--- /dev/null
+
+
+
+sudo(8) MAINTENANCE COMMANDS sudo(8)
+
+
+N\bN\bN\bNA\bA\bA\bAM\bM\bM\bME\bE\bE\bE
+ sudo - execute a command as the superuser
+
+S\bS\bS\bSY\bY\bY\bYN\bN\bN\bNO\bO\bO\bOP\bP\bP\bPS\bS\bS\bSI\bI\bI\bIS\bS\bS\bS
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo -\b-\b-\b-V\bV\bV\bV | -\b-\b-\b-h\bh\bh\bh | -\b-\b-\b-l\bl\bl\bl | -\b-\b-\b-v\bv\bv\bv | -\b-\b-\b-k\bk\bk\bk | -\b-\b-\b-s\bs\bs\bs | -\b-\b-\b-H\bH\bH\bH | [ -\b-\b-\b-b\bb\bb\bb ] | [ -\b-\b-\b-p\bp\bp\bp
+ prompt ] [ -\b-\b-\b-u\bu\bu\bu username/#uid] _\bc_\bo_\bm_\bm_\ba_\bn_\bd
+
+D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows a permitted user to execute a _\bc_\bo_\bm_\bm_\ba_\bn_\bd as the
+ superuser (real and effective uid and gid are set to 0 and
+ root's group as set in the passwd file respectively).
+
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo determines who is an authorized user by consulting
+ the file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. By giving s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo the -v flag a user
+ can update the time stamp without running a _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b. The
+ password prompt itself will also time out if the password
+ is not entered with N minutes (again, this is defined at
+ installation time and defaults to 5 minutes).
+
+ If an unauthorized user executes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo, mail will be sent
+ from the user to the local authorities (defined at
+ installation time).
+
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was designed to log via the 4.3 BSD _\bs_\by_\bs_\bl_\bo_\bg(3)
+ facility but can log to a file instead if so desired (or
+ to both syslog and a file).
+
+O\bO\bO\bOP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bNS\bS\bS\bS
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following command line options:
+
+ -V The -V (_\bv_\be_\br_\bs_\bi_\bo_\bn) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print the
+ version number and exit.
+
+ -l The -l (_\bl_\bi_\bs_\bt) option will list out the allowed and
+ forbidden commands for the user on the current host.
+
+ -h The -h (_\bh_\be_\bl_\bp) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print the version
+ of s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo and a usage message before exiting.
+
+ -v If given the -v (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will update
+ the user's timestamp file, prompting for a password if
+ necessary. This extends the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo timeout to for
+ another N minutes (where N is defined at installation
+ time and defaults to 5 minutes) but does not run a
+ command.
+
+ -k The -k (_\bk_\bi_\bl_\bl) option to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo removes the user's
+ timestamp file, thus requiring a password the next
+ time s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run. This option does not require a
+ password and was added to allow a user to revoke s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
+ permissions from a .logout file.
+
+ -b The -b (_\bb_\ba_\bc_\bk_\bg_\br_\bo_\bu_\bn_\bd) option tells s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to run the given
+ command in the background. Note that if you use the
+
+
+
+5/Nov/98 1.5.7 1
+
+
+
+
+
+sudo(8) MAINTENANCE COMMANDS sudo(8)
+
+
+ -b option you cannot use shell job control to
+ manipulate the command.
+
+ -p The -p (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the
+ default password prompt and use a custom one. If the
+ password prompt contains the %u escape, %u will be
+ replaced by the user's login name. Similarly, %h will
+ be replaced by the local hostname.
+
+ -u The -u (_\bu_\bs_\be_\br) option causes sudo to run the specified
+ command as a user other than _\br_\bo_\bo_\bt. To specify a _\bu_\bi_\bd
+ instead of a _\bu_\bs_\be_\br_\bn_\ba_\bm_\be, use "#uid".
+
+ -s The -s (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by the
+ _\bS_\bH_\bE_\bL_\bL environment variable if it is set or the shell
+ as specified in _\bp_\ba_\bs_\bs_\bw_\bd(5).
+
+ -H The -H (_\bH_\bO_\bM_\bE) option sets the _\bH_\bO_\bM_\bE environment
+ variable to the homedir of the target user (root by
+ default) as specified in _\bp_\ba_\bs_\bs_\bw_\bd(5).
+
+ -- The -- flag indicates that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo should stop processing
+ command line arguments. It is most useful in
+ conjunction with the -s flag.
+
+R\bR\bR\bRE\bE\bE\bET\bT\bT\bTU\bU\bU\bUR\bR\bR\bRN\bN\bN\bN V\bV\bV\bVA\bA\bA\bAL\bL\bL\bLU\bU\bU\bUE\bE\bE\bES\bS\bS\bS
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo quits with an exit value of 1 if there is a
+ configuration/permission problem or if s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot execute
+ the given command. In the latter case the error string is
+ printed to stderr via _\bp_\be_\br_\br_\bo_\br(3). If s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot _\bs_\bt_\ba_\bt(2)
+ one or more entries in the user's PATH the error is
+ printed on stderr via _\bp_\be_\br_\br_\bo_\br(3). (If the directory does
+ not exist or if it is not really a directory, the entry is
+ ignored and no error is printed.) This should not happen
+ under normal circumstances. The most common reason for
+ _\bs_\bt_\ba_\bt(3) to return "permission denied" is if you are
+ running an automounter and one of the directories in your
+ PATH is on a machine that is currently unreachable.
+
+S\bS\bS\bSE\bE\bE\bEC\bC\bC\bCU\bU\bU\bUR\bR\bR\bRI\bI\bI\bIT\bT\bT\bTY\bY\bY\bY N\bN\bN\bNO\bO\bO\bOT\bT\bT\bTE\bE\bE\bES\bS\bS\bS
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo tries to be safe when executing external commands.
+ Variables that control how dynamic loading and binding is
+ done can be used to subvert the program that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo runs.
+ To combat this the LD_*, SHLIB_PATH (HP-UX only), LIBPATH
+ (AIX only), and _RLD_* environment variables are removed
+ from the environment passed on to all commands executed.
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will also remove the IFS, ENV, BASH_ENV and KRB_CONF
+ variables as they too can pose a threat.
+
+ To prevent command spoofing, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo checks "." and "" (both
+ denoting current directory) last when searching for a
+ command in the user's PATH (if one or both are in the
+ PATH). Note, however, that the actual PATH environment
+ variable is _\bn_\bo_\bt modified and is passed unchanged to the
+
+
+
+5/Nov/98 1.5.7 2
+
+
+
+
+
+sudo(8) MAINTENANCE COMMANDS sudo(8)
+
+
+ program that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo executes.
+
+ For security reasons, if your OS supports shared
+ libraries, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo should always be statically linked unless
+ the dynamic loader disables user-defined library search
+ paths for setuid programs. (Most modern dynamic loaders
+ do this.)
+
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will check the ownership of its timestamp directory
+ (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo or _\b/_\bt_\bm_\bp_\b/_\b._\bo_\bd_\bu_\bs by default) and ignore the
+ directory's contents if it is not owned by root and only
+ read, writable, and executable by root. On systems that
+ allow users to give files away to root (via chown), if the
+ timestamp directory is located in a directory writable by
+ anyone (ie: _\b/_\bt_\bm_\bp), it is possible for a user to create the
+ timestamp directory before s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is run. However, because
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo checks the ownership and mode of the directory, the
+ only damage that can be done is to "hide" files by putting
+ them in the timestamp dir. This is unlikely to happen
+ since once the timestamp dir is owned by root and
+ inaccessible by any other user the user placing files
+ there would be unable to get them back out. To get around
+ this issue you can use a directory that is not world-
+ writable for the timestamps (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo for instance).
+
+ sudo will not honor timestamp files set far in the future.
+ Timestamp files with a date greater than current_time + 2
+ * TIMEOUT will be ignored and sudo will log the anomaly.
+ This is done to keep a user from creating his/her own
+ timestamp file with a bogus date.
+
+F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
+ /etc/sudoers file of authorized users.
+
+
+E\bE\bE\bEN\bN\bN\bNV\bV\bV\bVI\bI\bI\bIR\bR\bR\bRO\bO\bO\bON\bN\bN\bNM\bM\bM\bME\bE\bE\bEN\bN\bN\bNT\bT\bT\bT V\bV\bV\bVA\bA\bA\bAR\bR\bR\bRI\bI\bI\bIA\bA\bA\bAB\bB\bB\bBL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
+ PATH Set to a sane value if SECURE_PATH is set
+ SHELL Used to determine shell to run with -s option
+ USER Set to the target user (root unless the -u option
+ is specified)
+ HOME In -s mode, set to homedir of root (or runas user)
+ if built with the SHELL_SETS_HOME option
+ SUDO_PROMPT Replaces the default password prompt
+ SUDO_COMMAND Set to the command run by sudo
+ SUDO_USER Set to the login of the user who invoked sudo
+ SUDO_UID Set to the uid of the user who invoked sudo
+ SUDO_GID Set to the gid of the user who invoked sudo
+ SUDO_PS1 If set, PS1 will be set to its value
+
+
+A\bA\bA\bAU\bU\bU\bUT\bT\bT\bTH\bH\bH\bHO\bO\bO\bOR\bR\bR\bRS\bS\bS\bS
+ Many people have worked on s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo over the years, this
+ version consists of code written primarily by:
+
+
+
+
+5/Nov/98 1.5.7 3
+
+
+
+
+
+sudo(8) MAINTENANCE COMMANDS sudo(8)
+
+
+ Jeff Nieusma
+ David Hieb
+ Todd Miller
+ Chris Jepeway
+
+ See the HISTORY file in the s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo distribution for more
+ details.
+
+ Please send all bugs, comments, and changes to sudo-
+ bugs@courtesan.com.
+
+D\bD\bD\bDI\bI\bI\bIS\bS\bS\bSC\bC\bC\bCL\bL\bL\bLA\bA\bA\bAI\bI\bI\bIM\bM\bM\bME\bE\bE\bER\bR\bR\bR
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU General Public License for more
+ details.
+
+ You should have received a copy of the GNU General Public
+ License along with this program; if not, write to the Free
+ Software Foundation, Inc., 675 Mass Ave, Cambridge, MA
+ 02139, USA.
+
+C\bC\bC\bCA\bA\bA\bAV\bV\bV\bVE\bE\bE\bEA\bA\bA\bAT\bT\bT\bTS\bS\bS\bS
+ There is no easy way to prevent a user from gaining a root
+ shell if that user has access to commands allow shell
+ escapes.
+
+ If users have sudo ALL there is nothing to prevent them
+ from creating their own program that gives them a root
+ shell regardless of any '!' elements in the user
+ specification.
+
+ Running shell scripts via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo can expose the same kernel
+ bugs that make setuid shell scripts unsafe on some
+ operating systems.
+
+S\bS\bS\bSE\bE\bE\bEE\bE\bE\bE A\bA\bA\bAL\bL\bL\bLS\bS\bS\bSO\bO\bO\bO
+ _\bs_\bu_\bd_\bo_\be_\br_\bs(5), _\bv_\bi_\bs_\bu_\bd_\bo(8), _\bs_\bu(1).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+5/Nov/98 1.5.7 4
+
+
+
+
+
+sudo(8) MAINTENANCE COMMANDS sudo(8)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+5/Nov/98 1.5.7 5
+
+
--- /dev/null
+ <HTML>
+ <HEAD>
+ <TITLE>sudo - execute a command as the superuser
+
+</TITLE>
+ </HEAD>
+
+ <BODY>
+
+<!-- INDEX BEGIN -->
+
+<UL>
+
+ <LI><A HREF="#NAME">NAME</A>
+ <LI><A HREF="#SYNOPSIS">SYNOPSIS</A>
+ <LI><A HREF="#DESCRIPTION">DESCRIPTION</A>
+ <LI><A HREF="#OPTIONS">OPTIONS</A>
+ <LI><A HREF="#RETURN_VALUES">RETURN VALUES</A>
+ <LI><A HREF="#SECURITY_NOTES">SECURITY NOTES</A>
+ <LI><A HREF="#FILES">FILES</A>
+ <LI><A HREF="#ENVIRONMENT_VARIABLES">ENVIRONMENT VARIABLES</A>
+ <LI><A HREF="#AUTHORS">AUTHORS</A>
+ <LI><A HREF="#DISCLAIMER">DISCLAIMER</A>
+ <LI><A HREF="#CAVEATS">CAVEATS</A>
+ <LI><A HREF="#SEE_ALSO">SEE ALSO</A>
+</UL>
+<!-- INDEX END -->
+
+<HR>
+<P>
+<HR>
+<H1><A NAME="NAME">NAME
+
+</A></H1>
+sudo - execute a command as the superuser
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="SYNOPSIS">SYNOPSIS
+
+</A></H1>
+<STRONG>sudo</STRONG> <STRONG>-V</STRONG> | <STRONG>-h</STRONG> | <STRONG>-l</STRONG> | <STRONG>-v</STRONG> | <STRONG>-k</STRONG> | <STRONG>-s</STRONG> | <STRONG>-H</STRONG> | [ <STRONG>-b</STRONG> ] | [ <STRONG>-p</STRONG> prompt ] [ <STRONG>-u</STRONG> username/#uid] <EM>command</EM>
+
+
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="DESCRIPTION">DESCRIPTION
+
+</A></H1>
+<STRONG>sudo</STRONG> allows a permitted user to execute a <EM>command</EM>
+as the superuser (real and effective uid and gid are set to <CODE></CODE> and root's group as set in the passwd file respectively).
