--- /dev/null
+.rn '' }`
+''' $RCSfile$$Revision$$Date$
+'''
+''' $Log$
+''' Revision 1.1 2000/03/23 00:17:29 millert
+''' configure does substitution on these to produce *.man
+'''
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+''' Set up \*(-- to give an unbreakable dash;
+''' string Tr holds user defined translation string.
+''' Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
+''' \*(L" and \*(R", except that they are used on ".xx" lines,
+''' such as .IP and .SH, which do another additional levels of
+''' double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \(*p
+'br\}
+.\" If the F register is turned on, we'll generate
+.\" index entries out stderr for the following things:
+.\" TH Title
+.\" SH Header
+.\" Sh Subsection
+.\" Ip Item
+.\" X<> Xref (embedded
+.\" Of course, you have to process the output yourself
+.\" in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH sudo.pod.in @mansectsu@ "1.6.3" "22/Mar/2000" "MAINTENANCE COMMANDS"
+.UC
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+. \" AM - accent mark definitions
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds ? ?
+. ds ! !
+. ds /
+. ds q
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds v \h'-1'\o'\(aa\(ga'
+. ds _ \h'-1'^
+. ds . \h'-1'.
+. ds 3 3
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+. ds oe oe
+. ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
+sudo \- execute a command as another user
+.SH "SYNOPSIS"
+\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR |
+[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-c\fR class|\- ]
+[ \fB\-u\fR username/#uid ] \fIcommand\fR
+.SH "DESCRIPTION"
+\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
+superuser or another user, as specified in the sudoers file. The
+real and effective uid and gid are set to match those of the target
+user as specified in the passwd file (the group vector is also
+initialized when the target user is not root). By default, \fBsudo\fR
+requires that users authenticate themselves with a password
+(NOTE: this is the user's password, not the root password). Once
+a user has been authenticated, a timestamp is updated and the
+user may then use sudo without a password for a short period of time
+(five minutes by default).
+.PP
+\fBsudo\fR determines who is an authorized user by consulting the
+file \fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user
+can update the time stamp without running a \fIcommand.\fR
+The password prompt itself will also time out if the user's password is
+not entered with N minutes (again, this is defined at configure
+time and defaults to 5 minutes).
+.PP
+If a user that is not listed in the \fIsudoers\fR file tries to run
+a command via \fBsudo\fR, mail is sent to the proper authorities,
+as defined at configure time (defaults to root). Note that the
+mail will not be sent if an unauthorized user tries to run sudo
+with the \f(CW-l\fR or \f(CW-v\fR flags. This allows users to determine
+for themselves whether or not they are allowed to use \fBsudo\fR.
+.PP
+\fBsudo\fR can log both successful an unsuccessful attempts (as well
+as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR
+will log via \fIsyslog\fR\|(3) but this is changeable at configure time.
+.SH "OPTIONS"
+\fBsudo\fR accepts the following command line options:
+.Ip "-V" 4
+The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the
+version number and exit.
+.Ip "-l" 4
+The \f(CW-l\fR (\fIlist\fR) option will list out the allowed (and
+forbidden) commands for the user on the current host.
+.Ip "-L" 4
+The \f(CW-L\fR (\fIlist\fR defaults) option will list out the parameters
+that may be set in a \fIDefaults\fR line along with a short description
+for each. This option is useful in conjunction with \fIgrep\fR\|(1).
+.Ip "-h" 4
+The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
+.Ip "-v" 4
+If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
+user's timestamp, prompting for the user's password if necessary.
+This extends the \fBsudo\fR timeout to for another N minutes
+(where N is defined at installation time and defaults to 5
+minutes) but does not run a command.
+.Ip "-k" 4
+The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
+by setting the time on it to the epoch. The next time \fBsudo\fR is
+run a password will be required. This option does not require a password
+and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
+file.
+.Ip "-K" 4
+The \f(CW-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
+entirely. This option does not require a password.
+.Ip "-b" 4
+The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
+command in the background. Note that if you use the \f(CW-b\fR
+option you cannot use shell job control to manipulate the command.
+.Ip "-p" 4
+The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default
+password prompt and use a custom one. If the password prompt
+contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced with the user's
+login name. Similarly, \f(CW%h\fR will be replaced with the local
+hostname.
+.Ip "-c" 4
+The \f(CW-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
+with resources limited by the specified login class. The \fIclass\fR
+argument can be either a class name as defined in /etc/login.conf,
+or a single \*(L'\-\*(R' character. Specifying the \fIclass\fR as \*(L'\-\*(R' means
+that the command should be run restricted by the default login
+capibilities of the user the command is run as. If the \fIclass\fR
+argument specifies an existing user class, the command must be run
+as root, or the \fBsudo\fR command must be run from a shell that is already
+root. This option is only available on systems with \s-1BSD\s0 login classes
+where \fBsudo\fR has been configured with the --with-logincap option.
+.Ip "-u" 4
+The \f(CW-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
+as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a
+\fIusername\fR, use \*(L"#uid\*(R".
+.Ip "-s" 4
+The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
+environment variable if it is set or the shell as specified
+in \fIpasswd\fR\|(5).
+.Ip "-H" 4
+The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable
+to the homedir of the target user (root by default) as specified
+in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR.
+.Ip "-S" 4
+The \f(CW-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
+standard input instead of the terminal device.
+.Ip "--" 4
+The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command
+line arguments. It is most useful in conjunction with the \f(CW-s\fR flag.
+.SH "RETURN VALUES"
+\fBsudo\fR quits with an exit value of 1 if there is a
+configuration/permission problem or if \fBsudo\fR cannot execute the
+given command. In the latter case the error string is printed to
+stderr. If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's
+\f(CWPATH\fR an error is printed on stderr. (If the directory does not
+exist or if it is not really a directory, the entry is ignored and
+no error is printed.) This should not happen under normal
+circumstances. The most common reason for \fIstat\fR\|(2) to return
+\*(L"permission denied\*(R" is if you are running an automounter and one
+of the directories in your \f(CWPATH\fR is on a machine that is currently
+unreachable.
+.SH "SECURITY NOTES"
+\fBsudo\fR tries to be safe when executing external commands. Variables
+that control how dynamic loading and binding is done can be used
+to subvert the program that \fBsudo\fR runs. To combat this the
+\f(CWLD_*\fR, \f(CW_RLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), and \f(CWLIBPATH\fR (AIX
+only) environment variables are removed from the environment passed
+on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR,
+\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR, \f(CWKRB5_CONFIG\fR, \f(CWLOCALDOMAIN\fR,
+\f(CWRES_OPTIONS\fR and \f(CWHOSTALIASES\fR variables as they too can pose a
+threat.
+.PP
+To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting
+current directory) last when searching for a command in the user's
+PATH (if one or both are in the PATH). Note, however, that the
+actual \f(CWPATH\fR environment variable is \fInot\fR modified and is passed
+unchanged to the program that \fBsudo\fR executes.
+.PP
+For security reasons, if your OS supports shared libraries and does
+not disable user-defined library search paths for setuid programs
+(most do), you should either use a linker option that disables this
+behavior or link \fBsudo\fR statically.
+.PP
+\fBsudo\fR will check the ownership of its timestamp directory (\fI@TIMEDIR@\fR)
+and ignore the directory's contents if it is not owned by root and
+only writable by root. On systems that allow non-root users to
+give away files via \fIchown\fR\|(2), if the timestamp directory is located
+in a directory writable by anyone (eg: \fI/tmp\fR), it is possible for
+a user to create the timestamp directory before \fBsudo\fR is run.
