo
of \fBsudo\fR.
.PP
Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
+Be sure to include the version of \fBsudo\fR you are using and the platform
+you are running it on.
.SH "DISCLAIMER"
-This program is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the LICENSE
-file distributed with sudo for more details.
+\fBSudo\fR is provided ``AS IS'\*(R' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.
+See the LICENSE file distributed with \fBsudo\fR for complete details.
.SH "CAVEATS"
There is no easy way to prevent a user from gaining a root shell if
that user has access to commands allowing shell escapes.
\fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1).
.rn }` ''
-.IX Title ".::sudo 8"
-.IX Name "sudo - execute a command as the superuser"
+.IX Title "SUDO 8"
+.IX Name "sudo - execute a command as another user"
.IX Header "NAME"
-.::visudo(8) MAINTENANCE COMMANDS .::visudo(8)
+VISUDO(8) MAINTENANCE COMMANDS VISUDO(8)
N\bN\bN\bNA\bA\bA\bAM\bM\bM\bME\bE\bE\bE
Your userid does not appear in the passwd file.
F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
- /etc/sudoers file of authorized users.
- /etc/stmp lock file for visudo.
+ /etc/sudoers List of who can run what
+ /etc/stmp Lock file for visudo
-22/Jul/1999 1.6 1
+1/Aug/1999 1.6 1
-.::visudo(8) MAINTENANCE COMMANDS .::visudo(8)
+VISUDO(8) MAINTENANCE COMMANDS VISUDO(8)
E\bE\bE\bEN\bN\bN\bNV\bV\bV\bVI\bI\bI\bIR\bR\bR\bRO\bO\bO\bON\bN\bN\bNM\bM\bM\bME\bE\bE\bEN\bN\bN\bNT\bT\bT\bT V\bV\bV\bVA\bA\bA\bAR\bR\bR\bRI\bI\bI\bIA\bA\bA\bAB\bB\bB\bBL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
- The following are used only if v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was compiled with
- the _\bE_\bN_\bV_\b__\bE_\bD_\bI_\bT_\bO_\bR option:
+ The following are used only if v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was configured with
+ the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\b-_\be_\bd_\bi_\bt_\bo_\br option:
- EDITOR Used by visudo as the editor to use.
- VISUAL Used by visudo if EDITOR is not set.
+ EDITOR Used by visudo as the editor to use
+ VISUAL Used by visudo if EDITOR is not set
A\bA\bA\bAU\bU\bU\bUT\bT\bT\bTH\bH\bH\bHO\bO\bO\bOR\bR\bR\bR
details.
Please send all bugs, comments, and changes to sudo-
- bugs@courtesan.com.
+ bugs@courtesan.com. Be sure to include the version of
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo you are using and the platform you are running it on.
D\bD\bD\bDI\bI\bI\bIS\bS\bS\bSC\bC\bC\bCL\bL\bL\bLA\bA\bA\bAI\bI\bI\bIM\bM\bM\bME\bE\bE\bER\bR\bR\bR
- This program is distributed in the hope that it will be
- useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- PURPOSE. See the LICENSE file distributed with sudo for
- more details.
+ V\bV\bV\bVi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is provided ``AS IS'' and any express or implied
+ warranties, including, but not limited to, the implied
+ warranties of merchantability and fitness for a particular
+ purpose are disclaimed. See the LICENSE file distributed
+ with s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo for complete details.
C\bC\bC\bCA\bA\bA\bAV\bV\bV\bVE\bE\bE\bEA\bA\bA\bAT\bT\bT\bTS\bS\bS\bS
Due to the syntax of the _\bs_\bu_\bd_\bo_\be_\br_\bs file, there is no way for
+1/Aug/1999 1.6 2
-22/Jul/1999 1.6 2
+VISUDO(8) MAINTENANCE COMMANDS VISUDO(8)
-.::visudo(8) MAINTENANCE COMMANDS .::visudo(8)
-
-22/Jul/1999 1.6 3
+1/Aug/1999 1.6 3
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
-''' Revision 1.7 1999/07/22 13:10:46 millert
+''' Revision 1.8 1999/08/01 16:26:16 millert
''' regen
'''
'''
.nr % 0
.rr F
.\}
-.TH .::visudo 8 "1.6" "22/Jul/1999" "MAINTENANCE COMMANDS"
+.TH VISUDO 8 "1.6" "1/Aug/1999" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.if n .na
.SH "FILES"
.Sp
.Vb 2
-\& /etc/sudoers file of authorized users.
-\& /etc/stmp lock file for visudo.
+\& /etc/sudoers List of who can run what
+\& /etc/stmp Lock file for visudo
.Ve
.SH "ENVIRONMENT VARIABLES"
-The following are used only if \fBvisudo\fR was compiled with the
-\fIENV_EDITOR\fR option:
+The following are used only if \fBvisudo\fR was configured with the
+\fI--with-env-editor\fR option:
.Sp
.Vb 2
-\& EDITOR Used by visudo as the editor to use.
-\& VISUAL Used by visudo if EDITOR is not set.
+\& EDITOR Used by visudo as the editor to use
+\& VISUAL Used by visudo if EDITOR is not set
.Ve
.SH "AUTHOR"
Many people have worked on \fIsudo\fR over the years, this version of
See the HISTORY file in the sudo distribution for more details.
.Sp
Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
+Be sure to include the version of \fBsudo\fR you are using and the platform
+you are running it on.
.SH "DISCLAIMER"
-This program is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the LICENSE
-file distributed with sudo for more details.
+\fBVisudo\fR is provided ``AS IS'\*(R' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.
+See the LICENSE file distributed with \fBsudo\fR for complete details.
.SH "CAVEATS"
-Due to the syntax of the \fIsudoers\fR file, there is no way
-for \fBvisudo\fR to tell the difference between a mistyped
-{Host,User,Cmnd}_Alias and a user or host name.
+Due to the syntax of the \fIsudoers\fR file, there is no way for
+\fBvisudo\fR to tell the difference between a mistyped {Host,User,Cmnd}_Alias
+and a user or host name.
.Sp
There is no easy way to prevent a user from gaining a root shell if
the editor used by \fBvisudo\fR allows shell escapes.
\fIsudo\fR\|(8), \fIvipw\fR\|(8).
.rn }` ''
-.IX Title ".::visudo 8"
+.IX Title "VISUDO 8"
.IX Name "visudo - edit the sudoers file"
.IX Header "NAME"
projects / sudo / commitdiff