-1.7.4b3 July 21, 2010 1
+1.7.4 July 21, 2010 1
-1.7.4b3 July 21, 2010 2
+1.7.4 July 21, 2010 2
shell-style wildcards (see the Wildcards section below), but unless the
host name command on your machine returns the fully qualified host
name, you'll need to use the _\bf_\bq_\bd_\bn option for wildcards to be useful.
+ Note s\bsu\bud\bdo\bo only inspects actual network interfaces; this means that IP
+ address 127.0.0.1 (localhost) will never match. Also, the host name
+ "localhost" will only match if that is the actual host name, which is
+ usually only the case for non-networked systems.
Cmnd_List ::= Cmnd |
Cmnd ',' Cmnd_List
A Cmnd_List is a list of one or more commandnames, directories, and
other aliases. A commandname is a fully qualified file name which may
- include shell-style wildcards (see the Wildcards section below). A
- simple file name allows the user to run the command with any arguments
- he/she wishes. However, you may also specify command line arguments
- (including wildcards). Alternately, you can specify "" to indicate
-1.7.4b3 July 21, 2010 3
+1.7.4 July 21, 2010 3
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ include shell-style wildcards (see the Wildcards section below). A
+ simple file name allows the user to run the command with any arguments
+ he/she wishes. However, you may also specify command line arguments
+ (including wildcards). Alternately, you can specify "" to indicate
that the command may only be run w\bwi\bit\bth\bho\bou\but\bt command line arguments. A
directory is a fully qualified path name ending in a '/'. When you
specify a directory in a Cmnd_List, the user will be able to run any
is not an error to use the -= operator to remove an element that does
not exist in a list.
- Defaults entries are parsed in the following order: generic, host and
- user Defaults first, then runas Defaults and finally command defaults.
-
- See "SUDOERS OPTIONS" for a list of supported Defaults parameters.
-1.7.4b3 July 21, 2010 4
+1.7.4 July 21, 2010 4
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ Defaults entries are parsed in the following order: generic, host and
+ user Defaults first, then runas Defaults and finally command defaults.
+
+ See "SUDOERS OPTIONS" for a list of supported Defaults parameters.
+
U\bUs\bse\ber\br S\bSp\bpe\bec\bci\bif\bfi\bic\bca\bat\bti\bio\bon\bn
User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \
(':' Host_List '=' Cmnd_Spec_List)*
$ sudo -u operator /bin/ls.
- It is also possible to override a Runas_Spec later on in an entry. If
- we modify the entry like so:
- dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
+1.7.4 July 21, 2010 5
-1.7.4b3 July 21, 2010 5
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ It is also possible to override a Runas_Spec later on in an entry. If
+ we modify the entry like so:
+ dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
Then user d\bdg\bgb\bb is now allowed to run _\b/_\bb_\bi_\bn_\b/_\bl_\bs as o\bop\bpe\ber\bra\bat\bto\bor\br, but _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl
and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm as r\bro\boo\bot\bt.
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
Note, however, that the PASSWD tag has no effect on users who are in
- the group specified by the _\be_\bx_\be_\bm_\bp_\bt_\b__\bg_\br_\bo_\bu_\bp option.
-
- By default, if the NOPASSWD tag is applied to any of the entries for a
- user on the current host, he or she will be able to run sudo -l without
- a password. Additionally, a user may only run sudo -v without a
-1.7.4b3 July 21, 2010 6
+1.7.4 July 21, 2010 6
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ the group specified by the _\be_\bx_\be_\bm_\bp_\bt_\b__\bg_\br_\bo_\bu_\bp option.
+
+ By default, if the NOPASSWD tag is applied to any of the entries for a
+ user on the current host, he or she will be able to run sudo -l without
+ a password. Additionally, a user may only run sudo -v without a
password if the NOPASSWD tag is present for all a user's entries that
pertain to the current host. This behavior may be overridden via the
verifypw and listpw options.
? Matches any single character.
- [...] Matches any character in the specified range.
-
- [!...] Matches any character n\bno\bot\bt in the specified range.