+However, because \fBsudo\fR checks the ownership and mode of the
+directory and its contents, the only damage that can be done is to
+\*(L"hide\*(R" files by putting them in the timestamp dir. This is unlikely
+to happen since once the timestamp dir is owned by root and
+inaccessible by any other user the user placing files there would
+be unable to get them back out. To get around this issue you can
+use a directory that is not world-writable for the timestamps
+(\fI/var/adm/sudo\fR for instance) or create \fI@TIMEDIR@\fR with the
+appropriate owner (root) and permissions (0700) in the system startup
+files.
+.PP
+\fBsudo\fR will not honor timestamps set far in the future.
+Timestamps with a date greater than current_time + 2 * \f(CWTIMEOUT\fR
+will be ignored and sudo will log and complain. This is done to
+keep a user from creating his/her own timestamp with a bogus
+date on system that allow users to give away files.
+.SH "EXAMPLES"
+Note: the following examples assume suitable \fIsudoers\fR\|(5) entries.
+.PP
+To get a file listing of an unreadable directory:
+.PP
+.Vb 1
+\& % sudo ls /usr/local/protected
+.Ve
+To list the home directory of user yazza on a machine where the
+filesystem holding ~yazza is not exported as root:
+.PP
+.Vb 1
+\& % sudo -u yazza ls ~yazza
+.Ve
+To edit the \fIindex.html\fR file as user www:
+.PP
+.Vb 1
+\& % sudo -u www vi ~www/htdocs/index.html
+.Ve
+To shutdown a machine:
+.PP
+.Vb 1
+\& % sudo shutdown -r +15 "quick reboot"
+.Ve
+To make a usage listing of the directories in the /home
+partition. Note that this runs the commands in a sub-shell
+to make the \f(CWcd\fR and file redirection work.
+.PP
+.Vb 1
+\& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
+.Ve
+.SH "ENVIRONMENT"
+\fBsudo\fR utilizes the following environment variables:
+.PP
+.Vb 13
+\& PATH Set to a sane value if SECURE_PATH is set
+\& SHELL Used to determine shell to run with -s option
+\& USER Set to the target user (root unless the -u option
+\& is specified)
+\& HOME In -s or -H mode (or if sudo was configured with
+\& the --enable-shell-sets-home option), set to
+\& homedir of the target user.
+\& SUDO_PROMPT Used as the default password prompt
+\& SUDO_COMMAND Set to the command run by sudo
+\& SUDO_USER Set to the login of the user who invoked sudo
+\& SUDO_UID Set to the uid of the user who invoked sudo
+\& SUDO_GID Set to the gid of the user who invoked sudo
+\& SUDO_PS1 If set, PS1 will be set to its value
+.Ve
+.SH "FILES"
+.PP
+.Vb 2
+\& @sysconfdir@/sudoers List of who can run what
+\& @TIMEDIR@ Directory containing timestamps
+.Ve
+.SH "AUTHORS"
+Many people have worked on \fBsudo\fR over the years, this
+version consists of code written primarily by:
+.PP
+.Vb 2
+\& Todd Miller
+\& Chris Jepeway
+.Ve
+See the HISTORY file in the \fBsudo\fR distribution for a short history
+of \fBsudo\fR.
+.SH "BUGS"
+If you feel you have found a bug in sudo, please submit a bug report
+at http://www.courtesan.com/sudo/bugs/
+.SH "DISCLAIMER"
+\fBSudo\fR is provided ``AS IS'\*(R' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.
+See the LICENSE file distributed with \fBsudo\fR for complete details.
+.SH "CAVEATS"
+There is no easy way to prevent a user from gaining a root shell if
+that user has access to commands allowing shell escapes.
+.PP
+If users have sudo \f(CWALL\fR there is nothing to prevent them from creating
+their own program that gives them a root shell regardless of any \*(L'!\*(R'
+elements in the user specification.
+.PP
+Running shell scripts via \fBsudo\fR can expose the same kernel bugs
+that make setuid shell scripts unsafe on some operating systems
+(if your OS supports the /dev/fd/ directory, setuid shell scripts
+are generally safe).
+.SH "SEE ALSO"
+\fIlogin_cap\fR\|(3), \fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1).
+
+.rn }` ''
+.IX Title "sudo.pod.in @mansectsu@"
+.IX Name "sudo - execute a command as another user"
+
+.IX Header "NAME"
+
+.IX Header "SYNOPSIS"
+
+.IX Header "DESCRIPTION"
+
+.IX Header "OPTIONS"
+
+.IX Item "-V"
+
+.IX Item "-l"
+
+.IX Item "-L"
+
+.IX Item "-h"
+
+.IX Item "-v"
+
+.IX Item "-k"
+
+.IX Item "-K"
+
+.IX Item "-b"
+
+.IX Item "-p"
+
+.IX Item "-c"
+
+.IX Item "-u"
+
+.IX Item "-s"
+
+.IX Item "-H"
+
+.IX Item "-S"
+
+.IX Item "--"
+
+.IX Header "RETURN VALUES"
+
+.IX Header "SECURITY NOTES"
+
+.IX Header "EXAMPLES"
+
+.IX Header "ENVIRONMENT"
+
+.IX Header "FILES"
+
+.IX Header "AUTHORS"
+
+.IX Header "BUGS"
+
+.IX Header "DISCLAIMER"
+
+.IX Header "CAVEATS"
+
+.IX Header "SEE ALSO"
+
--- /dev/null
+.rn '' }`
+''' $RCSfile$$Revision$$Date$
+'''
+''' $Log$
+''' Revision 1.1 2000/03/23 00:17:29 millert
+''' configure does substitution on these to produce *.man
+'''
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+''' Set up \*(-- to give an unbreakable dash;
+''' string Tr holds user defined translation string.
+''' Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
+''' \*(L" and \*(R", except that they are used on ".xx" lines,
+''' such as .IP and .SH, which do another additional levels of
+''' double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \(*p
+'br\}
+.\" If the F register is turned on, we'll generate
+.\" index entries out stderr for the following things:
+.\" TH Title
+.\" SH Header
+.\" Sh Subsection
+.\" Ip Item
+.\" X<> Xref (embedded
+.\" Of course, you have to process the output yourself
+.\" in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH sudoers.pod.in @mansectform@ "1.6.3" "22/Mar/2000" "FILE FORMATS"
+.UC
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+. \" AM - accent mark definitions
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds ? ?
+. ds ! !
+. ds /
+. ds q
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds v \h'-1'\o'\(aa\(ga'
+. ds _ \h'-1'^
+. ds . \h'-1'.
+. ds 3 3
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+. ds oe oe
+. ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
+sudoers \- list of which users may execute what
+.SH "DESCRIPTION"
+The \fIsudoers\fR file is composed two types of entries:
+aliases (basically variables) and user specifications
+(which specify who may run what). The grammar of \fIsudoers\fR
+will be described below in Extended Backus-Naur Form (EBNF).
+Don't despair if you don't know what EBNF is, it is fairly
+simple and the definitions below are annotated.
+.Sh "Quick guide to \s-1EBNF\s0"
+\s-1EBNF\s0 is a concise and exact way of describing the grammar of a language.
