following restrictions are enforced unless explicitly allowed
by the security policy:
- +\b+\bo\bo Symbolic links may not be edited (version 1.8.15 and
- higher).
+ +\b+\bo\bo Symbolic links may not be edited (version 1.8.15 and
+ higher).
- +\b+\bo\bo Symbolic links along the path to be edited are not
- followed when the parent directory is writable by the
- invoking user unless that user is root (version 1.8.16
- and higher).
+ +\b+\bo\bo Symbolic links along the path to be edited are not
+ followed when the parent directory is writable by the
+ invoking user unless that user is root (version 1.8.16
+ and higher).
- +\b+\bo\bo Files located in a directory that is writable by the
- invoking user may not be edited unless that user is root
- (version 1.8.16 and higher).
+ +\b+\bo\bo Files located in a directory that is writable by the
+ invoking user may not be edited unless that user is root
+ (version 1.8.16 and higher).
Users are never allowed to edit device special files.
The following parameters may be specified by security policy:
- +\b+\bo\bo real and effective user ID
+ +\b+\bo\bo real and effective user ID
- +\b+\bo\bo real and effective group ID
+ +\b+\bo\bo real and effective group ID
- +\b+\bo\bo supplementary group IDs
+ +\b+\bo\bo supplementary group IDs
- +\b+\bo\bo the environment list
+ +\b+\bo\bo the environment list
- +\b+\bo\bo current working directory
+ +\b+\bo\bo current working directory
- +\b+\bo\bo file creation mode mask (umask)
+ +\b+\bo\bo file creation mode mask (umask)
- +\b+\bo\bo SELinux role and type
+ +\b+\bo\bo SELinux role and type
- +\b+\bo\bo Solaris project
+ +\b+\bo\bo Solaris project
- +\b+\bo\bo Solaris privileges
+ +\b+\bo\bo Solaris privileges
- +\b+\bo\bo BSD login class
+ +\b+\bo\bo BSD login class
- +\b+\bo\bo scheduling priority (aka nice value)
+ +\b+\bo\bo scheduling priority (aka nice value)
P\bPr\bro\boc\bce\bes\bss\bs m\bmo\bod\bde\bel\bl
There are two distinct ways s\bsu\bud\bdo\bo can run a command.
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.22 December 1, 2017 Sudo 1.8.22
+Sudo 1.8.23 March 21, 2018 Sudo 1.8.23
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDO" "8" "December 1, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "8" "March 21, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
To help prevent the editing of unauthorized files, the following
restrictions are enforced unless explicitly allowed by the security policy:
.RS 16n
-.TP 4n
+.TP 3n
\fB\(bu\fR
Symbolic links may not be edited (version 1.8.15 and higher).
-.TP 4n
+.TP 3n
\fB\(bu\fR
Symbolic links along the path to be edited are not followed when the
parent directory is writable by the invoking user unless that user
is root (version 1.8.16 and higher).
-.TP 4n
+.TP 3n
\fB\(bu\fR
Files located in a directory that is writable by the invoking user may
not be edited unless that user is root (version 1.8.16 and higher).
option was specified).
.PP
The following parameters may be specified by security policy:
-.TP 4n
+.TP 3n
\fB\(bu\fR
real and effective user ID
-.TP 4n
+.TP 3n
\fB\(bu\fR
real and effective group ID
-.TP 4n
+.TP 3n
\fB\(bu\fR
supplementary group IDs
-.TP 4n
+.TP 3n
\fB\(bu\fR
the environment list
-.TP 4n
+.TP 3n
\fB\(bu\fR
current working directory
-.TP 4n
+.TP 3n
\fB\(bu\fR
file creation mode mask (umask)
-.TP 4n
+.TP 3n
\fB\(bu\fR
SELinux role and type
-.TP 4n
+.TP 3n
\fB\(bu\fR
Solaris project
-.TP 4n
+.TP 3n
\fB\(bu\fR
Solaris privileges
-.TP 4n
+.TP 3n
\fB\(bu\fR
BSD login class
-.TP 4n
+.TP 3n
\fB\(bu\fR
scheduling priority (aka nice value)
.SS "Process model"
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd December 1, 2017
+.Dd March 21, 2018
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Pp
To help prevent the editing of unauthorized files, the following
restrictions are enforced unless explicitly allowed by the security policy:
-.Bl -bullet -offset 4
+.Bl -bullet -offset 4 -width 1n
.It
Symbolic links may not be edited (version 1.8.15 and higher).
.It
option was specified).
