sudo, sudoedit - execute a command as another user
S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
- s\bsu\bud\bdo\bo -\b-K\bK | -\b-L\bL | -\b-V\bV | -\b-h\bh | -\b-k\bk | -\b-l\bl [_\bu_\bs_\be_\br_\bn_\ba_\bm_\be] | -\b-v\bv
+ s\bsu\bud\bdo\bo -\b-K\bK | -\b-L\bL | -\b-V\bV | -\b-h\bh | -\b-k\bk | -\b-l\bl | -\b-v\bv
s\bsu\bud\bdo\bo [-\b-H\bHP\bPS\bSb\bb] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt]
[-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] {-\b-e\be file [...] | -\b-i\bi | -\b-s\bs | _\bc_\bo_\bm_\bm_\ba_\bn_\bd}
-1.6.9 October 26, 2004 1
+1.6.9 November 11, 2004 1
-1.6.9 October 26, 2004 2
+1.6.9 November 11, 2004 2
-1.6.9 October 26, 2004 3
+1.6.9 November 11, 2004 3
to allow a user to revoke s\bsu\bud\bdo\bo permissions from a
.logout file.
- -l [_\bu_\bs_\be_\br_\bn_\ba_\bm_\be]
- The -\b-l\bl (_\bl_\bi_\bs_\bt) option will list out the allowed (and
- forbidden) commands for _\bu_\bs_\be_\br_\bn_\ba_\bm_\be on the current host.
- If _\bu_\bs_\be_\br_\bn_\ba_\bm_\be is ommitted, the information listed will
- be for the invoking user. Only the superuser may list
- other user's commands.
+ -l The -\b-l\bl (_\bl_\bi_\bs_\bt) option will list out the allowed (and
+ forbidden) commands for the user on the current host.
+ If the -\b-u\bu flag is specified and the invoking user has
+ s\bsu\bud\bdo\bo ALL on the current host, the information listed
+ will be for the user specified by the -\b-u\bu flag.
-p The -\b-p\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the
default password prompt and use a custom one. The
-1.6.9 October 26, 2004 4
+
+1.6.9 November 11, 2004 4
To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only),
and LIBPATH (AIX only) environment variables are removed
from the environment passed on to all commands executed.
- s\bsu\bud\bdo\bo will also remove the IFS, ENV, BASH_ENV, KRB_CONF,
- KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN,
+ s\bsu\bud\bdo\bo will also remove the IFS, CDPATH, ENV, BASH_ENV,
+ KRB_CONF, KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN,
RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO,
TERMINFO_DIRS and TERMPATH variables as they too can pose
a threat. If the TERMCAP variable is set and is a path
name, it too is ignored. Additionally, if the LC_* or
LANGUAGE variables contain the / or % characters, they are
- ignored. If s\bsu\bud\bdo\bo has been compiled with SecurID support,
- the VAR_ACE, USR_ACE and DLC_ACE variables are cleared as
- well. The list of environment variables that s\bsu\bud\bdo\bo clears
- is contained in the output of sudo -V when run as root.
+ ignored. Environment variables with a value beginning
+ with () are also removed as they could be interpreted as
+ b\bba\bas\bsh\bh functions. If s\bsu\bud\bdo\bo has been compiled with SecurID
+ support, the VAR_ACE, USR_ACE and DLC_ACE variables are
+ cleared as well. The list of environment variables that
+ s\bsu\bud\bdo\bo clears is contained in the output of sudo -V when run
+ as root.
To prevent command spoofing, s\bsu\bud\bdo\bo checks "." and "" (both
denoting current directory) last when searching for a com
cally.
s\bsu\bud\bdo\bo will check the ownership of its timestamp directory
- (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo by default) and ignore the directory's con
- tents if it is not owned by root and only writable by
- root. On systems that allow non-root users to give away
-1.6.9 October 26, 2004 5
+1.6.9 November 11, 2004 5
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo by default) and ignore the directory's con
+ tents if it is not owned by root and only writable by
+ root. On systems that allow non-root users to give away
files via _\bc_\bh_\bo_\bw_\bn(2), if the timestamp directory is located
in a directory writable by anyone (e.g.: _\b/_\bt_\bm_\bp), it is pos
sible for a user to create the timestamp directory before
SUDO_PROMPT Used as the default password prompt
- SUDO_COMMAND Set to the command run by sudo
- SUDO_USER Set to the login of the user who invoked sudo
-
-1.6.9 October 26, 2004 6
+1.6.9 November 11, 2004 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ SUDO_COMMAND Set to the command run by sudo
+
+ SUDO_USER Set to the login of the user who invoked sudo
+
SUDO_UID Set to the uid of the user who invoked sudo
SUDO_GID Set to the gid of the user who invoked sudo
Many people have worked on s\bsu\bud\bdo\bo over the years; this ver
sion consists of code written primarily by:
- Todd Miller
- Chris Jepeway
-
-
-1.6.9 October 26, 2004 7
+1.6.9 November 11, 2004 7
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ Todd Miller
+ Chris Jepeway
+
See the HISTORY file in the s\bsu\bud\bdo\bo distribution or visit
http://www.sudo.ws/sudo/history.html for a short history
of s\bsu\bud\bdo\bo.
ranties, including, but not limited to, the implied war
ranties of merchantability and fitness for a particular
purpose are disclaimed. See the LICENSE file distributed
- with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for com
- plete details.
+ with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
+
+
+
+1.6.9 November 11, 2004 8
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
+ complete details.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-1.6.9 October 26, 2004 8
+1.6.9 November 11, 2004 9
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "October 26, 2004" "1.6.9" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "November 11, 2004" "1.6.9" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
-\&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR [\fIusername\fR] | \fB\-v\fR
+\&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
.PP
\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
[\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
run a password will be required. This option does not require a password
and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
file.
