+++ /dev/null
-<HTML>
-<HEAD>
-<TITLE>Sudo Manual</TITLE>
-<LINK REV="made" HREF="mailto:root@localhost">
-</HEAD>
-
-<BODY>
-
-<!-- INDEX BEGIN -->
-
-<UL>
-
- <LI><A HREF="#NAME">NAME</A>
- <LI><A HREF="#SYNOPSIS">SYNOPSIS</A>
- <LI><A HREF="#DESCRIPTION">DESCRIPTION</A>
- <LI><A HREF="#OPTIONS">OPTIONS</A>
- <LI><A HREF="#RETURN_VALUES">RETURN VALUES</A>
- <LI><A HREF="#SECURITY_NOTES">SECURITY NOTES</A>
- <LI><A HREF="#EXAMPLES">EXAMPLES</A>
- <LI><A HREF="#ENVIRONMENT">ENVIRONMENT</A>
- <LI><A HREF="#FILES">FILES</A>
- <LI><A HREF="#FILES">FILES</A>
- <LI><A HREF="#AUTHORS">AUTHORS</A>
- <LI><A HREF="#BUGS">BUGS</A>
- <LI><A HREF="#DISCLAIMER">DISCLAIMER</A>
- <LI><A HREF="#CAVEATS">CAVEATS</A>
- <LI><A HREF="#SEE_ALSO">SEE ALSO</A>
-</UL>
-<!-- INDEX END -->
-
-<HR>
-<P>
-<HR>
-<H1><A NAME="NAME">NAME</A></H1>
-<P>
-sudo - execute a command as another user
-
-<P>
-<HR>
-<H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1>
-<P>
-<STRONG>sudo</STRONG> <STRONG>-V</STRONG> | <STRONG>-h</STRONG> | <STRONG>-l</STRONG> | <STRONG>-L</STRONG> | <STRONG>-v</STRONG> | <STRONG>-k</STRONG> | <STRONG>-K</STRONG> | <STRONG>-s</STRONG> | <STRONG>-H</STRONG> | [ <STRONG>-b</STRONG> ] | [ <STRONG>-p</STRONG> prompt ] [ <STRONG>-u</STRONG> username/#uid] <EM>command</EM>
-
-
-
-<P>
-<HR>
-<H1><A NAME="DESCRIPTION">DESCRIPTION</A></H1>
-<P>
-<STRONG>sudo</STRONG> allows a permitted user to execute a <EM>command</EM> as the superuser or another user, as specified in the sudoers file. The
-real and effective uid and gid are set to match those of the target user as
-specified in the passwd file (the group vector is also initialized when the
-target user is not root). By default, <STRONG>sudo</STRONG>
-requires that users authenticate themselves with a password (NOTE: this is
-the user's password, not the root password). Once a user has been
-authenticated, a timestamp is updated and the user may then use sudo
-without a password for a short period of time (five minutes by default).
-
-<P>
-<STRONG>sudo</STRONG> determines who is an authorized user by consulting the file <EM>/etc/sudoers</EM>. By giving <STRONG>sudo</STRONG> the <CODE>-v</CODE> flag a user can update the time stamp without running a <EM>command.</EM>
-The password prompt itself will also time out if the user's password is not
-entered with N minutes (again, this is defined at configure time and
-defaults to 5 minutes).
-
-<P>
-If a user that is not listed in the <EM>sudoers</EM> file tries to run a command via <STRONG>sudo</STRONG>, mail is sent to the proper authorities, as defined at configure time
-(defaults to root). Note that the mail will not be sent if an unauthorized
-user tries to run sudo with the <CODE>-l</CODE> or <CODE>-v</CODE> flags. This allows users to determine for themselves whether or not they
-are allowed to use <STRONG>sudo</STRONG>.
-
-<P>
-<STRONG>sudo</STRONG> can log both successful an unsuccessful attempts (as well as errors) to
-<CODE>syslog(3),</CODE> a log file, or both. By default <STRONG>sudo</STRONG>
-will log via <CODE>syslog(3)</CODE> but this is changeable at configure
-time.
-
-<P>
-<HR>
-<H1><A NAME="OPTIONS">OPTIONS</A></H1>
-<P>
-<STRONG>sudo</STRONG> accepts the following command line options:
-
-<DL>
-<DT><STRONG><A NAME="item__V">-V</A></STRONG><DD>
-<P>
-The <CODE>-V</CODE> (<EM>version</EM>) option causes <STRONG>sudo</STRONG> to print the version number and exit.
-
-<DT><STRONG><A NAME="item__l">-l</A></STRONG><DD>
-<P>
-The <CODE>-l</CODE> (<EM>list</EM>) option will list out the allowed (and forbidden) commands for the user on
-the current host.
-
-<DT><STRONG><A NAME="item__L">-L</A></STRONG><DD>
-<P>
-The <CODE>-L</CODE> (<EM>list</EM> defaults) option will list out the parameters that may be set in a <EM>Defaults</EM> line along with a short description for each. This option is useful in
-conjunction with <CODE>grep(1).</CODE>
-
-<DT><STRONG><A NAME="item__h">-h</A></STRONG><DD>
-<P>
-The <CODE>-h</CODE> (<EM>help</EM>) option causes <STRONG>sudo</STRONG> to print a usage message and exit.
-
-<DT><STRONG><A NAME="item__v">-v</A></STRONG><DD>
-<P>
-If given the <CODE>-v</CODE> (<EM>validate</EM>) option, <STRONG>sudo</STRONG> will update the user's timestamp, prompting for the user's password if
-necessary. This extends the <STRONG>sudo</STRONG> timeout to for another N minutes (where N is defined at installation time
-and defaults to 5 minutes) but does not run a command.
-
-<DT><STRONG><A NAME="item__k">-k</A></STRONG><DD>
-<P>
-The <CODE>-k</CODE> (<EM>kill</EM>) option to <STRONG>sudo</STRONG> invalidates the user's timestamp by setting the time on it to the epoch.
-The next time <STRONG>sudo</STRONG> is run a password will be required. This option does not require a password
-and was added to allow a user to revoke <STRONG>sudo</STRONG> permissions from a .logout file.
-
-<DT><STRONG><A NAME="item__K">-K</A></STRONG><DD>
-<P>
-The <CODE>-K</CODE> (sure <EM>kill</EM>) option to <STRONG>sudo</STRONG> removes the user's timestamp entirely. This option does not require a
-password.
-
-<DT><STRONG><A NAME="item__b">-b</A></STRONG><DD>
-<P>
-The <CODE>-b</CODE> (<EM>background</EM>) option tells <STRONG>sudo</STRONG> to run the given command in the background. Note that if you use the <CODE>-b</CODE>
-option you cannot use shell job control to manipulate the command.
-
-<DT><STRONG><A NAME="item__p">-p</A></STRONG><DD>
-<P>
-The <CODE>-p</CODE> (<EM>prompt</EM>) option allows you to override the default password prompt and use a
-custom one. If the password prompt contains the <CODE>%u</CODE> escape, <CODE>%u</CODE> will be replaced with the user's login name. Similarly, <CODE>%h</CODE> will be replaced with the local hostname.
-
-<DT><STRONG><A NAME="item__u">-u</A></STRONG><DD>
-<P>
-The <CODE>-u</CODE> (<EM>user</EM>) option causes sudo to run the specified command as a user other than <EM>root</EM>. To specify a <EM>uid</EM> instead of a
-<EM>username</EM>, use ``#uid''.