+1.7.4 July 21, 2010 7
-1.7.4b3 July 21, 2010 7
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ [...] Matches any character in the specified range.
+ [!...] Matches any character n\bno\bot\bt in the specified range.
\x For any character "x", evaluates to "x". This is used to
escape special characters such as: "*", "?", "[", and "}".
#include /etc/sudoers.%h
- will cause s\bsu\bud\bdo\bo to include the file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bx_\be_\br_\bx_\be_\bs.
-
- The #includedir directive can be used to create a _\bs_\bu_\bd_\bo_\b._\bd directory that
-
-1.7.4b3 July 21, 2010 8
+1.7.4 July 21, 2010 8
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ will cause s\bsu\bud\bdo\bo to include the file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bx_\be_\br_\bx_\be_\bs.
+
+ The #includedir directive can be used to create a _\bs_\bu_\bd_\bo_\b._\bd directory that
the system package manager can drop _\bs_\bu_\bd_\bo_\be_\br_\bs rules into as part of
package installation. For example, given:
used as part of a word (e.g. a user name or host name): '@', '!', '=',
':', ',', '(', ')', '\'.
-S\bSU\bUD\bDO\bOE\bER\bRS\bS O\bOP\bPT\bTI\bIO\bON\bNS\bS
- s\bsu\bud\bdo\bo's behavior can be modified by Default_Entry lines, as explained
- earlier. A list of all supported Defaults parameters, grouped by type,
- are listed below.
-1.7.4b3 July 21, 2010 9
+
+1.7.4 July 21, 2010 9
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+S\bSU\bUD\bDO\bOE\bER\bRS\bS O\bOP\bPT\bTI\bIO\bON\bNS\bS
+ s\bsu\bud\bdo\bo's behavior can be modified by Default_Entry lines, as explained
+ earlier. A list of all supported Defaults parameters, grouped by type,
+ are listed below.
+
B\bBo\boo\bol\ble\bea\ban\bn F\bFl\bla\bag\bgs\bs:
always_set_home If enabled, s\bsu\bud\bdo\bo will set the HOME environment variable
variable. This flag is _\bo_\bn by default.
fast_glob Normally, s\bsu\bud\bdo\bo uses the _\bg_\bl_\bo_\bb(3) function to do shell-
- style globbing when matching path names. However,
- since it accesses the file system, _\bg_\bl_\bo_\bb(3) can take a
- long time to complete for some patterns, especially
- when the pattern references a network file system that
- is mounted on demand (automounted). The _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb
-1.7.4b3 July 21, 2010 10
+1.7.4 July 21, 2010 10
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ style globbing when matching path names. However,
+ since it accesses the file system, _\bg_\bl_\bo_\bb(3) can take a
+ long time to complete for some patterns, especially
+ when the pattern references a network file system that
+ is mounted on demand (automounted). The _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb
option causes s\bsu\bud\bdo\bo to use the _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3) function,
which does not access the file system to do its
matching. The disadvantage of _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb is that it is
incorrect password. This flag is _\bo_\bf_\bf by default.
log_host If set, the host name will be logged in the (non-
- syslog) s\bsu\bud\bdo\bo log file. This flag is _\bo_\bf_\bf by default.
- log_year If set, the four-digit year will be logged in the (non-
- syslog) s\bsu\bud\bdo\bo log file. This flag is _\bo_\bf_\bf by default.
+1.7.4 July 21, 2010 11
-1.7.4b3 July 21, 2010 11
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ syslog) s\bsu\bud\bdo\bo log file. This flag is _\bo_\bf_\bf by default.
+ log_year If set, the four-digit year will be logged in the (non-
+ syslog) s\bsu\bud\bdo\bo log file. This flag is _\bo_\bf_\bf by default.
long_otp_prompt When validating with a One Time Password (OPT) scheme
such as S\bS/\b/K\bKe\bey\by or O\bOP\bPI\bIE\bE, a two-line prompt is used to
The password prompt specified by _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will
normally only be used if the password prompt provided
by systems such as PAM matches the string "Password:".
