nroff.
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "SUDO" "@mansectsu@" "July 10, 2012" "1.8.6" "System Manager's Manual"
+.nh
+.if n .ad l
.SH "NAME"
\fBsudo\fR,
\fBsudoedit\fR
.SH "SYNOPSIS"
.HP 5n
\fBsudo\fR
-\fB-h\fR | \fB-K\fR | \fB-k\fR | \fB-V\fR
-.sp -1v
+\fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR
+.PD 0
.HP 5n
\fBsudo\fR
-\fB-v\fR
-[\fB-AknS\fR]
-[\fB-a\fR\~\fIauth_type\fR]
-[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
-[\fB-p\fR\~\fIprompt\fR]
-[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
-.sp -1v
+\fB\-v\fR
+[\fB\-AknS\fR]
+[\fB\-a\fR\ \fIauth_type\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
+[\fB\-p\fR\ \fIprompt\fR]
+[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
+.br
.HP 5n
\fBsudo\fR
-\fB-l\fR[\fIl\fR]
-[\fB-AknS\fR]
-[\fB-a\fR\~\fIauth_type\fR]
-[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
-[\fB-p\fR\~\fIprompt\fR]
-[\fB-U\fR\~\fIuser\~name\fR]
-[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
+\fB\-l\fR[\fIl\fR]
+[\fB\-AknS\fR]
+[\fB\-a\fR\ \fIauth_type\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
+[\fB\-p\fR\ \fIprompt\fR]
+[\fB\-U\fR\ \fIuser\ name\fR]
+[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
[\fIcommand\fR]
-.sp -1v
+.br
.HP 5n
\fBsudo\fR
-[\fB-AbEHnPS\fR]
-[\fB-a\fR\~\fIauth_type\fR]
-[\fB-C\fR\~\fIfd\fR]
-[\fB-c\fR\~\fIclass\fR\~|\~\fI-\fR]
-[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
-[\fB-p\fR\~\fIprompt\fR]
-[\fB-r\fR\~\fIrole\fR]
-[\fB-t\fR\~\fItype\fR]
-[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
+[\fB\-AbEHnPS\fR]
+[\fB\-a\fR\ \fIauth_type\fR]
+[\fB\-C\fR\ \fIfd\fR]
+[\fB\-c\fR\ \fIclass\fR\ |\ \fI-\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
+[\fB\-p\fR\ \fIprompt\fR]
+[\fB\-r\fR\ \fIrole\fR]
+[\fB\-t\fR\ \fItype\fR]
+[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
[\fBVAR\fR=\fIvalue\fR]
-\fB-i\fR\~|\~\fB-s\fR
+\fB\-i\fR\ |\ \fB\-s\fR
[\fIcommand\fR]
-.sp -1v
+.br
.HP 9n
\fBsudoedit\fR
-[\fB-AnS\fR]
-[\fB-a\fR\~\fIauth_type\fR]
-[\fB-C\fR\~\fIfd\fR]
-[\fB-c\fR\~\fIclass\fR\~|\~\fI-\fR]
-[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
-[\fB-p\fR\~\fIprompt\fR]
-[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
+[\fB\-AnS\fR]
+[\fB\-a\fR\ \fIauth_type\fR]
+[\fB\-C\fR\ \fIfd\fR]
+[\fB\-c\fR\ \fIclass\fR\ |\ \fI-\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
+[\fB\-p\fR\ \fIprompt\fR]
+[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
file ...
+.PD
.SH "DESCRIPTION"
\fBsudo\fR
allows a permitted user to execute a
The real and effective uid and gid are set to match those of the
target user, as specified in the password database, and the group
vector is initialized based on the group database (unless the
-\fB-P\fR
+\fB\-P\fR
option was specified).
.PP
\fBsudo\fR
By running
\fBsudo\fR
with the
-\fB-v\fR
+\fB\-v\fR
option, a user can update the cached credentials without running a
\fIcommand\fR.
.PP
When invoked as
\fBsudoedit\fR,
the
-\fB-e\fR
+\fB\-e\fR
option (described below), is implied.
.PP
Security policies may log successful and failed attempts to use
\fBsudo\fR
accepts the following command line options:
.TP 12n
-\fB-A\fR
+\fB\-A\fR
Normally, if
\fBsudo\fR
requires a password, it will read it from the user's terminal.
If the
-\fB-A\fR (\fIaskpass\fR)
+\fB\-A\fR (\fIaskpass\fR)
option is specified, a (possibly graphical) helper program is
executed to read the user's password and output the password to the
standard output.
will exit with an error.
.PP
.RE
-.sp -1v
+.PD 0
.TP 12n
-\fB-a\fR \fItype\fR
+\fB\-a\fR \fItype\fR
The
-\fB-a\fR (\fIauthentication type\fR)
+\fB\-a\fR (\fIauthentication type\fR)
option causes
\fBsudo\fR
to use the specified authentication type when validating the user,
entry in
\fI/etc/login.conf\fR.
This option is only available on systems that support BSD authentication.