-
-<DT><STRONG><A NAME="item__s">-s</A></STRONG><DD>
-<P>
-The <CODE>-s</CODE> (<EM>shell</EM>) option runs the shell specified by the <EM>SHELL</EM>
-environment variable if it is set or the shell as specified in
-<CODE>passwd(5).</CODE>
-
-<DT><STRONG><A NAME="item__H">-H</A></STRONG><DD>
-<P>
-The <CODE>-H</CODE> (<EM>HOME</EM>) option sets the <EM>HOME</EM> environment variable to the homedir of the target user (root by default) as
-specified in <CODE>passwd(5).</CODE> By default, <STRONG>sudo</STRONG> does not modify <EM>HOME</EM>.
-
-<DT><STRONG><A NAME="item__">--</A></STRONG><DD>
-<P>
-The <CODE>--</CODE> flag indicates that <STRONG>sudo</STRONG> should stop processing command line arguments. It is most useful in
-conjunction with the <CODE>-s</CODE> flag.
-
-</DL>
-<P>
-<HR>
-<H1><A NAME="RETURN_VALUES">RETURN VALUES</A></H1>
-<P>
-<STRONG>sudo</STRONG> quits with an exit value of 1 if there is a configuration/permission
-problem or if <STRONG>sudo</STRONG> cannot execute the given command. In the latter case the error string is
-printed to stderr. If <STRONG>sudo</STRONG> cannot <CODE>stat(2)</CODE> one or more entries in the user's
-<CODE>PATH</CODE> an error is printed on stderr. (If the directory does not exist or if it is
-not really a directory, the entry is ignored and no error is printed.) This
-should not happen under normal circumstances. The most common reason for
-<CODE>stat(2)</CODE> to return ``permission denied'' is if you are running
-an automounter and one of the directories in your <CODE>PATH</CODE> is on a machine that is currently unreachable.
-
-<P>
-<HR>
-<H1><A NAME="SECURITY_NOTES">SECURITY NOTES</A></H1>
-<P>
-<STRONG>sudo</STRONG> tries to be safe when executing external commands. Variables that control
-how dynamic loading and binding is done can be used to subvert the program
-that <STRONG>sudo</STRONG> runs. To combat this the
-<CODE>LD_*</CODE>, <CODE>_RLD_*</CODE>, <CODE>SHLIB_PATH</CODE> (HP-UX only), and <CODE>LIBPATH</CODE> (AIX only) environment variables are removed from the environment passed on
-to all commands executed. <STRONG>sudo</STRONG> will also remove the <CODE>IFS</CODE>,
-<CODE>ENV</CODE>, <CODE>BASH_ENV</CODE>, <CODE>KRB_CONF</CODE>, <CODE>KRB5_CONFIG</CODE>, <CODE>LOCALDOMAIN</CODE>,
-<CODE>RES_OPTIONS</CODE> and <CODE>HOSTALIASES</CODE> variables as they too can pose a threat.
-
-<P>
-To prevent command spoofing, <STRONG>sudo</STRONG> checks ``.'' and ``'' (both denoting current directory) last when searching
-for a command in the user's PATH (if one or both are in the PATH). Note,
-however, that the actual <CODE>PATH</CODE> environment variable is <EM>not</EM> modified and is passed unchanged to the program that <STRONG>sudo</STRONG> executes.
-
-<P>
-For security reasons, if your OS supports shared libraries and does not
-disable user-defined library search paths for setuid programs (most do),
-you should either use a linker option that disables this behavior or link <STRONG>sudo</STRONG> statically.
-
-<P>
-<STRONG>sudo</STRONG> will check the ownership of its timestamp directory (<EM>/var/run/sudo</EM> or <EM>/tmp/.odus</EM> by default) and ignore the directory's contents if it is not owned by root
-and only writable by root. On systems that allow non-root users to give
-away files via <CODE>chown(2),</CODE> if the timestamp directory is located
-in a directory writable by anyone (ie: <EM>/tmp</EM>), it is possible for a user to create the timestamp directory before <STRONG>sudo</STRONG> is run. However, because <STRONG>sudo</STRONG> checks the ownership and mode of the directory and its contents, the only
-damage that can be done is to ``hide'' files by putting them in the
-timestamp dir. This is unlikely to happen since once the timestamp dir is
-owned by root and inaccessible by any other user the user placing files
-there would be unable to get them back out. To get around this issue you
-can use a directory that is not world-writable for the timestamps (<EM>/var/adm/sudo</EM> for instance) or create /tmp/.odus with the appropriate owner (root) and
-permissions (0700) in the system startup files.
-
-<P>
-<STRONG>sudo</STRONG> will not honor timestamps set far in the future. Timestamps with a date
-greater than current_time + 2 * <CODE>TIMEOUT</CODE>
-will be ignored and sudo will log and complain. This is done to keep a user
-from creating his/her own timestamp with a bogus date on system that allow
-users to give away files.
-
-<P>
-<HR>
-<H1><A NAME="EXAMPLES">EXAMPLES</A></H1>
-<P>
-Note: the following examples assume suitable <CODE>sudoers(5)</CODE>
-entries.
-
-<P>
-To get a file listing of an unreadable directory:
-
-<P>
-<PRE> % sudo ls /usr/local/protected
-</PRE>
-<P>
-To list the home directory of user yazza on a machine where the filesystem
-holding ~yazza is not exported as root:
-
-<P>
-<PRE> % sudo -u yazza ls ~yazza
-</PRE>
-<P>
-To edit the <EM>index.html</EM> file as user www:
-
-<P>
-<PRE> % sudo -u www vi ~www/htdocs/index.html
-</PRE>
-<P>
-To shutdown a machine:
-
-<P>
-<PRE> % sudo shutdown -r +15 "quick reboot"
-</PRE>
-<P>
-To make a usage listing of the directories in the /home partition. Note
-that this runs the commands in a sub-shell to make the <CODE>cd</CODE> and file redirection work.
-
-<P>
-<PRE> % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
-</PRE>
-<P>
-<HR>
-<H1><A NAME="ENVIRONMENT">ENVIRONMENT</A></H1>
-<P>
-<STRONG>sudo</STRONG> utilizes the following environment variables:
-
-<P>
-<PRE> PATH Set to a sane value if SECURE_PATH is set
- SHELL Used to determine shell to run with -s option
- USER Set to the target user (root unless the -u option
- is specified)
- HOME In -s or -H mode (or if sudo was configured with
- the --enable-shell-sets-home option), set to
- homedir of the target user.
- SUDO_PROMPT Used as the default password prompt
- SUDO_COMMAND Set to the command run by sudo
- SUDO_USER Set to the login of the user who invoked sudo
- SUDO_UID Set to the uid of the user who invoked sudo
- SUDO_GID Set to the gid of the user who invoked sudo
- SUDO_PS1 If set, PS1 will be set to its value
-</PRE>
-<P>
-<HR>
-<H1><A NAME="FILES">FILES</A></H1>
-<P>
-<PRE> /etc/sudoers List of who can run what
- /var/run/sudo Directory containing timestamps
-</PRE>
-<P>
-<STRONG>sudo</STRONG> utilizes the following environment variables:
-
-<P>
-<PRE> PATH Set to a sane value if SECURE_PATH is set
- SHELL Used to determine shell to run with -s option
- USER Set to the target user (root unless the -u option
- is specified)
- HOME In -s or -H mode (or if sudo was configured with
- the --enable-shell-sets-home option), set to
- homedir of the target user.
