sudo, sudoedit - execute a command as another user
S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
- s\bsu\bud\bdo\bo -\b-K\bK | -\b-L\bL | -\b-V\bV | -\b-h\bh | -\b-k\bk | -\b-l\bl | -\b-v\bv
+ s\bsu\bud\bdo\bo -\b-K\bK | -\b-L\bL | -\b-V\bV | -\b-h\bh | -\b-k\bk | -\b-l\bl [_\bu_\bs_\be_\br_\bn_\ba_\bm_\be] | -\b-v\bv
s\bsu\bud\bdo\bo [-\b-H\bHP\bPS\bSb\bb] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt]
[-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] {-\b-e\be file [...] | -\b-i\bi | -\b-s\bs | _\bc_\bo_\bm_\bm_\ba_\bn_\bd}
-1.6.9 September 30, 2004 1
+1.6.9 October 26, 2004 1
-1.6.9 September 30, 2004 2
+1.6.9 October 26, 2004 2
-i The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs the shell
specified in the passwd(4) entry of the user that the
command is being run as. The command name argument
- given to the shell begins with a - to tell the shell
+ given to the shell begins with a `-' to tell the shell
to run as a login shell. s\bsu\bud\bdo\bo attempts to change to
that user's home directory before running the shell.
It also initializes the environment, leaving _\bT_\bE_\bR_\bM
-1.6.9 September 30, 2004 3
+1.6.9 October 26, 2004 3
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- Note that because the shell to use is determined
- before the _\bs_\bu_\bd_\bo_\be_\br_\bs file is parsed, a _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt
- setting in _\bs_\bu_\bd_\bo_\be_\br_\bs will specify the user to run the
- shell as but will not affect which shell is actually
- run.
-
-k The -\b-k\bk (_\bk_\bi_\bl_\bl) option to s\bsu\bud\bdo\bo invalidates the user's
timestamp by setting the time on it to the epoch. The
next time s\bsu\bud\bdo\bo is run a password will be required.
to allow a user to revoke s\bsu\bud\bdo\bo permissions from a
.logout file.
- -l The -\b-l\bl (_\bl_\bi_\bs_\bt) option will list out the allowed (and
- forbidden) commands for the user on the current host.
+ -l [_\bu_\bs_\be_\br_\bn_\ba_\bm_\be]
+ The -\b-l\bl (_\bl_\bi_\bs_\bt) option will list out the allowed (and
+ forbidden) commands for _\bu_\bs_\be_\br_\bn_\ba_\bm_\be on the current host.
+ If _\bu_\bs_\be_\br_\bn_\ba_\bm_\be is ommitted, the information listed will
+ be for the invoking user. Only the superuser may list
+ other user's commands.
-p The -\b-p\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the
default password prompt and use a custom one. The
in _\bs_\bu_\bd_\bo_\be_\br_\bs) but does not run a command.
-- The -\b--\b- flag indicates that s\bsu\bud\bdo\bo should stop processing
+ command line arguments. It is most useful in conjunc
+ tion with the -\b-s\bs flag.
-1.6.9 September 30, 2004 4
+1.6.9 October 26, 2004 4
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- command line arguments. It is most useful in conjunc
- tion with the -\b-s\bs flag.
-
R\bRE\bET\bTU\bUR\bRN\bN V\bVA\bAL\bLU\bUE\bES\bS
Upon successful execution of a program, the return value
from s\bsu\bud\bdo\bo will simply be the return value of the program
cally.
