.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2014
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd December 8, 2013
+.Dd March 1, 2014
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Nd execute a command as another user
.Sh SYNOPSIS
.Nm sudo
-.Fl h No | Fl K No | Fl k No | Fl L No | Fl V
+.Fl h | Fl K | Fl k | Fl L | Fl V
.Nm sudo
.Fl v
.Op Fl AknS
.Op Fl a Ar auth_type
.Ek
.Bk -words
-.Op Fl g Ar group name No | Ar #gid
+.Op Fl g Ar group name | Ar #gid
.Ek
.Bk -words
.Op Fl p Ar prompt
.Ek
.Bk -words
-.Op Fl u Ar user name No | Ar #uid
+.Op Fl u Ar user name | Ar #uid
.Ek
.Nm sudo
.Fl l Ns Op Ar l
.Op Fl a Ar auth_type
.Ek
.Bk -words
-.Op Fl g Ar group name No | Ar #gid
+.Op Fl g Ar group name | Ar #gid
.Ek
.Bk -words
.Op Fl p Ar prompt
.Op Fl U Ar user name
.Ek
.Bk -words
-.Op Fl u Ar user name No | Ar #uid
+.Op Fl u Ar user name | Ar #uid
.Ek
.Op Ar command
.Nm sudo
.Op Fl C Ar fd
.Ek
.Bk -words
-.Op Fl c Ar class No | Ar -
+.Op Fl c Ar class | Ar -
.Ek
.Bk -words
-.Op Fl g Ar group name No | Ar #gid
+.Op Fl g Ar group name | Ar #gid
.Ek
.Bk -words
.Op Fl p Ar prompt
.Op Fl t Ar type
.Ek
.Bk -words
-.Op Fl u Ar user name No | Ar #uid
+.Op Fl u Ar user name | Ar #uid
.Ek
.Bk -words
.Op Sy VAR Ns = Ns Ar value
.Ek
.Bk -words
-.Fl i No | Fl s
+.Fl i | Fl s
.Ek
.Op Ar command
.Nm sudoedit
.Op Fl C Ar fd
.Ek
.Bk -words
-.Op Fl c Ar class No | Ar -
+.Op Fl c Ar class | Ar -
.Ek
.Bk -words
-.Op Fl g Ar group name No | Ar #gid
+.Op Fl g Ar group name | Ar #gid
.Ek
.Bk -words
.Op Fl p Ar prompt
.Ek
.Bk -words
-.Op Fl u Ar user name No | Ar #uid
+.Op Fl u Ar user name | Ar #uid
.Ek
.Bk -words
.Ar
.Nm sudo
requires a password, it will read it from the user's terminal.
If the
-.Fl A No ( Em askpass Ns No )
+.Fl A Pq Em askpass
option is specified, a (possibly graphical) helper program is
executed to read the user's password and output the password to the
standard output.
will exit with an error.
.It Fl a Ar type
The
-.Fl a No ( Em "authentication type" Ns No )
+.Fl a Pq "authentication type"
option causes
.Nm sudo
to use the specified authentication type when validating the user,
This option is only available on systems that support BSD authentication.
.It Fl b
The
-.Fl b No ( Em background Ns No )
+.Fl b Pq Em background
option tells
.Nm sudo
to run the given command in the background.
will close all open file descriptors other than standard input,
standard output and standard error.
The
-.Fl C No ( Em close from Ns No )
+.Fl C Pq Em close from
option allows the user to specify a starting point above the standard
error (file descriptor three).
Values less than three are not permitted.
.Xr sudoers @mansectform@ .
.It Fl c Ar class
The
-.Fl c No ( Em class Ns No )
+.Fl c Pq Em class
option causes
.Nm sudo
to run the command with resource limits and scheduling priority of
This option is only available on systems with BSD login classes.
.It Fl E
The
-.Fl E No ( Em preserve environment Ns No )
+.Fl E Pq Em preserve environment
option will override the
.Em env_reset
option in
the environment.
.It Fl e
The
-.Fl e No ( Em edit Ns No )
+.Fl e Pq Em edit
option indicates that, instead of running a command, the user wishes
to edit one or more files.
In lieu of a command, the string "sudoedit" is used when consulting the
the password database for the user the command is being run as (by
default, root).
The
-.Fl g No ( Em group Ns No )
+.Fl g Pq Em group
option causes
.Nm sudo
to run the command with the primary group set to
.Em group .