- SUDO_PROMPT Used as the default password prompt
- SUDO_COMMAND Set to the command run by sudo
- SUDO_USER Set to the login of the user who invoked sudo
- SUDO_UID Set to the uid of the user who invoked sudo
- SUDO_GID Set to the gid of the user who invoked sudo
- SUDO_PS1 If set, PS1 will be set to its value
-</PRE>
-<P>
-<HR>
-<H1><A NAME="FILES">FILES</A></H1>
-<P>
-<PRE> /etc/sudoers List of who can run what
- /var/run/sudo Directory containing timestamps
- /tmp/.odus Same as above if no /var/run exists
-</PRE>
-<P>
-<HR>
-<H1><A NAME="AUTHORS">AUTHORS</A></H1>
-<P>
-Many people have worked on <STRONG>sudo</STRONG> over the years, this version consists of code written primarily by:
-
-<P>
-<PRE> Todd Miller
- Chris Jepeway
-</PRE>
-<P>
-See the HISTORY file in the <STRONG>sudo</STRONG> distribution for a short history of <STRONG>sudo</STRONG>.
-
-<P>
-<HR>
-<H1><A NAME="BUGS">BUGS</A></H1>
-<P>
-If you feel you have found a bug in sudo, please submit a bug report at <A
-HREF="http://www.courtesan.com/sudo/bugs/.">http://www.courtesan.com/sudo/bugs/.</A>
-
-
-<P>
-<HR>
-<H1><A NAME="DISCLAIMER">DISCLAIMER</A></H1>
-<P>
-<STRONG>Sudo</STRONG> is provided ``AS IS'' and any express or implied warranties, including, but
-not limited to, the implied warranties of merchantability and fitness for a
-particular purpose are disclaimed. See the LICENSE file distributed with <STRONG>sudo</STRONG> for complete details.
-
-<P>
-<HR>
-<H1><A NAME="CAVEATS">CAVEATS</A></H1>
-<P>
-There is no easy way to prevent a user from gaining a root shell if that
-user has access to commands allowing shell escapes.
-
-<P>
-If users have sudo <CODE>ALL</CODE> there is nothing to prevent them from creating their own program that gives
-them a root shell regardless of any '!' elements in the user specification.
-
-<P>
-Running shell scripts via <STRONG>sudo</STRONG> can expose the same kernel bugs that make setuid shell scripts unsafe on
-some operating systems (if your OS supports the /dev/fd/ directory, setuid
-shell scripts are generally safe).
-
-<P>
-<HR>
-<H1><A NAME="SEE_ALSO">SEE ALSO</A></H1>
-<P>
-<CODE><A HREF="sudoers.html">sudoers(5)</A>,</CODE> <CODE><A HREF="visudo.html">visudo(8)</A>,</CODE> <CODE>su(1).</CODE>
-</BODY>
-
-</HTML>
+++ /dev/null
-<HTML>
-<HEAD>
-<TITLE>Sudoers Manual</TITLE>
-<LINK REV="made" HREF="mailto:root@localhost">
-</HEAD>
-
-<BODY>
-
-<!-- INDEX BEGIN -->
-
-<UL>
-
- <LI><A HREF="#NAME">NAME</A>
- <LI><A HREF="#DESCRIPTION">DESCRIPTION</A>
- <UL>
-
- <LI><A HREF="#Quick_guide_to_EBNF">Quick guide to EBNF</A>
- <LI><A HREF="#Aliases">Aliases</A>
- <LI><A HREF="#Defaults">Defaults</A>
- <LI><A HREF="#User_Specification">User Specification</A>
- <LI><A HREF="#Runas_Spec">Runas_Spec</A>
- <LI><A HREF="#NOPASSWD_and_PASSWD">NOPASSWD and PASSWD</A>
- <LI><A HREF="#Wildcards_aka_meta_characters_">Wildcards (aka meta characters):</A>
- <LI><A HREF="#Exceptions_to_wildcard_rules_">Exceptions to wildcard rules:</A>
- <LI><A HREF="#Other_special_characters_and_res">Other special characters and reserved words:</A>
- </UL>
-
- <LI><A HREF="#EXAMPLES">EXAMPLES</A>
- <LI><A HREF="#SECURITY_NOTES">SECURITY NOTES</A>
- <LI><A HREF="#CAVEATS">CAVEATS</A>
- <LI><A HREF="#FILES">FILES</A>
- <LI><A HREF="#SEE_ALSO">SEE ALSO</A>
-</UL>
-<!-- INDEX END -->
-
-<HR>
-<P>
-<HR>
-<H1><A NAME="NAME">NAME</A></H1>
-<P>
-sudoers - list of which users may execute what
-
-<P>
-<HR>
-<H1><A NAME="DESCRIPTION">DESCRIPTION</A></H1>
-<P>
-The <EM>sudoers</EM> file is composed two types of entries: aliases (basically variables) and
-user specifications (which specify who may run what). The grammar of <EM>sudoers</EM>
-will be described below in Extended Backus-Naur Form (EBNF). Don't despair
-if you don't know what EBNF is, it is fairly simple and the definitions
-below are annotated.
-
-<P>
-<HR>
-<H2><A NAME="Quick_guide_to_EBNF">Quick guide to EBNF</A></H2>
-<P>
-EBNF is a concise and exact way of describing the grammar of a language.
-Each EBNF definition is made up of <EM>production rules</EM>. Eg.
-
-<P>
-<PRE> symbol ::= definition | alternate1 | alternate2 ...
-</PRE>
-<P>
-Each <EM>production rule</EM> references others and thus makes up a grammar for the language. EBNF also
-contains the following operators, which many readers will recognize from
-regular expressions. Do not, however, confuse them with ``wildcard''
-characters, which have different meanings.
-
-<DL>
-<DT><STRONG><A NAME="item__">?</A></STRONG><DD>
-<P>
-Means that the preceding symbol (or group of symbols) is optional. That is,
-it may appear once or not at all.
-
-<DT><STRONG><A NAME="item__">*</A></STRONG><DD>
-<P>
-Means that the preceding symbol (or group of symbols) may appear zero or
-more times.
-
-<DT><STRONG><A NAME="item__">+</A></STRONG><DD>
-<P>
-Means that the preceding symbol (or group of symbols) may appear one or
-more times.
-
-</DL>
-<P>
-Parentheses may be used to group symbols together. For clarity, we will use
-single quotes ('') to designate what is a verbatim character string (as
-opposed to a symbol name).
-
-<P>
-<HR>
-<H2><A NAME="Aliases">Aliases</A></H2>
-<P>
-There are four kinds of aliases: the <CODE>User_Alias</CODE>, <CODE>Runas_Alias</CODE>,
-<CODE>Host_Alias</CODE> and <CODE>Cmnd_Alias</CODE>.
-
-<P>
-<PRE> Alias ::= 'User_Alias' = User_Alias (':' User_Alias)* |
- 'Runas_Alias' (':' Runas_Alias)* |
- 'Host_Alias' (':' Host_Alias)* |
- 'Cmnd_Alias' (':' Cmnd_Alias)*
-</PRE>
-<P>
-<PRE> User_Alias ::= NAME '=' User_List
-</PRE>
-<P>
-<PRE> Runas_Alias ::= NAME '=' Runas_User_List
-</PRE>
-<P>
-<PRE> Host_Alias ::= NAME '=' Host_List
-</PRE>
-<P>
-<PRE> Cmnd_Alias ::= NAME '=' Cmnd_List
-</PRE>
-<P>
-<PRE> NAME ::= [A-Z]([A-Z][0-9]_)*
-</PRE>
-<P>
-Each <EM>alias</EM> definition is of the form
-
-<P>
-<PRE> Alias_Type NAME = item1, item2, ...