+
+
+<P>
+
+<STRONG>sudo</STRONG> determines who is an authorized user by consulting the file <EM>/etc/sudoers</EM>. By giving <STRONG>sudo</STRONG> the <CODE>-v</CODE> flag a user can update the time stamp without running a <EM>command.</EM>
+The password prompt itself will also time out if the password is not
+entered with N minutes (again, this is defined at installation time and
+defaults to 5 minutes).
+
+
+<P>
+
+If an unauthorized user executes <STRONG>sudo</STRONG>, mail will be sent from the user to the local authorities (defined at
+installation time).
+
+
+<P>
+
+<STRONG>sudo</STRONG> was designed to log via the 4.3 BSD <CODE>syslog(3)</CODE> facility but can
+log to a file instead if so desired (or to both syslog and a file).
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="OPTIONS">OPTIONS
+
+</A></H1>
+<STRONG>sudo</STRONG> accepts the following command line options:
+
+
+<P>
+
+<DL>
+<DT><STRONG><A NAME="item__V">-V
+
+</A></STRONG><DD>
+The <CODE>-V</CODE> (<EM>version</EM>) option causes <STRONG>sudo</STRONG> to print the version number and exit.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__l">-l
+
+</A></STRONG><DD>
+The <CODE>-l</CODE> (<EM>list</EM>) option will list out the allowed and forbidden commands for the user on
+the current host.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__h">-h
+
+</A></STRONG><DD>
+The <CODE>-h</CODE> (<EM>help</EM>) option causes <STRONG>sudo</STRONG> to print the version of <STRONG>sudo</STRONG> and a usage message before exiting.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__v">-v
+
+</A></STRONG><DD>
+If given the <CODE>-v</CODE> (<EM>validate</EM>) option, <STRONG>sudo</STRONG> will update the user's timestamp file, prompting for a password if
+necessary. This extends the <STRONG>sudo</STRONG> timeout to for another N minutes (where N is defined at installation time
+and defaults to 5 minutes) but does not run a command.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__k">-k
+
+</A></STRONG><DD>
+The <CODE>-k</CODE> (<EM>kill</EM>) option to <STRONG>sudo</STRONG> removes the user's timestamp file, thus requiring a password the next time <STRONG>sudo</STRONG> is run. This option does not require a password and was added to allow a
+user to revoke <STRONG>sudo</STRONG> permissions from a .logout file.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__b">-b
+
+</A></STRONG><DD>
+The <CODE>-b</CODE> (<EM>background</EM>) option tells <STRONG>sudo</STRONG> to run the given command in the background. Note that if you use the <CODE>-b</CODE>
+option you cannot use shell job control to manipulate the command.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__p">-p
+
+</A></STRONG><DD>
+The <CODE>-p</CODE> (<EM>prompt</EM>) option allows you to override the default password prompt and use a
+custom one. If the password prompt contains the <CODE>%u</CODE> escape, <CODE>%u</CODE> will be replaced by the user's login name. Similarly, <CODE>%h</CODE> will be replaced by the local hostname.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__u">-u
+
+</A></STRONG><DD>
+The <CODE>-u</CODE> (<EM>user</EM>) option causes sudo to run the specified command as a user other than <EM>root</EM>. To specify a <EM>uid</EM> instead of a
+<EM>username</EM>, use ``#uid''.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__s">-s
+
+</A></STRONG><DD>
+The <CODE>-s</CODE> (<EM>shell</EM>) option runs the shell specified by the <EM>SHELL</EM>
+environment variable if it is set or the shell as specified in
+<CODE>passwd(5).</CODE>
+
+
+<P>
+
+<DT><STRONG><A NAME="item__H">-H
+
+</A></STRONG><DD>
+The <CODE>-H</CODE> (<EM>HOME</EM>) option sets the <EM>HOME</EM> environment variable to the homedir of the target user (root by default) as
+specified in <CODE>passwd(5).</CODE>
+
+
+<P>
+
+<DT><STRONG><A NAME="item__">--
+
+</A></STRONG><DD>
+The <CODE>--</CODE> flag indicates that <STRONG>sudo</STRONG> should stop processing command line arguments. It is most useful in
+conjunction with the <CODE>-s</CODE> flag.
+
+
+<P>
+
+</DL>
+<P>
+<HR>
+<H1><A NAME="RETURN_VALUES">RETURN VALUES
+
+</A></H1>
+<STRONG>sudo</STRONG> quits with an exit value of 1 if there is a configuration/permission
+problem or if <STRONG>sudo</STRONG> cannot execute the given command. In the latter case the error string is
+printed to stderr via <CODE>perror(3).</CODE> If <STRONG>sudo</STRONG> cannot <CODE>stat(2)</CODE> one or more entries in the user's PATH the
+error is printed on stderr via <CODE>perror(3).</CODE> (If the directory
+does not exist or if it is not really a directory, the entry is ignored and
+no error is printed.) This should not happen under normal circumstances.
+The most common reason for <CODE>stat(3)</CODE> to return ``permission
+denied'' is if you are running an automounter and one of the directories in
+your PATH is on a machine that is currently unreachable.
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="SECURITY_NOTES">SECURITY NOTES
+
+</A></H1>
+<STRONG>sudo</STRONG> tries to be safe when executing external commands. Variables that control
+how dynamic loading and binding is done can be used to subvert the program
+that <STRONG>sudo</STRONG> runs. To combat this the <CODE>LD_*</CODE>, <CODE>SHLIB_PATH</CODE> (HP-UX only),
+<CODE>LIBPATH</CODE> (AIX only), and <CODE>_RLD_*</CODE> environment variables are removed from the environment passed on to all
+commands executed.
+<STRONG>sudo</STRONG> will also remove the <CODE>IFS</CODE>, <CODE>ENV</CODE>, <CODE>BASH_ENV</CODE>
+and <CODE>KRB_CONF</CODE> variables as they too can pose a threat.
+
+
+<P>
+
+To prevent command spoofing, <STRONG>sudo</STRONG> checks ``.'' and ``'' (both denoting current directory) last when searching
+for a command in the user's PATH (if one or both are in the PATH). Note,
+however, that the actual PATH environment variable is <EM>not</EM> modified and is passed unchanged to the program that
+<STRONG>sudo</STRONG> executes.
+
+
+<P>
+
+For security reasons, if your OS supports shared libraries,
+<STRONG>sudo</STRONG> should always be statically linked unless the dynamic loader disables
+user-defined library search paths for setuid programs. (Most modern dynamic
+loaders do this.)
+
+
+<P>
+
+<STRONG>sudo</STRONG> will check the ownership of its timestamp directory (<EM>/var/run/sudo</EM> or <EM>/tmp/.odus</EM> by default) and ignore the directory's contents if it is not owned by root
+and only read, writable, and executable by root. On systems that allow
+users to give files away to root (via chown), if the timestamp directory is
+located in a directory writable by anyone (ie: <EM>/tmp</EM>), it is possible for a user to create the timestamp directory before <STRONG>sudo</STRONG> is run. However, because <STRONG>sudo</STRONG> checks the ownership and mode of the directory, the only damage that can be
+done is to ``hide'' files by putting them in the timestamp dir. This is
+unlikely to happen since once the timestamp dir is owned by root and
+inaccessible by any other user the user placing files there would be unable
+to get them back out. To get around this issue you can use a directory that
+is not world-writable for the timestamps (<EM>/var/adm/sudo</EM> for instance).
+
+
+<P>
+
+<CODE>sudo</CODE> will not honor timestamp files set far in the future. Timestamp files with
+a date greater than current_time + 2 * <CODE>TIMEOUT</CODE> will be ignored and sudo will log the anomaly. This is done to keep a user
+from creating his/her own timestamp file with a bogus date.
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="FILES">FILES
+
+</A></H1>
+<PRE> /etc/sudoers file of authorized users.
+</PRE>
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="ENVIRONMENT_VARIABLES">ENVIRONMENT VARIABLES
+
+</A></H1>
+<PRE> PATH Set to a sane value if SECURE_PATH is set
+ SHELL Used to determine shell to run with -s option
+ USER Set to the target user (root unless the -u option
+ is specified)
+ HOME In -s mode, set to homedir of root (or runas user)
+ if built with the SHELL_SETS_HOME option
+ SUDO_PROMPT Replaces the default password prompt
+ SUDO_COMMAND Set to the command run by sudo
+ SUDO_USER Set to the login of the user who invoked sudo
+ SUDO_UID Set to the uid of the user who invoked sudo
+ SUDO_GID Set to the gid of the user who invoked sudo
+ SUDO_PS1 If set, PS1 will be set to its value
+</PRE>
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="AUTHORS">AUTHORS
+
+</A></H1>
+Many people have worked on <STRONG>sudo</STRONG> over the years, this version consists of code written primarily by:
+
+
+<P>
+
+<PRE> Jeff Nieusma
+ David Hieb
+ Todd Miller
+ Chris Jepeway
+</PRE>
+
+<P>
+
+See the HISTORY file in the <STRONG>sudo</STRONG> distribution for more details.
+
+
+<P>
+
+Please send all bugs, comments, and changes to <A
+HREF="MAILTO:sudo-bugs@courtesan.com.">sudo-bugs@courtesan.com.</A>
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="DISCLAIMER">DISCLAIMER
+
+</A></H1>
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+more details.
+
+
+<P>
+
+You should have received a copy of the GNU General Public License along
+with this program; if not, write to the Free Software Foundation, Inc., 675
+Mass Ave, Cambridge, MA 02139, USA.
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="CAVEATS">CAVEATS
+
+</A></H1>
+There is no easy way to prevent a user from gaining a root shell if that
+user has access to commands allow shell escapes.
+
+
+<P>
+
+If users have sudo ALL there is nothing to prevent them from creating their
+own program that gives them a root shell regardless of any '!' elements in
+the user specification.
+
+
+<P>
+
+Running shell scripts via <STRONG>sudo</STRONG> can expose the same kernel bugs that make setuid shell scripts unsafe on
+some operating systems.
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="SEE_ALSO">SEE ALSO
+
+</A></H1>
+<CODE><A HREF="sudoers.html">sudoers(5)</A>,</CODE> <CODE><A HREF="visudo.html">visudo(8)</A>,</CODE> <CODE>su(1).</CODE>
+
+<P>
+
+</DL>
+ </BODY>
+
+ </HTML>
-.\" $Id$
-.TH SUDO 8
-.SH NAME
+.rn '' }`
+''' $RCSfile$$Revision$$Date$
+'''
+''' $Log$
+''' Revision 1.26 1999/01/17 21:31:37 millert
+''' regen based on sudo.pod, sudoers.pod, and visudo.pod
+'''
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+''' Set up \*(-- to give an unbreakable dash;
+''' string Tr holds user defined translation string.