+Each \s-1EBNF\s0 definition is made up of \fIproduction rules\fR. Eg.
+.PP
+.Vb 1
+\& symbol ::= definition | alternate1 | alternate2 ...
+.Ve
+Each \fIproduction rule\fR references others and thus makes up a
+grammar for the language. \s-1EBNF\s0 also contains the following
+operators, which many readers will recognize from regular
+expressions. Do not, however, confuse them with \*(L"wildcard\*(R"
+characters, which have different meanings.
+.Ip "\f(CW?\fR" 8
+Means that the preceding symbol (or group of symbols) is optional.
+That is, it may appear once or not at all.
+.Ip "\f(CW*\fR" 8
+Means that the preceding symbol (or group of symbols) may appear
+zero or more times.
+.Ip "\f(CW+\fR" 8
+Means that the preceding symbol (or group of symbols) may appear
+one or more times.
+.PP
+Parentheses may be used to group symbols together. For clarity,
+we will use single quotes ('') to designate what is a verbatim character
+string (as opposed to a symbol name).
+.Sh "Aliases"
+There are four kinds of aliases: the \f(CWUser_Alias\fR, \f(CWRunas_Alias\fR,
+\f(CWHost_Alias\fR and \f(CWCmnd_Alias\fR.
+.PP
+.Vb 4
+\& Alias ::= 'User_Alias' = User_Alias (':' User_Alias)* |
+\& 'Runas_Alias' = Runas_Alias (':' Runas_Alias)* |
+\& 'Host_Alias' = Host_Alias (':' Host_Alias)* |
+\& 'Cmnd_Alias' = Cmnd_Alias (':' Cmnd_Alias)*
+.Ve
+.Vb 1
+\& User_Alias ::= NAME '=' User_List
+.Ve
+.Vb 1
+\& Runas_Alias ::= NAME '=' Runas_User_List
+.Ve
+.Vb 1
+\& Host_Alias ::= NAME '=' Host_List
+.Ve
+.Vb 1
+\& Cmnd_Alias ::= NAME '=' Cmnd_List
+.Ve
+.Vb 1
+\& NAME ::= [A-Z]([A-Z][0-9]_)*
+.Ve
+Each \fIalias\fR definition is of the form
+.PP
+.Vb 1
+\& Alias_Type NAME = item1, item2, ...
+.Ve
+where \fIAlias_Type\fR is one of \f(CWUser_Alias\fR, \f(CWRunas_Alias\fR, \f(CWHost_Alias\fR,
+or \f(CWCmnd_Alias\fR. A \f(CWNAME\fR is a string of upper case letters, numbers,
+and the underscore characters ('_'). A \f(CWNAME\fR \fBmust\fR start with an
+upper case letter. It is possible to put several alias definitions
+of the same type on a single line, joined by a semicolon (':'). Eg.
+.PP
+.Vb 1
+\& Alias_Type NAME = item1, item2, item3 : NAME = item4, item5
+.Ve
+The definitions of what constitutes a valid \fIalias\fR member follow.
+.PP
+.Vb 2
+\& User_List ::= User |
+\& User ',' User_List
+.Ve
+.Vb 5
+\& User ::= '!'* username |
+\& '!'* '#'uid |
+\& '!'* '%'group |
+\& '!'* '+'netgroup |
+\& '!'* User_Alias
+.Ve
+A \f(CWUser_List\fR is made up of one or more usernames, uids
+(prefixed with \*(L'#'), System groups (prefixed with \*(L'%'),
+netgroups (prefixed with \*(L'+') and other aliases. Each list
+item may be prefixed with one or more \*(L'!\*(R' operators. An odd number
+of \*(L'!\*(R' operators negates the value of the item; an even number
+just cancel each other out.
+.PP
+.Vb 2
+\& Runas_List ::= Runas_User |
+\& Runas_User ',' Runas_List
+.Ve
+.Vb 5
+\& Runas_User ::= '!'* username |
+\& '!'* '#'uid |
+\& '!'* '%'group |
+\& '!'* +netgroup |
+\& '!'* Runas_Alias
+.Ve
+Likewise, a \f(CWRunas_List\fR has the same possible elements
+as a \f(CWUser_List\fR, except that it can include a \f(CWRunas_Alias\fR,
+instead of a \f(CWUser_Alias\fR.
+.PP
+.Vb 2
+\& Host_List ::= Host |
+\& Host ',' Host_List
+.Ve
+.Vb 5
+\& Host ::= '!'* hostname |
+\& '!'* ip_addr |
+\& '!'* network(/netmask)? |
+\& '!'* '+'netgroup |
+\& '!'* Host_Alias
+.Ve
+A \f(CWHost_List\fR is made up of one or more hostnames, \s-1IP\s0 addresses,
+network numbers, netgroups (prefixed with \*(L'+') and other aliases.
+Again, the value of an item may be negated with the \*(L'!\*(R' operator.
+If you do not specify a netmask with a network number, the netmask
+of the host's ethernet \fIinterface\fR\|(s) will be used when matching.
+The netmask may be specified either in dotted quad notation (eg.
+255.255.255.0) or \s-1CIDR\s0 notation (number of bits, eg. 24).
+.PP
+.Vb 2
+\& Cmnd_List ::= Cmnd |
+\& Cmnd ',' Cmnd_List
+.Ve
+.Vb 3
+\& commandname ::= filename |
+\& filename args |
+\& filename '""'
+.Ve
+.Vb 3
+\& Cmnd ::= '!'* commandname |
+\& '!'* directory |
+\& '!'* Cmnd_Alias
+.Ve
+A \f(CWCmnd_List\fR is a list of one or more commandnames, directories, and other
+aliases. A commandname is a fully-qualified filename which may include
+shell-style wildcards (see `Wildcards\*(R' section below). A simple
+filename allows the user to run the command with any arguments he/she
+wishes. However, you may also command line arguments (including wildcards).
+Alternately, you can specify \f(CW""\fR to indicate that the command
+may only be run \fBwithout\fR command line arguments. A directory is a
+fully qualified pathname ending in a \*(L'/\*(R'. When you specify a directory
+in a \f(CWCmnd_List\fR, the user will be able to run any file within that directory
+(but not in any subdirectories therein).
+.PP
+If a \f(CWCmnd\fR has associated command line arguments, then the arguments
+in the \f(CWCmnd\fR must match exactly those given by the user on the command line
+(or match the wildcards if there are any). Note that the following
+characters must be escaped with a \*(L'\e\*(R' if they are used in command
+arguments: \*(L',\*(R', \*(L':\*(R', \*(L'=\*(R', \*(L'\e\*(R'.
+.Sh "Defaults"
+Certain configuration options may be changed from their default
+values at runtime via one or more \f(CWDefault_Entry\fR lines. These
+may affect all users on any host, all users on a specific host,
+or just a specific user. When multiple entries match, they are
+applied in order. Where there are conflicting values, the last
+value on a matching line takes effect.
+.PP
+.Vb 3
+\& Default_Type ::= 'Defaults' ||
+\& 'Defaults' ':' User ||
+\& 'Defaults' '@' Host
+.Ve
+.Vb 1
+\& Default_Entry ::= Default_Type Parameter_List
+.Ve
+.Vb 2
+\& Parameter ::= Parameter '=' Value ||
+\& '!'* Parameter ||
+.Ve
+Parameters may be \fBflags\fR, \fBinteger\fR values, or \fBstrings\fR. Flags
+are implicitly boolean and can be turned off via the \*(L'!\*(R' operator.