-</PRE>
-<P>
-where <EM>Alias_Type</EM> is one of <CODE>User_Alias</CODE>, <CODE>Runas_Alias</CODE>, <CODE>Host_Alias</CODE>, or <CODE>Cmnd_Alias</CODE>. A <CODE>NAME</CODE> is a string of upper case letters, numbers, and the underscore characters
-('_'). A <CODE>NAME</CODE> <STRONG>must</STRONG> start with an upper case letter. It is possible to put several alias
-definitions of the same type on a single line, joined by a semicolon (':').
-Eg.
-
-<P>
-<PRE> Alias_Type NAME = item1, item2, item3 : NAME = item4, item5
-</PRE>
-<P>
-The definitions of what constitutes a valid <EM>alias</EM> member follow.
-
-<P>
-<PRE> User_List ::= User |
- User ',' User_List
-</PRE>
-<P>
-<PRE> User ::= '!'* username |
- '!'* '#'uid |
- '!'* '%'group |
- '!'* '+'netgroup |
- '!'* User_Alias
-</PRE>
-<P>
-A <CODE>User_List</CODE> is made up of one or more usernames, uids (prefixed with '#'), System
-groups (prefixed with '%'), netgroups (prefixed with '+') and other
-aliases. Each list item may be prefixed with one or more '!' operators. An
-odd number of '!' operators negates the value of the item; an even number
-just cancel each other out.
-
-<P>
-<PRE> Runas_List ::= Runas_User |
- Runas_User ',' Runas_List
-</PRE>
-<P>
-<PRE> Runas_User ::= '!'* username |
- '!'* '#'uid |
- '!'* '%'group |
- '!'* +netgroup |
- '!'* Runas_Alias
-</PRE>
-<P>
-Likewise, a <CODE>Runas_List</CODE> has the same possible elements as a <CODE>User_List</CODE>, except that it can include a <CODE>Runas_Alias</CODE>, instead of a <CODE>User_Alias</CODE>.
-
-<P>
-<PRE> Host_List ::= Host |
- Host ',' Host_List
-</PRE>
-<P>
-<PRE> Host ::= '!'* hostname |
- '!'* ip_addr |
- '!'* network(/netmask)? |
- '!'* '+'netgroup |
- '!'* Host_Alias
-</PRE>
-<P>
-A <CODE>Host_List</CODE> is made up of one or more hostnames, IP addresses, network numbers,
-netgroups (prefixed with '+') and other aliases. Again, the value of an
-item may be negated with the '!' operator. If you do not specify a netmask
-with a network number, the netmask of the host's ethernet
-<CODE>interface(s)</CODE> will be used when matching. The netmask may be
-specified either in dotted quad notation (eg. 255.255.255.0) or CIDR
-notation (number of bits, eg. 24).
-
-<P>
-<PRE> Cmnd_List ::= Cmnd |
- Cmnd ',' Cmnd_List
-</PRE>
-<P>
-<PRE> commandname ::= filename |
- filename args |
- filename '""'
-</PRE>
-<P>
-<PRE> Cmnd ::= '!'* commandname |
- '!'* directory |
- '!'* Cmnd_Alias
-</PRE>
-<P>
-A <CODE>Cmnd_List</CODE> is a list of one or more commandnames, directories, and other aliases. A
-commandname is a fully-qualified filename which may include shell-style
-wildcards (see `Wildcards' section below). A simple filename allows the
-user to run the command with any arguments he/she wishes. However, you may
-also command line arguments (including wildcards). Alternately, you can
-specify <CODE>""</CODE> to indicate that the command may only be run <STRONG>without</STRONG> command line arguments. A directory is a fully qualified pathname ending in
-a '/'. When you specify a directory in a <CODE>Cmnd_List</CODE>, the user will be able to run any file within that directory (but not in
-any subdirectories therein).
-
-<P>
-If a <CODE>Cmnd</CODE> has associated command line arguments, then the arguments in the <CODE>Cmnd</CODE> must match exactly those given by the user on the command line (or match
-the wildcards if there are any). Note that the following characters must be
-escaped with a '\' if they are used in command arguments: ',', ':', '=',
-'\'.
-
-<P>
-<HR>
-<H2><A NAME="Defaults">Defaults</A></H2>
-<P>
-Certain configuration options may be changed from their default values at
-runtime via one or more <CODE>Default_Entry</CODE> lines. These may affect all users on any host, all users on a specific
-host, or just a specific user. When multiple entries match, they are
-applied in order. Where there are conflicting values, the last value on a
-matching line takes effect.
-
-<P>
-<PRE> Default_Type ::= 'Defaults' ||
- 'Defaults' ':' User ||
- 'Defaults' '@' Host
-</PRE>
-<P>
-<PRE> Default_Entry ::= Default_Type Parameter_List
-</PRE>
-<P>
-<PRE> Parameter ::= Parameter '=' Value ||
- '!'* Parameter ||
-</PRE>
-<P>
-Parameters may be <STRONG>flags</STRONG>, <STRONG>integer</STRONG> values, or <STRONG>strings</STRONG>. Flags are implicitly boolean and can be turned off via the '!' operator.
-Some integer and string parameters may also be used in a boolean context to
-disable them. Values may be enclosed in double quotes (<CODE>"</CODE>) when they contain multiple words. Special characters may be escaped with
-a backslash (<CODE>\</CODE>).
