B<sudo> allows a permitted user to execute a I<command>
as the superuser (real and effective uid and gid are set
-to 0 and root's group as set in the passwd file respectively).
+to C<0> and root's group as set in the passwd file respectively).
B<sudo> determines who is an authorized user by consulting the
-file I</etc/sudoers>. By giving B<sudo> the I<-v> flag a user
+file I</etc/sudoers>. By giving B<sudo> the C<-v> flag a user
can update the time stamp without running a I<command.>
The password prompt itself will also time out if the password is
not entered with N minutes (again, this is defined at installation
time and defaults to 5 minutes).
-If an unauthorized user executes sudo, mail will be sent from the
+If an unauthorized user executes B<sudo>, mail will be sent from the
user to the local authorities (defined at installation time).
B<sudo> was designed to log via the 4.3 BSD syslog(3) facility but
=item -V
-The -V (version) option causes B<sudo> to print the
+The C<-V> (I<version>) option causes B<sudo> to print the
version number and exit.
=item -l
-The -l (list) option will list out the allowed and
+The C<-l> (I<list>) option will list out the allowed and
forbidden commands for the user on the current host.
Note that Command Aliases are currently not expanded.
=item -h
-The -h (help) option causes B<sudo> to print the version
-of sudo and a usage message before exiting.
+The C<-h> (I<help>) option causes B<sudo> to print the version
+of B<sudo> and a usage message before exiting.
=item -v
-If given the -v (validate) option, B<sudo> will update the
+If given the C<-v> (I<validate>) option, B<sudo> will update the
user's timestamp file, prompting for a password if necessary.
This extends the B<sudo> timeout to for another N minutes
(where N is defined at installation time and defaults to 5
=item -k
-The -k (kill) option to B<sudo> removes the user's timestamp
+The C<-k> (I<kill>) option to B<sudo> removes the user's timestamp
file, thus requiring a password the next time B<sudo> is run.
This option does not require and password and was added to
allow a user to revoke B<sudo> permissions from a .logout file.
=item -b
-The -b (background) option tells B<sudo> to run the given
-command in the background. Note that if you use the -b
+The C<-b> (I<background>) option tells B<sudo> to run the given
+command in the background. Note that if you use the C<-b>
option you cannot use shell job control to manipulate the command.
=item -p
-The -p (prompt) option allows you to override the default
+The C<-p> (I<prompt>) option allows you to override the default
password prompt and use a custom one.
=item -s
-The -s (shell) option runs the shell specified by the I<SHELL>
+The C<-s> (I<shell>) option runs the shell specified by the I<SHELL>
environmental variable if it is set or the shell as specified
in passwd(5).
=item --
-The -- flag indicates that B<sudo> should stop processing command
-line arguments. It is most useful in conjunction with the -s flag.
+The C<--> flag indicates that B<sudo> should stop processing command
+line arguments. It is most useful in conjunction with the C<-s> flag.
+
+=back
=head1 RETURN VALUES
=head1 SECURITY NOTES
B<sudo> tries to be safe when executing external commands.
-To this end the IFS, LD_*, SHLIB_PATH (HP-UX only),
-LIBPATH (AIX only), and _RLD_* (Digital UNIX only) environmental
-variables are removed from the environment passed on to all
-commands executed.
+To this end the C<IFS>, C<LD_*>, C<SHLIB_PATH> (HP-UX only),
+C<LIBPATH> (AIX only), and C<_RLD_*> environmental variables are
+removed from the environment passed on to all commands executed.
-To prevent command spoofing, B<sudo> checks '.' and '' (both
+To prevent command spoofing, B<sudo> checks "." and "" (both
denoting current directory) last when searching for a command
in the user's PATH (if one or both are in the PATH).
Note, however, that the actual PATH environmental variable
for setuid programs.
B<sudo> will check the ownership of its timestamp directory
-(/tmp/.odus by default) and ignore the directory's contents
+(F</tmp/.odus> by default) and ignore the directory's contents
if it is not owned by root and only read, writable, and
executable by root. On systems that allow users to give
files away to root (via chown) it is possible for a user
to create the timestamp directory before B<sudo> is run.