+.PD
.TP 12n
-\fB-b\fR
+\fB\-b\fR
The
-\fB-b\fR (\fIbackground\fR)
+\fB\-b\fR (\fIbackground\fR)
option tells
\fBsudo\fR
to run the given command in the background.
Note that if you use the
-\fB-b\fR
+\fB\-b\fR
option you cannot use shell job control to manipulate the process.
Most interactive commands will fail to work properly in background
mode.
.TP 12n
-\fB-C\fR \fIfd\fR
+\fB\-C\fR \fIfd\fR
Normally,
\fBsudo\fR
will close all open file descriptors other than standard input,
standard output and standard error.
The
-\fB-C\fR (\fIclose from\fR)
+\fB\-C\fR (\fIclose from\fR)
option allows the user to specify a starting point above the standard
error (file descriptor three).
Values less than three are not permitted.
The security policy may restrict the user's ability to use the
-\fB-C\fR
+\fB\-C\fR
option.
The
\fIsudoers\fR
policy only permits use of the
-\fB-C\fR
+\fB\-C\fR
option when the administrator has enabled the
\fIclosefrom_override\fR
option.
.TP 12n
-\fB-c\fR \fIclass\fR
+\fB\-c\fR \fIclass\fR
The
-\fB-c\fR (\fIclass\fR)
+\fB\-c\fR (\fIclass\fR)
option causes
\fBsudo\fR
to run the specified command with resources limited by the specified
command must be run from a shell that is already root.
This option is only available on systems with BSD login classes.
.TP 12n
-\fB-E\fR
+\fB\-E\fR
The
-\fB-E\fR (\fIpreserve environment\fR)
+\fB\-E\fR (\fIpreserve environment\fR)
option indicates to the security policy that the user wishes to
preserve their existing environment variables.
The security policy may return an error if the
-\fB-E\fR
+\fB\-E\fR
option is specified and the user does not have permission to preserve
the environment.
.TP 12n
-\fB-e\fR
+\fB\-e\fR
The
-\fB-e\fR (\fIedit\fR)
+\fB\-e\fR (\fIedit\fR)
option indicates that, instead of running a command, the user wishes
to edit one or more files.
In lieu of a command, the string "sudoedit" is used when consulting
file.
.PP
.RE
-.sp -1v
+.PD 0
.TP 12n
-\fB-g\fR \fIgroup\fR
+\fB\-g\fR \fIgroup\fR
Normally,
\fBsudo\fR
runs a command with the primary group set to the one specified by
the password database for the user the command is being run as (by
default, root).
The
-\fB-g\fR (\fIgroup\fR)
+\fB\-g\fR (\fIgroup\fR)
option causes
\fBsudo\fR
to run the command with the primary group set to
be escaped with a backslash
(`\e').
If no
-\fB-u\fR
+\fB\-u\fR
option is specified, the command will be run as the invoking user
(not root).
In either case, the primary group will be set to
\fIgroup\fR.
+.PD
.TP 12n
-\fB-H\fR
+\fB\-H\fR
The
-\fB-H\fR (\fIHOME\fR)
+\fB\-H\fR (\fIHOME\fR)
option requests that the security policy set the
\fRHOME\fR
environment variable to the home directory of the target user (root
by default) as specified by the password database.
Depending on the policy, this may be the default behavior.
.TP 12n
-\fB-h\fR
+\fB\-h\fR
The
-\fB-h\fR (\fIhelp\fR)
+\fB\-h\fR (\fIhelp\fR)
option causes
\fBsudo\fR
to print a short help message to the standard output and exit.
.TP 12n
-\fB-i\fR [\fIcommand\fR]
+\fB\-i\fR [\fIcommand\fR]
The
-\fB-i\fR (\fIsimulate initial login\fR)
+\fB\-i\fR (\fIsimulate initial login\fR)
option runs the shell specified by the password database entry of
the target user as a login shell.
This means that login-specific resource files such as
will be read by the shell.
If a command is specified, it is passed to the shell for execution
via the shell's
-\fB-c\fR
+\fB\-c\fR
option.
If no command is specified, an interactive shell is executed.
\fBsudo\fR
section in the
sudoers(@mansectform@)
manual documents how the
-\fB-i\fR
+\fB\-i\fR
option affects the environment in which a command is run when the
\fIsudoers\fR
policy is in use.
.TP 12n
-\fB-K\fR
+\fB\-K\fR
The
-\fB-K\fR (sure \fIkill\fR)
+\fB\-K\fR (sure \fIkill\fR)
option is like
-\fB-k\fR
+\fB\-k\fR
except that it removes the user's cached credentials entirely and
may not be used in conjunction with a command or other option.
This option does not require a password.
Not all security policies support credential caching.
.TP 12n
-\fB-k\fR [\fIcommand\fR]
+\fB\-k\fR [\fIcommand\fR]
When used alone, the
-\fB-k\fR (\fIkill\fR)
+\fB\-k\fR (\fIkill\fR)
option to
\fBsudo\fR
invalidates the user's cached credentials.