-
-<P>
-<STRONG>Flags</STRONG>:
-
-<DL>
-<DT><STRONG><A NAME="item_long_otp_prompt">long_otp_prompt</A></STRONG><DD>
-<P>
-Put OTP prompt on its own line
-
-<DT><STRONG><A NAME="item_ignore_dot">ignore_dot</A></STRONG><DD>
-<P>
-Ignore '.' in <CODE>$PATH</CODE>
-
-<DT><STRONG><A NAME="item_mail_always">mail_always</A></STRONG><DD>
-<P>
-Always send mail when sudo is run
-
-<DT><STRONG><A NAME="item_mail_no_user">mail_no_user</A></STRONG><DD>
-<P>
-Send mail if the user is not in sudoers
-
-<DT><STRONG><A NAME="item_mail_no_host">mail_no_host</A></STRONG><DD>
-<P>
-Send mail if the user is not in sudoers for this host
-
-<DT><STRONG><A NAME="item_mail_no_perms">mail_no_perms</A></STRONG><DD>
-<P>
-Send mail if the user is not allowed to run a command
-
-<DT><STRONG><A NAME="item_tty_tickets">tty_tickets</A></STRONG><DD>
-<P>
-Use a separate timestamp for each user/tty combo
-
-<DT><STRONG><A NAME="item_lecture">lecture</A></STRONG><DD>
-<P>
-Lecture user the first time they run sudo
-
-<DT><STRONG><A NAME="item_authenticate">authenticate</A></STRONG><DD>
-<P>
-Require users to authenticate by default
-
-<DT><STRONG><A NAME="item_root_sudo">root_sudo</A></STRONG><DD>
-<P>
-Root may run sudo
-
-<DT><STRONG><A NAME="item_log_host">log_host</A></STRONG><DD>
-<P>
-Log the hostname in the (non-syslog) log file
-
-<DT><STRONG><A NAME="item_log_year">log_year</A></STRONG><DD>
-<P>
-Log the year in the (non-syslog) log file
-
-<DT><STRONG><A NAME="item_shell_noargs">shell_noargs</A></STRONG><DD>
-<P>
-If sudo is invoked with no arguments, start a shell
-
-<DT><STRONG><A NAME="item_set_home">set_home</A></STRONG><DD>
-<P>
-Set <CODE>$HOME</CODE> to the target user when starting a shell with <CODE>-s</CODE>
-
-
-
-<DT><STRONG><A NAME="item_path_info">path_info</A></STRONG><DD>
-<P>
-Allow some information gathering to give useful error messages
-
-<DT><STRONG><A NAME="item_fqdn">fqdn</A></STRONG><DD>
-<P>
-Require fully-qualified hostnames in the sudoers file
-
-<DT><STRONG><A NAME="item_insults">insults</A></STRONG><DD>
-<P>
-Insult the user when they enter an incorrect password
-
-<DT><STRONG><A NAME="item_requiretty">requiretty</A></STRONG><DD>
-<P>
-Only allow the user to run sudo if they have a tty
-
-</DL>
-<P>
-<STRONG>Integers</STRONG>:
-
-<DL>
-<DT><STRONG><A NAME="item_passwd_tries">passwd_tries</A></STRONG><DD>
-<P>
-Number of tries to enter a password
-
-</DL>
-<P>
-<STRONG>Integers that can be used in a boolean context</STRONG>:
-
-<DL>
-<DT><STRONG><A NAME="item_loglinelen">loglinelen</A></STRONG><DD>
-<P>
-Length at which to wrap log file lines (use 0 or negate for no wrap)
-
-<DT><STRONG><A NAME="item_timestamp_timeout">timestamp_timeout</A></STRONG><DD>
-<P>
-Authentication timestamp timeout
-
-<DT><STRONG><A NAME="item_passwd_timeout">passwd_timeout</A></STRONG><DD>
-<P>
-Password prompt timeout
-
-<DT><STRONG><A NAME="item_umask">umask</A></STRONG><DD>
-<P>
-Umask to use or 0777 to use user's
-
-</DL>
-<P>
-<STRONG>Strings</STRONG>:
-
-<DL>
-<DT><STRONG><A NAME="item_mailsub">mailsub</A></STRONG><DD>
-<P>
-Subject line for mail messages
-
-<DT><STRONG><A NAME="item_badpass_message">badpass_message</A></STRONG><DD>
-<P>
-Incorrect password message
-
-<DT><STRONG><A NAME="item_timestampdir">timestampdir</A></STRONG><DD>
-<P>
-Path to authentication timestamp dir
-
-<DT><STRONG><A NAME="item_passprompt">passprompt</A></STRONG><DD>
-<P>
-Default password prompt
-
-<DT><STRONG><A NAME="item_runas_default">runas_default</A></STRONG><DD>
-<P>
-Default user to run commands as
-
-<DT><STRONG><A NAME="item_syslog_goodpri">syslog_goodpri</A></STRONG><DD>
-<P>
-Syslog priority to use when user authenticates successfully
-
-<DT><STRONG><A NAME="item_syslog_badpri">syslog_badpri</A></STRONG><DD>
-<P>
-Syslog priority to use when user authenticates unsuccessfully
-
-</DL>
-<P>
-<STRONG>Strings that can be used in a boolean context</STRONG>:
-
-<DL>
-<DT><STRONG><A NAME="item_syslog">syslog</A></STRONG><DD>
-<P>
-Syslog facility if syslog is being used for logging (negate to disable
-syslog)
-
-<DT><STRONG><A NAME="item_mailerpath">mailerpath</A></STRONG><DD>
-<P>
-Path to mail program
-
-<DT><STRONG><A NAME="item_mailerflags">mailerflags</A></STRONG><DD>
-<P>
-Flags for mail program
-
-<DT><STRONG><A NAME="item_mailto">mailto</A></STRONG><DD>
-<P>
-Address to send mail to
-
-<DT><STRONG><A NAME="item_exempt_group">exempt_group</A></STRONG><DD>
-<P>
-Users in this group are exempt from password and PATH requirements
-
-<DT><STRONG><A NAME="item_secure_path">secure_path</A></STRONG><DD>
-<P>
-Value to override user's <CODE>$PATH</CODE> with
-
-</DL>
-<P>
-When logging via <CODE>syslog(3),</CODE> sudo accepts the following values
-for the syslog facility (the value of the <STRONG>syslog</STRONG> Parameter): <STRONG>authpriv</STRONG> (if your OS supports it), <STRONG>auth</STRONG>, <STRONG>daemon</STRONG>, <STRONG>user</STRONG>, <STRONG>local0</STRONG>, <STRONG>local1</STRONG>, <STRONG>local2</STRONG>,
-<STRONG>local3</STRONG>, <STRONG>local4</STRONG>, <STRONG>local5</STRONG>, <STRONG>local6</STRONG>, and <STRONG>local7</STRONG>. The following syslog priorities are supported: <STRONG>alert</STRONG>, <STRONG>crit</STRONG>, <STRONG>debug</STRONG>, <STRONG>emerg</STRONG>,
-<STRONG>err</STRONG>, <STRONG>info</STRONG>, <STRONG>notice</STRONG>, and <STRONG>warning</STRONG>.
-
-<P>
-<HR>
-<H2><A NAME="User_Specification">User Specification</A></H2>
-<P>
-<PRE> Runas_Spec ::= '(' Runas_List ')'
-</PRE>
-<P>
-<PRE> Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd
-</PRE>
-<P>
-<PRE> Cmnd_Spec_List ::= Cmnd_Spec |
- Cmnd_Spec ',' Cmnd_Spec_List
-</PRE>
-<P>
-<PRE> User_Spec ::= User_list Cmnd_Spec_List (':' User_Spec)*
-</PRE>
-<P>
-A <STRONG>user specification</STRONG> determines which commands a user may run (and as what user) on specified
-hosts. By default, commands are run as <STRONG>root</STRONG> but this can be changed on a per-command basis.
-
-<P>
-Let's break that down into its constituent parts:
-
-<P>
-<HR>
-<H2><A NAME="Runas_Spec">Runas_Spec</A></H2>
-<P>
-A <CODE>Runas_Spec</CODE> is simply a <CODE>Runas_List</CODE> (as defined above) enclosed in a set of parentheses. If you do not specify
-a
-<CODE>Runas_Spec</CODE> in the user specification, a default <CODE>Runas_Spec</CODE>
-of <STRONG>root</STRONG> will be used. A <CODE>Runas_Spec</CODE> sets the default for commands that follow it. What this means is that for
-the entry:
-
-<P>
-<PRE> dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who
-</PRE>
-<P>
-The user <STRONG>dgb</STRONG> may run <EM>/bin/ls</EM>, <EM>/bin/kill</EM>, and
-<EM>/usr/bin/lprm</EM> -- but only as <STRONG>operator</STRONG>. Eg.
-
-<P>
-<PRE> sudo -u operator /bin/ls.
-</PRE>
-<P>
-It is also possible to override a <CODE>Runas_Spec</CODE> later on in an entry. If we modify the entry like so:
-
-<P>
-<PRE> dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
-</PRE>
-<P>
-Then user <STRONG>dgb</STRONG> is now allowed to run <EM>/bin/ls</EM> as <STRONG>operator</STRONG>, but <EM>/bin/kill</EM> and <EM>/usr/bin/lprm</EM> as <STRONG>root</STRONG>.