+''' Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
+''' \*(L" and \*(R", except that they are used on ".xx" lines,
+''' such as .IP and .SH, which do another additional levels of
+''' double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \(*p
+'br\}
+.\" If the F register is turned on, we'll generate
+.\" index entries out stderr for the following things:
+.\" TH Title
+.\" SH Header
+.\" Sh Subsection
+.\" Ip Item
+.\" X<> Xref (embedded
+.\" Of course, you have to process the output yourself
+.\" in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH sudo 8 "1.5.7" "5/Nov/98" "MAINTENANCE COMMANDS"
+.UC
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+. \" AM - accent mark definitions
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds ? ?
+. ds ! !
+. ds /
+. ds q
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds v \h'-1'\o'\(aa\(ga'
+. ds _ \h'-1'^
+. ds . \h'-1'.
+. ds 3 3
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+. ds oe oe
+. ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
sudo \- execute a command as the superuser
-.SH SYNOPSIS
-.B sudo
-.B \-V
-|
-.B \-h
-|
-.B \-l
-|
-.B \-v
-|
-.B \-k
-|
-.B \-s
-| [
-.B \-b
-]
-[
-.B \-p
-prompt ]
-.I command
-.SH DESCRIPTION
-.B sudo
-allows a permitted user to execute a
-.I command
-as the superuser (real and effective uid and gid are set to 0 and root's
-group as set in the passwd file respectively).
-.sp
-.B sudo
-determines who is an authorized user by consulting the file
-.I /etc/sudoers.
-By giving
-.B sudo
-the
-.I \-v
-flag a user can update the time stamp without running a
-.I command.
+.SH "SYNOPSIS"
+\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-v\fR | \fB\-k\fR | \fB\-s\fR | \fB\-H\fR |
+[ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
+.SH "DESCRIPTION"
+\fBsudo\fR allows a permitted user to execute a \fIcommand\fR
+as the superuser (real and effective uid and gid are set
+to \f(CW0\fR and root's group as set in the passwd file respectively).
+.PP
+\fBsudo\fR determines who is an authorized user by consulting the
+file \fI/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user
+can update the time stamp without running a \fIcommand.\fR
The password prompt itself will also time out if the password is
not entered with N minutes (again, this is defined at installation
time and defaults to 5 minutes).
-.sp
-If an unauthorized user executes sudo, mail will be sent from the user to
-the local authorities (defined at installation time).
-.sp
-.B sudo
-was designed to log via the 4.3 BSD syslog(3) facility but
+.PP
+If an unauthorized user executes \fBsudo\fR, mail will be sent from the
+user to the local authorities (defined at installation time).
+.PP
+\fBsudo\fR was designed to log via the 4.3 BSD \fIsyslog\fR\|(3) facility but
can log to a file instead if so desired (or to both syslog and a file).
-.sp
-All preferences are defined at installation time and are derived from
-the options.h and pathnames.h include files as well as as well as the
-Makefile.
-.SH OPTIONS
-.B sudo
-accepts the following command line options:
-.IP \-V
-The \-V (version) option causes
-.B sudo
-to print the version number and exit.
-.IP \-l
-The \-l (list) option will list out the allowed and forbidden commands
-for the user on the current host. Note that Command Aliases are
-currently not expanded.
-.IP \-h
-The \-h (help) option causes
-.B sudo
-to print the version of sudo and a usage message before exiting.
-.IP \-v
-If given the \-v (validate) option,
-.B sudo
-will update the user's timestamp file, prompting for a password if necessary.
-This extends the
-.B sudo
-timeout to for another N minutes (where N is defined at installation time and
-defaults to 5 minutes) but does not run a command.
-.IP \-k
-The \-k (kill) option to
-.B sudo
-removes the user's timestamp file, thus requiring a password the next time
-.B sudo
-is run. This option does not require and password and was added to
-allow a user to revoke
-.B sudo
-permissions from a .logout file.
-.IP \-b
-The \-b (background) option tells
-.B sudo
-to run the given command in the background. Note that if you use the
-\-b option you cannot use shell job control to manipulate the command.
-.IP \-p
-The \-p (prompt) option allows you to override the default password
-prompt and use a custom one.
-.IP \-s
-The \-s (shell) option runs the shell specified by the
-.I SHELL
-environmental variable if it is set or the shell as specified in
-.BR passwd (5).
-.IP \-\-
-The \-\- flag indicates that
-.B sudo
-should stop processing command line arguments. It is most useful
-in conjunction with the -s flag.
-.SH RETURN VALUES
-.B sudo
-quits with an exit value of 1 if there is a configuration/permission problem
-or if
-.B sudo
-cannot execute the given command. In the latter case the error string is
-printed to stdout via
-.BR perror (3).
-If
-.B sudo
-cannot
-.BR stat (3)
-one or more entries in the user's PATH the error is printed on stdout via
-.BR perror (3).
-(If the directory does not exist or if it is not really a directory, the
-entry is ignored and no error is printed.) This should not happen under
-normal circumstances. The most common reason for
-.BR stat (3)
-to return "permission denied" is if you are running an automounter and
-one of the directories in your PATH is on a machine that is currently
-unreachable.
-.SH SECURITY NOTES
-.B sudo
-tries to be safe when executing external commands. To this end the
-IFS, LD_*, SHLIB_PATH (HP\-UX only), LIBPATH (AIX only), and _RLD_*
-(Digital UNIX only) environmental variables are removed from the
-environment passed on to all commands executed.
-.sp
-To prevent command spoofing,
-.B sudo
-checks '.' and '' (both denoting current directory) last when searching for
-a command in the user's PATH (if one or both are in the PATH).
-Note, however, that the actual PATH environmental variable is
-.I not
-modified and is passed unchanged to the program that
-.B sudo
-executes.
-.sp
+.SH "OPTIONS"
+\fBsudo\fR accepts the following command line options:
+.Ip "-V" 4
+The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the
+version number and exit.
+.Ip "-l" 4
+The \f(CW-l\fR (\fIlist\fR) option will list out the allowed and
+forbidden commands for the user on the current host.
+.Ip "-h" 4
+The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print the version
+of \fBsudo\fR and a usage message before exiting.
+.Ip "-v" 4
+If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
+user's timestamp file, prompting for a password if necessary.
+This extends the \fBsudo\fR timeout to for another N minutes
+(where N is defined at installation time and defaults to 5
+minutes) but does not run a command.
+.Ip "-k" 4
+The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR removes the user's timestamp
+file, thus requiring a password the next time \fBsudo\fR is run.
+This option does not require a password and was added to
+allow a user to revoke \fBsudo\fR permissions from a .logout file.
+.Ip "-b" 4
+The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
+command in the background. Note that if you use the \f(CW-b\fR
+option you cannot use shell job control to manipulate the command.
+.Ip "-p" 4
+The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default
+password prompt and use a custom one. If the password prompt
+contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced by the user's
+login name. Similarly, \f(CW%h\fR will be replaced by the local
+hostname.
+.Ip "-u" 4
+The \f(CW-u\fR (\fIuser\fR) option causes sudo to run the specified command
+as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a
+\fIusername\fR, use \*(L"#uid\*(R".
+.Ip "-s" 4
+The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
+environment variable if it is set or the shell as specified
+in \fIpasswd\fR\|(5).
+.Ip "-H" 4
+The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable
+to the homedir of the target user (root by default) as specified
+in \fIpasswd\fR\|(5).
+.Ip "--" 4
+The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command
+line arguments. It is most useful in conjunction with the \f(CW-s\fR flag.
+.SH "RETURN VALUES"
+\fBsudo\fR quits with an exit value of 1 if there is a
+configuration/permission problem or if \fBsudo\fR cannot execute
+the given command. In the latter case the error string is
+printed to stderr via \fIperror\fR\|(3). If \fBsudo\fR cannot \fIstat\fR\|(2)
+one or more entries in the user's PATH the error is printed
+on stderr via \fIperror\fR\|(3). (If the directory does not exist
+or if it is not really a directory, the entry is ignored and
+no error is printed.) This should not happen under normal
+circumstances. The most common reason for \fIstat\fR\|(3) to return
+\*(L"permission denied\*(R" is if you are running an automounter and
+one of the directories in your PATH is on a machine that is
+currently unreachable.
+.SH "SECURITY NOTES"
+\fBsudo\fR tries to be safe when executing external commands.
+Variables that control how dynamic loading and binding is
+done can be used to subvert the program that \fBsudo\fR runs.
+To combat this the \f(CWLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only),
+\f(CWLIBPATH\fR (AIX only), and \f(CW_RLD_*\fR environment variables are
+removed from the environment passed on to all commands executed.
+\fBsudo\fR will also remove the \f(CWIFS\fR, \f(CWENV\fR, \f(CWBASH_ENV\fR
+and \f(CWKRB_CONF\fR variables as they too can pose a threat.
+.PP
+To prevent command spoofing, \fBsudo\fR checks "." and "" (both
+denoting current directory) last when searching for a command
+in the user's PATH (if one or both are in the PATH).
+Note, however, that the actual PATH environment variable
+is \fInot\fR modified and is passed unchanged to the program that
+\fBsudo\fR executes.
+.PP
For security reasons, if your OS supports shared libraries,
-.B sudo
-should always be statically linked unless the dynamic loader disables
-user\-defined library search paths for setuid programs.
-.sp
-.B sudo
-will check the ownership of its timestamp directory (/tmp/.odus by default)
-and ignore the directory's contents if it is not owned by root
-and only read, writable, and executable by root. On systems
-that allow users to give files away to root (via chown) it
-is possible for a user to create the timestamp directory before
-.B sudo
-is run. However, because
-.B sudo
-checks the ownership & mode of
-the directory, the only damage that can be done is to "hide"
-files by putting them in the timestamp dir. This is unlikely to happen
-since once the timestamp dir is owned by root and inaccessible by any
-other user the user placing files there would be unable to get them
-back out. To get around this issue you can use a directory that
-is not world-writable for the timestamps (/var/sudo for instance).
-.sp
-To keep users from creating their own timestamp files
-(by creating the timestamp directory before
-.B sudo
-is first run and then using chmod and chown to set
-the ownership and mode to a combination
-.B sudo
-will accept) with timestamps far in the future
-.B sudo
-will not honor any timestamp with a date greater than
-current_time + 2 * TIMEOUT.
-.SH FILES
-.nf
-/etc/sudoers file of authorized users.
-.fi
-.SH ENVIRONMENT VARIABLES
-.nf
-PATH Set to a sane value if SECURE_PATH is set
-SHELL Used to determine shell to run with \-s option
-SUDO_COMMAND Set to the command run by sudo
-SUDO_USER Set to the login of the user who invoked sudo
-SUDO_UID Set to the uid of the user who invoked sudo
-SUDO_GID Set to the gid of the user who invoked sudo
-.fi
-.SH AUTHORS
-Many people have worked on
-.B sudo
-over the years, this version consists of code written primarily by:
-.nf
-
-Jeff Nieusma <nieusma@FirstLink.com>
-David Hieb <davehieb@internetone.com>
-Todd Miller <Todd.Miller@cs.colorado.edu>
-Chris Jepeway <jepeway@cs.utk.edu>
-
-See the HISTORY file in the sudo distribution for more details.
-.fi
-.sp
-Please send all bugs, comments, and changes to sudo\-bugs@cs.colorado.edu.
-.SH BUGS
-The \-l (list) option should expand Command Aliases.
-.SH DISCLAIMER
+\fBsudo\fR should always be statically linked unless the
+dynamic loader disables user-defined library search paths
+for setuid programs. (Most modern dynamic loaders do this.)
+.PP
+\fBsudo\fR will check the ownership of its timestamp directory
+(\fI/var/run/sudo\fR or \fI/tmp/.odus\fR by default) and ignore
+the directory's contents if it is not owned by root and
+only read, writable, and executable by root. On systems
+that allow users to give files away to root (via chown),
+if the timestamp directory is located in a directory writable
+by anyone (ie: \fI/tmp\fR), it is possible for a user to create
+the timestamp directory before \fBsudo\fR is run.
+However, because \fBsudo\fR checks the ownership and mode of
+the directory, the only damage that can be done is to \*(L"hide\*(R"
+files by putting them in the timestamp dir. This is unlikely
+to happen since once the timestamp dir is owned by root and
+inaccessible by any other user the user placing files there
+would be unable to get them back out. To get around this
+issue you can use a directory that is not world-writable
+for the timestamps (\fI/var/adm/sudo\fR for instance).
