If a _\bc_\bo_\bm_\bm_\ba_\bn_\bd is specified and is permitted by the security
policy, the fully-qualified path to the command is displayed
- along with any command line arguments. If _\bc_\bo_\bm_\bm_\ba_\bn_\bd is
- specified but not allowed, s\bsu\bud\bdo\bo will exit with a status value
- of 1.
+ along with any command line arguments. If a _\bc_\bo_\bm_\bm_\ba_\bn_\bd is
+ specified but not allowed by the policy, s\bsu\bud\bdo\bo will exit with
+ a status value of 1.
-\b-n\bn, -\b--\b-n\bno\bon\bn-\b-i\bin\bnt\bte\ber\bra\bac\bct\bti\biv\bve\be
Avoid prompting the user for input of any kind. If a
E\bEX\bXI\bIT\bT V\bVA\bAL\bLU\bUE\bE
Upon successful execution of a command, the exit status from s\bsu\bud\bdo\bo will be
the exit status of the program that was executed. If the command
- terminated due to receipt of a signal, s\bsu\bud\bdo\bo will send itself the signal
- that terminated the command.
-
- Otherwise, s\bsu\bud\bdo\bo exits with a value of 1 if there is a
- configuration/permission problem or if s\bsu\bud\bdo\bo cannot execute the given
- command. In the latter case, the error string is printed to the standard
- error. If s\bsu\bud\bdo\bo cannot stat(2) one or more entries in the user's PATH, an
- error is printed to the standard error. (If the directory does not exist
- or if it is not really a directory, the entry is ignored and no error is
+ terminated due to receipt of a signal, s\bsu\bud\bdo\bo will send itself the same
+ signal that terminated the command.
+
+ If the -\b-l\bl option was specified without a command, s\bsu\bud\bdo\bo will exit with a
+ value of 0 if the user is allowed to run s\bsu\bud\bdo\bo and they authenticated
+ successfully (as required by the security policy). If a command is
+ specified with the -\b-l\bl option, the exit value will only be 0 if the
+ command is permitted by the security policy, otherwise it will be 1.
+
+ If there is an authentication failure, a configuration/permission problem
+ or if the given command cannot be executed, s\bsu\bud\bdo\bo exits with a value of 1.
+ In the latter case, the error string is printed to the standard error.
+ If s\bsu\bud\bdo\bo cannot stat(2) one or more entries in the user's PATH, an error
+ is printed to the standard error. (If the directory does not exist or if
+ it is not really a directory, the entry is ignored and no error is
printed.) This should not happen under normal circumstances. The most
common reason for stat(2) to return "permission denied" is if you are
running an automounter and one of the directories in your PATH is on a
is specified and is permitted by the security policy, the fully-qualified
path to the command is displayed along with any command line
arguments.
-If
+If a
\fIcommand\fR
-is specified but not allowed,
+is specified but not allowed by the policy,
\fBsudo\fR
will exit with a status value of 1.
.TP 12n
will be the exit status of the program that was executed.
If the command terminated due to receipt of a signal,
\fBsudo\fR
-will send itself the signal that terminated the command.
+will send itself the same signal that terminated the command.
.PP
-Otherwise,
+If the
+\fB\-l\fR
+option was specified without a command,
\fBsudo\fR
-exits with a value of 1 if there is a configuration/permission
-problem or if
+will exit with a value of 0 if the user is allowed to run
+\fBsudo\fR
+and they authenticated successfully (as required by the security policy).
+If a command is specified with the
+\fB\-l\fR
+option, the exit value will only be 0 if the command is permitted by the
+security policy, otherwise it will be 1.
+.PP
+If there is an authentication failure, a configuration/permission
+problem or if the given command cannot be executed,
\fBsudo\fR
-cannot execute the given command.
+exits with a value of 1.
In the latter case, the error string is printed to the standard error.
If
\fBsudo\fR
is specified and is permitted by the security policy, the fully-qualified
path to the command is displayed along with any command line
arguments.
-If
+If a
.Ar command
-is specified but not allowed,
+is specified but not allowed by the policy,
.Nm
will exit with a status value of 1.
.It Fl n , -non-interactive
will be the exit status of the program that was executed.
If the command terminated due to receipt of a signal,
.Nm
-will send itself the signal that terminated the command.
+will send itself the same signal that terminated the command.
.Pp
-Otherwise,
+If the
+.Fl l
+option was specified without a command,
.Nm
-exits with a value of 1 if there is a configuration/permission
-problem or if
+will exit with a value of 0 if the user is allowed to run
+.Nm
+and they authenticated successfully (as required by the security policy).
+If a command is specified with the
+.Fl l
+option, the exit value will only be 0 if the command is permitted by the
+security policy, otherwise it will be 1.
+.Pp
+If there is an authentication failure, a configuration/permission
+problem or if the given command cannot be executed,
.Nm
-cannot execute the given command.
+exits with a value of 1.
In the latter case, the error string is printed to the standard error.
If
.Nm
projects / sudo / commitdiff