-
-<P>
-<HR>
-<H2><A NAME="NOPASSWD_and_PASSWD">NOPASSWD and PASSWD</A></H2>
-<P>
-By default, <STRONG>sudo</STRONG> requires that a user authenticate him or herself before running a command.
-This behavior can be modified via the
-<CODE>NOPASSWD</CODE> tag. Like a <CODE>Runas_Spec</CODE>, the <CODE>NOPASSWD</CODE> tag sets a default for the commands that follow it in the <CODE>Cmnd_Spec_List</CODE>. Conversely, the <CODE>PASSWD</CODE> tag can be used to reverse things. For example:
-
-<P>
-<PRE> ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
-</PRE>
-<P>
-would allow the user <STRONG>ray</STRONG> to run <EM>/bin/kill</EM>, <EM>/bin/ls</EM>, and
-<EM>/usr/bin/lprm</EM> as root on the machine rushmore as <STRONG>root</STRONG> without authenticating himself. If we only want <STRONG>ray</STRONG> to be able to run <EM>/bin/kill</EM> without a password the entry would be:
-
-<P>
-<PRE> ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
-</PRE>
-<P>
-<HR>
-<H2><A NAME="Wildcards_aka_meta_characters_">Wildcards (aka meta characters):</A></H2>
-<P>
-<STRONG>sudo</STRONG> allows shell-style <EM>wildcards</EM> to be used in pathnames as well as command line arguments in the <EM>sudoers</EM> file. Wildcard matching is done via the <STRONG>POSIX</STRONG> <CODE>fnmatch(3)</CODE> routine. Note that these are <EM>not</EM> regular expressions.
-
-<UL>
-<DT><STRONG>*</STRONG><DD>
-<P>
-Matches any set of zero or more characters.
-
-<DT><STRONG>?</STRONG><DD>
-<P>
-Matches any single character.
-
-<DT><STRONG><A NAME="item__">[...]</A></STRONG><DD>
-<P>
-Matches any character in the specified range.
-
-<DT><STRONG><A NAME="item__">[!...]</A></STRONG><DD>
-<P>
-Matches any character <STRONG>not</STRONG> in the specified range.
-
-<DT><STRONG><A NAME="item__x">\x</A></STRONG><DD>
-<P>
-For any character ``x'', evaluates to ``x''. This is used to escape special
-characters such as: ``*'', ``?'', ``['', and ``}''.
-
-</UL>
-<P>
-Note that a forward slash ('/') will <STRONG>not</STRONG> be matched by wildcards used in the pathname. When matching the command
-line arguments, however, as slash <STRONG>does</STRONG> get matched by wildcards. This is to make a path like:
-
-<P>
-<PRE> /usr/bin/*
-</PRE>
-<P>
-match <CODE>/usr/bin/who</CODE> but not <CODE>/usr/bin/X11/xterm</CODE>.
-
-<P>
-<HR>
-<H2><A NAME="Exceptions_to_wildcard_rules_">Exceptions to wildcard rules:</A></H2>
-<P>
-The following exceptions apply to the above rules:
-
-<DL>
-<DT><STRONG><A NAME="item__">""</A></STRONG><DD>
-<P>
-If the empty string <CODE>""</CODE> is the only command line argument in the
-<EM>sudoers</EM> entry it means that command is not allowed to be run with <STRONG>any</STRONG> arguments.
-
-</DL>
-<P>
-<HR>
-<H2><A NAME="Other_special_characters_and_res">Other special characters and reserved words:</A></H2>
-<P>
-The pound sign ('#') is used to indicate a comment (unless it occurs in the
-context of a user name and is followed by one or more digits, in which case
-it is treated as a uid). Both the comment character and any text after it,
-up to the end of the line, are ignored.
-
-<P>
-The reserved word <STRONG>ALL</STRONG> is a a built in <EM>alias</EM> that always causes a match to succeed. It can be used wherever one might
-otherwise use a <CODE>Cmnd_Alias</CODE>, <CODE>User_Alias</CODE>, <CODE>Runas_Alias</CODE>, or <CODE>Host_Alias</CODE>. You should not try to define your own <EM>alias</EM> called <STRONG>ALL</STRONG> as the built in alias will be used in preference to your own. Please note
-that using <STRONG>ALL</STRONG> can be dangerous since in a command context, it allows the user to run <STRONG>any</STRONG> command on the system.
-
-<P>
-An exclamation point ('!') can be used as a logical <EM>not</EM> operator both in an <EM>alias</EM> and in front of a <CODE>Cmnd</CODE>. This allows one to exclude certain values. Note, however, that using a <CODE>!</CODE> in conjunction with the built in <CODE>ALL</CODE> alias to allow a user to run ``all but a few'' commands rarely works as
-intended (see SECURITY NOTES below).
-
-<P>
-Long lines can be continued with a backslash ('\') as the last character on
-the line.
-
-<P>
-Whitespace between elements in a list as well as specicial syntactic
-characters in a <EM>User Specification</EM> ('=', ':', '(', ')') is optional.
-
-<P>
-The following characters must be escaped with a backslash ('\') when used
-as part of a word (eg. a username or hostname): '@', '!', '=', ':', ',',
-'(', ')', '\'.
-
-<P>
-<HR>
-<H1><A NAME="EXAMPLES">EXAMPLES</A></H1>
-<P>
-Below are example <EM>sudoers</EM> entries. Admittedly, some of these are a bit contrived. First, we define
-our <EM>aliases</EM>:
-
-<P>
-<PRE> # User alias specification
- User_Alias FULLTIMERS = millert, mikef, dowdy
- User_Alias PARTTIMERS = bostley, jwfox, crawl
- User_Alias WEBMASTERS = will, wendy, wim
-</PRE>
-<P>
-<PRE> # Runas alias specification
- Runas_Alias OP = root, operator
- Runas_Alias DB = oracle, sybase
-</PRE>
-<P>
-<PRE> # Host alias specification
- Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
- SGI = grolsch, dandelion, black :\
- ALPHA = widget, thalamus, foobar :\
- HPPA = boa, nag, python
- Host_Alias CUNETS = 128.138.0.0/255.255.0.0
- Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
- Host_Alias SERVERS = master, mail, www, ns
- Host_Alias CDROM = orion, perseus, hercules
-</PRE>
-<P>
-<PRE> # Cmnd alias specification
- Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
- /usr/sbin/restore, /usr/sbin/rrestore
- Cmnd_Alias KILL = /usr/bin/kill
- Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
- Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
- Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt
- Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
- Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
- /usr/local/bin/tcsh, /usr/bin/rsh, \
- /usr/local/bin/zsh
- Cmnd_Alias SU = /usr/bin/su
-</PRE>
-<P>
-Here we override some of the compiled in default values. We want sudo to
-log via <CODE>syslog(3)</CODE> using the <EM>auth</EM> facility in all cases. We don't want to subject the full time staff to the <STRONG>sudo</STRONG> lecture, and user <STRONG>millert</STRONG> need not give a password. In addition, on the machines in the <EM>SERVERS</EM> <CODE>Host_Alias</CODE>, we keep an additional local log file and make sure we log the year in
-each log line since the log entries will be kept around for several years.
-
-<P>
-<PRE> # Override builtin defaults
- Defaults syslog=auth
- Defaults:FULLTIMERS !lecture
- Defaults:millert !authenticate
- Defaults@SERVERS log_year, logfile=/var/log/sudo.log
-</PRE>
-<P>
-The <EM>User specification</EM> is the part that actually determines who may run what.