-However, because B<sudo> checks the ownership & mode of
+However, because B<sudo> checks the ownership and mode of
the directory, the only damage that can be done is to "hide"
files by putting them in the timestamp dir. This is unlikely
to happen since once the timestamp dir is owned by root and
inaccessible by any other user the user placing files there
would be unable to get them back out. To get around this
issue you can use a directory that is not world-writable
-for the timestamps (/var/sudo for instance).
+for the timestamps (F</var/sudo> for instance).
To keep users from creating their own timestamp files
(by creating the timestamp directory before B<sudo>
the ownership and mode to a combination B<sudo>
will accept) with timestamps far in the future B<sudo>
will not honor any timestamp with a date greater than
-current_time + 2 * TIMEOUT.
+current_time + 2 * C<TIMEOUT>.
=head1 FILES
- /etc/sudoers file of authorized users.
+F</etc/sudoers>S< file of authorized users.>
=head1 ENVIRONMENT VARIABLES
- PATH Set to a sane value if SECURE_PATH is set
- SHELL Used to determine shell to run with -s option
- SUDO_COMMAND Set to the command run by sudo
- SUDO_USER Set to the login of the user who invoked sudo
- SUDO_UID Set to the uid of the user who invoked sudo
- SUDO_GID Set to the gid of the user who invoked sudo
+C<PATH>S< Set to a sane value if SECURE_PATH is set>
+C<SHELL>S< Used to determine shell to run with -s option>
+C<SUDO_COMMAND>S< Set to the command run by B<sudo>>
+C<SUDO_USER>S< Set to the login of the user who invoked B<sudo>>
+C<SUDO_UID>S< Set to the uid of the user who invoked B<sudo>>
+C<SUDO_GID>S< Set to the gid of the user who invoked B<sudo>>
=head1 AUTHORS
Todd Miller <Todd.Miller@cs.colorado.edu>
Chris Jepeway <jepeway@cs.utk.edu>
-See the HISTORY file in the sudo distribution for more details.
+See the HISTORY file in the B<sudo> distribution for more details.
Please send all bugs, comments, and changes to sudo-bugs@cs.colorado.edu.
=head1 BUGS
-The -l (list) option should expand Command Aliases.
+The B<-l> (I<list>) option should expand Command Aliases.
=head1 DISCLAIMER
edited you will receive a message to try again later. In the
default configuration, the vi(1) editor is used, but there is
a compile time option to allow use of whatever editor the
-environmental variables EDITOR or VISUAL are set to.
+environmental variables C<EDITOR> or C<VISUAL> are set to.
B<visudo> parses the I<sudoers> file after the edit and will
not save the changes if there is a syntax error. Upon finding
=item -V
-The B<-V> (version) option causes visudo to print the version number
+The C<-V> (version) option causes B<visudo> to print the version number
and exit.
=back
=head1 FILES
- /etc/sudoers file of authorized users.
- /etc/stmp lock file for visudo.
+F</etc/sudoers>S< file of authorized users.>
+F</etc/stmp>S< lock file for B<visudo>.>
=head1 ENVIRONMENT VARIABLES
The following are used only if B<visudo> was compiled with the
-ENV_EDITOR option:
+I<ENV_EDITOR> option:
- EDITOR Used by visudo as the editor to use.
- VISUAL Used by visudo if EDITOR is not set.
+C<EDITOR>S< Used by B<visudo> as the editor to use.>
+C<VISUAL>S< Used by B<visudo> if C<EDITOR> is not set.>
=head1 AUTHOR
Many people have worked on I<sudo> over the years, this version of
-I<visudo> was written by:
+B<visudo> was written by:
- Todd Miller <Todd.Miller@cs.colorado.edu>
+ Todd Miller <Todd.Miller@cs.colorado.edu>
See the HISTORY file in the sudo distribution for more details.
=head1 CAVEATS
+Due to the syntax of the I<sudoers> file, there is no way
+for B<visudo> to tell the difference between a mistyped
+{Host,User,Cmnd}_Alias and a username.
+
There is no easy way to prevent a user from gaining a root shell if
-the editor used by visudo allows shell escapes.
+the editor used by B<visudo> allows shell escapes.
=head1 BUGS
The I<-V> flag gives the version of the I<sudo> package rather than
-the individual I<visudo> program.
+the individual B<visudo> program.
=head1 SEE ALSO
projects / sudo / commitdiff