+Some integer and string parameters may also be used in a boolean
+context to disable them. Values may be enclosed in double quotes
+(\f(CW"\fR) when they contain multiple words. Special characters may
+be escaped with a backslash (\f(CW\e\fR).
+.PP
+\fBFlags\fR:
+.Ip "long_otp_prompt" 12
+When validating with a One Time Password scheme (\fBS/Key\fR or \fB\s-1OPIE\s0\fR),
+a two-line prompt is used to make it easier to cut and paste the
+challenge to a local window. It's not as pretty as the default but
+some people find it more convenient. This flag is off by default.
+.Ip "ignore_dot" 12
+If set, \fBsudo\fR will ignore \*(L'.\*(R' or \*(L'\*(R' (current dir) in \f(CW$PATH\fR;
+the \f(CW$PATH\fR itself is not modified. This flag is off by default.
+.Ip "mail_always" 12
+Send mail to the \fImailto\fR user every time a users runs sudo.
+This flag is off by default.
+.Ip "mail_no_user" 12
+If set, mail will be sent to the \fImailto\fR user if the invoking
+user is not in the \fIsudoers\fR file. This flag is on by default.
+.Ip "mail_no_host" 12
+If set, mail will be sent to the \fImailto\fR user if the invoking
+user exists in the \fIsudoers\fR file, but is not allowed to run
+commands on the current host. This flag is off by default.
+.Ip "mail_no_perms" 12
+If set, mail will be sent to the \fImailto\fR user if the invoking
+user allowed to use sudo but the command they are trying is not
+listed in their \fIsudoers\fR file entry. This flag is off by default.
+.Ip "tty_tickets" 12
+If set, users must authenticate on a per-tty basis. Normally,
+\fBsudo\fR uses a directory in the ticket dir with the same name as
+the user running it. With this flag enabled, \fBsudo\fR will use a
+file named for the tty the user is logged in on in that directory.
+This flag is off by default.
+.Ip "lecture" 12
+If set, a user will receive a short lecture the first time he/she
+runs \fBsudo\fR. This flag is on by default.
+.Ip "authenticate" 12
+If set, users must authenticate themselves via a password (or other
+means of authentication) before they may run commands. This default
+may be overridden via the \f(CWPASSWD\fR and \f(CWNOPASSWD\fR tags.
+This flag is on by default.
+.Ip "root_sudo" 12
+If set, root is allowed to run sudo too. Disabling this prevents users
+from \*(L"chaining\*(R" sudo commands to get a root shell by doing something
+like \f(CW"sudo sudo /bin/sh"\fR.
+This flag is on by default.
+.Ip "log_host" 12
+If set, the hostname will be logged in the (non-syslog) \fBsudo\fR log file.
+This flag is off by default.
+.Ip "log_year" 12
+If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR log file.
+This flag is off by default.
+.Ip "shell_noargs" 12
+If set and \fBsudo\fR is invoked with no arguments it acts as if the
+\f(CW-s\fR flag had been given. That is, it runs a shell as root (the
+shell is determined by the \f(CWSHELL\fR environment variable if it is
+set, falling back on the shell listed in the invoking user's
+/etc/passwd entry if not). This flag is off by default.
+.Ip "set_home" 12
+If set and \fBsudo\fR is invoked with the \f(CW-s\fR flag the \f(CWHOME\fR
+environment variable will be set to the home directory of the target
+user (which is root unless the \f(CW-u\fR option is used). This effectively
+makes the \f(CW-s\fR flag imply \f(CW-H\fR. This flag is off by default.
+.Ip "path_info" 12
+Normally, \fBsudo\fR will tell the user when a command could not be
+found in their \f(CW$PATH\fR. Some sites may wish to disable this as
+it could be used to gather information on the location of executables
+that the normal user does not have access to. The disadvantage is
+that if the executable is simply not in the user's \f(CW$PATH\fR, \fBsudo\fR
+will tell the user that they are not allowed to run it, which can
+be confusing. This flag is off by default.
+.Ip "fqdn" 12
+Set this flag if you want to put fully qualified hostnames in the
+\fIsudoers\fR file. Ie: instead of myhost you would use myhost.mydomain.edu.
+You may still use the short form if you wish (and even mix the two).
+Beware that turning on \fIfqdn\fR requires sudo to make \s-1DNS\s0 lookups
+which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example
+if the machine is not plugged into the network). Also note that
+you must use the host's official name as \s-1DNS\s0 knows it. That is,
+you may not use a host alias (\f(CWCNAME\fR entry) due to performance
+issues and the fact that there is no way to get all aliases from
+\s-1DNS\s0. If your machine's hostname (as returned by the \f(CWhostname\fR
+command) is already fully qualified you shouldn't need to set
+\fIfqfn\fR. This flag is off by default.
+.Ip "insults" 12
+If set, sudo will insult users when they enter an incorrect
+password. This flag is off by default.
+.Ip "requiretty" 12
+If set, sudo will only run when the user is logged in to a real
+tty. This will disallow things like \f(CW"rsh somehost sudo ls"\fR since
+\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn
+of echo when there is no tty present, some sites may with to set
+this flag to prevent a user from entering a visible password. This
+flag is off by default.
+.Ip "env_editor" 12
+If set, visudo will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 environment
+falling back on the default editor. Note that this may create a
+security hole as most editors allow a user to get a shell (which
+would be a root shell and not be logged).
+.Ip "rootpw" 12
+If set, sudo will prompt for the root password instead of the password
+of the invoking user.
+.Ip "runaspw" 12
+If set, sudo will prompt for the password of the user defined by the
+\fIrunas_default\fR option (defaults to root) instead of the password
+of the invoking user.
+.Ip "targetpw" 12
+If set, sudo will prompt for the password of the user specified by
+the \f(CW-u\fR flag (defaults to root) instead of the password of the
+invoking user.
+.Ip "use_loginclass" 12
+If set, sudo will apply the defaults specified for the target user's
+login class if one exists. Only available if sudo is configured with
+the --with-logincap option.
+.PP
+\fBIntegers\fR:
+.Ip "passwd_tries" 12
+The number of tries a user gets to enter his/her password before
+sudo logs the failure and exits. The default is 3.
+.PP
+\fBIntegers that can be used in a boolean context\fR:
+.Ip "loglinelen" 12
+Number of characters per line for the file log. This value is used
+to decide when to wrap lines for nicer log files. This has no
+effect on the syslog log file, only the file log. The default is
+80 (use 0 or negate to disable word wrap).
+.Ip "timestamp_timeout" 12
+Number of minutes that can elapse before \fBsudo\fR will ask for a passwd
+again. The default is 5, set this to 0 to always prompt for a password.
+.Ip "passwd_timeout" 12
+Number of minutes before the sudo password prompt times out.
+The default is 5, set this to 0 for no password timeout.
+.Ip "umask" 12
+Umask to use when running the root command. Set this to 0777 to
+not override the user's umask. The default is 0022.
+.PP
+\fBStrings\fR:
+.Ip "mailsub" 12
+Subject of the mail sent to the \fImailto\fR user. The escape \f(CW%h\fR
+will expand to the hostname of the machine.
+Default is \*(L"*** \s-1SECURITY\s0 information for \f(CW%h\fR ***\*(R".
+.Ip "badpass_message" 12
+Message that is displayed if a user enters an incorrect password.