.sp
When used in conjunction with a command or an option that may require
a password, the
-\fB-k\fR
+\fB\-k\fR
option will cause
\fBsudo\fR
to ignore the user's cached credentials.
will prompt for a password (if one is required by the security
policy) and will not update the user's cached credentials.
.TP 12n
-\fB-l\fR[\fBl\fR] [\fIcommand\fR]
+\fB\-l\fR[\fBl\fR] [\fIcommand\fR]
If no
\fIcommand\fR
is specified, the
-\fB-l\fR (\fIlist\fR)
+\fB\-l\fR (\fIlist\fR)
option will list the allowed (and forbidden) commands for the
invoking user (or the user specified by the
-\fB-U\fR
+\fB\-U\fR
option) on the current host.
If a
\fIcommand\fR
\fBsudo\fR
will exit with a status value of 1.
If the
-\fB-l\fR
+\fB\-l\fR
option is specified with an
\fIl\fR
argument
-(i.e.\& \fB-ll\fR),
+(i.e.\& \fB\-ll\fR),
or if
-\fB-l\fR
+\fB\-l\fR
is specified multiple times, a longer list format is used.
.TP 12n
-\fB-n\fR
+\fB\-n\fR
The
-\fB-n\fR (\fInon-interactive\fR)
+\fB\-n\fR (\fInon-interactive\fR)
option prevents
\fBsudo\fR
from prompting the user for a password.
\fBsudo\fR
will display an error message and exit.
.TP 12n
-\fB-P\fR
+\fB\-P\fR
The
-\fB-P\fR (\fIpreserve group vector\fR)
+\fB\-P\fR (\fIpreserve group vector\fR)
option causes
\fBsudo\fR
to preserve the invoking user's group vector unaltered.
The real and effective group IDs, however, are still set to match
the target user.
.TP 12n
-\fB-p\fR \fIprompt\fR
+\fB\-p\fR \fIprompt\fR
The
-\fB-p\fR (\fIprompt\fR)
+\fB\-p\fR (\fIprompt\fR)
option allows you to override the default password prompt and use
a custom one.
The following percent
flags in
sudoers(@mansectform@))
.TP 4n
-\fR%U\fR
+\fR\&%U\fR
expanded to the login name of the user the command will be run as
(defaults to root unless the
-\fB-u\fR
+\fB\-u\fR
option is also specified)
.TP 4n
\fR%u\fR
.RS
.PP
The prompt specified by the
-\fB-p\fR
+\fB\-p\fR
option will override the system password prompt on systems that
support PAM unless the
\fIpassprompt_override\fR
\fIsudoers\fR.
.PP
.RE
-.sp -1v
+.PD 0
.TP 12n
-\fB-r\fR \fIrole\fR
+\fB\-r\fR \fIrole\fR
The
-\fB-r\fR (\fIrole\fR)
+\fB\-r\fR (\fIrole\fR)
option causes the new (SELinux) security context to have the role
specified by
\fIrole\fR.
+.PD
.TP 12n
-\fB-S\fR
+\fB\-S\fR
The
-\fB-S\fR (\fIstdin\fR)
+\fB\-S\fR (\fIstdin\fR)
option causes
\fBsudo\fR
to read the password from the standard input instead of the terminal
device.
The password must be followed by a newline character.
.TP 12n
-\fB-s\fR [\fIcommand\fR]
+\fB\-s\fR [\fIcommand\fR]
The
-\fB-s\fR (\fIshell\fR)
+\fB\-s\fR (\fIshell\fR)
option runs the shell specified by the
\fRSHELL\fR
environment variable if it is set or the shell as specified in the
password database.
If a command is specified, it is passed to the shell for execution
via the shell's
-\fB-c\fR
+\fB\-c\fR
option.
If no command is specified, an interactive shell is executed.
.TP 12n
-\fB-t\fR \fItype\fR
+\fB\-t\fR \fItype\fR
The
-\fB-t\fR (\fItype\fR)
+\fB\-t\fR (\fItype\fR)
option causes the new (SELinux) security context to have the type
specified by
\fItype\fR.
If no type is specified, the default type is derived from the
specified role.
.TP 12n
-\fB-U\fR \fIuser\fR
+\fB\-U\fR \fIuser\fR
The
-\fB-U\fR (\fIother user\fR)
+\fB\-U\fR (\fIother user\fR)
option is used in conjunction with the
-\fB-l\fR
+\fB\-l\fR
option to specify the user whose privileges should be listed.
The security policy may restrict listing other users' privileges.
The
\fRALL\fR
privilege on the current host to use this option.
.TP 12n
-\fB-u\fR \fIuser\fR
+\fB\-u\fR \fIuser\fR
The
-\fB-u\fR (\fIuser\fR)
+\fB\-u\fR (\fIuser\fR)
option causes
\fBsudo\fR
to run the specified command as a user other than
option is not set.
Other security policies may not support this.
.TP 12n
-\fB-V\fR
+\fB\-V\fR
The
-\fB-V\fR (\fIversion\fR)
+\fB\-V\fR (\fIversion\fR)
option causes
\fBsudo\fR
to print its version string and the version string of the security
policy plugin and any I/O plugins.