+.PP
+\f(CWsudo\fR will not honor timestamp files set far in the
+future. Timestamp files with a date greater than
+current_time + 2 * \f(CWTIMEOUT\fR will be ignored and
+sudo will log the anomaly. This is done to keep a user
+from creating his/her own timestamp file with a bogus
+date.
+.SH "FILES"
+.PP
+.Vb 1
+\& /etc/sudoers file of authorized users.
+.Ve
+.SH "ENVIRONMENT VARIABLES"
+.PP
+.Vb 12
+\& PATH Set to a sane value if SECURE_PATH is set
+\& SHELL Used to determine shell to run with -s option
+\& USER Set to the target user (root unless the -u option
+\& is specified)
+\& HOME In -s mode, set to homedir of root (or runas user)
+\& if built with the SHELL_SETS_HOME option
+\& SUDO_PROMPT Replaces the default password prompt
+\& SUDO_COMMAND Set to the command run by sudo
+\& SUDO_USER Set to the login of the user who invoked sudo
+\& SUDO_UID Set to the uid of the user who invoked sudo
+\& SUDO_GID Set to the gid of the user who invoked sudo
+\& SUDO_PS1 If set, PS1 will be set to its value
+.Ve
+.SH "AUTHORS"
+Many people have worked on \fBsudo\fR over the years, this
+version consists of code written primarily by:
+.PP
+.Vb 4
+\& Jeff Nieusma
+\& David Hieb
+\& Todd Miller
+\& Chris Jepeway
+.Ve
+See the HISTORY file in the \fBsudo\fR distribution for more details.
+.PP
+Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
+.SH "DISCLAIMER"
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-.sp
+.PP
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
675 Mass Ave, Cambridge, MA 02139, USA.
-.SH CAVEATS
-There is no easy way to prevent a user from gaining a root shell if
-that user has access to commands that are shell scripts or that
-allow shell escapes.
-.SH SEE ALSO
-.BR sudoers (5),
-.BR visudo (8),
-.BR su (1)
+.SH "CAVEATS"
+There is no easy way to prevent a user from gaining a root shell if
+that user has access to commands allow shell escapes.
+.PP
+If users have sudo ALL there is nothing to prevent them from creating
+their own program that gives them a root shell regardless of any \*(L'!\*(R'
+elements in the user specification.
+.PP
+Running shell scripts via \fBsudo\fR can expose the same kernel bugs
+that make setuid shell scripts unsafe on some operating systems.
+.SH "SEE ALSO"
+\fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1).
+
+.rn }` ''
+.IX Title "sudo 8"
+.IX Name "sudo - execute a command as the superuser"
+
+.IX Header "NAME"
+
+.IX Header "SYNOPSIS"
+
+.IX Header "DESCRIPTION"
+
+.IX Header "OPTIONS"
+
+.IX Item "-V"
+
+.IX Item "-l"
+
+.IX Item "-h"
+
+.IX Item "-v"
+
+.IX Item "-k"
+
+.IX Item "-b"
+
+.IX Item "-p"
+
+.IX Item "-u"
+
+.IX Item "-s"
+
+.IX Item "-H"
+
+.IX Item "--"
+
+.IX Header "RETURN VALUES"
+
+.IX Header "SECURITY NOTES"
+
+.IX Header "FILES"
+
+.IX Header "ENVIRONMENT VARIABLES"
+
+.IX Header "AUTHORS"
+
+.IX Header "DISCLAIMER"
+
+.IX Header "CAVEATS"
+
+.IX Header "SEE ALSO"
+
--- /dev/null
+
+
+
+sudoers(5) FILE FORMATS sudoers(5)
+
+
+N\bN\bN\bNA\bA\bA\bAM\bM\bM\bME\bE\bE\bE
+ sudoers - list of which users may execute what as root
+
+D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
+ The _\bs_\bu_\bd_\bo_\be_\br_\bs file is composed of an optional host alias
+ section, an optional command alias section and the user
+ specification section. All command or host aliases need
+ to start with their respective keywords (ie: Host_Alias,
+ User_Alias, Runas_Alias or Cmnd_Alias). If there are
+ multiple occurrences of a user, the union of the entries
+ will be used.
+
+ u\bu\bu\bus\bs\bs\bse\be\be\ber\br\br\br s\bs\bs\bsp\bp\bp\bpe\be\be\bec\bc\bc\bci\bi\bi\bif\bf\bf\bfi\bi\bi\bic\bc\bc\bca\ba\ba\bat\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bn f\bf\bf\bfo\bo\bo\bor\br\br\brm\bm\bm\bma\ba\ba\bat\bt\bt\bt:\b:\b:\b:
+
+
+ user access_group [: access_group] ...
+
+ access_group ::= host_type = [(runas_list)] [NOPASSWD:] [op]cmnd_type
+ [,[(user_list)] [NOPASSWD:] [op]cmnd_type] ...
+ host_type ::= a lower-case hostname, netgroup, ip address,
+ network number, network number/netmask,
+ or host alias.
+ runas_list ::= comma-separated list of users, groups,
+ netgroups or Runas_Aliases the user may run
+ commands as (default is root).
+ cmnd_type ::= a command OR a command alias.
+ op ::= the logical "!" NOT operator.
+
+
+ h\bh\bh\bho\bo\bo\bos\bs\bs\bst\bt\bt\bt a\ba\ba\bal\bl\bl\bli\bi\bi\bia\ba\ba\bas\bs\bs\bs s\bs\bs\bse\be\be\bec\bc\bc\bct\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bn f\bf\bf\bfo\bo\bo\bor\br\br\brm\bm\bm\bma\ba\ba\bat\bt\bt\bt:\b:\b:\b:
+
+
+ Host_Alias HOSTALIAS = host-list
+
+ Host_Alias ::= a keyword.
+ HOSTALIAS ::= an upper-case alias name.
+ host-list ::= a comma separated list of hosts, netgroups,
+ ip addresses, networks.
+
+
+ u\bu\bu\bus\bs\bs\bse\be\be\ber\br\br\br a\ba\ba\bal\bl\bl\bli\bi\bi\bia\ba\ba\bas\bs\bs\bs s\bs\bs\bse\be\be\bec\bc\bc\bct\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bn f\bf\bf\bfo\bo\bo\bor\br\br\brm\bm\bm\bma\ba\ba\bat\bt\bt\bt:\b:\b:\b:
+
+
+ User_Alias USERALIAS = user-list
+
+ User_Alias ::= a keyword.
+ USERALIAS ::= an upper-case alias name.
+ user-list ::= a comma separated list of users, groups, netgroups.
+
+
+ r\br\br\bru\bu\bu\bun\bn\bn\bna\ba\ba\bas\bs\bs\bs a\ba\ba\bal\bl\bl\bli\bi\bi\bia\ba\ba\bas\bs\bs\bs s\bs\bs\bse\be\be\bec\bc\bc\bct\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bn f\bf\bf\bfo\bo\bo\bor\br\br\brm\bm\bm\bma\ba\ba\bat\bt\bt\bt:\b:\b:\b:
+
+
+ Runas_Alias RUNASALIAS = runas-list
+
+
+
+17/Oct/98 1.5.7 1
+
+
+
+
+
+sudoers(5) FILE FORMATS sudoers(5)
+
+
+ Runas_Alias ::= a keyword.
+ RUNASALIAS ::= an upper-case alias name.
+ runas-list ::= a comma separated list of users, groups, netgroups.
+
+
+ c\bc\bc\bco\bo\bo\bom\bm\bm\bmm\bm\bm\bma\ba\ba\ban\bn\bn\bnd\bd\bd\bd a\ba\ba\bal\bl\bl\bli\bi\bi\bia\ba\ba\bas\bs\bs\bs s\bs\bs\bse\be\be\bec\bc\bc\bct\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bn f\bf\bf\bfo\bo\bo\bor\br\br\brm\bm\bm\bma\ba\ba\bat\bt\bt\bt:\b:\b:\b:
+
+
+ Cmnd_Alias CMNDALIAS = cmnd-list
+
+ Cmnd_Alias ::= a keyword.
+ CMNDALIAS ::= an upper-case alias name.
+ cmnd-list ::= a comma separated list commands.
+
+
+ c\bc\bc\bco\bo\bo\bom\bm\bm\bmm\bm\bm\bma\ba\ba\ban\bn\bn\bnd\bd\bd\bd s\bs\bs\bsp\bp\bp\bpe\be\be\bec\bc\bc\bci\bi\bi\bif\bf\bf\bfi\bi\bi\bic\bc\bc\bca\ba\ba\bat\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bn:\b:\b:\b:
+
+
+ path arg1 arg2 .. argn = command
+
+ path ::= a fully qualified pathname.
+ arg[1..n] ::= optional command line arguments.
+
+
+ w\bw\bw\bwi\bi\bi\bil\bl\bl\bld\bd\bd\bdc\bc\bc\bca\ba\ba\bar\br\br\brd\bd\bd\bds\bs\bs\bs (\b(\b(\b(a\ba\ba\bak\bk\bk\bka\ba\ba\ba m\bm\bm\bme\be\be\bet\bt\bt\bta\ba\ba\ba c\bc\bc\bch\bh\bh\bha\ba\ba\bar\br\br\bra\ba\ba\bac\bc\bc\bct\bt\bt\bte\be\be\ber\br\br\brs\bs\bs\bs)\b)\b)\b):\b:\b:\b:
+
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows shell-style _\bw_\bi_\bl_\bd_\bc_\ba_\br_\bd_\bs along with command
+ arguments in the _\bs_\bu_\bd_\bo_\be_\br_\bs file. Wildcard matching is done
+ via the P\bP\bP\bPO\bO\bO\bOS\bS\bS\bSI\bI\bI\bIX\bX\bX\bX fnmatch(3) routine.
+
+ * Matches any set of zero or more characters.
+
+ ? Matches any single character.
+
+ [...] Matches any character in the specified range.
+
+ [!...] Matches any character n\bn\bn\bno\bo\bo\bot\bt\bt\bt in the specified range.
+
+ \x For any character "x", evaluates to "x". This is
+ used to escape special characters such as: "*",
+ "?", "[", and "}".
+
+ e\be\be\bex\bx\bx\bxc\bc\bc\bce\be\be\bep\bp\bp\bpt\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bns\bs\bs\bs t\bt\bt\bto\bo\bo\bo w\bw\bw\bwi\bi\bi\bil\bl\bl\bld\bd\bd\bdc\bc\bc\bca\ba\ba\bar\br\br\brd\bd\bd\bd r\br\br\bru\bu\bu\bul\bl\bl\ble\be\be\bes\bs\bs\bs:\b:\b:\b:
+
+ The following exceptions apply to the above rules:
+
+ " If the empty string "" is the only command line
+ argument in the _\bs_\bu_\bd_\bo_\be_\br_\bs entry it means that
+ command may take n\bn\bn\bno\bo\bo\bo arguments.
+
+ o\bo\bo\bot\bt\bt\bth\bh\bh\bhe\be\be\ber\br\br\br s\bs\bs\bsp\bp\bp\bpe\be\be\bec\bc\bc\bci\bi\bi\bia\ba\ba\bal\bl\bl\bl c\bc\bc\bch\bh\bh\bha\ba\ba\bar\br\br\bra\ba\ba\bac\bc\bc\bct\bt\bt\bte\be\be\ber\br\br\brs\bs\bs\bs a\ba\ba\ban\bn\bn\bnd\bd\bd\bd r\br\br\bre\be\be\bes\bs\bs\bse\be\be\ber\br\br\brv\bv\bv\bve\be\be\bed\bd\bd\bd w\bw\bw\bwo\bo\bo\bor\br\br\brd\bd\bd\bds\bs\bs\bs:\b:\b:\b:
+
+ Text after a pound sign (#\b#\b#\b#) is considered a comment.
+ Words that begin with a percent sign (%\b%\b%\b%) are assumed to be
+
+
+
+17/Oct/98 1.5.7 2
+
+
+
+
+
+sudoers(5) FILE FORMATS sudoers(5)
+
+
+ UN*X groups (%staff refers to users in the group _\bs_\bt_\ba_\bf_\bf).
