-1.6.9 October 4, 2004 1
+1.6.9 October 7, 2004 1
-1.6.9 October 4, 2004 2
+1.6.9 October 7, 2004 2
-1.6.9 October 4, 2004 3
+1.6.9 October 7, 2004 3
-1.6.9 October 4, 2004 4
+1.6.9 October 7, 2004 4
-1.6.9 October 4, 2004 5
+1.6.9 October 7, 2004 5
-1.6.9 October 4, 2004 6
+1.6.9 October 7, 2004 6
-1.6.9 October 4, 2004 7
+1.6.9 October 7, 2004 7
-1.6.9 October 4, 2004 8
+1.6.9 October 7, 2004 8
-1.6.9 October 4, 2004 9
+1.6.9 October 7, 2004 9
-1.6.9 October 4, 2004 10
+1.6.9 October 7, 2004 10
-1.6.9 October 4, 2004 11
+1.6.9 October 7, 2004 11
-1.6.9 October 4, 2004 12
+1.6.9 October 7, 2004 12
-1.6.9 October 4, 2004 13
+1.6.9 October 7, 2004 13
-1.6.9 October 4, 2004 14
+1.6.9 October 7, 2004 14
-1.6.9 October 4, 2004 15
+1.6.9 October 7, 2004 15
-1.6.9 October 4, 2004 16
+1.6.9 October 7, 2004 16
match _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bw_\bh_\bo but not _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bX_\b1_\b1_\b/_\bx_\bt_\be_\br_\bm.
- WARNING: a pathname with wildcards will n\bno\bot\bt match a user
- command that consists of a relative path. In other words,
- given the following _\bs_\bu_\bd_\bo_\be_\br_\bs entry:
-
- billy workstation = /usr/bin/*
-
- user billy will be able to run any command in /usr/bin as
- root, such as _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bw. The following two command will
- be allowed (the first assumes that _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn is in the
- user's path):
-
- $ sudo w
- $ sudo /usr/bin/w
-
- However, this will not:
-
- $ cd /usr/bin
- $ sudo ./w
-
- For this reason you should only g\bgr\bra\ban\bnt\bt access to commands
- using wildcards and never r\bre\bes\bst\btr\bri\bic\bct\bt access using them.
- This limitation will be removed in a future version of
- s\bsu\bud\bdo\bo.
-
E\bEx\bxc\bce\bep\bpt\bti\bio\bon\bns\bs t\bto\bo w\bwi\bil\bld\bdc\bca\bar\brd\bd r\bru\bul\ble\bes\bs
The following exceptions apply to the above rules:
#include /etc/sudoers.local
-
-
-
-1.6.9 October 4, 2004 17
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
When s\bsu\bud\bdo\bo reaches this line it will suspend processing of
the current file (_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs) and switch to _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b
_\be_\br_\bs_\b._\bl_\bo_\bc_\ba_\bl. Upon reaching the end of _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bl_\bo_\bc_\ba_\bl,
_\ba_\bl_\bi_\ba_\bs called A\bAL\bLL\bL as the built-in alias will be used in
preference to your own. Please note that using A\bAL\bLL\bL can be
dangerous since in a command context, it allows the user
+
+
+
+1.6.9 October 7, 2004 17
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
to run a\ban\bny\by command on the system.
An exclamation point ('!') can be used as a logical _\bn_\bo_\bt
is important. In general, you should structure _\bs_\bu_\bd_\bo_\be_\br_\bs
such that the Host_Alias, User_Alias, and Cmnd_Alias spec
ifications come first, followed by any Default_Entry
-
-
-
-1.6.9 October 4, 2004 18
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
lines, and finally the Runas_Alias and user specifica
tions. The basic rule of thumb is you cannot reference an
Alias that has not already been defined.
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
+
+
+
+
+
+
+
+
+
+
+
+1.6.9 October 7, 2004 18
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
# Host alias specification
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
the year in each log line since the log entries will be
kept around for several years.
-
-
-
-
-
-
-
-1.6.9 October 4, 2004 19
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
# Override built-in defaults
Defaults syslog=auth
Defaults>root !set_logname
Full time sysadmins (m\bmi\bil\bll\ble\ber\brt\bt, m\bmi\bik\bke\bef\bf, and d\bdo\bow\bwd\bdy\by) may run
any command on any host without authenticating themselves.
+
+
+1.6.9 October 7, 2004 19
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
PARTTIMERS ALL = ALL
Part time sysadmins (b\bbo\bos\bst\btl\ble\bey\by, j\bjw\bwf\bfo\box\bx, and c\bcr\bra\baw\bwl\bl) may run
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
-
-
-1.6.9 October 4, 2004 20
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
The user p\bpe\bet\bte\be is allowed to change anyone's password
except for root on the _\bH_\bP_\bP_\bA machines. Note that this
assumes _\bp_\ba_\bs_\bs_\bw_\bd(1) does not take multiple usernames on the
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
Users in the s\bse\bec\bcr\bre\bet\bta\bar\bri\bie\bes\bs netgroup need to help manage the
+
+
+
+1.6.9 October 7, 2004 20
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
printers as well as add and remove users, so they are
allowed to run those commands on all machines.
On his personal workstation, valkyrie, m\bma\bat\btt\bt needs to be
able to kill hung processes.
-
-
-1.6.9 October 4, 2004 21
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
On the host www, any user in the _\bW_\bE_\bB_\bM_\bA_\bS_\bT_\bE_\bR_\bS User_Alias
It is generally not effective to "subtract" commands from
ALL using the '!' operator. A user can trivially circum
vent this by copying the desired command to a different
+
+
+
+1.6.9 October 7, 2004 21
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
name and then executing that. For example:
bill ALL = ALL, !SU, !SHELLS
the ability to override default library func
tions by pointing an environment variable (usu
ally LD_PRELOAD) to an alternate shared library.
-
-
-
-1.6.9 October 4, 2004 22
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
On such systems, s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality can
be used to prevent a program run by s\bsu\bud\bdo\bo from
executing any other programs. Note, however,
File containing dummy exec functions:
then s\bsu\bud\bdo\bo may be able to replace the exec family
+
+
+
+1.6.9 October 7, 2004 22
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
of functions in the standard library with its
own that simply return an error. Unfortunately,
there is no foolproof way to know whether or not
can transparently intercept a new command, allow
or deny it based on _\bs_\bu_\bd_\bo_\be_\br_\bs, and log the result.
This does require that s\bsu\bud\bdo\bo become a daemon that
-
-
-
-1.6.9 October 4, 2004 23
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
persists until the command and all its descen
dents have exited.
and Linux. See <http://www.systrace.org/> for
more information.
+
+
+1.6.9 October 7, 2004 23
+
+
+
+
+
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+
+
Note that restricting shell escapes is not a panacea.
Programs running as root are still capable of many poten
tially hazardous operations (such as changing or overwrit
Limited free support is available via the sudo-users mail
ing list, see http://www.sudo.ws/mail
man/listinfo/sudo-users to subscribe or search the
-
-
-
-1.6.9 October 4, 2004 24
-
-
-
-
-
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-
-
archives.
D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.6.9 October 4, 2004 25
+1.6.9 October 7, 2004 24
projects / sudo / commitdiff