33) Move prototypes to extern.h?
-34) Get rid of VALIDATE_NOT_OK and just set/clear VALIDATE_OK
+34) visudo -c should also sanity check aliases
-35) visudo -c should also sanity check aliases
+35) Use AC_CHECK_DECLS for systems w/o proper prototypes? Maybe errno too?
-36) Use AC_CHECK_DECLS for systems w/o proper prototypes? Maybe errno too?
-
-37) Flesh out testsudoers and fix glob/opendir issues. Use custom netgroup
+36) Flesh out testsudoers and fix glob/opendir issues. Use custom netgroup
code too?
-38) Think some more about giving admins a way to test commands for a user
+37) Think some more about giving admins a way to test commands for a user
on a specific host with a different sudoers file.
-39) Add nsswitch.conf parsing to LDAP support.
-
-40) Refactor duplicated code in ldap.c into wrapper functions.
+38) Refactor duplicated code in ldap.c into wrapper functions.
-41) Return command from command_matches() instead of setting safe_cmnd directly.
+39) Return command from command_matches() instead of setting safe_cmnd directly.
-42) Roll visudo into sudo ala sudoedit.
+40) Roll visudo into sudo ala sudoedit.
-43) Add ticket file to ticket dir in non-tty tickets case so we
+41) Add ticket file to ticket dir in non-tty tickets case so we
can mix tty and non-tty ticket schemes.
-44) Use ldap_get_values_len() instead of ldap_get_values() for
- OpenLDAP (what about others?)
-
-45) Add support for NOEXEC w/ 64-bit AIX executables.
+42) Add support for NOEXEC w/ 64-bit AIX executables.
http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.xlf91a.doc/xlfug/comp64.htm
-46) Revisit debian fqdn diffs.
+43) Revisit debian fqdn diffs.
-47) Add gettext() support. Can borrow some translations from PAM.
+44) Add gettext() support. Can borrow some translations from PAM.
-48) Convert the other capitalized files into .pod so we can get decent html
+45) Convert the other capitalized files into .pod so we can get decent html
form them? E.g. README, etc. E.g.
pod2text -l -i0 history.pod > HISTORY
pod2html --noindex history.pod > history.html
-49) Use mkstemp() for visudo temp files? Also re-examine locking.
+46) Use mkstemp() for visudo temp files? Also re-examine locking.
-50) Run sudo thorugh valgrind
+47) Run sudo thorugh valgrind
-51) Make -a and -c options in sudo.pod only visible when available.
+48) Make -a and -c options in sudo.pod only visible when available.
Could use an nroff register combines with configure substitute magic.
Note that configure substitution runs on the .man.in file not the
.pod file.
-52) Consolidate line wrap code.
+49) Consolidate line wrap code.
-53) How can we distinguish between a bare '\\' and one that is escaping
+50) How can we distinguish between a bare '\\' and one that is escaping
glob chars? Right now we convert \\ -> \ in the lexer which
causes the confusion.
-54) For LDAP entries, should be able to parse the per-command options
+51) For LDAP entries, should be able to parse the per-command options
since they may affect the outcome (e.g. default_runas).
-55) Better LDAP documention. Perhaps a sudo-ldap man page.
+52) Better LDAP documention. Perhaps a sudo-ldap man page.
-56) Improve nss error handling. Consider removing sources that
+53) Improve nss error handling. Consider removing sources that
can't be opened. Need to keep in mind ret_notfound.
-57) lookup method should only return VALIDATE_NOT_OK if matched !command.
+54) lookup method should only return VALIDATE_NOT_OK if matched !command.
+
+55) Convert LDAP code from using deprecated interfaces and stop
+ defining LDAP_DEPRECATED in configure. Deprecated functions:
+ ldap_search_s ldap_init ldap_simple_bind_s ldap_unbind_s
+
+56) Emulate ldap_initialize() on SDKs where it is not available?
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
N\bNA\bAM\bME\bE
-1.7 December 10, 2007 1
+1.7 January 1, 2008 1
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
commands through sudo even when a root shell has been
descriptor three). Values less than three are
not permitted. This option is only available
if the administrator has enabled the _\bc_\bl_\bo_\bs_\be_\b-
- _\bf_\br_\bo_\bm_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be option in _\bs_\bu_\bd_\bo_\be_\br_\bs(4).