+ Words that begin with a plus sign (+\b+\b+\b+) are assumed to be
+ netgroups (+\b+\b+\b+c\bc\bc\bcs\bs\bs\bsh\bh\bh\bho\bo\bo\bos\bs\bs\bst\bt\bt\bts\bs\bs\bs refers to the netgroup _\bc_\bs_\bh_\bo_\bs_\bt_\bs). Long
+ lines can be newline escaped with the backslash \\b\\b\\b\
+ character. The reserved word N\bN\bN\bNO\bO\bO\bOP\bP\bP\bPA\bA\bA\bAS\bS\bS\bSS\bS\bS\bSW\bW\bW\bWD\bD\bD\bD indicates that a
+ user need not enter a password for the command listed in
+ that entry.
+
+ The reserved alias _\bA_\bL_\bL can be used for both
+ {Host,User,Cmnd}_Alias. D\bD\bD\bDO\bO\bO\bO N\bN\bN\bNO\bO\bO\bOT\bT\bT\bT define an alias of _\bA_\bL_\bL, it
+ will N\bN\bN\bNO\bO\bO\bOT\bT\bT\bT be used. Note that _\bA_\bL_\bL implies the entire
+ universe of hosts/users/commands. You can subtract
+ elements from the universe by using the syntax:
+ user host=ALL,!ALIAS1,!/etc/halt... Note that the "!"
+ notation only works in a user's command list. You may not
+ use it to subtract elements in a User_Alias, Host_Alias,
+ Cmnd_Alias or user list.
+
+ Commands may have optional command line arguments. If
+ they do, then the arguments in the _\bs_\bu_\bd_\bo_\be_\br_\bs file must
+ exactly match those on the command line. It is also
+ possible to have a command's arguments span multiple lines
+ as long as the line continuance character "\" is used.
+ The following characters must be escaped with a "\" if
+ used in command arguments: ",", ":", "=", "\".
+
+E\bE\bE\bEX\bX\bX\bXA\bA\bA\bAM\bM\bM\bMP\bP\bP\bPL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
+ # Host alias specification
+ Host_Alias HUB=houdini:\
+ REMOTE=merlin,kodiakthorn,spirit
+ Host_Alias SERVERS=houdini,merlin,kodiakthorn,spirit
+ Host_Alias CUNETS=128.138.0.0/255.255.0.0
+ Host_Alias CSNETS=128.138.243.0,128.138.204.0,\
+ 128.138.205.192
+
+ # User alias specification
+ User_Alias FULLTIME=millert,dowdy,mikef
+ User_Alias PARTTIME=juola,mccreary,tor
+
+ # Runas alias specification
+ Runas_Alias OP=root,operator
+
+ # Command alias specification
+ Cmnd_Alias LPCS=/usr/etc/lpc,/usr/ucb/lprm
+ Cmnd_Alias SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh
+ Cmnd_Alias SU=/bin/su
+ Cmnd_Alias MISC=/bin/rm,/bin/cat:\
+ SHUTDOWN=/etc/halt,/etc/shutdown
+
+
+
+
+
+
+
+
+
+17/Oct/98 1.5.7 3
+
+
+
+
+
+sudoers(5) FILE FORMATS sudoers(5)
+
+
+ # User specification
+ FULLTIME ALL=(ALL) NOPASSWD: ALL
+ %wheel ALL=ALL
+ PARTTIME ALL=ALL,!SHELLS,!SU
+ +interns +openlabs=ALL,!SHELLS,!SU
+ britt REMOTE=SHUTDOWN:ALL=LPCS
+ jimbo CUNETS=/bin/su ?*,!/bin/su *root*
+ nieusma SERVERS=SHUTDOWN,/etc/reboot:\
+ HUB=ALL,!SHELLS
+ jill houdini=/etc/shutdown -[hr] now,MISC
+ markm HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt
+ davehieb merlin=(OP) ALL:SERVERS=/etc/halt:\
+ kodiakthorn=NOPASSWD: ALL
+ steve CSNETS=(operator) /usr/op_commands/
+
+
+ H\bH\bH\bHo\bo\bo\bos\bs\bs\bst\bt\bt\bt A\bA\bA\bAl\bl\bl\bli\bi\bi\bia\ba\ba\bas\bs\bs\bs s\bs\bs\bsp\bp\bp\bpe\be\be\bec\bc\bc\bci\bi\bi\bif\bf\bf\bfi\bi\bi\bic\bc\bc\bca\ba\ba\bat\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bns\bs\bs\bs:\b:\b:\b:
+
+ The are four _\bh_\bo_\bs_\bt _\ba_\bl_\bi_\ba_\bs_\be_\bs. The first actually contains
+ two _\ba_\bl_\bi_\ba_\bs_\be_\bs. It sets HUB to be houdini and REMOTE to the
+ three machines merlin, kodiakthorn and spirit. Similarly,
+ SERVERS is set to the machines houdini, merlin,
+ kodiakthorn and spirit. The CSNETS alias will match any
+ host on the 128.138.243.0, 128.138.204.0, or
+ 128.138.205.192 nets. The CUNETS alias will match any
+ host on the 128.138.0.0 (class B) network. Note that
+ these are n\bn\bn\bne\be\be\bet\bt\bt\btw\bw\bw\bwo\bo\bo\bor\br\br\brk\bk\bk\bk addresses, not ip addresses. Unless an
+ explicate netmask is given, the local _\bn_\be_\bt_\bm_\ba_\bs_\bk is used to
+ determine whether or not the current host belongs to a
+ network.
+
+ U\bU\bU\bUs\bs\bs\bse\be\be\ber\br\br\br A\bA\bA\bAl\bl\bl\bli\bi\bi\bia\ba\ba\bas\bs\bs\bs s\bs\bs\bsp\bp\bp\bpe\be\be\bec\bc\bc\bci\bi\bi\bif\bf\bf\bfi\bi\bi\bic\bc\bc\bca\ba\ba\bat\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bns\bs\bs\bs:\b:\b:\b:
+
+ The two _\bu_\bs_\be_\br _\ba_\bl_\bi_\ba_\bs_\be_\bs simply groups the FULLTIME and
+ PARTTIME folks into two separate aliases.
+
+ C\bC\bC\bCo\bo\bo\bom\bm\bm\bmm\bm\bm\bma\ba\ba\ban\bn\bn\bnd\bd\bd\bd a\ba\ba\bal\bl\bl\bli\bi\bi\bia\ba\ba\bas\bs\bs\bs s\bs\bs\bsp\bp\bp\bpe\be\be\bec\bc\bc\bci\bi\bi\bif\bf\bf\bfi\bi\bi\bic\bc\bc\bca\ba\ba\bat\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bns\bs\bs\bs:\b:\b:\b:
+
+ Command aliases are lists of commands with or without
+ associated command line arguments. The entries above
+ should be self-explanatory.
+
+ U\bU\bU\bUs\bs\bs\bse\be\be\ber\br\br\br s\bs\bs\bsp\bp\bp\bpe\be\be\bec\bc\bc\bci\bi\bi\bif\bf\bf\bfi\bi\bi\bic\bc\bc\bca\ba\ba\bat\bt\bt\bti\bi\bi\bio\bo\bo\bon\bn\bn\bns\bs\bs\bs:\b:\b:\b:
+
+
+ FULLTIME Full-time sysadmins in the FULLTIME alias
+ may run any command on any host as any
+ user without a password.
+
+ %wheel Any user in the UN*X group wheel may run
+ any command on any host.
+
+ PARTTIME Part-time sysadmins in the PARTTIME alias
+ may run any command except those in the
+
+
+
+17/Oct/98 1.5.7 4
+
+
+
+
+
+sudoers(5) FILE FORMATS sudoers(5)
+
+
+ SHELLS and SU aliases on any host.
+
+ +interns Any user in the netgroup interns may run
+ any command except those in the SHELLS and
+ SU aliases on any host that is in the
+ openlabs netgroup.
+
+ britt The user britt may run commands in the
+ SHUTDOWN alias on the REMOTE machines and
+ commands in the LPCS alias on any machine.
+
+ jimbo The user jimbo may su to any user save
+ root on the machines on CUNETS (which is
+ explicately listed as a class B network).
+
+ nieusma The user nieusma may run commands in the
+ SHUTDOWN alias as well as _\b/_\be_\bt_\bc_\b/_\br_\be_\bb_\bo_\bo_\bt on
+ the SERVER machines and any command except
+ those in the SHELLS alias on the HUB
+ machines.
+
+ jill The user jill may run /etc/shutdown -h now
+ or /etc/shutdown -r now as well as the
+ commands in the MISC alias on houdini.
+
+ markm The user markm may run any command on the
+ HUB machines except _\b/_\be_\bt_\bc_\b/_\bs_\bh_\bu_\bt_\bd_\bo_\bw_\bn,
+ _\b/_\be_\bt_\bc_\b/_\bh_\ba_\bl_\bt, and commands listed in the MISC
+ alias.
+
+ davehieb The user davehieb may run any command on
+ merlin as any user in the Runas_Alias OP
+ (ie: root or operator). He may also run
+ _\b/_\be_\bt_\bc_\b/_\bh_\ba_\bl_\bt on the SERVERS and any command
+ on kodiakthorn (no password required on
+ kodiakthorn).
+
+ steve The user steve may run any command in the
+ _\b/_\bu_\bs_\br_\b/_\bo_\bp_\b__\bc_\bo_\bm_\bm_\ba_\bn_\bd_\bs_\b/ directory as user
+ operator on the machines on CSNETS.
+
+C\bC\bC\bCA\bA\bA\bAV\bV\bV\bVE\bE\bE\bEA\bA\bA\bAT\bT\bT\bTS\bS\bS\bS
+ The _\bs_\bu_\bd_\bo_\be_\br_\bs file should a\ba\ba\bal\bl\bl\blw\bw\bw\bwa\ba\ba\bay\by\by\bys\bs\bs\bs be edited by the v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
+ command which locks the file and does grammatical
+ checking. It is imperative that the _\bs_\bu_\bd_\bo_\be_\br_\bs be free of
+ syntax errors since sudo will not run with a syntactically
+ incorrect _\bs_\bu_\bd_\bo_\be_\br_\bs file.
+
+F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
+ /etc/sudoers file of authorized users.
+ /etc/netgroup list of network groups.
+
+
+
+
+
+
+17/Oct/98 1.5.7 5
+
+
+
+
+
+sudoers(5) FILE FORMATS sudoers(5)
+
+
+S\bS\bS\bSE\bE\bE\bEE\bE\bE\bE A\bA\bA\bAL\bL\bL\bLS\bS\bS\bSO\bO\bO\bO
+ _\bs_\bu_\bd_\bo(8), _\bv_\bi_\bs_\bu_\bd_\bo(8), _\bs_\bu(1), _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+17/Oct/98 1.5.7 6
+
+
--- /dev/null
+ <HTML>
+ <HEAD>
+ <TITLE>sudoers - list of which users may execute what as root
+
+</TITLE>
+ </HEAD>
+
+ <BODY>
+
+<!-- INDEX BEGIN -->
+
+<UL>
+
+ <LI><A HREF="#NAME">NAME</A>
+ <LI><A HREF="#DESCRIPTION">DESCRIPTION</A>
+ <UL>
+
+ <LI><A HREF="#user_specification_format_">user specification format:</A>
+ <LI><A HREF="#host_alias_section_format_">host alias section format:</A>
+ <LI><A HREF="#user_alias_section_format_">user alias section format:</A>
+ <LI><A HREF="#runas_alias_section_format_">runas alias section format:</A>
+ <LI><A HREF="#command_alias_section_format_">command alias section format:</A>
+ <LI><A HREF="#command_specification_">command specification:</A>
+ <LI><A HREF="#wildcards_aka_meta_characters_">wildcards (aka meta characters):</A>
+ <LI><A HREF="#exceptions_to_wildcard_rules_">exceptions to wildcard rules:</A>
+ <LI><A HREF="#other_special_characters_and_res">other special characters and reserved words:</A>
+ </UL>
+
+ <LI><A HREF="#EXAMPLES">EXAMPLES</A>
+ <UL>
+
+ <LI><A HREF="#Host_Alias_specifications_">Host Alias specifications:</A>
+ <LI><A HREF="#User_Alias_specifications_">User Alias specifications:</A>
+ <LI><A HREF="#Command_alias_specifications_">Command alias specifications:</A>
+ <LI><A HREF="#User_specifications_">User specifications:</A>
+ </UL>
+
+ <LI><A HREF="#CAVEATS">CAVEATS</A>
+ <LI><A HREF="#FILES">FILES</A>
+ <LI><A HREF="#SEE_ALSO">SEE ALSO</A>
+</UL>
+<!-- INDEX END -->
+
+<HR>
+<P>
+<HR>
+<H1><A NAME="NAME">NAME
+
+</A></H1>
+sudoers - list of which users may execute what as root
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="DESCRIPTION">DESCRIPTION
+
+</A></H1>
+The <EM>sudoers</EM> file is composed of an optional host alias section, an optional command
+alias section and the user specification section. All command or host
+aliases need to start with their respective keywords (ie: Host_Alias,
+User_Alias, Runas_Alias or Cmnd_Alias). If there are multiple occurrences
+of a user, the union of the entries will be used.