s\bsu\bud\bdo\bo will check the ownership of its timestamp directory
+ (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo by default) and ignore the directory's con
+ tents if it is not owned by root and only writable by
+ root. On systems that allow non-root users to give away
-1.6.9 September 30, 2004 5
+1.6.9 October 26, 2004 5
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo by default) and ignore the directory's con
- tents if it is not owned by root and only writable by
- root. On systems that allow non-root users to give away
files via _\bc_\bh_\bo_\bw_\bn(2), if the timestamp directory is located
in a directory writable by anyone (e.g.: _\b/_\bt_\bm_\bp), it is pos
sible for a user to create the timestamp directory before
SUDO_PROMPT Used as the default password prompt
+ SUDO_COMMAND Set to the command run by sudo
+ SUDO_USER Set to the login of the user who invoked sudo
-1.6.9 September 30, 2004 6
-
+1.6.9 October 26, 2004 6
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- SUDO_COMMAND Set to the command run by sudo
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- SUDO_USER Set to the login of the user who invoked sudo
SUDO_UID Set to the uid of the user who invoked sudo
Many people have worked on s\bsu\bud\bdo\bo over the years; this ver
sion consists of code written primarily by:
+ Todd Miller
+ Chris Jepeway
-1.6.9 September 30, 2004 7
+1.6.9 October 26, 2004 7
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- Todd Miller
- Chris Jepeway
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
See the HISTORY file in the s\bsu\bud\bdo\bo distribution or visit
http://www.sudo.ws/sudo/history.html for a short history
ranties, including, but not limited to, the implied war
ranties of merchantability and fitness for a particular
purpose are disclaimed. See the LICENSE file distributed
- with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
-
-
-
-1.6.9 September 30, 2004 8
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
- complete details.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+ with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for com
+ plete details.
-1.6.9 September 30, 2004 9
+1.6.9 October 26, 2004 8
(which specify who may run what).
When multiple entries match for a user, they are applied
- in order. Where there are conflicting values, the last
+ in order. Where there are multiple matches, the last
match is used (which is not necessarily the most specific
match).
-1.6.9 October 13, 2004 1
+1.6.9 October 26, 2004 1
-1.6.9 October 13, 2004 2
+1.6.9 October 26, 2004 2
-1.6.9 October 13, 2004 3
+1.6.9 October 26, 2004 3
-1.6.9 October 13, 2004 4
+1.6.9 October 26, 2004 4
ignore_dot If set, s\bsu\bud\bdo\bo will ignore '.' or '' (current
dir) in the PATH environment variable; the
PATH itself is not modified. This flag is _\bo_\bf_\bf
- by default. Currently, while it is possible
- to set _\bi_\bg_\bn_\bo_\br_\be_\b__\bd_\bo_\bt in _\bs_\bu_\bd_\bo_\be_\br_\bs, its value is not
- used. This option should be considered read-
- only (it will be fixed in a future version of
- s\bsu\bud\bdo\bo).
+ by default.
mail_always Send mail to the _\bm_\ba_\bi_\bl_\bt_\bo user every time a
users runs s\bsu\bud\bdo\bo. This flag is _\bo_\bf_\bf by default.
If set, users must authenticate themselves via
a password (or other means of authentication)
before they may run commands. This default
+ may be overridden via the PASSWD and NOPASSWD
+ tags. This flag is _\bo_\bn by default.
+ root_sudo If set, root is allowed to run s\bsu\bud\bdo\bo too.
-1.6.9 October 13, 2004 5
+1.6.9 October 26, 2004 5
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- may be overridden via the PASSWD and NOPASSWD
- tags. This flag is _\bo_\bn by default.
- root_sudo If set, root is allowed to run s\bsu\bud\bdo\bo too. Dis
- abling this prevents users from "chaining"
+ Disabling this prevents users from "chaining"
s\bsu\bud\bdo\bo commands to get a root shell by doing
something like "sudo sudo /bin/sh". Note,
however, that turning off _\br_\bo_\bo_\bt_\b__\bs_\bu_\bd_\bo will also
tage is that if the executable is simply not
in the user's PATH, s\bsu\bud\bdo\bo will tell the user
that they are not allowed to run it, which can
+ be confusing. This flag is _\bo_\bf_\bf by default.
+ preserve_groups
+ By default s\bsu\bud\bdo\bo will initialize the group
-1.6.9 October 13, 2004 6
+1.6.9 October 26, 2004 6
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- be confusing. This flag is _\bo_\bf_\bf by default.
- preserve_groups
- By default s\bsu\bud\bdo\bo will initialize the group vec
- tor to the list of groups the target user is
- in. When _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, the user's
- existing group vector is left unaltered. The
- real and effective group IDs, however, are
- still set to match the target user. This flag
- is _\bo_\bf_\bf by default.
+ vector to the list of groups the target user
+ is in. When _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, the
+ user's existing group vector is left unal
+ tered. The real and effective group IDs, how
+ ever, are still set to match the target user.