-
-<P>
-<PRE> root ALL = (ALL) ALL
- %wheel ALL = (ALL) ALL
-</PRE>
-<P>
-We let <STRONG>root</STRONG> and any user in group <STRONG>wheel</STRONG> run any command on any host as any user.
-
-<P>
-<PRE> FULLTIMERS ALL = NOPASSWD: ALL
-</PRE>
-<P>
-Full time sysadmins (<STRONG>millert</STRONG>, <STRONG>mikef</STRONG>, and <STRONG>dowdy</STRONG>) may run any command on any host without authenticating themselves.
-
-<P>
-<PRE> PARTTIMERS ALL = ALL
-</PRE>
-<P>
-Part time sysadmins (<STRONG>bostley</STRONG>, <STRONG>jwfox</STRONG>, and <STRONG>crawl</STRONG>) may run any command on any host but they must authenticate themselves
-first (since the entry lacks the <CODE>NOPASSWD</CODE> tag).
-
-<P>
-<PRE> jack CSNETS = ALL
-</PRE>
-<P>
-The user <STRONG>jack</STRONG> may run any command on the machines in the <EM>CSNETS</EM> alias (the networks <CODE>128.138.243.0</CODE>, <CODE>128.138.204.0</CODE>, and <CODE>128.138.242.0</CODE>). Of those networks, only <128.138.204.0> has an explicit netmask (in CIDR notation) indicating it
-is a class C network. For the other networks in <EM>CSNETS</EM>, the local machine's netmask will be used during matching.
-
-<P>
-<PRE> lisa CUNETS = ALL
-</PRE>
-<P>
-The user <STRONG>lisa</STRONG> may run any command on any host in the <EM>CUNETS</EM> alias (the class B network <CODE>128.138.0.0</CODE>).
-
-<P>
-<PRE> operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\
- /usr/oper/bin/
-</PRE>
-<P>
-The <STRONG>operator</STRONG> user may run commands limited to simple maintenance. Here, those are
-commands related to backups, killing processes, the printing system,
-shutting down the system, and any commands in the directory <EM>/usr/oper/bin/</EM>.
-
-<P>
-<PRE> joe ALL = /usr/bin/su operator
-</PRE>
-<P>
-The user <STRONG>joe</STRONG> may only <CODE>su(1)</CODE> to operator.
-
-<P>
-<PRE> pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
-</PRE>
-<P>
-The user <STRONG>pete</STRONG> is allowed to change anyone's password except for root on the <EM>HPPA</EM> machines. Note that this assumes <CODE>passwd(1)</CODE> does not take
-multiple usernames on the command line.
-
-<P>
-<PRE> bob SPARC = (OP) ALL : SGI = (OP) ALL
-</PRE>
-<P>
-The user <STRONG>bob</STRONG> may run anything on the <EM>SPARC</EM> and <EM>SGI</EM> machines as any user listed in the <EM>OP</EM> <CODE>Runas_Alias</CODE> (<STRONG>root</STRONG> and <STRONG>operator</STRONG>).
-
-<P>
-<PRE> jim +biglab = ALL
-</PRE>
-<P>
-The user <STRONG>jim</STRONG> may run any command on machines in the <EM>biglab</EM> netgroup.
-<STRONG>Sudo</STRONG> knows that ``biglab'' is a netgroup due to the '+' prefix.
-
-<P>
-<PRE> +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
-</PRE>
-<P>
-Users in the <STRONG>secretaries</STRONG> netgroup need to help manage the printers as well as add and remove users,
-so they are allowed to run those commands on all machines.
-
-<P>
-<PRE> fred ALL = (DB) NOPASSWD: ALL
-</PRE>
-<P>
-The user <STRONG>fred</STRONG> can run commands as any user in the <EM>DB</EM> <CODE>Runas_Alias</CODE>
-(<STRONG>oracle</STRONG> or <STRONG>sybase</STRONG>) without giving a password.
-
-<P>
-<PRE> john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
-</PRE>
-<P>
-On the <EM>ALPHA</EM> machines, user <STRONG>john</STRONG> may su to anyone except root but he is not allowed to give
-<CODE>su(1)</CODE> any flags.
-
-<P>
-<PRE> jen ALL, !SERVERS = ALL
-</PRE>
-<P>
-The user <STRONG>jen</STRONG> may run any command on any machine except for those in the <EM>SERVERS</EM> <CODE>Host_Alias</CODE> (master, mail, www and ns).
-
-<P>
-<PRE> jill SERVERS = /usr/bin/, !SU, !SHELLS
-</PRE>
-<P>
-For any machine in the <EM>SERVERS</EM> <CODE>Host_Alias</CODE>, <STRONG>jill</STRONG> may run any commands in the directory /usr/bin/ except for those commands
-belonging to the <EM>SU</EM> and <EM>SHELLS</EM> <CODE>Cmnd_Aliases</CODE>.
-
-<P>
-<PRE> steve CSNETS = (operator) /usr/local/op_commands/
-</PRE>
-<P>
-The user <STRONG>steve</STRONG> may run any command in the directory /usr/local/op_commands/ but only as
-user operator.
-
-<P>
-<PRE> matt valkyrie = KILL
-</PRE>
-<P>
-On his personal workstation, valkyrie, <STRONG>matt</STRONG> needs to be able to kill hung processes.
-
-<P>
-<PRE> WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
-</PRE>
-<P>
-On the host www, any user in the <EM>WEBMASTERS</EM> <CODE>User_Alias</CODE> (will, wendy, and wim), may run any command as user www (which owns the web
-pages) or simply <CODE>su(1)</CODE> to www.
-
-<P>
-<PRE> ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
- /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
-</PRE>
-<P>
-Any user may mount or unmount a CD-ROM on the machines in the CDROM
-<CODE>Host_Alias</CODE> (orion, perseus, hercules) without entering a password. This is a bit
-tedious for users to type, so it is a prime candiate for encapsulating in a
-shell script.
-
-<P>
-<HR>
-<H1><A NAME="SECURITY_NOTES">SECURITY NOTES</A></H1>
-<P>
-It is generally not effective to ``subtract'' commands from <CODE>ALL</CODE>
-using the '!' operator. A user can trivially circumvent this by copying the
-desired command to a different name and then executing that. For example:
-
-<P>
-<PRE> bill ALL = ALL, !SU, !SHELLS
-</PRE>
-<P>
-Doesn't really prevent <STRONG>bill</STRONG> from running the commands listed in
-<EM>SU</EM> or <EM>SHELLS</EM> since he can simply copy those commands to a different name, or use a shell
-escape from an editor or other program. Therefore, these kind of
-restrictions should be considered advisory at best (and reinforced by
-policy).
-
-<P>
-<HR>
-<H1><A NAME="CAVEATS">CAVEATS</A></H1>
-<P>
-The <EM>sudoers</EM> file should <STRONG>always</STRONG> be edited by the <STRONG>visudo</STRONG>
-command which locks the file and does grammatical checking. It is
-imperative that <EM>sudoers</EM> be free of syntax errors since <STRONG>sudo</STRONG>
-will not run with a syntactically incorrect <EM>sudoers</EM> file.