+ _\bf_\br_\bo_\bm_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be option in _\bs_\bu_\bd_\bo_\be_\br_\bs(5).
-c _\bc_\bl_\ba_\bs_\bs The -\b-c\bc (_\bc_\bl_\ba_\bs_\bs) option causes s\bsu\bud\bdo\bo to run the
specified command with resources limited by
-1.7 December 10, 2007 2
+1.7 January 1, 2008 2
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
-E The -\b-E\bE (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt) option will
- override the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option in _\bs_\bu_\bd_\bo_\be_\br_\bs(4)).
+ override the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option in _\bs_\bu_\bd_\bo_\be_\br_\bs(5)).
It is only available when either the matching
command has the SETENV tag or the _\bs_\be_\bt_\be_\bn_\bv
- option is set in _\bs_\bu_\bd_\bo_\be_\br_\bs(4).
+ option is set in _\bs_\bu_\bd_\bo_\be_\br_\bs(5).
-e The -\b-e\be (_\be_\bd_\bi_\bt) option indicates that, instead
of running a command, the user wishes to edit
-H The -\b-H\bH (_\bH_\bO_\bM_\bE) option sets the HOME environment
variable to the homedir of the target user
- (root by default) as specified in _\bp_\ba_\bs_\bs_\bw_\bd(4).
+ (root by default) as specified in _\bp_\ba_\bs_\bs_\bw_\bd(5).
-1.7 December 10, 2007 3
+1.7 January 1, 2008 3
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
By default, s\bsu\bud\bdo\bo does not modify HOME (see
- _\bs_\be_\bt_\b__\bh_\bo_\bm_\be and _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be in _\bs_\bu_\bd_\bo_\be_\br_\bs(4)).
+ _\bs_\be_\bt_\b__\bh_\bo_\bm_\be and _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be in _\bs_\bu_\bd_\bo_\be_\br_\bs(5)).
-h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes s\bsu\bud\bdo\bo to print a
usage message and exit.
-i [command]
The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs
- the shell specified in the _\bp_\ba_\bs_\bs_\bw_\bd(4) entry of
+ the shell specified in the _\bp_\ba_\bs_\bs_\bw_\bd(5) entry of
the target user as a login shell. This means
that login-specific resource files such as
.profile or .login will be read by the shell.
running the shell. It also initializes the
environment, leaving _\bD_\bI_\bS_\bP_\bL_\bA_\bY and _\bT_\bE_\bR_\bM
unchanged, setting _\bH_\bO_\bM_\bE, _\bS_\bH_\bE_\bL_\bL, _\bU_\bS_\bE_\bR, _\bL_\bO_\bG_\bN_\bA_\bM_\bE,
- and _\bP_\bA_\bT_\bH, and unsetting all other environment
- variables.
+ and _\bP_\bA_\bT_\bH, as well as the contents of
+ _\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt. All other environment vari-
+ ables are removed.
-K The -\b-K\bK (sure _\bk_\bi_\bl_\bl) option is like -\b-k\bk except
that it removes the user's timestamp entirely.
allowed, s\bsu\bud\bdo\bo will exit with a return value of
1.
- -P The -\b-P\bP (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\bg_\br_\bo_\bu_\bp _\bv_\be_\bc_\bt_\bo_\br) option causes
-1.7 December 10, 2007 4
+1.7 January 1, 2008 4
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
+ -P The -\b-P\bP (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\bg_\br_\bo_\bu_\bp _\bv_\be_\bc_\bt_\bo_\br) option causes
s\bsu\bud\bdo\bo to preserve the invoking user's group
vector unaltered. By default, s\bsu\bud\bdo\bo will ini-
tialize the group vector to the list of groups
-s [command]
The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified
by the _\bS_\bH_\bE_\bL_\bL environment variable if it is set
- or the shell as specified in _\bp_\ba_\bs_\bs_\bw_\bd(4). If a
+ or the shell as specified in _\bp_\ba_\bs_\bs_\bw_\bd(5). If a
command is specified, it is passed to the
shell for execution. Otherwise, an interac-
tive shell is executed.
-u _\bu_\bs_\be_\br The -\b-u\bu (_\bu_\bs_\be_\br) option causes s\bsu\bud\bdo\bo to run the
specified command as a user other than _\br_\bo_\bo_\bt.