+The default is \*(L"Sorry, try again.\*(R" unless insults are enabled.
+.Ip "timestampdir" 12
+The directory in which \fBsudo\fR stores its timestamp files.
+The default is \fI@\s-1TIMEDIR\s0@\fR.
+.Ip "passprompt" 12
+The default prompt to use when asking for a password; can be overridden
+via the \f(CW-p\fR option or the \f(CWSUDO_PROMPT\fR environment variable. Supports
+two escapes: \*(L"%u\*(R" expands to the user's login name and \*(L"%h\*(R" expands
+to the local hostname. The default value is \*(L"Password:\*(R".
+.Ip "runas_default" 12
+The default user to run commands as if the \f(CW-u\fR flag is not specified
+on the command line. This defaults to \*(L"root\*(R".
+.Ip "syslog_goodpri" 12
+Syslog priority to use when user authenticates successfully.
+Defaults to \*(L"notice\*(R".
+.Ip "syslog_badpri" 12
+Syslog priority to use when user authenticates unsuccessfully.
+Defaults to \*(L"alert\*(R".
+.Ip "editor" 12
+Path to the editor to be used by visudo. The default is the path
+to vi on your system.
+.PP
+\fBStrings that can be used in a boolean context\fR:
+.Ip "logfile" 12
+Path to the sudo log file (not the syslog log file). Setting a path
+turns on logging to a file, negating this option turns it off.
+.Ip "syslog" 12
+Syslog facility if syslog is being used for logging (negate to
+disable syslog logging). Defaults to \*(L"local2\*(R".
+.Ip "mailerpath" 12
+Path to mail program used to send warning mail.
+Defaults to the path to sendmail found at configure time.
+.Ip "mailerflags" 12
+Flags to use when invoking mailer. Defaults to \f(CW-t\fR.
+.Ip "mailto" 12
+Address to send warning and erorr mail to. Defaults to \*(L"root\*(R".
+.Ip "exempt_group" 12
+Users in this group are exempt from password and \s-1PATH\s0 requirements.
+This is not set by default.
+.Ip "secure_path" 12
+Path used for every command run from \fBsudo\fR. If you don't trust the
+people running sudo to have a sane \f(CWPATH\fR environment variable you may
+want to use this. Another use is if you want to have the \*(L"root path\*(R"
+be separate from the \*(L"user path.\*(R" This is not set by default.
+.Ip "verifypw" 12
+This option controls when a password will be required when a
+user runs sudo with the \fB\-v\fR. It has the following possible values:
+.Sp
+.Vb 3
+\& all All the user's I<sudoers> entries for the
+\& current host must have the C<NOPASSWD>
+\& flag set to avoid entering a password.
+.Ve
+.Vb 4
+\& any At least one of the user's I<sudoers> entries
+\& for the current host must have the
+\& C<NOPASSWD> flag set to avoid entering a
+\& password.
+.Ve
+.Vb 2
+\& never The user need never enter a password to use
+\& the B<-v> flag.
+.Ve
+.Vb 2
+\& always The user must always enter a password to use
+\& the B<-v> flag.
+.Ve
+The default value is `all\*(R'.
+.Ip "listpw" 12
+This option controls when a password will be required when a
+user runs sudo with the \fB\-l\fR. It has the following possible values:
+.Sp
+.Vb 3
+\& all All the user's I<sudoers> entries for the
+\& current host must have the C<NOPASSWD>
+\& flag set to avoid entering a password.
+.Ve
+.Vb 4
+\& any At least one of the user's I<sudoers> entries
+\& for the current host must have the
+\& C<NOPASSWD> flag set to avoid entering a
+\& password.
+.Ve
+.Vb 2
+\& never The user need never enter a password to use
+\& the B<-l> flag.
+.Ve
+.Vb 2
+\& always The user must always enter a password to use
+\& the B<-l> flag.
+.Ve
+The default value is `any\*(R'.
+.PP
+When logging via \fIsyslog\fR\|(3), sudo accepts the following values for the syslog
+facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your \s-1OS\s0
+supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR,
+\fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. The following
+syslog priorities are supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR,
+\fBerr\fR, \fBinfo\fR, \fBnotice\fR, and \fBwarning\fR.
+.Sh "User Specification"
+.PP
+.Vb 2
+\& User_Spec ::= User_list Host_List '=' User_List Cmnd_Spec_List \e
+\& (':' User_Spec)*
+.Ve
+.Vb 2
+\& Cmnd_Spec_List ::= Cmnd_Spec |
+\& Cmnd_Spec ',' Cmnd_Spec_List
+.Ve
+.Vb 1
+\& Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd
+.Ve
+.Vb 1
+\& Runas_Spec ::= '(' Runas_List ')'
+.Ve
+A \fBuser specification\fR determines which commands a user may run
+(and as what user) on specified hosts. By default, commands are
+run as \fBroot\fR but this can be changed on a per-command basis.
+.PP
+Let's break that down into its constituent parts:
+.Sh "Runas_Spec"
+A \f(CWRunas_Spec\fR is simply a \f(CWRunas_List\fR (as defined above)
+enclosed in a set of parentheses. If you do not specify a
+\f(CWRunas_Spec\fR in the user specification, a default \f(CWRunas_Spec\fR
+of \fBroot\fR will be used. A \f(CWRunas_Spec\fR sets the default for
+commands that follow it. What this means is that for the entry:
+.PP
+.Vb 1
+\& dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who
+.Ve
+The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and
+\fI/usr/bin/lprm\fR -- but only as \fBoperator\fR. Eg.
+.PP
+.Vb 1
+\& sudo -u operator /bin/ls.
+.Ve
+It is also possible to override a \f(CWRunas_Spec\fR later on in an
+entry. If we modify the entry like so:
+.PP
+.Vb 1
+\& dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
+.Ve
+Then user \fBdgb\fR is now allowed to run \fI/bin/ls\fR as \fBoperator\fR,
+but \fI/bin/kill\fR and \fI/usr/bin/lprm\fR as \fBroot\fR.
+.Sh "\s-1NOPASSWD\s0 and \s-1PASSWD\s0"
+By default, \fBsudo\fR requires that a user authenticate him or herself
+before running a command. This behavior can be modified via the
+\f(CWNOPASSWD\fR tag. Like a \f(CWRunas_Spec\fR, the \f(CWNOPASSWD\fR tag sets
+a default for the commands that follow it in the \f(CWCmnd_Spec_List\fR.
+Conversely, the \f(CWPASSWD\fR tag can be used to reverse things.
+For example:
+.PP
+.Vb 1
+\& ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
+.Ve
+would allow the user \fBray\fR to run \fI/bin/kill\fR, \fI/bin/ls\fR, and
+\fI/usr/bin/lprm\fR as root on the machine rushmore as \fBroot\fR without
+authenticating himself. If we only want \fBray\fR to be able to
+run \fI/bin/kill\fR without a password the entry would be:
+.PP
+.Vb 1
+\& ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
+.Ve
+Note however, that the \f(CWPASSWD\fR tag has no effect on users who are
+in the group specified by the exempt_group option.
+.PP
+By default, if the \f(CWNOPASSWD\fR tag is applied to any of the entries
+for a user on the current host, he or she will be able to run
+\f(CWsudo -l\fR without a password. Additionally, a user may only run
+\f(CWsudo -v\fR without a password if the \f(CWNOPASSWD\fR tag is present
+for all a user's entries that pertain to the current host.