If the invoking user is already root the
-\fB-V\fR
+\fB\-V\fR
option will display the arguments passed to configure when
\fBsudo\fR
was built and plugins may display more verbose information such as
default options.
.TP 12n
-\fB-v\fR
+\fB\-v\fR
When given the
-\fB-v\fR (\fIvalidate\fR)
+\fB\-v\fR (\fIvalidate\fR)
option,
\fBsudo\fR
will update the user's cached credentials, authenticating the user's
but does not run a command.
Not all security policies support cached credentials.
.TP 12n
-\fB--\fR
+\fB\--\fR
The
-\fB--\fR
+\fB\--\fR
option indicates that
\fBsudo\fR
should stop processing command line arguments.
.TP 17n
\fREDITOR\fR
Default editor to use in
-\fB-e\fR
+\fB\-e\fR
(sudoedit) mode if neither
\fRSUDO_EDITOR\fR
nor
.TP 17n
\fRMAIL\fR
In
-\fB-i\fR
+\fB\-i\fR
mode or when
\fIenv_reset\fR
is enabled in
.TP 17n
\fRHOME\fR
Set to the home directory of the target user if
-\fB-i\fR
+\fB\-i\fR
or
-\fB-H\fR
+\fB\-H\fR
are specified,
\fIenv_reset\fR
or
are set in
\fIsudoers\fR,
or when the
-\fB-s\fR
+\fB\-s\fR
option is specified and
\fIset_home\fR
is set in
.TP 17n
\fRSHELL\fR
Used to determine shell to run with
-\fB-s\fR
+\fB\-s\fR
option.
.TP 17n
\fRSUDO_ASKPASS\fR
Specifies the path to a helper program used to read the password
if no terminal is available or if the
-\fB-A\fR
+\fB\-A\fR
option is specified.
.TP 17n
\fRSUDO_COMMAND\fR
.TP 17n
\fRSUDO_EDITOR\fR
Default editor to use in
-\fB-e\fR
+\fB\-e\fR
(sudoedit) mode.
.TP 17n
\fRSUDO_GID\fR
.TP 17n
\fRUSER\fR
Set to the target user (root unless the
-\fB-u\fR
+\fB\-u\fR
option is specified).
.TP 17n
\fRVISUAL\fR
Default editor to use in
-\fB-e\fR
+\fB\-e\fR
(sudoedit) mode if
\fRSUDO_EDITOR\fR
is not set.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.TH "SUDO_PLUGIN" "5" "July 16, 2012" "1.8.6" "OpenBSD Programmer's Manual"
+.nh
+.if n .ad l
.SH "NAME"
\fBsudo_plugin\fR
\- Sudo Plugin API
.RS
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
version
The version passed in by
allows the plugin to determine the
major and minor version number of the plugin API supported by
\fBsudo\fR.
+.PD
.TP 6n
conversation
A pointer to the
.TP 6n
runas_user=string
The user name or uid to to run the command as, if specified via the
-\fB-u\fR
+\fB\-u\fR
flag.
.TP 6n
runas_group=string
The group name or gid to to run the command as, if specified via
the
-\fB-g\fR
+\fB\-g\fR
flag.
.TP 6n
prompt=string
The prompt to use when requesting a password, if specified via
the
-\fB-p\fR
+\fB\-p\fR
flag.
.TP 6n
set_home=bool
Set to true if the user specified the
-\fB-H\fR
+\fB\-H\fR
flag.
If true, set the
\fRHOME\fR
.TP 6n
preserve_environment=bool
Set to true if the user specified the
-\fB-E\fR
+\fB\-E\fR
flag, indicating that
the user wishes to preserve the environment.
.TP 6n
run_shell=bool
Set to true if the user specified the
-\fB-s\fR
+\fB\-s\fR
flag, indicating that
the user wishes to run a shell.
.TP 6n
login_shell=bool
Set to true if the user specified the
-\fB-i\fR
+\fB\-i\fR
flag, indicating that
the user wishes to run a login shell.
.TP 6n
.TP 6n
preserve_groups=bool
Set to true if the user specified the
-\fB-P\fR
+\fB\-P\fR
flag, indicating that
the user wishes to preserve the group vector instead of setting it
based on the runas user.
.TP 6n
ignore_ticket=bool
Set to true if the user specified the
-\fB-k\fR
+\fB\-k\fR
flag along with a
command, indicating that the user wishes to ignore any cached
authentication credentials.
.TP 6n
noninteractive=bool
Set to true if the user specified the
-\fB-n\fR
+\fB\-n\fR
flag, indicating that
\fBsudo\fR
should operate in non-interactive mode.
login_class=string
BSD login class to use when setting resource limits and nice value,
if specified by the
-\fB-c\fR
+\fB\-c\fR
flag.
.TP 6n
selinux_role=string
SELinux role to use when executing the command, if specified by
the
-\fB-r\fR
+\fB\-r\fR
flag.
.TP 6n
selinux_type=string
SELinux type to use when executing the command, if specified by
the
-\fB-t\fR
+\fB\-t\fR
flag.