.Pp
The following parameters may be specified by security policy:
-.Bl -bullet
+.Bl -bullet -width 1n
.It
real and effective user ID
.It
signals while the plugin functions are run. The following signals are
trapped by default before the command is executed:
- +\b+\bo\bo SIGALRM
- +\b+\bo\bo SIGHUP
- +\b+\bo\bo SIGINT
- +\b+\bo\bo SIGPIPE
- +\b+\bo\bo SIGQUIT
- +\b+\bo\bo SIGTERM
- +\b+\bo\bo SIGTSTP
- +\b+\bo\bo SIGUSR1
- +\b+\bo\bo SIGUSR2
+ +\b+\bo\bo SIGALRM
+ +\b+\bo\bo SIGHUP
+ +\b+\bo\bo SIGINT
+ +\b+\bo\bo SIGPIPE
+ +\b+\bo\bo SIGQUIT
+ +\b+\bo\bo SIGTERM
+ +\b+\bo\bo SIGTSTP
+ +\b+\bo\bo SIGUSR1
+ +\b+\bo\bo SIGUSR2
If a fatal signal is received before the command is executed, s\bsu\bud\bdo\bo will
call the plugin's c\bcl\blo\bos\bse\be() function with an exit status of 128 plus the
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.22 July 11, 2017 Sudo 1.8.22
+Sudo 1.8.23 March 21, 2018 Sudo 1.8.23
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDO_PLUGIN" "5" "July 11, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_PLUGIN" "5" "March 21, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
while the plugin functions are run.
The following signals are trapped by default before the command is
executed:
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fRSIGALRM\fR
.PD 0
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fRSIGHUP\fR
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fRSIGINT\fR
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fRSIGPIPE\fR
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fRSIGQUIT\fR
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fRSIGTERM\fR
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fRSIGTSTP\fR
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fRSIGUSR1\fR
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fRSIGUSR2\fR
.PD
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 11, 2017
+.Dd March 21, 2018
.Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
The following signals are trapped by default before the command is
executed:
.Pp
-.Bl -bullet -compact
+.Bl -bullet -compact -width 1n
.It
.Dv SIGALRM
.It
group provider plugin. For instance, the QAS AD plugin supports the
following formats:
- +\b+\bo\bo Group in the same domain: "%:Group Name"
+ +\b+\bo\bo Group in the same domain: "%:Group Name"
- +\b+\bo\bo Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN"
+ +\b+\bo\bo Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN"
- +\b+\bo\bo Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567"
+ +\b+\bo\bo Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567"
See _\bG_\bR_\bO_\bU_\bP _\bP_\bR_\bO_\bV_\bI_\bD_\bE_\bR _\bP_\bL_\bU_\bG_\bI_\bN_\bS for more information.
variable is considered unsafe if any of the following
are true:
- +\b+\bo\bo It consists of a fully-qualified path name,
- optionally prefixed with a colon (`:'), that does
- not match the location of the _\bz_\bo_\bn_\be_\bi_\bn_\bf_\bo directory.
+ +\b+\bo\bo It consists of a fully-qualified path name,
+ optionally prefixed with a colon (`:'), that does
+ not match the location of the _\bz_\bo_\bn_\be_\bi_\bn_\bf_\bo directory.
- +\b+\bo\bo It contains a _\b._\b. path element.
+ +\b+\bo\bo It contains a _\b._\b. path element.
- +\b+\bo\bo It contains white space or non-printable
- characters.
+ +\b+\bo\bo It contains white space or non-printable characters.
- +\b+\bo\bo It is longer than the value of PATH_MAX.
+ +\b+\bo\bo It is longer than the value of PATH_MAX.
The argument may be a double-quoted, space-separated
list or a single value without double-quotes. The list
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.23 March 5, 2018 Sudo 1.8.23
+Sudo 1.8.23 March 21, 2018 Sudo 1.8.23
Using LDAP for _\bs_\bu_\bd_\bo_\be_\br_\bs has several benefits:
- +\b+\bo\bo s\bsu\bud\bdo\bo no longer needs to read _\bs_\bu_\bd_\bo_\be_\br_\bs in its entirety. When LDAP is
- used, there are only two or three LDAP queries per invocation. This
- makes it especially fast and particularly usable in LDAP
- environments.
-
- +\b+\bo\bo s\bsu\bud\bdo\bo no longer exits if there is a typo in _\bs_\bu_\bd_\bo_\be_\br_\bs. It is not
- possible to load LDAP data into the server that does not conform to
- the sudoers schema, so proper syntax is guaranteed. It is still
- possible to have typos in a user or host name, but this will not
- prevent s\bsu\bud\bdo\bo from running.
-
- +\b+\bo\bo It is possible to specify per-entry options that override the global
- default options. _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs only supports default options and
- limited options associated with user/host/commands/aliases. The
- syntax is complicated and can be difficult for users to understand.
- Placing the options directly in the entry is more natural.