+This behavior may be overridden via the verifypw and listpw options.
+.Sh "Wildcards (aka meta characters):"
+\fBsudo\fR allows shell-style \fIwildcards\fR to be used in pathnames
+as well as command line arguments in the \fIsudoers\fR file. Wildcard
+matching is done via the \fB\s-1POSIX\s0\fR \f(CWfnmatch(3)\fR routine. Note that
+these are \fInot\fR regular expressions.
+.Ip "\f(CW*\fR" 8
+Matches any set of zero or more characters.
+.Ip "\f(CW?\fR" 8
+Matches any single character.
+.Ip "\f(CW[...]\fR" 8
+Matches any character in the specified range.
+.Ip "\f(CW[!...]\fR" 8
+Matches any character \fBnot\fR in the specified range.
+.Ip "\f(CW\ex\fR" 8
+For any character \*(L"x\*(R", evaluates to \*(L"x\*(R". This is used to
+escape special characters such as: \*(L"*\*(R", \*(L"?\*(R", \*(L"[\*(R", and \*(L"}\*(R".
+.PP
+Note that a forward slash ('/') will \fBnot\fR be matched by
+wildcards used in the pathname. When matching the command
+line arguments, however, as slash \fBdoes\fR get matched by
+wildcards. This is to make a path like:
+.PP
+.Vb 1
+\& /usr/bin/*
+.Ve
+match \f(CW/usr/bin/who\fR but not \f(CW/usr/bin/X11/xterm\fR.
+.Sh "Exceptions to wildcard rules:"
+The following exceptions apply to the above rules:
+.Ip \f(CW""\fR 8
+If the empty string \f(CW""\fR is the only command line argument in the
+\fIsudoers\fR entry it means that command is not allowed to be run
+with \fBany\fR arguments.
+.Sh "Other special characters and reserved words:"
+The pound sign ('#') is used to indicate a comment (unless it
+occurs in the context of a user name and is followed by one or
+more digits, in which case it is treated as a uid). Both the
+comment character and any text after it, up to the end of the line,
+are ignored.
+.PP
+The reserved word \fB\s-1ALL\s0\fR is a built in \fIalias\fR that always causes
+a match to succeed. It can be used wherever one might otherwise
+use a \f(CWCmnd_Alias\fR, \f(CWUser_Alias\fR, \f(CWRunas_Alias\fR, or \f(CWHost_Alias\fR.
+You should not try to define your own \fIalias\fR called \fB\s-1ALL\s0\fR as the
+built in alias will be used in preference to your own. Please note
+that using \fB\s-1ALL\s0\fR can be dangerous since in a command context, it
+allows the user to run \fBany\fR command on the system.
+.PP
+An exclamation point (\*(R'!') can be used as a logical \fInot\fR operator
+both in an \fIalias\fR and in front of a \f(CWCmnd\fR. This allows one to
+exclude certain values. Note, however, that using a \f(CW!\fR in
+conjunction with the built in \f(CWALL\fR alias to allow a user to
+run \*(L"all but a few\*(R" commands rarely works as intended (see \s-1SECURITY\s0
+\s-1NOTES\s0 below).
+.PP
+Long lines can be continued with a backslash (\*(R'\e') as the last
+character on the line.
+.PP
+Whitespace between elements in a list as well as specicial syntactic
+characters in a \fIUser Specification\fR ('=\*(R', \*(L':\*(R', \*(L'(\*(R', \*(L')') is optional.
+.PP
+The following characters must be escaped with a backslash (\*(R'\e') when
+used as part of a word (eg. a username or hostname):
+\&'@\*(R', \*(L'!\*(R', \*(L'=\*(R', \*(L':\*(R', \*(L',\*(R', \*(L'(\*(R', \*(L')\*(R', \*(L'\e\*(R'.
+.SH "EXAMPLES"
+Below are example \fIsudoers\fR entries. Admittedly, some of
+these are a bit contrived. First, we define our \fIaliases\fR:
+.PP
+.Vb 4
+\& # User alias specification
+\& User_Alias FULLTIMERS = millert, mikef, dowdy
+\& User_Alias PARTTIMERS = bostley, jwfox, crawl
+\& User_Alias WEBMASTERS = will, wendy, wim
+.Ve
+.Vb 3
+\& # Runas alias specification
+\& Runas_Alias OP = root, operator
+\& Runas_Alias DB = oracle, sybase
+.Ve
+.Vb 9
+\& # Host alias specification
+\& Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e
+\& SGI = grolsch, dandelion, black :\e
+\& ALPHA = widget, thalamus, foobar :\e
+\& HPPA = boa, nag, python
+\& Host_Alias CUNETS = 128.138.0.0/255.255.0.0
+\& Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
+\& Host_Alias SERVERS = master, mail, www, ns
+\& Host_Alias CDROM = orion, perseus, hercules
+.Ve
+.Vb 12
+\& # Cmnd alias specification
+\& Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
+\& /usr/sbin/restore, /usr/sbin/rrestore
+\& Cmnd_Alias KILL = /usr/bin/kill
+\& Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+\& Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+\& Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt
+\& Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
+\& Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \e
+\& /usr/local/bin/tcsh, /usr/bin/rsh, \e
+\& /usr/local/bin/zsh
+\& Cmnd_Alias SU = /usr/bin/su
+.Ve
+Here we override some of the compiled in default values. We want
+sudo to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all cases.
+We don't want to subject the full time staff to the \fBsudo\fR lecture,
+and user \fBmillert\fR need not give a password. In addition, on the
+machines in the \fISERVERS\fR \f(CWHost_Alias\fR, we keep an additional
+local log file and make sure we log the year in each log line since
+the log entries will be kept around for several years.
+.PP
+.Vb 5
+\& # Override builtin defaults
+\& Defaults syslog=auth
+\& Defaults:FULLTIMERS !lecture
+\& Defaults:millert !authenticate
+\& Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+.Ve
+The \fIUser specification\fR is the part that actually determines who may
+run what.
+.PP
+.Vb 2
+\& root ALL = (ALL) ALL
+\& %wheel ALL = (ALL) ALL
+.Ve
+We let \fBroot\fR and any user in group \fBwheel\fR run any command on any
+host as any user.
+.PP
+.Vb 1
+\& FULLTIMERS ALL = NOPASSWD: ALL
+.Ve
+Full time sysadmins (\fBmillert\fR, \fBmikef\fR, and \fBdowdy\fR) may run any
+command on any host without authenticating themselves.
+.PP
+.Vb 1
+\& PARTTIMERS ALL = ALL
+.Ve
+Part time sysadmins (\fBbostley\fR, \fBjwfox\fR, and \fBcrawl\fR) may run any
+command on any host but they must authenticate themselves first
+(since the entry lacks the \f(CWNOPASSWD\fR tag).
+.PP
+.Vb 1
+\& jack CSNETS = ALL
+.Ve
+The user \fBjack\fR may run any command on the machines in the \fICSNETS\fR alias
+(the networks \f(CW128.138.243.0\fR, \f(CW128.138.204.0\fR, and \f(CW128.138.242.0\fR).
+Of those networks, only <128.138.204.0> has an explicit netmask (in
+CIDR notation) indicating it is a class C network. For the other
+networks in \fICSNETS\fR, the local machine's netmask will be used
+during matching.