.It Fl H
The
-.Fl H No ( Em HOME Ns No )
+.Fl H Pq Em HOME
option option sets the
.Ev HOME
environment variable to the home directory of the target user (root
option is specified on the command line.
.It Fl h
The
-.Fl h No ( Em help Ns No )
+.Fl h Pq Em help
option causes
.Nm sudo
to print a short help message to the standard output and exit.
.It Fl i Op Ar command
The
-.Fl i No ( Em simulate initial login Ns No )
+.Fl i Pq Em simulate initial login
option runs the shell specified by the password database entry of
the target user as a login shell.
This means that login-specific resource files such as
option affects the environment in which a command is run.
.It Fl K
The
-.Fl K No ( sure Em kill Ns No )
+.Fl K Pq sure Em kill
option is like
.Fl k
except that it removes the user's time stamp file entirely and
This option does not require a password.
.It Fl k Op Ar command
When used alone, the
-.Fl k No ( Em kill Ns No )
+.Fl k Pq Em kill
option to
.Nm sudo
invalidates the user's time stamp file.
and will not update the user's time stamp file.
.It Fl L
The
-.Fl L No ( Em list No defaults Ns )
+.Fl L Pq Em list No defaults
option will list the parameters that
may be set in a
.Em Defaults
If no
.Ar command
is specified, the
-.Fl l No ( Em list Ns No )
+.Fl l Pq Em list
option will list the allowed (and forbidden) commands for the
invoking user (or the user specified by the
.Fl U
is specified multiple times, a longer list format is used.
.It Fl n
The
-.Fl n No ( Em non-interactive Ns No )
+.Fl n Pq Em non-interactive
option prevents
.Nm sudo
from prompting the user for a password.
will display an error message and exit.
.It Fl P
The
-.Fl P No ( Em preserve group vector Ns No )
+.Fl P Pq Em preserve group vector
option causes
.Nm sudo
to preserve the invoking user's group vector unaltered.
the target user.
.It Fl p Ar prompt
The
-.Fl p No ( Em prompt Ns No )
+.Fl p Pq Em prompt
option allows you to override the default password prompt and use
a custom one.
The following percent
.Em sudoers .
.It Fl r Ar role
The
-.Fl r No ( Em role Ns No )
+.Fl r Pq Em role
option causes the new (SELinux) security context to have the role
specified by
.Ar role .
.It Fl S
The
-.Fl S ( Em stdin Ns No )
+.Fl S ( Em stdin Ns )
option causes
.Nm sudo
to read the password from the standard input instead of the terminal
The password must be followed by a newline character.
.It Fl s Op Ar command
The
-.Fl s ( Em shell Ns No )
+.Fl s ( Em shell Ns )
option runs the shell specified by the
.Ev SHELL
environment variable if it is set or the shell as specified in the
If no command is specified, an interactive shell is executed.
.It Fl t Ar type
The
-.Fl t ( Em type Ns No )
+.Fl t ( Em type Ns )
option causes the new (SELinux) security context to have the type
specified by
.Ar type .
specified role.
.It Fl U Ar user
The
-.Fl U ( Em other user Ns No )
+.Fl U ( Em other user Ns )
option is used in conjunction with the
.Fl l
option to specify the user whose privileges should be listed.
privilege on the current host may use this option.
.It Fl u Ar user
The
-.Fl u ( Em user Ns No )
+.Fl u ( Em user Ns )
option causes
.Nm sudo
to run the specified command as a user other than
password database.
.It Fl V
The
-.Fl V ( Em version Ns No )
+.Fl V ( Em version Ns )
option causes
.Nm sudo
to print its version string and exit.
was compiled with as well as the machine's local network addresses.
.It Fl v
When given the
-.Fl v ( Em validate Ns No )
+.Fl v ( Em validate Ns )
option,
.Nm sudo
will update the user's time stamp file, authenticating the user's
.Pp
Environment variables to be set for the command may also be passed
on the command line in the form of
-.Sy VAR Ns No = Ns Em value ,
+.Sy VAR Ns = Ns Em value ,
e.g.\&
-.Sy LD_LIBRARY_PATH Ns No = Ns Em /usr/local/pkg/lib .
+.Sy LD_LIBRARY_PATH Ns = Ns Em /usr/local/pkg/lib .
Variables passed on the command line are subject to the same
restrictions as normal environment variables with one important
exception.
to preserve them.
.Pp
As a special case, if
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Fl i
option (initial login) is
specified,
or
.Li sudo sh ,
subsequent commands run from that shell are not subject to
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
security policy.