-
- +\b+\bo\bo The v\bvi\bis\bsu\bud\bdo\bo program is no longer needed. v\bvi\bis\bsu\bud\bdo\bo provides locking and
- syntax checking of the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs file. Since LDAP updates are
- atomic, locking is no longer necessary. Because syntax is checked
- when the data is inserted into LDAP, there is no need for a
- specialized tool to check syntax.
+ +\b+\bo\bo s\bsu\bud\bdo\bo no longer needs to read _\bs_\bu_\bd_\bo_\be_\br_\bs in its entirety. When LDAP is
+ used, there are only two or three LDAP queries per invocation. This
+ makes it especially fast and particularly usable in LDAP environments.
+
+ +\b+\bo\bo s\bsu\bud\bdo\bo no longer exits if there is a typo in _\bs_\bu_\bd_\bo_\be_\br_\bs. It is not
+ possible to load LDAP data into the server that does not conform to
+ the sudoers schema, so proper syntax is guaranteed. It is still
+ possible to have typos in a user or host name, but this will not
+ prevent s\bsu\bud\bdo\bo from running.
+
+ +\b+\bo\bo It is possible to specify per-entry options that override the global
+ default options. _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs only supports default options and
+ limited options associated with user/host/commands/aliases. The
+ syntax is complicated and can be difficult for users to understand.
+ Placing the options directly in the entry is more natural.
+
+ +\b+\bo\bo The v\bvi\bis\bsu\bud\bdo\bo program is no longer needed. v\bvi\bis\bsu\bud\bdo\bo provides locking and
+ syntax checking of the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs file. Since LDAP updates are
+ atomic, locking is no longer necessary. Because syntax is checked
+ when the data is inserted into LDAP, there is no need for a
+ specialized tool to check syntax.
Another major difference between LDAP and file-based _\bs_\bu_\bd_\bo_\be_\br_\bs is that in
LDAP, s\bsu\bud\bdo\bo-specific Aliases are not supported.
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.22 December 12, 2017 Sudo 1.8.22
+Sudo 1.8.23 March 21, 2018 Sudo 1.8.23
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDOERS.LDAP" "5" "December 12, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS.LDAP" "5" "March 21, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
Using LDAP for
\fIsudoers\fR
has several benefits:
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fBsudo\fR
no longer needs to read
in its entirety.
When LDAP is used, there are only two or three LDAP queries per invocation.
This makes it especially fast and particularly usable in LDAP environments.
-.TP 4n
+.TP 3n
\fB\(bu\fR
\fBsudo\fR
no longer exits if there is a typo in
this will not prevent
\fBsudo\fR
from running.
-.TP 4n
+.TP 3n
\fB\(bu\fR
It is possible to specify per-entry options that override the global
default options.
user/host/commands/aliases.
The syntax is complicated and can be difficult for users to understand.
Placing the options directly in the entry is more natural.
-.TP 4n
+.TP 3n
\fB\(bu\fR
The
\fBvisudo\fR
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd December 12, 2017
+.Dd March 21, 2018
.Dt SUDOERS.LDAP @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
Using LDAP for
.Em sudoers
has several benefits:
-.Bl -bullet
+.Bl -bullet -width 1n
.It
.Nm sudo
no longer needs to read
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "5" "March 5, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "March 21, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
syntax depends on
the underlying group provider plugin.
For instance, the QAS AD plugin supports the following formats:
-.TP 6n
+.TP 3n
\fB\(bu\fR
Group in the same domain: "%:Group Name"
-.TP 6n
+.TP 3n
\fB\(bu\fR
Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN"
-.TP 6n
+.TP 3n
\fB\(bu\fR
Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567"
.PP
.PP
.RS 18n
.PD 0
-.TP 4n
+.TP 3n
\fB\(bu\fR
It consists of a fully-qualified path name,
optionally prefixed with a colon
\fIzoneinfo\fR
directory.
.PD
-.TP 4n
+.TP 3n
\fB\(bu\fR
It contains a
\fI..\fR
path element.
-.TP 4n
+.TP 3n
\fB\(bu\fR
It contains white space or non-printable characters.
-.TP 4n
+.TP 3n
\fB\(bu\fR
It is longer than the value of
\fRPATH_MAX\fR.
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd March 5, 2018
+.Dd March 21, 2018
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
syntax depends on
the underlying group provider plugin.
For instance, the QAS AD plugin supports the following formats:
-.Bl -bullet -width 4n
+.Bl -bullet -width 4n -width 1n
.It
Group in the same domain: "%:Group Name"
.It
The
.Li TZ
variable is considered unsafe if any of the following are true:
-.Bl -bullet
+.Bl -bullet -width 1n
.It
It consists of a fully-qualified path name,
optionally prefixed with a colon