+
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="user_specification_format_">user specification format:
+
+</A></H2>
+<PRE> user access_group [: access_group] ...
+</PRE>
+
+<P>
+
+<PRE> access_group ::= host_type = [(runas_list)] [NOPASSWD:] [op]cmnd_type
+ [,[(user_list)] [NOPASSWD:] [op]cmnd_type] ...
+ host_type ::= a lower-case hostname, netgroup, ip address,
+ network number, network number/netmask,
+ or host alias.
+ runas_list ::= comma-separated list of users, groups,
+ netgroups or Runas_Aliases the user may run
+ commands as (default is root).
+ cmnd_type ::= a command OR a command alias.
+ op ::= the logical "!" NOT operator.
+</PRE>
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="host_alias_section_format_">host alias section format:
+
+</A></H2>
+<PRE> Host_Alias HOSTALIAS = host-list
+</PRE>
+
+<P>
+
+<PRE> Host_Alias ::= a keyword.
+ HOSTALIAS ::= an upper-case alias name.
+ host-list ::= a comma separated list of hosts, netgroups,
+ ip addresses, networks.
+</PRE>
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="user_alias_section_format_">user alias section format:
+
+</A></H2>
+<PRE> User_Alias USERALIAS = user-list
+</PRE>
+
+<P>
+
+<PRE> User_Alias ::= a keyword.
+ USERALIAS ::= an upper-case alias name.
+ user-list ::= a comma separated list of users, groups, netgroups.
+</PRE>
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="runas_alias_section_format_">runas alias section format:
+
+</A></H2>
+<PRE> Runas_Alias RUNASALIAS = runas-list
+</PRE>
+
+<P>
+
+<PRE> Runas_Alias ::= a keyword.
+ RUNASALIAS ::= an upper-case alias name.
+ runas-list ::= a comma separated list of users, groups, netgroups.
+</PRE>
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="command_alias_section_format_">command alias section format:
+
+</A></H2>
+<PRE> Cmnd_Alias CMNDALIAS = cmnd-list
+</PRE>
+
+<P>
+
+<PRE> Cmnd_Alias ::= a keyword.
+ CMNDALIAS ::= an upper-case alias name.
+ cmnd-list ::= a comma separated list commands.
+</PRE>
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="command_specification_">command specification:
+
+</A></H2>
+<PRE> path arg1 arg2 .. argn = command
+</PRE>
+
+<P>
+
+<PRE> path ::= a fully qualified pathname.
+ arg[1..n] ::= optional command line arguments.
+</PRE>
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="wildcards_aka_meta_characters_">wildcards (aka meta characters):
+
+</A></H2>
+<STRONG>sudo</STRONG> allows shell-style <EM>wildcards</EM> along with command arguments in the <EM>sudoers</EM> file. Wildcard matching is done via the <STRONG>POSIX</STRONG>
+
+<CODE>fnmatch(3)</CODE> routine.
+
+
+<P>
+
+<UL>
+<LI><STRONG></STRONG>
+Matches any set of zero or more characters.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__">?
+
+</A></STRONG><DD>
+Matches any single character.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__">[...]
+
+</A></STRONG><DD>
+Matches any character in the specified range.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__">[!...]
+
+</A></STRONG><DD>
+Matches any character <STRONG>not</STRONG> in the specified range.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__x">\x
+
+</A></STRONG><DD>
+For any character ``x'', evaluates to ``x''. This is used to escape special
+characters such as: ``*'', ``?'', ``['', and ``}''.
+
+
+<P>
+
+</UL>
+<P>
+<HR>
+<H2><A NAME="exceptions_to_wildcard_rules_">exceptions to wildcard rules:
+
+</A></H2>
+The following exceptions apply to the above rules:
+
+
+<P>
+
+<DL>
+<DT><STRONG><A NAME="item__">""
+
+</A></STRONG><DD>
+If the empty string <CODE>""</CODE> is the only command line argument in the
+<EM>sudoers</EM> entry it means that command may take <STRONG>no</STRONG> arguments.
+
+
+<P>
+
+</DL>
+<P>
+<HR>
+<H2><A NAME="other_special_characters_and_res">other special characters and reserved words:
+
+</A></H2>
+Text after a pound sign (<STRONG>#</STRONG>) is considered a comment. Words that begin with a percent sign (<STRONG>%</STRONG>) are assumed to be UN*X groups (%staff refers to users in the group <EM>staff</EM>). Words that begin with a plus sign (<STRONG>+</STRONG>) are assumed to be netgroups (<STRONG>+cshosts</STRONG> refers to the netgroup <EM>cshosts</EM>). Long lines can be newline escaped with the backslash <STRONG>\</STRONG> character. The reserved word <STRONG>NOPASSWD</STRONG> indicates that a user need not enter a password for the command listed in
+that entry.
+
+
+<P>
+
+The reserved alias <EM>ALL</EM> can be used for both {Host,User,Cmnd}_Alias.
+<STRONG>DO NOT</STRONG> define an alias of <EM>ALL</EM>, it will <STRONG>NOT</STRONG> be used. Note that <EM>ALL</EM> implies the entire universe of hosts/users/commands. You can subtract
+elements from the universe by using the syntax: user
+host=ALL,!ALIAS1,!/etc/halt... Note that the ``!'' notation only works in a
+user's command list. You may not use it to subtract elements in a
+User_Alias, Host_Alias, Cmnd_Alias or user list.
+
+
+<P>
+
+Commands may have optional command line arguments. If they do, then the
+arguments in the <EM>sudoers</EM> file must exactly match those on the command line. It is also possible to
+have a command's arguments span multiple lines as long as the line
+continuance character ``\'' is used. The following characters must be
+escaped with a ``\'' if used in command arguments: ``,'', ``:'', ``='',
+``\''.
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="EXAMPLES">EXAMPLES
+
+</A></H1>
+<PRE> # Host alias specification
+ Host_Alias HUB=houdini:\
+ REMOTE=merlin,kodiakthorn,spirit
+ Host_Alias SERVERS=houdini,merlin,kodiakthorn,spirit
+ Host_Alias CUNETS=128.138.0.0/255.255.0.0
+ Host_Alias CSNETS=128.138.243.0,128.138.204.0,\
+ 128.138.205.192
+</PRE>
+
+<P>
+
+<PRE> # User alias specification
+ User_Alias FULLTIME=millert,dowdy,mikef
+ User_Alias PARTTIME=juola,mccreary,tor
+</PRE>
+
+<P>
+
+<PRE> # Runas alias specification
+ Runas_Alias OP=root,operator
+</PRE>
+
+<P>
+
+<PRE> # Command alias specification
+ Cmnd_Alias LPCS=/usr/etc/lpc,/usr/ucb/lprm
+ Cmnd_Alias SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh
+ Cmnd_Alias SU=/bin/su
+ Cmnd_Alias MISC=/bin/rm,/bin/cat:\
+ SHUTDOWN=/etc/halt,/etc/shutdown
+</PRE>
+
+<P>
+
+<PRE> # User specification
+ FULLTIME ALL=(ALL) NOPASSWD: ALL
+ %wheel ALL=ALL
+ PARTTIME ALL=ALL,!SHELLS,!SU
+ +interns +openlabs=ALL,!SHELLS,!SU
+ britt REMOTE=SHUTDOWN:ALL=LPCS
+ jimbo CUNETS=/bin/su ?*,!/bin/su *root*
+ nieusma SERVERS=SHUTDOWN,/etc/reboot:\
+ HUB=ALL,!SHELLS
+ jill houdini=/etc/shutdown -[hr] now,MISC
+ markm HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt
+ davehieb merlin=(OP) ALL:SERVERS=/etc/halt:\
+ kodiakthorn=NOPASSWD: ALL
+ steve CSNETS=(operator) /usr/op_commands/
+</PRE>
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="Host_Alias_specifications_">Host Alias specifications:
+
+</A></H2>
+The are four <EM>host aliases</EM>. The first actually contains two <EM>aliases</EM>. It sets <CODE>HUB</CODE> to be <CODE>houdini</CODE> and <CODE>REMOTE</CODE>
+to the three machines <CODE>merlin</CODE>, <CODE>kodiakthorn</CODE> and <CODE>spirit</CODE>. Similarly, <CODE>SERVERS</CODE> is set to the machines <CODE>houdini</CODE>, <CODE>merlin</CODE>,
+<CODE>kodiakthorn</CODE> and <CODE>spirit</CODE>. The <CODE>CSNETS</CODE> alias will match any host on the 128.138.243.0, 128.138.204.0, or
+128.138.205.192 nets. The <CODE>CUNETS</CODE> alias will match any host on the 128.138.0.0 (class B) network. Note that
+these are <STRONG>network</STRONG> addresses, not ip addresses. Unless an explicate netmask is given, the
+local <EM>netmask</EM>
+is used to determine whether or not the current host belongs to a network.
+
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="User_Alias_specifications_">User Alias specifications:
+
+</A></H2>
+The two <EM>user aliases</EM> simply groups the <A HREF="#item_FULLTIME">FULLTIME</A> and
+<A HREF="#item_PARTTIME">PARTTIME</A> folks into two separate aliases.
+
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="Command_alias_specifications_">Command alias specifications:
+
+</A></H2>
+Command aliases are lists of commands with or without associated command
+line arguments. The entries above should be self-explanatory.
+
+
+<P>
+
+<P>
+<HR>
+<H2><A NAME="User_specifications_">User specifications:
+
+</A></H2>
+<DL>
+<DT><STRONG><A NAME="item_FULLTIME">FULLTIME
+
+</A></STRONG><DD>
+Full-time sysadmins in the <A HREF="#item_FULLTIME">FULLTIME</A> alias may run any command on any host as any user without a password.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__wheel">%wheel
+
+</A></STRONG><DD>
+Any user in the UN*X group <CODE>wheel</CODE> may run any command on any host.
+
+
+<P>
+
+<DT><STRONG><A NAME="item_PARTTIME">PARTTIME
+
+</A></STRONG><DD>
+Part-time sysadmins in the <A HREF="#item_PARTTIME">PARTTIME</A> alias may run any command except those in the <CODE>SHELLS</CODE> and <CODE>SU</CODE> aliases on any host.
+
+
+<P>
+
+<DT><STRONG><A NAME="item__interns">+interns
+
+</A></STRONG><DD>
+Any user in the netgroup <CODE>interns</CODE> may run any command except those in the <CODE>SHELLS</CODE> and <CODE>SU</CODE> aliases on any host that is in the <CODE>openlabs</CODE> netgroup.
+
+
+<P>
+
+<DT><STRONG><A NAME="item_britt">britt
+
+</A></STRONG><DD>
+The user <A HREF="#item_britt">britt</A> may run commands in the <CODE>SHUTDOWN</CODE> alias on the <CODE>REMOTE</CODE> machines and commands in the <CODE>LPCS</CODE> alias on any machine.
+
+
+<P>
+
+<DT><STRONG><A NAME="item_jimbo">jimbo
+
+</A></STRONG><DD>
+The user <A HREF="#item_jimbo">jimbo</A> may <CODE>su</CODE> to any user save root on the machines on <CODE>CUNETS</CODE> (which is explicately listed as a class B network).