.TP 6n
bsdauth_type=string
Authentication type, if specified by the
-\fB-a\fR
+\fB\-a\fR
flag, to use on
systems where BSD authentication is supported.
.TP 6n
.TP 6n
sudoedit=bool
Set to true when the
-\fB-e\fR
+\fB\-e\fR
flag is is specified or if invoked as
\fBsudoedit\fR.
The plugin shall substitute an editor into
.TP 6n
closefrom=number
If specified, the user has requested via the
-\fB-C\fR
+\fB\-C\fR
flag that
\fBsudo\fR
close all files descriptors with a value of
silently ignore settings that it does not recognize.
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
user_info
A vector of information about the user running the command in the form of
\fIvalue\fR
might.
.RS
+.PD
.TP 6n
pid=int
The process ID of the running
.RS
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
exit_status
The command's exit status, as returned by the
is undefined if
\fRerror\fR
is non-zero.
+.PD
.TP 6n
error
.br
\fBsudo\fR
when the user specifies
the
-\fB-V\fR
+\fB\-V\fR
option.
The plugin may display its version information to the user via the
\fBconversation\fR()
If the user requests detailed version information, the verbose flag will be set.
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
check_policy
.nf
.sp
The function arguments are as follows:
.RS
+.PD
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
argc
The number of elements in
not counting the final
\fRNULL\fR
pointer.
+.PD
.TP 6n
argv
The argument vector describing the command the user wishes to run,
Unsupported values will be ignored.
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
argv_out
The
execve(2)
system call when executing the command.
The plugin is responsible for allocating and populating the vector.
+.PD
.TP 6n
user_env_out
The
.RS
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
verbose
Flag indicating whether to list in verbose mode or not.
+.PD
.TP 6n
list_user
The name of a different user to list privileges for if the policy
function is called when
\fBsudo\fR
is run with the
-\fB-v\fR
+\fB\-v\fR
flag.
For policy plugins such as
\fIsudoers\fR
error information to the user.
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
invalidate
.nf
\fBsudo\fR
is called with
the
-\fB-k\fR
+\fB\-k\fR
or
-\fB-K\fR
+\fB\-K\fR
flag.
For policy plugins such as
\fIsudoers\fR
function should be
\fRNULL\fR
if the plugin does not support credential caching.
+.PD
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
init_session
.nf
\fRSUDO_CONF_ERROR_MSG\fR
to present additional
error information to the user.
+.PD
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
register_hooks
.nf
version 1.2 or higher,
\fRregister_hooks\fR
will not be called.
+.PD
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
deregister_hooks
.nf
\fRderegister_hooks\fR
will not be called.
.RE
+.PD
.PP
\fIPolicy Plugin Version Macros\fR
.nf
.RS
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
version
The version passed in by
allows the plugin to determine the
major and minor version number of the plugin API supported by
\fBsudo\fR.
+.PD
.TP 6n
conversation
A pointer to the
.RS
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
exit_status
The command's exit status, as returned by the
is undefined if
\fRerror\fR
is non-zero.
+.PD
.TP 6n
error
.br
\fBsudo\fR
when the user specifies
the
-\fB-V\fR
+\fB\-V\fR
option.
The plugin may display its version information to the user via the
\fBconversation\fR()
If the user requests detailed version information, the verbose flag will be set.
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
log_ttyin
.nf
.sp
The function arguments are as follows:
.RS
+.PD
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
buf
The buffer containing user input.
+.PD
.TP 6n
len
The length of
.RS
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
buf
The buffer containing command output.
+.PD
.TP 6n
len
The length of
.RS
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
buf
The buffer containing user input.
+.PD
.TP 6n
len
The length of
.RS
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
buf
The buffer containing command output.
+.PD
.TP 6n
len
The length of
.RS
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
buf
The buffer containing command output.
+.PD
.TP 6n
len
The length of
unspecified.
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
\fRSUDO_HOOK_UNSETENV\fR
The C library
.RE
.fi
.RS
+.PD
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
\fRSUDO_HOOK_GETENV\fR
The C library
.sp
If the registered hook does not match the typedef the results are
unspecified.
+.PD
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
\fRSUDO_HOOK_PUTENV\fR
The C library
If the registered hook does not match the typedef the results are
unspecified.
.RE
+.PD
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
hook_fn
sudo_hook_fn_t hook_fn;
.sp
The function return value may be one of the following:
.RS
+.PD
.TP 6n
\fRSUDO_HOOK_RET_ERROR\fR
The hook function encountered an error.
.RS
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
version
The version passed in by
allows the plugin to determine the
major and minor version number of the group plugin API supported by
\fIsudoers\fR.
+.PD
.TP 6n
plugin_printf
A pointer to a
The plugin should free any memory it has allocated and close open file handles.
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
query
.br
.sp
The function arguments are as follows:
.RS
+.PD
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
user
The name of the user being looked up in the external group database.