+.PP
+.Vb 1
+\& lisa CUNETS = ALL
+.Ve
+The user \fBlisa\fR may run any command on any host in the \fICUNETS\fR alias
+(the class B network \f(CW128.138.0.0\fR).
+.PP
+.Vb 2
+\& operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\e
+\& /usr/oper/bin/
+.Ve
+The \fBoperator\fR user may run commands limited to simple maintenance.
+Here, those are commands related to backups, killing processes, the
+printing system, shutting down the system, and any commands in the
+directory \fI/usr/oper/bin/\fR.
+.PP
+.Vb 1
+\& joe ALL = /usr/bin/su operator
+.Ve
+The user \fBjoe\fR may only \fIsu\fR\|(1) to operator.
+.PP
+.Vb 1
+\& pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
+.Ve
+The user \fBpete\fR is allowed to change anyone's password except for
+root on the \fIHPPA\fR machines. Note that this assumes \fIpasswd\fR\|(1)
+does not take multiple usernames on the command line.
+.PP
+.Vb 1
+\& bob SPARC = (OP) ALL : SGI = (OP) ALL
+.Ve
+The user \fBbob\fR may run anything on the \fISPARC\fR and \fISGI\fR machines
+as any user listed in the \fIOP\fR \f(CWRunas_Alias\fR (\fBroot\fR and \fBoperator\fR).
+.PP
+.Vb 1
+\& jim +biglab = ALL
+.Ve
+The user \fBjim\fR may run any command on machines in the \fIbiglab\fR netgroup.
+\fBSudo\fR knows that \*(L"biglab\*(R" is a netgroup due to the \*(L'+\*(R' prefix.
+.PP
+.Vb 1
+\& +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+.Ve
+Users in the \fBsecretaries\fR netgroup need to help manage the printers
+as well as add and remove users, so they are allowed to run those
+commands on all machines.
+.PP
+.Vb 1
+\& fred ALL = (DB) NOPASSWD: ALL
+.Ve
+The user \fBfred\fR can run commands as any user in the \fIDB\fR \f(CWRunas_Alias\fR
+(\fBoracle\fR or \fBsybase\fR) without giving a password.
+.PP
+.Vb 1
+\& john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+.Ve
+On the \fIALPHA\fR machines, user \fBjohn\fR may su to anyone except root
+but he is not allowed to give \fIsu\fR\|(1) any flags.
+.PP
+.Vb 1
+\& jen ALL, !SERVERS = ALL
+.Ve
+The user \fBjen\fR may run any command on any machine except for those
+in the \fISERVERS\fR \f(CWHost_Alias\fR (master, mail, www and ns).
+.PP
+.Vb 1
+\& jill SERVERS = /usr/bin/, !SU, !SHELLS
+.Ve
+For any machine in the \fISERVERS\fR \f(CWHost_Alias\fR, \fBjill\fR may run
+any commands in the directory /usr/bin/ except for those commands
+belonging to the \fISU\fR and \fISHELLS\fR \f(CWCmnd_Aliases\fR.
+.PP
+.Vb 1
+\& steve CSNETS = (operator) /usr/local/op_commands/
+.Ve
+The user \fBsteve\fR may run any command in the directory /usr/local/op_commands/
+but only as user operator.
+.PP
+.Vb 1
+\& matt valkyrie = KILL
+.Ve
+On his personal workstation, valkyrie, \fBmatt\fR needs to be able to
+kill hung processes.
+.PP
+.Vb 1
+\& WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
+.Ve
+On the host www, any user in the \fIWEBMASTERS\fR \f(CWUser_Alias\fR (will,
+wendy, and wim), may run any command as user www (which owns the
+web pages) or simply \fIsu\fR\|(1) to www.
+.PP
+.Vb 2
+\& ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e
+\& /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM
+.Ve
+Any user may mount or unmount a CD\-ROM on the machines in the CDROM
+\f(CWHost_Alias\fR (orion, perseus, hercules) without entering a password.
+This is a bit tedious for users to type, so it is a prime candiate
+for encapsulating in a shell script.
+.SH "SECURITY NOTES"
+It is generally not effective to \*(L"subtract\*(R" commands from \f(CWALL\fR
+using the \*(L'!\*(R' operator. A user can trivially circumvent this
+by copying the desired command to a different name and then
+executing that. For example:
+.PP
+.Vb 1
+\& bill ALL = ALL, !SU, !SHELLS
+.Ve
+Doesn't really prevent \fBbill\fR from running the commands listed in
+\fISU\fR or \fISHELLS\fR since he can simply copy those commands to a
+different name, or use a shell escape from an editor or other
+program. Therefore, these kind of restrictions should be considered
+advisory at best (and reinforced by policy).
+.SH "CAVEATS"
+The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR
+command which locks the file and does grammatical checking. It is
+imperative that \fIsudoers\fR be free of syntax errors since \fBsudo\fR
+will not run with a syntactically incorrect \fIsudoers\fR file.
+.PP
+When using netgroups of machines (as opposed to users), if you
+store fully-qualified hostnames in the netgroup (as is usually the
+case), you either need to have the machine's hostname be fully-qualified
+as returned by the \f(CWhostname\fR command or use the \fIfqdn\fR option in
+\fIsudoers\fR.
+.SH "FILES"
+.PP
+.Vb 3
+\& @sysconfdir@/sudoers List of who can run what
+\& /etc/group Local groups file
+\& /etc/netgroup List of network groups
+.Ve
+.SH "SEE ALSO"
+\fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3).
+
+.rn }` ''
+.IX Title "sudoers.pod.in @mansectform@"
+.IX Name "sudoers - list of which users may execute what"
+
+.IX Header "NAME"
+
+.IX Header "DESCRIPTION"
+
+.IX Subsection "Quick guide to \s-1EBNF\s0"
+
+.IX Item "\f(CW?\fR"
+
+.IX Item "\f(CW*\fR"
+
+.IX Item "\f(CW+\fR"
+
+.IX Subsection "Aliases"
+
+.IX Subsection "Defaults"
+
+.IX Item "long_otp_prompt"
+
+.IX Item "ignore_dot"
+
+.IX Item "mail_always"
+
+.IX Item "mail_no_user"
+
+.IX Item "mail_no_host"
+
+.IX Item "mail_no_perms"
+
+.IX Item "tty_tickets"
+
+.IX Item "lecture"
+
+.IX Item "authenticate"
+
+.IX Item "root_sudo"
+
+.IX Item "log_host"
+
+.IX Item "log_year"
+
+.IX Item "shell_noargs"
+
+.IX Item "set_home"
+
+.IX Item "path_info"
+
+.IX Item "fqdn"
+
+.IX Item "insults"
+
+.IX Item "requiretty"
+
+.IX Item "env_editor"
+
+.IX Item "rootpw"
+
+.IX Item "runaspw"
+
+.IX Item "targetpw"
+
+.IX Item "use_loginclass"
+
+.IX Item "passwd_tries"
+
+.IX Item "loglinelen"
+
+.IX Item "timestamp_timeout"
+
+.IX Item "passwd_timeout"
+
+.IX Item "umask"
+
+.IX Item "mailsub"
+
+.IX Item "badpass_message"
+
+.IX Item "timestampdir"
+
+.IX Item "passprompt"
+
+.IX Item "runas_default"
+
+.IX Item "syslog_goodpri"
+
+.IX Item "syslog_badpri"
+
+.IX Item "editor"
+
+.IX Item "logfile"
+
+.IX Item "syslog"
+
+.IX Item "mailerpath"
+
+.IX Item "mailerflags"
+
+.IX Item "mailto"
+
+.IX Item "exempt_group"
+
+.IX Item "secure_path"
+
+.IX Item "verifypw"
+
+.IX Item "listpw"
+
+.IX Subsection "User Specification"
+
+.IX Subsection "Runas_Spec"
+
+.IX Subsection "\s-1NOPASSWD\s0 and \s-1PASSWD\s0"
+
+.IX Subsection "Wildcards (aka meta characters):"
+
+.IX Item "\f(CW*\fR"
+
+.IX Item "\f(CW?\fR"
+
+.IX Item "\f(CW[...]\fR"
+
+.IX Item "\f(CW[!...]\fR"
+
+.IX Item "\f(CW\ex\fR"
+
+.IX Subsection "Exceptions to wildcard rules:"
+
+.IX Item \f(CW""\fR
+
+.IX Subsection "Other special characters and reserved words:"
+
+.IX Header "EXAMPLES"
+
+.IX Header "SECURITY NOTES"
+
+.IX Header "CAVEATS"
+
+.IX Header "FILES"
+
+.IX Header "SEE ALSO"
+
--- /dev/null
+.rn '' }`
+''' $RCSfile$$Revision$$Date$
+'''
+''' $Log$
+''' Revision 1.1 2000/03/23 00:17:30 millert
+''' configure does substitution on these to produce *.man
+'''
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+''' Set up \*(-- to give an unbreakable dash;
+''' string Tr holds user defined translation string.