+ This flag is _\bo_\bf_\bf by default.
fqdn Set this flag if you want to put fully quali
fied hostnames in the _\bs_\bu_\bd_\bo_\be_\br_\bs file. I.e.,
specified in editor. This flag is off by
default.
+ rootpw If set, s\bsu\bud\bdo\bo will prompt for the root password
+ instead of the password of the invoking user.
+ This flag is _\bo_\bf_\bf by default.
+
-1.6.9 October 13, 2004 7
+1.6.9 October 26, 2004 7
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- rootpw If set, s\bsu\bud\bdo\bo will prompt for the root password
- instead of the password of the invoking user.
- This flag is _\bo_\bf_\bf by default.
-
runaspw If set, s\bsu\bud\bdo\bo will prompt for the password of
the user defined by the _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt option
(defaults to root) instead of the password of
variables may be preserved with the _\be_\bn_\bv_\b__\bk_\be_\be_\bp
option.
+ use_loginclass
+ If set, s\bsu\bud\bdo\bo will apply the defaults specified
+ for the target user's login class if one
+ exists. Only available if s\bsu\bud\bdo\bo is configured
+ with the --with-logincap option. This flag is
-
-1.6.9 October 13, 2004 8
+1.6.9 October 26, 2004 8
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- use_loginclass
- If set, s\bsu\bud\bdo\bo will apply the defaults specified
- for the target user's login class if one
- exists. Only available if s\bsu\bud\bdo\bo is configured
- with the --with-logincap option. This flag is
_\bo_\bf_\bf by default.
noexec If set, all commands run via s\bsu\bud\bdo\bo will behave
wrap lines for nicer log files. This has no
effect on the syslog log file, only the file
log. The default is 80 (use 0 or negate the
+ option to disable word wrap).
+
+ timestamp_timeout
+ Number of minutes that can elapse before s\bsu\bud\bdo\bo
+ will ask for a passwd again. The default is
-1.6.9 October 13, 2004 9
+1.6.9 October 26, 2004 9
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- option to disable word wrap).
-
- timestamp_timeout
- Number of minutes that can elapse before s\bsu\bud\bdo\bo
- will ask for a passwd again. The default is
5. Set this to 0 to always prompt for a pass
word. If set to a value less than 0 the
user's timestamp will never expire. This can
the command will be run as (defaults
to root)
+ %h expanded to the local hostname without
+ the domain name
+ %H expanded to the local hostname includ
+ ing the domain name (on if the
-1.6.9 October 13, 2004 10
+1.6.9 October 26, 2004 10
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- %h expanded to the local hostname without
- the domain name
- %H expanded to the local hostname includ
- ing the domain name (on if the
machine's hostname is fully qualified
or the _\bf_\bq_\bd_\bn option is set)
once Only lecture the user the first time
they run s\bsu\bud\bdo\bo.
+ always Always lecture the user.
+ The default value is _\bo_\bn_\bc_\be.
-1.6.9 October 13, 2004 11
+1.6.9 October 26, 2004 11
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- always Always lecture the user.
- The default value is _\bo_\bn_\bc_\be.
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
lecture_file
Path to a file containing an alternate s\bsu\bud\bdo\bo
The default value is `all'.
+ listpw This option controls when a password will be
+ required when a user runs s\bsu\bud\bdo\bo with the -\b-l\bl
+ flag. It has the following possible values:
+
-1.6.9 October 13, 2004 12
+1.6.9 October 26, 2004 12
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- listpw This option controls when a password will be
- required when a user runs s\bsu\bud\bdo\bo with the -\b-l\bl
- flag. It has the following possible values:
-
all All the user's _\bs_\bu_\bd_\bo_\be_\br_\bs entries for the
current host must have the NOPASSWD
flag set to avoid entering a password.
env_keep Environment variables to be preserved in the
user's environment when the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option
is in effect. This allows fine-grained con
- trol over the environment s\bsu\bud\bdo\bo-spawned
+ trol over the environment s\bsu\bud\bdo\bo-spawned pro
+ cesses will receive. The argument may be a
+ double-quoted, space-separated list or a sin
+ gle value without double-quotes. The list can
+ be replaced, added to, deleted from, or
-1.6.9 October 13, 2004 13
+1.6.9 October 26, 2004 13
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- processes will receive. The argument may be a
- double-quoted, space-separated list or a sin
- gle value without double-quotes. The list can
- be replaced, added to, deleted from, or dis
- abled by using the =, +=, -=, and ! operators
- respectively. This list has no default mem
- bers.