+.PD
.TP 6n
group
.br
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.TH "SUDOERS.LDAP" "8" "July 12, 2012" "1.8.6" "OpenBSD System Manager's Manual"
+.nh
+.if n .ad l
.SH "NAME"
\fBsudoers.ldap\fR
\- sudo LDAP configuration
Tivoli Directory Server:
\fRtls_cert /usr/ldap/ldapkey.kdb\fR
.RE
-.sp -1v
.RS
+.PD 0
.PP
+.PD
When using Tivoli LDAP libraries, this file may also contain
Certificate Authority and client certificates and may be encrypted.
.PP
.RE
-.sp -1v
+.PD 0
.TP 6n
\fBTLS_KEYPW\fR \fIsecret\fR
The
that ships with Tivoli Directory Server is encrypted with the password
\fRssl_password\fR.
This option is only supported by the Tivoli LDAP libraries.
+.PD
.TP 6n
\fBTLS_RANDFILE\fR \fIfile name\fR
The
files
read sudoers from
\fI@sysconfdir@/sudoers\fR
-.sp -1v
+.PD 0
.TP 10n
ldap
read sudoers from LDAP
+.PD
.PP
In addition, the entry
\fR[NOTFOUND=return]\fR
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "SUDOERS" "@mansectsu@" "July 16, 2012" "1.8.6" "Programmer's Manual"
+.nh
+.if n .ad l
.SH "NAME"
\fBsudoers\fR
\- default sudo security policy module
run
\fBsudo\fR
with the
-\fB-l\fR
+\fB\-l\fR
or
-\fB-v\fR
+\fB\-v\fR
option.
This allows users to
determine for themselves whether or not they are allowed to use
through sudo even when a root shell has been invoked.
It also
allows the
-\fB-e\fR
+\fB\-e\fR
option to remain useful even when invoked via a
sudo-run script or program.
Note, however, that the
.PP
As a special case, if
\fBsudo\fR's
-\fB-i\fR
+\fB\-i\fR
option (initial login) is
specified,
\fIsudoers\fR
is used to permit a user to run
\fBsudo\fR
with the
-\fB-e\fR
+\fB\-e\fR
option (or as
\fBsudoedit\fR).
It may take command line arguments just as a normal command does.
indicates
which users the command may be run as via
\fBsudo\fR's
-\fB-u\fR
+\fB\-u\fR
option.
The second defines a list of groups that can be specified via
\fBsudo\fR's
-\fB-g\fR
+\fB\-g\fR
option.
If both
\fRRunas_List\fRs
\fRRunas_List\fRs.
If only the first is specified, the command may be run as any user
in the list but no
-\fB-g\fR
+\fB\-g\fR
option
may be specified.
If the first
Multiple users and groups may be present in a
\fRRunas_Spec\fR,
in which case the user may select any combination of users and groups via the
-\fB-u\fR
+\fB\-u\fR
and
-\fB-g\fR
+\fB\-g\fR
options.
In this example:
.nf
has been set for a command, the user may disable the
\fIenv_reset\fR
option from the command line via the
-\fB-E\fR
+\fB\-E\fR
option.
Additionally, environment variables set on the command
line are not subject to the restrictions imposed by
It is still possible to run
\fBvisudo\fR
with the
-\fB-f\fR
+\fB\-f\fR
flag to edit the files directly.
.SS "Other special characters and reserved words"
The pound sign
\fRHOME\fR
environment variable to the home directory of the target user
(which is root unless the
-\fB-u\fR
+\fB\-u\fR
option is used).
This effectively means that the
-\fB-H\fR
+\fB\-H\fR
option is always implied.
Note that
\fRHOME\fR
closefrom_override
If set, the user may use
\fBsudo\fR's
-\fB-C\fR
+\fB\-C\fR
option which overrides the default starting point at which
\fBsudo\fR
begins closing open file descriptors.
lists are displayed when
\fBsudo\fR
is run by root with the
-\fB-V\fR
+\fB\-V\fR
option.
If the
\fIsecure_path\fR
If enabled and
\fBsudo\fR
is invoked with the
-\fB-s\fR
+\fB\-s\fR
option the
\fRHOME\fR
environment variable will be set to the home directory of the target
user (which is root unless the
-\fB-u\fR
+\fB\-u\fR
option is used).
This effectively makes the
-\fB-s\fR
+\fB\-s\fR
option imply
-\fB-H\fR.
+\fB\-H\fR.
Note that
\fRHOME\fR
is already set when the the
and
\fRUSERNAME\fR
environment variables to the name of the target user (usually root unless the
-\fB-u\fR
+\fB\-u\fR
option is given).
However, since some programs (including the RCS revision control system) use
\fRLOGNAME\fR
Allow the user to disable the
\fIenv_reset\fR
option from the command line via the
-\fB-E\fR
+\fB\-E\fR
option.
Additionally, environment variables set via the command line are
not subject to the restrictions imposed by
If set and
\fBsudo\fR
is invoked with no arguments it acts as if the
-\fB-s\fR
+\fB\-s\fR
option had been given.
That is, it runs a shell as root (the shell is determined by the
\fRSHELL\fR
\fBsudo\fR
will prompt for the password of the user specified
by the
-\fB-u\fR
+\fB\-u\fR
option (defaults to
\fRroot\fR)
instead of the password of the invoking user.