+''' Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
+''' \*(L" and \*(R", except that they are used on ".xx" lines,
+''' such as .IP and .SH, which do another additional levels of
+''' double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \(*p
+'br\}
+.\" If the F register is turned on, we'll generate
+.\" index entries out stderr for the following things:
+.\" TH Title
+.\" SH Header
+.\" Sh Subsection
+.\" Ip Item
+.\" X<> Xref (embedded
+.\" Of course, you have to process the output yourself
+.\" in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH visudo.pod.in @mansectsu@ "1.6.3" "18/Mar/2000" "MAINTENANCE COMMANDS"
+.UC
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+. \" AM - accent mark definitions
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds ? ?
+. ds ! !
+. ds /
+. ds q
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds v \h'-1'\o'\(aa\(ga'
+. ds _ \h'-1'^
+. ds . \h'-1'.
+. ds 3 3
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+. ds oe oe
+. ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
+visudo \- edit the sudoers file
+.SH "SYNOPSIS"
+\fBvisudo\fR [ \fB\-s\fR ] [ \fB\-V\fR ]
+.SH "DESCRIPTION"
+\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
+\fIvipw\fR\|(8). \fBvisudo\fR locks the \fIsudoers\fR file against multiple
+simultaneous edits, provides basic sanity checks, and checks
+for parse errors. If the \fIsudoers\fR file is currently being
+edited you will receive a message to try again later. In the
+default configuration, the \fIvi\fR\|(1) editor is used, but there is
+a compile time option to allow use of whatever editor the
+environment variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to.
+.PP
+\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
+not save the changes if there is a syntax error. Upon finding
+an error, a message will be printed stating the line \fInumber\fR\|(s)
+that the error occurred on and the user will receive the
+\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R"
+to re-edit the \fIsudoers\fR file, enter \*(L"x\*(R" to exit without
+saving the changes, or \*(L"Q\*(R" to quit and save changes. The
+\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR
+believes there to be a parse error, so will \fBsudo\fR and no one
+will be able to execute \fBsudo\fR again until the error is fixed.
+Any other command at this prompt will print a short help message.
+When editing the \fIsudoers\fR file after a parse error has been
+detected the cursor will be placed on the line where the error
+occurred (if the editor supports this feature).
+.SH "OPTIONS"
+\fBvisudo\fR accepts the following command line option:
+.Ip "-s" 4
+Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is
+used before it is defined, \fBvisudo\fR will consider this a parse
+error. Note that it is not possible to differentiate between an
+alias and a hostname or username that consists solely of upper case
+letters, digits, and the underscore ('_') character.
+.Ip "-V" 4
+The \f(CW-V\fR (version) option causes \fBvisudo\fR to print the version number
+and exit.
+.SH "ERRORS"
+.Ip "sudoers file busy, try again later." 4
+Someone else is currently editing the \fIsudoers\fR file.
+.Ip "@sysconf@/sudoers.tmp: Permission denied" 4
+You didn't run \fBvisudo\fR as root.
+.Ip "Can't find you in the passwd database" 4
+Your userid does not appear in the system passwd file.
+.Ip "Warning: undeclared Alias referenced near ..." 4
+Either you are using a {User,Runas,Host,Cmnd}_Alias before
+defining it or you have a user or hostname listed that
+consists solely of upper case letters, digits, and the
+underscore ('_') character. If the latter, you can ignore
+the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict)
+mode these are errors not warnings.
+.SH "ENVIRONMENT"
+The following environment variables are used only if \fBvisudo\fR
+was configured with the \fI--with-env-editor\fR option:
+.PP
+.Vb 2
+\& EDITOR Used by visudo as the editor to use
+\& VISUAL Used by visudo if EDITOR is not set
+.Ve
+.SH "FILES"
+.PP
+.Vb 2
+\& @sysconf@/sudoers List of who can run what
+\& @sysconf@/sudoers.tmp Lock file for visudo
+.Ve
+.SH "AUTHOR"
+Many people have worked on \fIsudo\fR over the years, this version of
+\fBvisudo\fR was written by:
+.PP
+.Vb 1
+\& Todd Miller <Todd.Miller@courtesan.com>
+.Ve
+See the HISTORY file in the sudo distribution for more details.
+.SH "BUGS"
+If you feel you have found a bug in sudo, please submit a bug report
+at http://www.courtesan.com/sudo/bugs/
+.SH "DISCLAIMER"
+\fBVisudo\fR is provided ``AS IS'\*(R' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.
+See the LICENSE file distributed with \fBsudo\fR for complete details.
+.SH "CAVEATS"
+There is no easy way to prevent a user from gaining a root shell if
+the editor used by \fBvisudo\fR allows shell escapes.
+.SH "SEE ALSO"
+\fIsudo\fR\|(8), \fIvipw\fR\|(8).
+
+.rn }` ''
+.IX Title "visudo.pod.in @mansectsu@"
+.IX Name "visudo - edit the sudoers file"
+
+.IX Header "NAME"
+
+.IX Header "SYNOPSIS"
+
+.IX Header "DESCRIPTION"
+
+.IX Header "OPTIONS"
+
+.IX Item "-s"
+
+.IX Item "-V"
+
+.IX Header "ERRORS"
+
+.IX Item "sudoers file busy, try again later."
+
+.IX Item "@sysconf@/sudoers.tmp: Permission denied"
+
+.IX Item "Can't find you in the passwd database"
+
+.IX Item "Warning: undeclared Alias referenced near ..."
+
+.IX Header "ENVIRONMENT"
+
+.IX Header "FILES"
+
+.IX Header "AUTHOR"
+
+.IX Header "BUGS"
+
+.IX Header "DISCLAIMER"
+
+.IX Header "CAVEATS"
+
+.IX Header "SEE ALSO"
+
projects / sudo / commitdiff