+ disabled by using the =, +=, -=, and ! opera
+ tors respectively. This list has no default
+ members.
When logging via _\bs_\by_\bs_\bl_\bo_\bg(3), s\bsu\bud\bdo\bo accepts the following
values for the syslog facility (the value of the s\bsy\bys\bsl\blo\bog\bg
$ sudo -u operator /bin/ls.
+ It is also possible to override a Runas_Spec later on in
+ an entry. If we modify the entry like so:
+ dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
-1.6.9 October 13, 2004 14
-
+1.6.9 October 26, 2004 14
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- It is also possible to override a Runas_Spec later on in
- an entry. If we modify the entry like so:
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
Then user d\bdg\bgb\bb is now allowed to run _\b/_\bb_\bi_\bn_\b/_\bl_\bs as o\bop\bpe\ber\bra\bat\bto\bor\br,
but _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm as r\bro\boo\bot\bt.
can be used to prevent a dynamically-linked executable
from running further commands itself.
+ In the following example, user a\baa\bar\bro\bon\bn may run _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be
+ and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bv_\bi but shell escapes will be disabled.
+ aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
-1.6.9 October 13, 2004 15
+1.6.9 October 26, 2004 15
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- In the following example, user a\baa\bar\bro\bon\bn may run _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be
- and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bv_\bi but shell escapes will be disabled.
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
See the "PREVENTING SHELL ESCAPES" section below for more
details on how NOEXEC works and whether or not it will
/usr/bin/*
+ match _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bw_\bh_\bo but not _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bX_\b1_\b1_\b/_\bx_\bt_\be_\br_\bm.
-1.6.9 October 13, 2004 16
+1.6.9 October 26, 2004 16
+
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- match _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bw_\bh_\bo but not _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bX_\b1_\b1_\b/_\bx_\bt_\be_\br_\bm.
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
E\bEx\bxc\bce\bep\bpt\bti\bio\bon\bns\bs t\bto\bo w\bwi\bil\bld\bdc\bca\bar\brd\bd r\bru\bul\ble\bes\bs
operator both in an _\ba_\bl_\bi_\ba_\bs and in front of a Cmnd. This
allows one to exclude certain values. Note, however, that
using a ! in conjunction with the built-in ALL alias to
+ allow a user to run "all but a few" commands rarely works
+ as intended (see SECURITY NOTES below).
-1.6.9 October 13, 2004 17
+1.6.9 October 26, 2004 17
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
- allow a user to run "all but a few" commands rarely works
- as intended (see SECURITY NOTES below).
-
Long lines can be continued with a backslash ('\') as the
last character on the line.
/etc/netgroup List of network groups
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
- Since the _\bs_\bu_\bd_\bo_\be_\br_\bs file is parsed in a single pass, order
- is important. In general, you should structure _\bs_\bu_\bd_\bo_\be_\br_\bs
- such that the Host_Alias, User_Alias, and Cmnd_Alias spec
- ifications come first, followed by any Default_Entry
- lines, and finally the Runas_Alias and user specifica
- tions. The basic rule of thumb is you cannot reference an
- Alias that has not already been defined.
-
Below are example _\bs_\bu_\bd_\bo_\be_\br_\bs entries. Admittedly, some of
these are a bit contrived. First, we define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
-
-
-
-
-
-
-
-1.6.9 October 13, 2004 18
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Here we override some of the compiled in default values.