In addition, the timestamp file name will include the target user's name.
Note that this flag precludes the use of a uid not listed in the passwd
database as an argument to the
-\fB-u\fR
+\fB\-u\fR
option.
This flag is
\fIoff\fR
should be used.
.PP
.RE
-.sp -1v
+.PD 0
.TP 18n
iolog_file
The path name, relative to
replaced with a unique combination of digits and letters, similar to the
mktemp(3)
function.
+.PD
.TP 18n
mailsub
Subject of the mail sent to the
.TP 18n
passprompt
The default prompt to use when asking for a password; can be overridden via the
-\fB-p\fR
+\fB\-p\fR
option or the
\fRSUDO_PROMPT\fR
environment variable.
flags in
\fIsudoers\fR)
.TP 6n
-\fR%U\fR
+\fR\&%U\fR
expanded to the login name of the user the command will
be run as (defaults to root)
.TP 6n
``\fR@passprompt@\fR''.
.PP
.RE
-.sp -1v
+.PD 0
.TP 18n
role
The default SELinux role to use when constructing a new security
This option is only available whe
\fBsudo\fR
is built with SELinux support.
+.PD
.TP 18n
runas_default
The default user to run commands as if the
-\fB-u\fR
+\fB\-u\fR
option is not specified on the command line.
This defaults to
\fR@runas_default@\fR.
sudo_plugin(@mansectform@).
.PP
.RE
-.sp -1v
+.PD 0
.TP 14n
lecture
This option controls when a short lecture will be printed along with
the password prompt.
It has the following possible values:
.RS
+.PD
.TP 8n
always
Always lecture the user.
\fI@lecture@\fR.
.PP
.RE
-.sp -1v
+.PD 0
.TP 14n
lecture_file
Path to a file containing an alternate
By default,
\fBsudo\fR
uses a built-in lecture.
+.PD
.TP 14n
listpw
This option controls when a password will be required when a user runs
\fBsudo\fR
with the
-\fB-l\fR
+\fB\-l\fR
option.
It has the following possible values:
.RS
.TP 10n
always
The user must always enter a password to use the
-\fB-l\fR
+\fB\-l\fR
option.
.TP 10n
any
.TP 10n
never
The user need never enter a password to use the
-\fB-l\fR
+\fB\-l\fR
option.
.RE
.RS
\fIany\fR.
.PP
.RE
-.sp -1v
+.PD 0
.TP 14n
logfile
Path to the
By default,
\fBsudo\fR
logs via syslog.
+.PD
.TP 14n
mailerflags
Flags to use when invoking mailer. Defaults to
-\fB-t\fR.
+\fB\-t\fR.
.TP 14n
mailerpath
Path to mail program used to send warning mail.
This option controls when a password will be required when a user runs
\fBsudo\fR
with the
-\fB-v\fR
+\fB\-v\fR
option.
It has the following possible values:
.RS
.TP 8n
always
The user must always enter a password to use the
-\fB-v\fR
+\fB\-v\fR
option.
.TP 8n
any
.TP 8n
never
The user need never enter a password to use the
-\fB-v\fR
+\fB\-v\fR
option.
.RE
.RS
\fBsudo\fR
is run by root with
the
-\fB-V\fR
+\fB\-V\fR
option.
.TP 18n
env_delete
The default list of environment variables to remove is displayed when
\fBsudo\fR
is run by root with the
-\fB-V\fR
+\fB\-V\fR
option.
Note that many operating systems will remove potentially dangerous
variables from the environment of any setuid process (such as
is displayed when
\fBsudo\fR
is run by root with the
-\fB-V\fR
+\fB\-V\fR
option.
.SH "SUDO.CONF"
The
.TP 26n
\fI/etc/environment\fR
Initial environment for
-\fB-i\fR
+\fB\-i\fR
mode on AIX and Linux systems
.SH "EXAMPLES"
Below are example
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.TH "SUDOREPLAY" "@mansectsu@" "July 12, 2012" "1.8.6" "System Manager's Manual"
+.nh
+.if n .ad l
.SH "NAME"
\fBsudoreplay\fR
\- replay sudo session logs
.SH "SYNOPSIS"
.HP 11n
\fBsudoreplay\fR
-[\fB-h\fR]
-[\fB-d\fR\~\fIdirectory\fR]
-[\fB-f\fR\~\fIfilter\fR]
-[\fB-m\fR\~\fImax_wait\fR]
-[\fB-s\fR\~\fIspeed_factor\fR]
+[\fB\-h\fR]
+[\fB\-d\fR\ \fIdirectory\fR]
+[\fB\-f\fR\ \fIfilter\fR]
+[\fB\-m\fR\ \fImax_wait\fR]
+[\fB\-s\fR\ \fIspeed_factor\fR]
ID
.HP 11n
\fBsudoreplay\fR
-[\fB-h\fR]
-[\fB-d\fR\~\fIdirectory\fR]
-\fB-l\fR
+[\fB\-h\fR]
+[\fB\-d\fR\ \fIdirectory\fR]
+\fB\-l\fR
[search expression]
.SH "DESCRIPTION"
\fBsudoreplay\fR
\fBsudoreplay\fR
accepts the following command line options:
.TP 14n
-\fB-d\fR \fIdirectory\fR
+\fB\-d\fR \fIdirectory\fR
+.br
Use
\fIdirectory\fR
to for the session logs instead of the default,
\fI@iolog_dir@\fR.