-
-<P>
-<HR>
-<H1><A NAME="FILES">FILES</A></H1>
-<P>
-<PRE> /etc/sudoers List of who can run what
- /etc/group Local groups file
- /etc/netgroup List of network groups
-</PRE>
-<P>
-<HR>
-<H1><A NAME="SEE_ALSO">SEE ALSO</A></H1>
-<P>
-<CODE><A HREF="sudo.html">sudo(8)</A>,</CODE> <CODE><A HREF="visudo.html">visudo(8)</A>,</CODE> <CODE>su(1),</CODE> <CODE>fnmatch(3).</CODE>
-</BODY>
-
-</HTML>
+++ /dev/null
-<HTML>
-<HEAD>
-<TITLE>Visudo Manual</TITLE>
-<LINK REV="made" HREF="mailto:root@localhost">
-</HEAD>
-
-<BODY>
-
-<!-- INDEX BEGIN -->
-
-<UL>
-
- <LI><A HREF="#NAME">NAME</A>
- <LI><A HREF="#SYNOPSIS">SYNOPSIS</A>
- <LI><A HREF="#DESCRIPTION">DESCRIPTION</A>
- <LI><A HREF="#OPTIONS">OPTIONS</A>
- <LI><A HREF="#ERRORS">ERRORS</A>
- <LI><A HREF="#ENVIRONMENT">ENVIRONMENT</A>
- <LI><A HREF="#FILES">FILES</A>
- <LI><A HREF="#AUTHOR">AUTHOR</A>
- <LI><A HREF="#BUGS">BUGS</A>
- <LI><A HREF="#DISCLAIMER">DISCLAIMER</A>
- <LI><A HREF="#CAVEATS">CAVEATS</A>
- <LI><A HREF="#SEE_ALSO">SEE ALSO</A>
-</UL>
-<!-- INDEX END -->
-
-<HR>
-<P>
-<HR>
-<H1><A NAME="NAME">NAME</A></H1>
-<P>
-visudo - edit the sudoers file
-
-<P>
-<HR>
-<H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1>
-<P>
-<STRONG>visudo</STRONG> [ <STRONG>-s</STRONG> ] [ <STRONG>-V</STRONG> ]
-
-<P>
-<HR>
-<H1><A NAME="DESCRIPTION">DESCRIPTION</A></H1>
-<P>
-<STRONG>visudo</STRONG> edits the <EM>sudoers</EM> file in a safe fashion, analogous to <CODE>vipw(8).</CODE> <STRONG>visudo</STRONG> locks the <EM>sudoers</EM> file against multiple simultaneous edits, provides basic sanity checks, and
-checks for parse errors. If the <EM>sudoers</EM> file is currently being edited you will receive a message to try again
-later. In the default configuration, the <CODE>vi(1)</CODE> editor is used,
-but there is a compile time option to allow use of whatever editor the
-environment variables <CODE>EDITOR</CODE> or <CODE>VISUAL</CODE> are set to.
-
-<P>
-<STRONG>visudo</STRONG> parses the <EM>sudoers</EM> file after the edit and will not save the changes if there is a syntax
-error. Upon finding an error, a message will be printed stating the line
-<CODE>number(s)</CODE> that the error occurred on and the user will receive
-the ``What now?'' prompt. At this point the user may enter ``e'' to re-edit
-the <EM>sudoers</EM> file, enter ``x'' to exit without saving the changes, or ``Q'' to quit and
-save changes. The ``Q'' option should be used with extreme care because if <STRONG>visudo</STRONG>
-believes there to be a parse error, so will <STRONG>sudo</STRONG> and no one will be able to execute <STRONG>sudo</STRONG> again until the error is fixed. Any other command at this prompt will print
-a short help message. When editing the <EM>sudoers</EM> file after a parse error has been detected the cursor will be placed on the
-line where the error occurred (if the editor supports this feature).
-
-<P>
-<HR>
-<H1><A NAME="OPTIONS">OPTIONS</A></H1>
-<P>
-<STRONG>visudo</STRONG> accepts the following command line option:
-
-<DL>
-<DT><STRONG><A NAME="item__s">-s</A></STRONG><DD>
-<P>
-Enable <STRONG>strict</STRONG> checking of the <EM>sudoers</EM> file. If an alias is used before it is defined, <STRONG>visudo</STRONG> will consider this a parse error. Note that it is not possible to
-differentiate between an alias and a hostname or username that consists
-solely of upper case letters, digits, and the underscore ('_') character.
-
-<DT><STRONG><A NAME="item__V">-V</A></STRONG><DD>
-<P>
-The <CODE>-V</CODE> (version) option causes <STRONG>visudo</STRONG> to print the version number and exit.
-
-</DL>
-<P>
-<HR>
-<H1><A NAME="ERRORS">ERRORS</A></H1>
-<DL>
-<DT><STRONG><A NAME="item_sudoers">sudoers file busy, try again later.</A></STRONG><DD>
-<P>
-Someone else is currently editing the <EM>sudoers</EM> file.
-
-<DT><STRONG><A NAME="item__etc_sudoers_tmp_">/etc/sudoers.tmp: Permission denied</A></STRONG><DD>
-<P>
-You didn't run <STRONG>visudo</STRONG> as root.
-
-<DT><STRONG><A NAME="item_Can">Can't find you in the passwd database</A></STRONG><DD>
-<P>
-Your userid does not appear in the system passwd file.
-
-<DT><STRONG><A NAME="item_Warning">Warning: undeclared Alias referenced near ...</A></STRONG><DD>
-<P>
-Either you are using a {User,Runas,Host,Cmnd}_Alias before defining it or
-you have a user or hostname listed that consists solely of upper case
-letters, digits, and the underscore ('_') character. If the latter, you can
-ignore the warnings (<STRONG>sudo</STRONG> will not complain). In <STRONG>-s</STRONG> (strict) mode these are errors not warnings.
-
-<H1><A NAME="ENVIRONMENT">ENVIRONMENT</A></H1>
-<P>
-The following environment variables are used only if <STRONG>visudo</STRONG>
-was configured with the <EM>--with-env-editor</EM> option:
-
-<P>
-<PRE> EDITOR Used by visudo as the editor to use
- VISUAL Used by visudo if EDITOR is not set
-</PRE>
-<H1><A NAME="FILES">FILES</A></H1>
-<P>
-<PRE> /etc/sudoers List of who can run what
- /etc/sudoers.tmp Lock file for visudo
-</PRE>
-<H1><A NAME="AUTHOR">AUTHOR</A></H1>
-<P>
-Many people have worked on <EM>sudo</EM> over the years, this version of
-<STRONG>visudo</STRONG> was written by:
-
-<P>
-<PRE> Todd Miller <Todd.Miller@courtesan.com>
-</PRE>
-<P>
-See the HISTORY file in the sudo distribution for more details.
-
-<H1><A NAME="BUGS">BUGS</A></H1>
-<P>
-If you feel you have found a bug in sudo, please submit a bug report at <A
-HREF="http://www.courtesan.com/sudo/bugs/.">http://www.courtesan.com/sudo/bugs/.</A>
-
-
-<H1><A NAME="DISCLAIMER">DISCLAIMER</A></H1>
-<P>
-<STRONG>Visudo</STRONG> is provided ``AS IS'' and any express or implied warranties, including, but
-not limited to, the implied warranties of merchantability and fitness for a
-particular purpose are disclaimed. See the LICENSE file distributed with <STRONG>sudo</STRONG> for complete details.
-
-<H1><A NAME="CAVEATS">CAVEATS</A></H1>
-<P>
-There is no easy way to prevent a user from gaining a root shell if the
-editor used by <STRONG>visudo</STRONG> allows shell escapes.
-
-<H1><A NAME="SEE_ALSO">SEE ALSO</A></H1>
-<P>
-<CODE><A HREF="sudo.html">sudo(8)</A>, <CODE>vipw(8).</CODE>
-</DL>
-</BODY>
-
-</HTML>
projects / sudo / commitdiff