The same is true for commands that offer shell escapes (including
most editors).
.Nm sudo .
Also, many programs (such as editors) allow the user to run commands
via shell escapes, thus avoiding
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
checks.
However, on most systems it is possible to prevent shell escapes with
.Nm sudo ' s
.\"
-.\" Copyright (c) 2003-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 2003-2014 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 12, 2012
+.Dd March 1, 2014
.Dt SUDOERS.LDAP @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
Another major difference between LDAP and file-based
.Em sudoers
is that in LDAP,
-.Nm sudo Ns No -specific
+.Nm sudo Ns -specific
Aliases are not supported.
.Pp
For the most part, there is really no need for
-.Nm sudo Ns No -specific
+.Nm sudo Ns -specific
Aliases.
Unix groups or user netgroups can be used in place of User_Aliases and
Runas_Aliases.
Host netgroups can be used in place of Host_Aliases.
Since Unix groups and netgroups can also be stored in LDAP there is no
real need for
-.Nm sudo Ns No -specific
+.Nm sudo Ns -specific
aliases.
.Pp
Cmnd_Aliases are not really required either since it is possible
.Ed
.Ss Sudoers schema
In order to use
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
LDAP support, the
.Nm sudo
schema must be
file for LDAP-specific configuration.
Typically, this file is shared amongst different LDAP-aware clients.
As such, most of the settings are not
-.Nm sudo Ns No -specific.
+.Nm sudo Ns -specific.
Note that
.Nm sudo
parses
parameter specifies the amount of time, in seconds, to wait while trying
to connect to an LDAP server.
If multiple
-.Sy URI Ns No s
+.Sy URI Ns s
or
-.Sy HOST Ns No s
+.Sy HOST Ns s
are specified, this is the amount of time to wait before trying
the next one in the list.
.It Sy NETWORK_TIMEOUT Ar seconds
.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2014
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd July 16, 2012
+.Dd March 1, 2014
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
and
.Ql %:#
respectively) and
-.Li User_Alias Ns No es.
+.Li User_Alias Ns es.
Each list item may be prefixed with zero or more
.Ql \&!
operators.
.Li User_List
except that instead
of
-.Li User_Alias Ns No es
+.Li User_Alias Ns es
it can contain
-.Li Runas_Alias Ns No es .
+.Li Runas_Alias Ns es .
Note that
user names and groups are matched as strings.
In other words, two
A fully-specified
.Li Runas_Spec
consists of two
-.Li Runas_List Ns No s
+.Li Runas_List Ns s
(as defined above) separated by a colon
.Pq Ql :\&
and enclosed in a set of parentheses.
.Li Runas_List
indicates
which users the command may be run as via
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Fl u
option.
The second defines a list of groups that can be specified via
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Fl g
option.
If both
-.Li Runas_List Ns No s
+.Li Runas_List Ns s
are specified, the command may be run with any combination of users
and groups listed in their respective
-.Li Runas_List Ns No s.
+.Li Runas_List Ns s.
If only the first is specified, the command may be run as any user
in the list but no
.Fl g
.Pa /bin/ls ,
.Pa /bin/kill ,
and
-.Pa /usr/bin/lprm Ns No \(em Ns but
+.Pa /usr/bin/lprm Ns \(em Ns but
only as
.Sy operator .
E.g.,
Once a tag is set on a
.Li Cmnd ,
subsequent
-.Li Cmnd Ns No s
+.Li Cmnd Ns s
in the
.Li Cmnd_Spec_List ,
inherit the tag unless it is overridden by the opposite tag (in other words,
.Ql )\& ,
.Ql \e .
.Sh SUDOERS OPTIONS
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
behavior can be modified by
.Li Default_Entry
lines, as explained earlier.
by default.
.It closefrom_override
If set, the user may use
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Fl C
option which overrides the default starting point at which
.Nm sudo
.Em env_reset
option is in effect.
This allows fine-grained control over the environment
-.Nm sudo Ns No -spawned
+.Nm sudo Ns -spawned
processes will receive.
The argument may be a double-quoted, space-separated list or a
single value without double-quotes.
it pleases, including run other programs.
This can be a security issue since it is not uncommon for a program to
allow shell escapes, which lets a user bypass
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
access control and logging.
Common programs that permit shell escapes include shells (obviously),
editors, paginators, mail and terminal programs.
.Ev LD_PRELOAD )
to an alternate shared library.
On such systems,
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Em noexec
functionality can be used to prevent a program run by
.Nm sudo
projects / sudo / commitdiff