.TP 14n
-\fB-f\fR \fIfilter\fR
+\fB\-f\fR \fIfilter\fR
By default,
\fBsudoreplay\fR
will play back the command's standard output, standard error and tty output.
The
-\fB-f\fR
+\fB\-f\fR
option can be used to select which of these to output.
The
\fIfilter\fR
and
\fIttyout\fR.
.TP 14n
-\fB-h\fR
+\fB\-h\fR
The
-\fB-h\fR (\fIhelp\fR)
+\fB\-h\fR (\fIhelp\fR)
option causes
\fBsudoreplay\fR
to print a short help message to the standard output and exit.
.TP 14n
-\fB-l\fR [\fIsearch expression\fR]
+\fB\-l\fR [\fIsearch expression\fR]
Enable
``list mode''.
In this mode,
\fIor\fR.
.PP
.RE
-.sp -1v
+.PD 0
.TP 14n
-\fB-m\fR \fImax_wait\fR
+\fB\-m\fR \fImax_wait\fR
Specify an upper bound on how long to wait between key presses or output data.
By default,
\fBsudoreplay\fR
will accurately reproduce the delays between key presses or program output.
However, this can be tedious when the session includes long pauses.
When the
-\fB-m\fR
+\fB\-m\fR
option is specified,
\fBsudoreplay\fR
will limit these pauses to at most
seconds.
The value may be specified as a floating point number, e.g.\&
\fI2.5\fR.
+.PD
.TP 14n
-\fB-s\fR \fIspeed_factor\fR
+\fB\-s\fR \fIspeed_factor\fR
This option causes
\fBsudoreplay\fR
to adjust the number of seconds it will wait between key presses or
\fI.5\fR
would make the output twice as slow.
.TP 14n
-\fB-V\fR
+\fB\-V\fR
The
-\fB-V\fR (\fIversion\fR)
+\fB\-V\fR (\fIversion\fR)
option causes
\fBsudoreplay\fR
to print its version number
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "VISUDO" "@mansectsu@" "July 12, 2012" "1.8.6" "System Manager's Manual"
+.nh
+.if n .ad l
.SH "NAME"
\fBvisudo\fR
\- edit the sudoers file
.SH "SYNOPSIS"
.HP 7n
\fBvisudo\fR
-[\fB-chqsV\fR]
-[\fB-f\fR\~\fIsudoers\fR]
+[\fB\-chqsV\fR]
+[\fB\-f\fR\ \fIsudoers\fR]
.SH "DESCRIPTION"
\fBvisudo\fR
edits the
accepts the following command line options:
accepts the following command line options:
.TP 12n
-\fB-c\fR
+\fB\-c\fR
Enable
\fIcheck-only\fR
mode.
A message will be printed to the standard output describing the status of
\fIsudoers\fR
unless the
-\fB-q\fR
+\fB\-q\fR
option was specified.
If the check completes successfully,
\fBvisudo\fR
\fBvisudo\fR
will exit with a value of 1.
.TP 12n
-\fB-f\fR \fIsudoers\fR
+\fB\-f\fR \fIsudoers\fR
+.br
Specify and alternate
\fIsudoers\fR
file location.
In
\fIcheck-only\fR
mode only, the argument to
-\fB-f\fR
+\fB\-f\fR
may be
`-',
indicating that
\fIsudoers\fR
will be read from the standard input.
.TP 12n
-\fB-h\fR
+\fB\-h\fR
The
-\fB-h\fR (\fIhelp\fR)
+\fB\-h\fR (\fIhelp\fR)
option causes
\fBvisudo\fR
to print a short help message
to the standard output and exit.
.TP 12n
-\fB-q\fR
+\fB\-q\fR
Enable
\fIquiet\fR
mode.
In this mode details about syntax errors are not printed.
This option is only useful when combined with
the
-\fB-c\fR
+\fB\-c\fR
option.
.TP 12n
-\fB-s\fR
+\fB\-s\fR
Enable
\fIstrict\fR
checking of the
(`_')
character.
.TP 12n
-\fB-V\fR
+\fB\-V\fR
The
-\fB-V\fR (\fIversion\fR)
+\fB\-V\fR (\fIversion\fR)
option causes
\fBvisudo\fR
to print its version number
will not complain)
\&.
In
-\fB-s\fR
+\fB\-s\fR
(strict) mode these are errors, not warnings.
.TP 6n
\fRWarning: unused {User,Runas,Host,Cmnd}_Alias\fR
used.
You may wish to comment out or remove the unused alias.
In
-\fB-s\fR
+\fB\-s\fR
(strict) mode this is an error, not a warning.
.TP 6n
\fRWarning: cycle in {User,Runas,Host,Cmnd}_Alias\fR
projects / sudo / commitdiff