- If _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be is set, _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will always
- be used. This flag is _\bo_\bf_\bf by default.
-
- preserve_groups By default, s\bsu\bud\bdo\bo will initialize the group vector to
- the list of groups the target user is in. When
-1.7.4b3 July 21, 2010 12
+1.7.4 July 21, 2010 12
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ If _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be is set, _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will always
+ be used. This flag is _\bo_\bf_\bf by default.
+
+ preserve_groups By default, s\bsu\bud\bdo\bo will initialize the group vector to
+ the list of groups the target user is in. When
_\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, the user's existing group
vector is left unaltered. The real and effective group
IDs, however, are still set to match the target user.
disabled. This flag is _\bo_\bf_\bf by default.
set_logname Normally, s\bsu\bud\bdo\bo will set the LOGNAME, USER and USERNAME
- environment variables to the name of the target user
- (usually root unless the -\b-u\bu option is given). However,
- since some programs (including the RCS revision control
- system) use LOGNAME to determine the real identity of
- the user, it may be desirable to change this behavior.
-1.7.4b3 July 21, 2010 13
+1.7.4 July 21, 2010 13
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ environment variables to the name of the target user
+ (usually root unless the -\b-u\bu option is given). However,
+ since some programs (including the RCS revision control
+ system) use LOGNAME to determine the real identity of
+ the user, it may be desirable to change this behavior.
This can be done by negating the set_logname option.
Note that if the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option has not been
disabled, entries in the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list will override
a unique session ID that is included in the normal s\bsu\bud\bdo\bo
log line, prefixed with _\bT_\bS_\bI_\bD_\b=.
- log_output If set, s\bsu\bud\bdo\bo will run the command in a _\bp_\bs_\be_\bu_\bd_\bo _\bt_\bt_\by and
- log all output that is sent to the screen, similar to
- the _\bs_\bc_\br_\bi_\bp_\bt(1) command. If the standard output or
- standard error is not connected to the user's tty, due
- to I/O redirection or because the command is part of a
-1.7.4b3 July 21, 2010 14
+1.7.4 July 21, 2010 14
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ log_output If set, s\bsu\bud\bdo\bo will run the command in a _\bp_\bs_\be_\bu_\bd_\bo _\bt_\bt_\by and
+ log all output that is sent to the screen, similar to
+ the _\bs_\bc_\br_\bi_\bp_\bt(1) command. If the standard output or
+ standard error is not connected to the user's tty, due
+ to I/O redirection or because the command is part of a
pipeline, that output is also captured and stored in
separate log files.
closefrom Before it executes a command, s\bsu\bud\bdo\bo will close all open
file descriptors other than standard input, standard
- output and standard error (ie: file descriptors 0-2).
- The _\bc_\bl_\bo_\bs_\be_\bf_\br_\bo_\bm option can be used to specify a different
- file descriptor at which to start closing. The default
- is 3.
-
-1.7.4b3 July 21, 2010 15
+1.7.4 July 21, 2010 15
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ output and standard error (ie: file descriptors 0-2).
+ The _\bc_\bl_\bo_\bs_\be_\bf_\br_\bo_\bm option can be used to specify a different
+ file descriptor at which to start closing. The default
+ is 3.
+
passwd_tries The number of tries a user gets to enter his/her
password before s\bsu\bud\bdo\bo logs the failure and exits. The
default is 3.
possible, or the first editor in the list that exists
and is executable. The default is "vi".
- mailsub Subject of the mail sent to the _\bm_\ba_\bi_\bl_\bt_\bo user. The escape
- %h will expand to the host name of the machine.
- Default is *** SECURITY information for %h ***.
-
- noexec_file Path to a shared library containing dummy versions of
-1.7.4b3 July 21, 2010 16
+1.7.4 July 21, 2010 16
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ mailsub Subject of the mail sent to the _\bm_\ba_\bi_\bl_\bt_\bo user. The escape
+ %h will expand to the host name of the machine.
+ Default is *** SECURITY information for %h ***.