- To specify a _\bu_\bi_\bd instead of a _\bu_\bs_\be_\br _\bn_\ba_\bm_\be, use
-1.7 December 10, 2007 5
+1.7 January 1, 2008 5
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
+ To specify a _\bu_\bi_\bd instead of a _\bu_\bs_\be_\br _\bn_\ba_\bm_\be, use
_\b#_\bu_\bi_\bd. When running commands as a _\bu_\bi_\bd, many
shells require that the '#' be escaped with a
backslash ('\'). Note that if the _\bt_\ba_\br_\bg_\be_\bt_\bp_\bw
- Defaults option is set (see _\bs_\bu_\bd_\bo_\be_\br_\bs(4)) it is
+ Defaults option is set (see _\bs_\bu_\bd_\bo_\be_\br_\bs(5)) it is
not possible to run commands with a uid not
listed in the password database.
important exception. If the _\bs_\be_\bt_\be_\bn_\bv option is set in _\bs_\bu_\bd_\bo_\b-
_\be_\br_\bs, the command to be run has the SETENV tag set or the
command matched is ALL, the user may set variables that
- would overwise be forbidden. See _\bs_\bu_\bd_\bo_\be_\br_\bs(4) for more
+ would overwise be forbidden. See _\bs_\bu_\bd_\bo_\be_\br_\bs(5) for more
information.
R\bRE\bET\bTU\bUR\bRN\bN V\bVA\bAL\bLU\bUE\bES\bS
+1.7 January 1, 2008 6
-1.7 December 10, 2007 6
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
S\bSE\bEC\bCU\bUR\bRI\bIT\bTY\bY N\bNO\bOT\bTE\bES\bS
-1.7 December 10, 2007 7
+1.7 January 1, 2008 7
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
owned by root and inaccessible by any other user, the user
s\bsu\bud\bdo\bo to verify that the command does not inadvertently
give the user an effective root shell. For more informa-
tion, please see the PREVENTING SHELL ESCAPES section in
- _\bs_\bu_\bd_\bo_\be_\br_\bs(4).
+ _\bs_\bu_\bd_\bo_\be_\br_\bs(5).
E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
s\bsu\bud\bdo\bo utilizes the following environment variables:
-1.7 December 10, 2007 8
+1.7 January 1, 2008 8
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
sudo
F\bFI\bIL\bLE\bES\bS
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo Directory containing timestamps
+ _\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt Initial environment for -\b-i\bi m\bmo\bod\bde\be
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
- Note: the following examples assume suitable _\bs_\bu_\bd_\bo_\be_\br_\bs(4)
+ Note: the following examples assume suitable _\bs_\bu_\bd_\bo_\be_\br_\bs(5)
entries.
To get a file listing of an unreadable directory:
$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\bg_\br_\be_\bp(1), _\bs_\bu(1), _\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), _\bp_\ba_\bs_\bs_\bw_\bd(4),
- _\bs_\bu_\bd_\bo_\be_\br_\bs(4), _\bv_\bi_\bs_\bu_\bd_\bo(1m)
+ _\bg_\br_\be_\bp(1), _\bs_\bu(1), _\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), _\bp_\ba_\bs_\bs_\bw_\bd(5),
+ _\bs_\bu_\bd_\bo_\be_\br_\bs(5), _\bv_\bi_\bs_\bu_\bd_\bo(8)
A\bAU\bUT\bTH\bHO\bOR\bRS\bS
Many people have worked on s\bsu\bud\bdo\bo over the years; this ver-
Todd C. Miller
See the HISTORY file in the s\bsu\bud\bdo\bo distribution or visit
- http://www.sudo.ws/sudo/history.html for a short history
-1.7 December 10, 2007 9
+1.7 January 1, 2008 9
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
+ http://www.sudo.ws/sudo/history.html for a short history
of s\bsu\bud\bdo\bo.
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
user to run commands via shell escapes, thus avoiding
s\bsu\bud\bdo\bo's checks. However, on most systems it is possible to
prevent shell escapes with s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality.
- See the _\bs_\bu_\bd_\bo_\be_\br_\bs(4) manual for details.
+ See the _\bs_\bu_\bd_\bo_\be_\br_\bs(5) manual for details.
It is not meaningful to run the cd command directly via
sudo, e.g.,
-
-1.7 December 10, 2007 10
+1.7 January 1, 2008 10
projects / sudo / commitdiff