-1.6.8 August 5, 2004 1
+1.6.8 August 6, 2004 1
-H The -\b-H\bH (_\bH_\bO_\bM_\bE) option sets the HOME environment vari
able to the homedir of the target user (root by
- default) as specified in passwd(5). By default, s\bsu\bud\bdo\bo
+ default) as specified in passwd(4). By default, s\bsu\bud\bdo\bo
does not modify HOME (see _\bs_\be_\bt_\b__\bh_\bo_\bm_\be and _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be
- in sudoers(5)).
+ in sudoers(4)).
-K The -\b-K\bK (sure _\bk_\bi_\bl_\bl) option is like -\b-k\bk except that it
removes the user's timestamp entirely. Like -\b-k\bk, this
-1.6.8 August 5, 2004 2
+1.6.8 August 6, 2004 2
sage and exit.
-i The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs the shell
- specified in the passwd(5) entry of the user that the
+ specified in the passwd(4) entry of the user that the
command is being run as. The command name argument
given to the shell begins with a - to tell the shell
to run as a login shell. s\bsu\bud\bdo\bo attempts to change to
-1.6.8 August 5, 2004 3
+1.6.8 August 6, 2004 3
-s The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by the
_\bS_\bH_\bE_\bL_\bL environment variable if it is set or the shell
- as specified in passwd(5).
+ as specified in passwd(4).
-u The -\b-u\bu (_\bu_\bs_\be_\br) option causes s\bsu\bud\bdo\bo to run the specified
command as a user other than _\br_\bo_\bo_\bt. To specify a _\bu_\bi_\bd
- instead of a _\bu_\bs_\be_\br_\bn_\ba_\bm_\be, use _\b#_\bu_\bi_\bd.
+ instead of a _\bu_\bs_\be_\br_\bn_\ba_\bm_\be, use _\b#_\bu_\bi_\bd. Note that if the
+ _\bt_\ba_\br_\bg_\be_\bt_\bp_\bw Defaults option is set (see sudoers(4)) it is
+ not possible to run commands with a uid not listed in
+ the password database.
-v If given the -\b-v\bv (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bsu\bud\bdo\bo will update
the user's timestamp, prompting for the user's pass
in _\bs_\bu_\bd_\bo_\be_\br_\bs) but does not run a command.
-- The -\b--\b- flag indicates that s\bsu\bud\bdo\bo should stop processing
- command line arguments. It is most useful in conjunc
- tion with the -\b-s\bs flag.
-
-1.6.8 August 5, 2004 4
+1.6.8 August 6, 2004 4
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ command line arguments. It is most useful in conjunc
+ tion with the -\b-s\bs flag.
+
R\bRE\bET\bTU\bUR\bRN\bN V\bVA\bAL\bLU\bUE\bES\bS
Upon successful execution of a program, the return value
from s\bsu\bud\bdo\bo will simply be the return value of the program
cally.
s\bsu\bud\bdo\bo will check the ownership of its timestamp directory
- (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo by default) and ignore the directory's con
- tents if it is not owned by root and only writable by
- root. On systems that allow non-root users to give away
-1.6.8 August 5, 2004 5
+1.6.8 August 6, 2004 5
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo by default) and ignore the directory's con
+ tents if it is not owned by root and only writable by
+ root. On systems that allow non-root users to give away
files via _\bc_\bh_\bo_\bw_\bn(2), if the timestamp directory is located
in a directory writable by anyone (e.g.: _\b/_\bt_\bm_\bp), it is pos
sible for a user to create the timestamp directory before
user an effective root shell.
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
- Note: the following examples assume suitable sudoers(5)
+ Note: the following examples assume suitable sudoers(4)
entries.
To get a file listing of an unreadable directory:
To shutdown a machine:
- $ sudo shutdown -r +15 "quick reboot"
-
-
-1.6.8 August 5, 2004 6
+1.6.8 August 6, 2004 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ $ sudo shutdown -r +15 "quick reboot"
+
To make a usage listing of the directories in the /home
partition. Note that this runs the commands in a sub-
shell to make the cd and file redirection work.
-
-
-1.6.8 August 5, 2004 7
+1.6.8 August 6, 2004 7
user to run commands via shell escapes, thus avoiding
s\bsu\bud\bdo\bo's checks. However, on most systems it is possible to
prevent shell escapes with s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality.
- See the sudoers(5) manual for details.
+ See the sudoers(4) manual for details.
It is not meaningful to run the cd command directly via
sudo, e.g.
setuid shell scripts are generally safe).
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\bg_\br_\be_\bp(1), _\bs_\bu(1), _\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), sudoers(5),
- passwd(5), visudo(1m)
+ _\bg_\br_\be_\bp(1), _\bs_\bu(1), _\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), sudoers(4),
+ passwd(4), visudo(1m)
-1.6.8 August 5, 2004 8
+1.6.8 August 6, 2004 8
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "August 5, 2004" "1.6.8" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "August 6, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
.IX Item "-u"
The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a
-\&\fIusername\fR, use \fI#uid\fR.
+\&\fIusername\fR, use \fI#uid\fR. Note that if the \fItargetpw\fR Defaults
+option is set (see sudoers(@mansectform@)) it is not possible
+to run commands with a uid not listed in the password database.
.IP "\-v" 4
.IX Item "-v"
If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
projects / sudo / commitdiff