We want s\bsu\bud\bdo\bo to log via _\bs_\by_\bs_\bl_\bo_\bg(3) using the _\ba_\bu_\bt_\bh facility
+
+
+
+1.6.9 October 26, 2004 18
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
in all cases. We don't want to subject the full time
staff to the s\bsu\bud\bdo\bo lecture, user m\bmi\bil\bll\ble\ber\brt\bt need not give a
password, and we don't want to reset the LOGNAME or USER
jack CSNETS = ALL
The user j\bja\bac\bck\bk may run any command on the machines in the
-
-
-
-1.6.9 October 13, 2004 19
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
_\bC_\bS_\bN_\bE_\bT_\bS alias (the networks 128.138.243.0, 128.138.204.0,
and 128.138.242.0). Of those networks, only 128.138.204.0
has an explicit netmask (in CIDR notation) indicating it
operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
sudoedit /etc/printcap, /usr/oper/bin/
- The o\bop\bpe\ber\bra\bat\bto\bor\br user may run commands limited to simple main
- tenance. Here, those are commands related to backups,
+ The o\bop\bpe\ber\bra\bat\bto\bor\br user may run commands limited to simple
+
+
+
+1.6.9 October 26, 2004 19
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
+ maintenance. Here, those are commands related to backups,
killing processes, the printing system, shutting down the
system, and any commands in the directory _\b/_\bu_\bs_\br_\b/_\bo_\bp_\be_\br_\b/_\bb_\bi_\bn_\b/.
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
-
-
-1.6.9 October 13, 2004 20
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
On the _\bA_\bL_\bP_\bH_\bA machines, user j\bjo\boh\bhn\bn may su to anyone except
root but he is not allowed to give _\bs_\bu(1) any flags.
any commands in the directory /usr/bin/ except for those
commands belonging to the _\bS_\bU and _\bS_\bH_\bE_\bL_\bL_\bS Cmnd_Aliases.
+
+
+1.6.9 October 26, 2004 20
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
steve CSNETS = (operator) /usr/local/op_commands/
The user s\bst\bte\bev\bve\be may run any command in the directory
restrictions should be considered advisory at best (and
reinforced by policy).
-
-
-1.6.9 October 13, 2004 21
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
P\bPR\bRE\bEV\bVE\bEN\bNT\bTI\bIN\bNG\bG S\bSH\bHE\bEL\bLL\bL E\bES\bSC\bCA\bAP\bPE\bES\bS
Once s\bsu\bud\bdo\bo executes a program, that program is free to do
whatever it pleases, including run other programs. This
restrict Avoid giving users access to commands that allow
the user to run arbitrary commands. Many edi
tors have a restricted mode where shell escapes
+
+
+
+1.6.9 October 26, 2004 21
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
are disabled, though s\bsu\bud\bdo\boe\bed\bdi\bit\bt is a better solu
tion to running editors via s\bsu\bud\bdo\bo. Due to the
large number of programs that offer shell
the LD_PRELOAD environment variable. Check your
operating system's manual pages for the dynamic
linker (usually ld.so, ld.so.1, dyld, dld.sl,
-
-
-
-1.6.9 October 13, 2004 22
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
rld, or loader) to see if LD_PRELOAD is sup
ported.
_\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bv_\bi with _\bn_\bo_\be_\bx_\be_\bc enabled. This will pre
vent those two commands from executing other
commands (such as a shell). If you are unsure
- whether or not your system is capable of sup
- porting _\bn_\bo_\be_\bx_\be_\bc you can always just try it out
+ whether or not your system is capable of
+
+
+
+1.6.9 October 26, 2004 22
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
+ supporting _\bn_\bo_\be_\bx_\be_\bc you can always just try it out
and see if it works.
monitor On operating systems that support the s\bsy\bys\bst\btr\bra\bac\bce\be
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
_\br_\bs_\bh(1), _\bs_\bu(1), _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3), sudo(1m), visudo(1m)
-
-
-
-1.6.9 October 13, 2004 23
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
The _\bs_\bu_\bd_\bo_\be_\br_\bs file should a\bal\blw\bwa\bay\bys\bs be edited by the v\bvi\bis\bsu\bud\bdo\bo
command which locks the file and does grammatical check
hostname be fully qualified as returned by the hostname
command or use the _\bf_\bq_\bd_\bn option in _\bs_\bu_\bd_\bo_\be_\br_\bs.
+
+
+
+
+1.6.9 October 26, 2004 23
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
B\bBU\bUG\bGS\bS
If you feel you have found a bug in s\bsu\bud\bdo\bo, please submit a
bug report at http://www.sudo.ws/sudo/bugs/
-1.6.9 October 13, 2004 24
+
+
+
+
+
+
+
+
+
+
+
+
+
+1.6.9 October 26, 2004 24
projects / sudo / commitdiff