+
+
+<P>
+
+<DT><STRONG><A NAME="item_nieusma">nieusma
+
+</A></STRONG><DD>
+The user <A HREF="#item_nieusma">nieusma</A> may run commands in the <CODE>SHUTDOWN</CODE> alias as well as <EM>/etc/reboot</EM> on the <CODE>SERVER</CODE> machines and any command except those in the <CODE>SHELLS</CODE> alias on the <CODE>HUB</CODE>
+machines.
+
+
+<P>
+
+<DT><STRONG><A NAME="item_jill">jill
+
+</A></STRONG><DD>
+The user <A HREF="#item_jill">jill</A> may run <CODE>/etc/shutdown -h now</CODE> or
+<CODE>/etc/shutdown -r now</CODE> as well as the commands in the
+<CODE>MISC</CODE> alias on houdini.
+
+
+<P>
+
+<DT><STRONG><A NAME="item_markm">markm
+
+</A></STRONG><DD>
+The user <A HREF="#item_markm">markm</A> may run any command on the <CODE>HUB</CODE> machines except <EM>/etc/shutdown</EM>, <EM>/etc/halt</EM>, and commands listed in the <CODE>MISC</CODE> alias.
+
+
+<P>
+
+<DT><STRONG><A NAME="item_davehieb">davehieb
+
+</A></STRONG><DD>
+The user <A HREF="#item_davehieb">davehieb</A> may run any command on <CODE>merlin</CODE> as any user in the Runas_Alias OP (ie: root or operator). He may also run <EM>/etc/halt</EM> on the <CODE>SERVERS</CODE> and any command on <CODE>kodiakthorn</CODE> (no password required on <CODE>kodiakthorn</CODE>).
+
+
+<P>
+
+<DT><STRONG><A NAME="item_steve">steve
+
+</A></STRONG><DD>
+The user <A HREF="#item_steve">steve</A> may run any command in the <EM>/usr/op_commands/</EM>
+directory as user <CODE>operator</CODE> on the machines on <CODE>CSNETS</CODE>.
+
+
+<P>
+
+</DL>
+<P>
+<HR>
+<H1><A NAME="CAVEATS">CAVEATS
+
+</A></H1>
+The <EM>sudoers</EM> file should <STRONG>always</STRONG> be edited by the <STRONG>visudo</STRONG>
+command which locks the file and does grammatical checking. It is
+imperative that the <EM>sudoers</EM> be free of syntax errors since sudo will not run with a syntactically
+incorrect <EM>sudoers</EM> file.
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="FILES">FILES
+
+</A></H1>
+<PRE> /etc/sudoers file of authorized users.
+ /etc/netgroup list of network groups.
+</PRE>
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="SEE_ALSO">SEE ALSO
+
+</A></H1>
+<CODE><A HREF="sudo.html">sudo(8)</A>,</CODE> <CODE><A HREF="visudo.html">visudo(8)</A>,</CODE> <CODE>su(1),</CODE> <CODE>fnmatch(3).</CODE>
+
+<P>
+
+</DL>
+ </BODY>
+
+ </HTML>
-.\" $Id$
-.TH SUDOERS 5
-.SH NAME
-sudoers \- list of which users may execute what as root
-.SH DESCRIPTION
-The
-.I sudoers
-file is composed of an optional host alias section, an optional command
-alias section and the user specification section. All command or host
-aliases need to start with their respective keywords
-(ie: Host_Alias, User_Alias, or Cmnd_Alias).
-If there are multiple occurrences of a user, the union of the entries
-will be used.
+.rn '' }`
+''' $RCSfile$$Revision$$Date$
+'''
+''' $Log$
+''' Revision 1.4 1999/01/17 21:31:37 millert
+''' regen based on sudo.pod, sudoers.pod, and visudo.pod
+'''
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
.nf
+.ne \\$1
+..
+.de Ve
+.ft R
-user specification format:
- user access_group [: access_group] ...
-
- access_group ::= host_type = [op]cmnd_type [,[op]cmnd_type] ...
- host_type ::= a lower\-case hostname, netgroup, ip address,
- network number, or host alias.
- cmnd_type ::= an command OR a command alias.
- op ::= the logical '!' NOT operator.
-
-host alias section format:
- Host_Alias HOSTALIAS = host\-list
-
- Host_Alias ::= a keyword.
- HOSTALIAS ::= an upper\-case alias name.
- host\-list ::= a comma separated list of hosts, netgroups,
- ip addresses, networks.
-
-user alias section format:
- User_Alias USERALIAS = user\-list
-
- User_Alias ::= a keyword.
- USERALIAS ::= an upper\-case alias name.
- user\-list ::= a comma separated list of users, groups and netgroups.
-
-command alias section format:
- Cmnd_Alias CMNDALIAS = cmnd\-list
-
- Cmnd_Alias ::= a keyword.
- CMNDALIAS ::= an upper\-case alias name.
- cmnd\-list ::= a comma separated list commands.
-
-command specification:
- path arg1 arg2 .. argn = command
-
- path ::= a fully qualified pathname.
- arg[1..n] ::= optional command line arguments.
-
- Text after a pound sign ('#') is considered a comment.
- Words that begin with a percent sign ('%') are assumed to
- be UN*X groups (%staff refers to users in the group "staff").
- Words that begin with a plus sign ('+') are assumed to
- be netgroups (+cshosts refers to the netgroup "cshosts").
- Long lines can be newline escaped with the backslash '\\' character.
- The reserved alias 'ALL' can be used for both {Host,User,Cmnd}_Alias.
-
- DO NOT define an alias of 'ALL', it will NOT be used.
- Note that 'ALL' implies the entire universe of hosts/users/commands.
- You can subtract elements from the universe by using the syntax:
- user host=ALL,!ALIAS1,!/etc/halt...
- Note that the '!' notation only works in a user's command list. You
- may not use it to subtract elements in a User_Alias, Host_Alias, or
- Cmnd_Alias.
-
- Commands may have optional command line arguments. If they do,
- then the arguments in the sudoers file must exactly match those
- on the command line. It is also possible to have a command's
- arguments span multiple lines as long as the line continuance
- character '\\' is used. The following characters must be escaped
- with a '\\' if used in command arguments: ',', ':', '=', '\\'.
.fi
-.SH EXAMPLES
-.nf
- # Host alias specification
- Host_Alias HUB=houdini:\\
- REMOTE=merlin,kodiakthorn,spirit
- Host_Alias SERVERS=houdini,merlin,kodiakthorn,spirit
- Host_Alias CSNETS=128.138.243.0,128.138.204.0,\\
- 128.138.205.192
-
- # User alias specification
- User_Alias FULLTIME=millert,dowdy,mikef
- User_Alias PARTTIME=juola,mccreary,tor
-
- # Command alias specification
- Cmnd_Alias LPCS=/usr/etc/lpc,/usr/ucb/lprm
- Cmnd_Alias SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh
- Cmnd_Alias SU=/bin/su
- Cmnd_Alias MISC=/bin/rm,/bin/cat:\\
- SHUTDOWN=/etc/halt,/etc/shutdown
-
- # User specification
- FULLTIME ALL=ALL
- %wheel ALL=ALL
- PARTTIME ALL=ALL,!SHELLS,!SU
- +interns +openlabs=ALL,!SHELLS,!SU
- britt REMOTE=SHUTDOWN:ALL=LPCS
- nieusma SERVERS=SHUTDOWN,/etc/reboot:\\
- HUB=ALL,!SHELLS
- jill houdini=/etc/shutdown -r now,MISC
- markm HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt
- davehieb merlin=ALL:SERVERS=/etc/halt:\\
- kodiakthorn=ALL
- steve CSNETS=/usr/op_commands/,/bin/su operator
-.fi
-.sp
-The above
-.I sudoers
-file specification is composed of 4 host alias specifications, 2 user alias
-specifications, 4 command alias specifications and 8 user specifications. Full
-time staff (those in the FULLTIME alias) and anyone in group "wheel" are
-allowed to execute any command on any host. Part time staff (those in the
-PARTTIME alias) are allowed to execute any command except for the group of
-SHELL and SU commands on any machine. Britt is permitted to execute /etc/halt,
-/etc/shutdown, /usr/etc/lpc and /usr/ucb/lprm on the REMOTE machines (merlin,
-kodiakthorn, and spirit). Nieusma is allowed to run /etc/halt, /etc/shutdown,
-and /etc/halt on all machines and all commands except for the group of SHELL
-commands on the HUB machines. Jill is permitted to execute /etc/shutdown with
-the "\-r now" flags, /bin/rm, and /bin/cat on houdini. Davehieb can execute
-any command on machines merlin and kodiakthorn and can halt the SERVERS. Any
-user in the netgroup "interns" may run any command on the machines in the
-netgroup "openlabs" except for those commands in the groups SHELL and SU.
-Steve can run any command located in the directory /usr/op_commands on all
-machines on the subnets listed in CSNETS (note that the 128.138.192 net has
-a netmask of 255.255.255.192 which is why its network number is
-128.138.192.192). He may also su to operator but to no one else.
-
-.sp
-.B sudo
-will do a logical and of a machine's ip address(es) with its netmask to decide
-whether that machine is on a given network).
-.sp
-The
-.I sudoers
-file should
-.B always
-be edited by the
-.B visudo
+..
+'''
+'''
+''' Set up \*(-- to give an unbreakable dash;
+''' string Tr holds user defined translation string.
+''' Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
+''' \*(L" and \*(R", except that they are used on ".xx" lines,
+''' such as .IP and .SH, which do another additional levels of
+''' double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \(*p
+'br\}
+.\" If the F register is turned on, we'll generate
+.\" index entries out stderr for the following things:
+.\" TH Title
+.\" SH Header
+.\" Sh Subsection
+.\" Ip Item
+.\" X<> Xref (embedded
+.\" Of course, you have to process the output yourself
+.\" in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH sudoers 5 "1.5.7" "17/Oct/98" "FILE FORMATS"
+.UC
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+. \" AM - accent mark definitions
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds ? ?
+. ds ! !
+. ds /
+. ds q
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds v \h'-1'\o'\(aa\(ga'
+. ds _ \h'-1'^
+. ds . \h'-1'.
+. ds 3 3
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+. ds oe oe
+. ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
+sudoers \- list of which users may execute what as root
+.SH "DESCRIPTION"
+The \fIsudoers\fR file is composed of an optional host alias section,
+an optional command alias section and the user specification section.
+All command or host aliases need to start with their respective keywords
+(ie: Host_Alias, User_Alias, Runas_Alias or Cmnd_Alias).
+If there are multiple occurrences of a user, the union of the entries
+will be used.
+.Sh "user specification format:"
+.PP
+.Vb 1
+\& user access_group [: access_group] ...
+.Ve
+.Vb 10
+\& access_group ::= host_type = [(runas_list)] [NOPASSWD:] [op]cmnd_type
+\& [,[(user_list)] [NOPASSWD:] [op]cmnd_type] ...
+\& host_type ::= a lower-case hostname, netgroup, ip address,
+\& network number, network number/netmask,
+\& or host alias.
+\& runas_list ::= comma-separated list of users, groups,
+\& netgroups or Runas_Aliases the user may run
+\& commands as (default is root).
+\& cmnd_type ::= a command OR a command alias.
+\& op ::= the logical "!" NOT operator.
+.Ve
+.Sh "host alias section format:"
+.PP
+.Vb 1
+\& Host_Alias HOSTALIAS = host-list
+.Ve
+.Vb 4
+\& Host_Alias ::= a keyword.
+\& HOSTALIAS ::= an upper-case alias name.
+\& host-list ::= a comma separated list of hosts, netgroups,
+\& ip addresses, networks.
+.Ve
+.Sh "user alias section format:"
+.PP
+.Vb 1
+\& User_Alias USERALIAS = user-list
+.Ve
+.Vb 3
+\& User_Alias ::= a keyword.
+\& USERALIAS ::= an upper-case alias name.
+\& user-list ::= a comma separated list of users, groups, netgroups.
+.Ve
+.Sh "runas alias section format:"
+.PP
+.Vb 1
+\& Runas_Alias RUNASALIAS = runas-list
+.Ve
+.Vb 3
+\& Runas_Alias ::= a keyword.
+\& RUNASALIAS ::= an upper-case alias name.
+\& runas-list ::= a comma separated list of users, groups, netgroups.