-.IP "\-l [\fIusername\fR]" 4
-.IX Item "-l [username]"
+.IP "\-l" 4
+.IX Item "-l"
The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and forbidden)
-commands for \fIusername\fR on the current host. If \fIusername\fR is
-ommitted, the information listed will be for the invoking user.
-Only the superuser may list other user's commands.
+commands for the user on the current host. If the \fB\-u\fR flag is
+specified and the invoking user has \fBsudo\fR \f(CW\*(C`ALL\*(C'\fR on the current host,
+the information listed will be for the user specified by the \fB\-u\fR flag.
.IP "\-p" 4
.IX Item "-p"
The \fB\-p\fR (\fIprompt\fR) option allows you to override the default
\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (\s-1HP\-UX\s0 only), and \f(CW\*(C`LIBPATH\*(C'\fR (\s-1AIX\s0
only) environment variables are removed from the environment passed
on to all commands executed. \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR,
-\&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRBCONFDIR\*(C'\fR, \f(CW\*(C`KRBTKFILE\*(C'\fR,
+\&\f(CW\*(C`CDPATH\*(C'\fR, \f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRBCONFDIR\*(C'\fR, \f(CW\*(C`KRBTKFILE\*(C'\fR,
\&\f(CW\*(C`KRB5_CONFIG\*(C'\fR, \f(CW\*(C`LOCALDOMAIN\*(C'\fR, \f(CW\*(C`RES_OPTIONS\*(C'\fR, \f(CW\*(C`HOSTALIASES\*(C'\fR,
\&\f(CW\*(C`NLSPATH\*(C'\fR, \f(CW\*(C`PATH_LOCALE\*(C'\fR, \f(CW\*(C`TERMINFO\*(C'\fR, \f(CW\*(C`TERMINFO_DIRS\*(C'\fR and
\&\f(CW\*(C`TERMPATH\*(C'\fR variables as they too can pose a threat. If the
\&\f(CW\*(C`TERMCAP\*(C'\fR variable is set and is a pathname, it too is ignored.
Additionally, if the \f(CW\*(C`LC_*\*(C'\fR or \f(CW\*(C`LANGUAGE\*(C'\fR variables contain the
-\&\f(CW\*(C`/\*(C'\fR or \f(CW\*(C`%\*(C'\fR characters, they are ignored. If \fBsudo\fR has been
+\&\f(CW\*(C`/\*(C'\fR or \f(CW\*(C`%\*(C'\fR characters, they are ignored. Environment variables
+with a value beginning with \f(CW\*(C`()\*(C'\fR are also removed as they could
+be interpreted as \fBbash\fR functions. If \fBsudo\fR has been
compiled with SecurID support, the \f(CW\*(C`VAR_ACE\*(C'\fR, \f(CW\*(C`USR_ACE\*(C'\fR and
\&\f(CW\*(C`DLC_ACE\*(C'\fR variables are cleared as well. The list of environment
variables that \fBsudo\fR clears is contained in the output of
=head1 SYNOPSIS
-B<sudo> B<-K> | B<-L> | B<-V> | B<-h> | B<-k> | B<-l> [I<username>] | B<-v>
+B<sudo> B<-K> | B<-L> | B<-V> | B<-h> | B<-k> | B<-l> | B<-v>
B<sudo> [B<-HPSb>] S<[B<-a> I<auth_type>]> S<[B<-c> I<class>|I<->]>
S<[B<-p> I<prompt>]> S<[B<-u> I<username>|I<#uid>]>
and was added to allow a user to revoke B<sudo> permissions from a .logout
file.
-=item -l [I<username>]
+=item -l
The B<-l> (I<list>) option will list out the allowed (and forbidden)
-commands for I<username> on the current host. If I<username> is
-ommitted, the information listed will be for the invoking user.
-Only the superuser may list other user's commands.
+commands for the user on the current host. If the B<-u> flag is
+specified and the invoking user has B<sudo> C<ALL> on the current host,
+the information listed will be for the user specified by the B<-u> flag.
=item -p
C<LD_*>, C<_RLD_*>, C<SHLIB_PATH> (HP-UX only), and C<LIBPATH> (AIX
only) environment variables are removed from the environment passed
on to all commands executed. B<sudo> will also remove the C<IFS>,
-C<ENV>, C<BASH_ENV>, C<KRB_CONF>, C<KRBCONFDIR>, C<KRBTKFILE>,
+C<CDPATH>, C<ENV>, C<BASH_ENV>, C<KRB_CONF>, C<KRBCONFDIR>, C<KRBTKFILE>,
C<KRB5_CONFIG>, C<LOCALDOMAIN>, C<RES_OPTIONS>, C<HOSTALIASES>,
C<NLSPATH>, C<PATH_LOCALE>, C<TERMINFO>, C<TERMINFO_DIRS> and
C<TERMPATH> variables as they too can pose a threat. If the
C<TERMCAP> variable is set and is a pathname, it too is ignored.
Additionally, if the C<LC_*> or C<LANGUAGE> variables contain the
-C</> or C<%> characters, they are ignored. If B<sudo> has been
+C</> or C<%> characters, they are ignored. Environment variables
+with a value beginning with C<()> are also removed as they could
+be interpreted as B<bash> functions. If B<sudo> has been
compiled with SecurID support, the C<VAR_ACE>, C<USR_ACE> and
C<DLC_ACE> variables are cleared as well. The list of environment
variables that B<sudo> clears is contained in the output of
projects / sudo / commitdiff