+
+ noexec_file Path to a shared library containing dummy versions of
the _\be_\bx_\be_\bc_\bv_\b(_\b), _\be_\bx_\be_\bc_\bv_\be_\b(_\b) and _\bf_\be_\bx_\be_\bc_\bv_\be_\b(_\b) library functions
that just return an error. This is used to implement
the _\bn_\bo_\be_\bx_\be_\bc functionality on systems that support
syslog_goodpri Syslog priority to use when user authenticates
successfully. Defaults to notice.
- sudoers_locale Locale to use when parsing the sudoers file. Note that
- changing the locale may affect how sudoers is
- interpreted. Defaults to "C".
-
- timestampdir The directory in which s\bsu\bud\bdo\bo stores its timestamp files.
-1.7.4b3 July 21, 2010 17
+1.7.4 July 21, 2010 17
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ sudoers_locale Locale to use when parsing the sudoers file. Note that
+ changing the locale may affect how sudoers is
+ interpreted. Defaults to "C".
+
+ timestampdir The directory in which s\bsu\bud\bdo\bo stores its timestamp files.
The default is _\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo.
timestampowner The owner of the timestamp directory and the timestamps
Negating the option results in a value of _\bn_\be_\bv_\be_\br being used.
The default value is _\bo_\bn_\bc_\be.
- lecture_file
- Path to a file containing an alternate s\bsu\bud\bdo\bo lecture that
- will be used in place of the standard lecture if the named
- file exists. By default, s\bsu\bud\bdo\bo uses a built-in lecture.
-
-1.7.4b3 July 21, 2010 18
+1.7.4 July 21, 2010 18
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ lecture_file
+ Path to a file containing an alternate s\bsu\bud\bdo\bo lecture that
+ will be used in place of the standard lecture if the named
+ file exists. By default, s\bsu\bud\bdo\bo uses a built-in lecture.
+
listpw This option controls when a password will be required when
a user runs s\bsu\bud\bdo\bo with the -\b-l\bl option. It has the following
possible values:
option is not set by default.
syslog Syslog facility if syslog is being used for logging (negate
- to disable syslog logging). Defaults to local2.
-
- verifypw This option controls when a password will be required when
- a user runs s\bsu\bud\bdo\bo with the -\b-v\bv option. It has the following
- possible values:
-1.7.4b3 July 21, 2010 19
+1.7.4 July 21, 2010 19
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ to disable syslog logging). Defaults to local2.
+
+ verifypw This option controls when a password will be required when
+ a user runs s\bsu\bud\bdo\bo with the -\b-v\bv option. It has the following
+ possible values:
+
all All the user's _\bs_\bu_\bd_\bo_\be_\br_\bs entries for the current host
must have the NOPASSWD flag set to avoid entering a
password.
any setuid process (such as s\bsu\bud\bdo\bo).
env_keep Environment variables to be preserved in the user's
- environment when the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is in effect.
- This allows fine-grained control over the environment
- s\bsu\bud\bdo\bo-spawned processes will receive. The argument may
- be a double-quoted, space-separated list or a single
- value without double-quotes. The list can be replaced,
- added to, deleted from, or disabled by using the =, +=,
-1.7.4b3 July 21, 2010 20
+1.7.4 July 21, 2010 20
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ environment when the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is in effect.
+ This allows fine-grained control over the environment
+ s\bsu\bud\bdo\bo-spawned processes will receive. The argument may
+ be a double-quoted, space-separated list or a single
+ value without double-quotes. The list can be replaced,
+ added to, deleted from, or disabled by using the =, +=,
-=, and ! operators respectively. The default list of
variables to keep is displayed when s\bsu\bud\bdo\bo is run by root
with the _\b-_\bV option.
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
- Host_Alias CDROM = orion, perseus, hercules
-
- # Cmnd alias specification
- Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
- /usr/sbin/restore, /usr/sbin/rrestore
- Cmnd_Alias KILL = /usr/bin/kill
-1.7.4b3 July 21, 2010 21
+1.7.4 July 21, 2010 21
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ Host_Alias CDROM = orion, perseus, hercules
+
+ # Cmnd alias specification
+ Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
+ /usr/sbin/restore, /usr/sbin/rrestore
+ Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
any host but they must authenticate themselves first (since the entry
lacks the NOPASSWD tag).
- jack CSNETS = ALL
-
- The user j\bja\bac\bck\bk may run any command on the machines in the _\bC_\bS_\bN_\bE_\bT_\bS alias
- (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of
- those networks, only 128.138.204.0 has an explicit netmask (in CIDR
-
-1.7.4b3 July 21, 2010 22
+1.7.4 July 21, 2010 22
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ jack CSNETS = ALL
+
+ The user j\bja\bac\bck\bk may run any command on the machines in the _\bC_\bS_\bN_\bE_\bT_\bS alias
+ (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of
+ those networks, only 128.138.204.0 has an explicit netmask (in CIDR
notation) indicating it is a class C network. For the other networks
in _\bC_\bS_\bN_\bE_\bT_\bS, the local machine's netmask will be used during matching.
fred ALL = (DB) NOPASSWD: ALL
- The user f\bfr\bre\bed\bd can run commands as any user in the _\bD_\bB Runas_Alias
- (o\bor\bra\bac\bcl\ble\be or s\bsy\byb\bba\bas\bse\be) without giving a password.
- john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+1.7.4 July 21, 2010 23
-1.7.4b3 July 21, 2010 23
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ The user f\bfr\bre\bed\bd can run commands as any user in the _\bD_\bB Runas_Alias
+ (o\bor\bra\bac\bcl\ble\be or s\bsy\byb\bba\bas\bse\be) without giving a password.
+ john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
On the _\bA_\bL_\bP_\bH_\bA machines, user j\bjo\boh\bhn\bn may su to anyone except root but he is
not allowed to specify any options to the _\bs_\bu(1) command.
Doesn't really prevent b\bbi\bil\bll\bl from running the commands listed in _\bS_\bU or
_\bS_\bH_\bE_\bL_\bL_\bS since he can simply copy those commands to a different name, or
use a shell escape from an editor or other program. Therefore, these
- kind of restrictions should be considered advisory at best (and
- reinforced by policy).
- Furthermore, if the _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb option is in use, it is not possible to
- reliably negate commands where the path name includes globbing (aka
-
-1.7.4b3 July 21, 2010 24
+1.7.4 July 21, 2010 24
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ kind of restrictions should be considered advisory at best (and
+ reinforced by policy).
+
+ Furthermore, if the _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb option is in use, it is not possible to
+ reliably negate commands where the path name includes globbing (aka
wildcard) characters. This is because the C library's _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3)
function cannot resolve relative paths. While this is typically only
an inconvenience for rules that grant privileges, it can result in a
File containing dummy exec functions:
- then s\bsu\bud\bdo\bo may be able to replace the exec family of functions
- in the standard library with its own that simply return an
- error. Unfortunately, there is no foolproof way to know
- whether or not _\bn_\bo_\be_\bx_\be_\bc will work at compile-time. _\bn_\bo_\be_\bx_\be_\bc
- should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
-1.7.4b3 July 21, 2010 25
+1.7.4 July 21, 2010 25
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ then s\bsu\bud\bdo\bo may be able to replace the exec family of functions
+ in the standard library with its own that simply return an
+ error. Unfortunately, there is no foolproof way to know
+ whether or not _\bn_\bo_\be_\bx_\be_\bc will work at compile-time. _\bn_\bo_\be_\bx_\be_\bc
+ should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
MacOS X, and HP-UX 11.x. It is known n\bno\bot\bt to work on AIX and
UnixWare. _\bn_\bo_\be_\bx_\be_\bc is expected to work on most operating
systems that support the LD_PRELOAD environment variable.
http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
the archives.
+
+
+
+
+1.7.4 July 21, 2010 26
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
s\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of
-1.7.4b3 July 21, 2010 26
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+1.7.4 July 21, 2010 27
projects / sudo / commitdiff