+.Ve
+.Sh "command alias section format:"
+.PP
+.Vb 1
+\& Cmnd_Alias CMNDALIAS = cmnd-list
+.Ve
+.Vb 3
+\& Cmnd_Alias ::= a keyword.
+\& CMNDALIAS ::= an upper-case alias name.
+\& cmnd-list ::= a comma separated list commands.
+.Ve
+.Sh "command specification:"
+.PP
+.Vb 1
+\& path arg1 arg2 .. argn = command
+.Ve
+.Vb 2
+\& path ::= a fully qualified pathname.
+\& arg[1..n] ::= optional command line arguments.
+.Ve
+.Sh "wildcards (aka meta characters):"
+\fBsudo\fR allows shell-style \fIwildcards\fR along with command arguments
+in the \fIsudoers\fR file. Wildcard matching is done via the \fB\s-1POSIX\s0\fR
+\f(CWfnmatch(3)\fR routine.
+.Ip "\f(CW*\fR" 8
+Matches any set of zero or more characters.
+.Ip "\f(CW?\fR" 8
+Matches any single character.
+.Ip "\f(CW[...]\fR" 8
+Matches any character in the specified range.
+.Ip "\f(CW[!...]\fR" 8
+Matches any character \fBnot\fR in the specified range.
+.Ip "\f(CW\ex\fR" 8
+For any character \*(L"x\*(R", evaluates to \*(L"x\*(R". This is used to
+escape special characters such as: \*(L"*\*(R", \*(L"?\*(R", \*(L"[\*(R", and \*(L"}\*(R".
+.Sh "exceptions to wildcard rules:"
+The following exceptions apply to the above rules:
+.Ip "\f(CW""\fR" 8
+If the empty string \f(CW""\fR is the only command line argument in the
+\fIsudoers\fR entry it means that command may take \fBno\fR arguments.
+.Sh "other special characters and reserved words:"
+Text after a pound sign (\fB#\fR) is considered a comment.
+Words that begin with a percent sign (\fB%\fR) are assumed to
+be \s-1UN\s0*X groups (%staff refers to users in the group \fIstaff\fR).
+Words that begin with a plus sign (\fB+\fR) are assumed to
+be netgroups (\fB+cshosts\fR refers to the netgroup \fIcshosts\fR).
+Long lines can be newline escaped with the backslash \fB\e\fR character.
+The reserved word \fB\s-1NOPASSWD\s0\fR indicates that a user need not
+enter a password for the command listed in that entry.
+.PP
+The reserved alias \fI\s-1ALL\s0\fR can be used for both {Host,User,Cmnd}_Alias.
+\fB\s-1DO\s0 \s-1NOT\s0\fR define an alias of \fI\s-1ALL\s0\fR, it will \fB\s-1NOT\s0\fR be used.
+Note that \fI\s-1ALL\s0\fR implies the entire universe of hosts/users/commands.
+You can subtract elements from the universe by using the syntax:
+ user host=\s-1ALL\s0,!\s-1ALIAS1\s0,!/etc/halt...
+Note that the \*(L"!\*(R" notation only works in a user's command list. You
+may not use it to subtract elements in a User_Alias, Host_Alias,
+Cmnd_Alias or user list.
+.PP
+Commands may have optional command line arguments. If they do,
+then the arguments in the \fIsudoers\fR file must exactly match those
+on the command line. It is also possible to have a command's
+arguments span multiple lines as long as the line continuance
+character \*(L"\e\*(R" is used. The following characters must be escaped
+with a \*(L"\e\*(R" if used in command arguments: \*(L",\*(R", \*(L":\*(R", \*(L"=\*(R", \*(L"\e\*(R".
+.SH "EXAMPLES"
+.PP
+.Vb 7
+\& # Host alias specification
+\& Host_Alias HUB=houdini:\e
+\& REMOTE=merlin,kodiakthorn,spirit
+\& Host_Alias SERVERS=houdini,merlin,kodiakthorn,spirit
+\& Host_Alias CUNETS=128.138.0.0/255.255.0.0
+\& Host_Alias CSNETS=128.138.243.0,128.138.204.0,\e
+\& 128.138.205.192
+.Ve
+.Vb 3
+\& # User alias specification
+\& User_Alias FULLTIME=millert,dowdy,mikef
+\& User_Alias PARTTIME=juola,mccreary,tor
+.Ve
+.Vb 2
+\& # Runas alias specification
+\& Runas_Alias OP=root,operator
+.Ve
+.Vb 6
+\& # Command alias specification
+\& Cmnd_Alias LPCS=/usr/etc/lpc,/usr/ucb/lprm
+\& Cmnd_Alias SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh
+\& Cmnd_Alias SU=/bin/su
+\& Cmnd_Alias MISC=/bin/rm,/bin/cat:\e
+\& SHUTDOWN=/etc/halt,/etc/shutdown
+.Ve
+.Vb 14
+\& # User specification
+\& FULLTIME ALL=(ALL) NOPASSWD: ALL
+\& %wheel ALL=ALL
+\& PARTTIME ALL=ALL,!SHELLS,!SU
+\& +interns +openlabs=ALL,!SHELLS,!SU
+\& britt REMOTE=SHUTDOWN:ALL=LPCS
+\& jimbo CUNETS=/bin/su ?*,!/bin/su *root*
+\& nieusma SERVERS=SHUTDOWN,/etc/reboot:\e
+\& HUB=ALL,!SHELLS
+\& jill houdini=/etc/shutdown -[hr] now,MISC
+\& markm HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt
+\& davehieb merlin=(OP) ALL:SERVERS=/etc/halt:\e
+\& kodiakthorn=NOPASSWD: ALL
+\& steve CSNETS=(operator) /usr/op_commands/
+.Ve
+.Sh "Host Alias specifications:"
+The are four \fIhost aliases\fR. The first actually contains
+two \fIaliases\fR. It sets \f(CWHUB\fR to be \f(CWhoudini\fR and \f(CWREMOTE\fR
+to the three machines \f(CWmerlin\fR, \f(CWkodiakthorn\fR and \f(CWspirit\fR.
+Similarly, \f(CWSERVERS\fR is set to the machines \f(CWhoudini\fR, \f(CWmerlin\fR,
+\f(CWkodiakthorn\fR and \f(CWspirit\fR. The \f(CWCSNETS\fR alias will match
+any host on the 128.138.243.0, 128.138.204.0, or 128.138.205.192
+nets. The \f(CWCUNETS\fR alias will match any host on the 128.138.0.0
+(class B) network. Note that these are \fBnetwork\fR addresses, not ip
+addresses. Unless an explicate netmask is given, the local \fInetmask\fR
+is used to determine whether or not the current host belongs to a network.
+.Sh "User Alias specifications:"
+The two \fIuser aliases\fR simply groups the \f(CWFULLTIME\fR and
+\f(CWPARTTIME\fR folks into two separate aliases.
+.Sh "Command alias specifications:"
+Command aliases are lists of commands with or without associated
+command line arguments. The entries above should be self-explanatory.
+.Sh "User specifications:"
+.Ip "\s-1FULLTIME\s0" 16
+Full-time sysadmins in the \f(CWFULLTIME\fR alias may run any
+command on any host as any user without a password.
+.Ip "%wheel" 16
+Any user in the \s-1UN\s0*X group \f(CWwheel\fR may run any
+command on any host.
+.Ip "\s-1PARTTIME\s0" 16
+Part-time sysadmins in the \f(CWPARTTIME\fR alias may run any
+command except those in the \f(CWSHELLS\fR and \f(CWSU\fR aliases
+on any host.
+.Ip "+interns" 16
+Any user in the netgroup \f(CWinterns\fR may run any
+command except those in the \f(CWSHELLS\fR and \f(CWSU\fR aliases
+on any host that is in the \f(CWopenlabs\fR netgroup.
+.Ip "britt" 16
+The user \f(CWbritt\fR may run commands in the \f(CWSHUTDOWN\fR alias
+on the \f(CWREMOTE\fR machines and commands in the \f(CWLPCS\fR alias
+on any machine.
+.Ip "jimbo" 16
+The user \f(CWjimbo\fR may \f(CWsu\fR to any user save root on the
+machines on \f(CWCUNETS\fR (which is explicately listed as a class
+B network).
+.Ip "nieusma" 16
+The user \f(CWnieusma\fR may run commands in the \f(CWSHUTDOWN\fR alias
+as well as \fI/etc/reboot\fR on the \f(CWSERVER\fR machines and
+any command except those in the \f(CWSHELLS\fR alias on the \f(CWHUB\fR
+machines.
+.Ip "jill" 16
+The user \f(CWjill\fR may run \f(CW/etc/shutdown -h now\fR or
+\f(CW/etc/shutdown -r now\fR as well as the commands in the
+\f(CWMISC\fR alias on houdini.
+.Ip "markm" 16
+The user \f(CWmarkm\fR may run any command on the \f(CWHUB\fR machines
+except \fI/etc/shutdown\fR, \fI/etc/halt\fR, and commands listed
+in the \f(CWMISC\fR alias.
+.Ip "davehieb" 16
+The user \f(CWdavehieb\fR may run any command on \f(CWmerlin\fR as any
+user in the Runas_Alias \s-1OP\s0 (ie: root or operator). He may
+also run \fI/etc/halt\fR on the \f(CWSERVERS\fR and any command
+on \f(CWkodiakthorn\fR (no password required on \f(CWkodiakthorn\fR).
+.Ip "steve" 16
+The user \f(CWsteve\fR may run any command in the \fI/usr/op_commands/\fR
+directory as user \f(CWoperator\fR on the machines on \f(CWCSNETS\fR.
+.SH "CAVEATS"
+The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR
command which locks the file and does grammatical checking. It is
-imperative that the
-.I sudoers
-be free of syntax errors since sudo will not run with a syntactically
-incorrect sudoers file.
-.SH FILES
-.nf
-/etc/sudoers file of authorized users.
-/etc/netgroup list of network groups
-.fi
-.SH SEE ALSO
-.BR sudo (8),
-.BR visudo (8),
-.BR su (1)
+imperative that the \fIsudoers\fR be free of syntax errors since sudo
+will not run with a syntactically incorrect \fIsudoers\fR file.
+.SH "FILES"
+.PP
+.Vb 2
+\& /etc/sudoers file of authorized users.
+\& /etc/netgroup list of network groups.
+.Ve
+.SH "SEE ALSO"
+\fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3).
+
+.rn }` ''
+.IX Title "sudoers 5"
+.IX Name "sudoers - list of which users may execute what as root"
+
+.IX Header "NAME"
+
+.IX Header "DESCRIPTION"
+
+.IX Subsection "user specification format:"
+
+.IX Subsection "host alias section format:"
+
+.IX Subsection "user alias section format:"
+
+.IX Subsection "runas alias section format:"
+
+.IX Subsection "command alias section format:"
+
+.IX Subsection "command specification:"
+
+.IX Subsection "wildcards (aka meta characters):"
+
+.IX Item "\f(CW*\fR"
+
+.IX Item "\f(CW?\fR"
+
+.IX Item "\f(CW[...]\fR"
+
+.IX Item "\f(CW[!...]\fR"
+
+.IX Item "\f(CW\ex\fR"
+
+.IX Subsection "exceptions to wildcard rules:"
+
+.IX Item "\f(CW""\fR"
+
+.IX Subsection "other special characters and reserved words:"
+
+.IX Header "EXAMPLES"
+
+.IX Subsection "Host Alias specifications:"
+
+.IX Subsection "User Alias specifications:"
+
+.IX Subsection "Command alias specifications:"
+
+.IX Subsection "User specifications:"
+
+.IX Item "\s-1FULLTIME\s0"
+
+.IX Item "%wheel"
+
+.IX Item "\s-1PARTTIME\s0"
+
+.IX Item "+interns"
+
+.IX Item "britt"
+
+.IX Item "jimbo"
+
+.IX Item "nieusma"
+
+.IX Item "jill"
+
+.IX Item "markm"
+
+.IX Item "davehieb"
+
+.IX Item "steve"
+
+.IX Header "CAVEATS"
+
+.IX Header "FILES"
+
+.IX Header "SEE ALSO"
+
--- /dev/null
+
+
+
+visudo(8) MAINTENANCE COMMANDS visudo(8)
+
+
+N\bN\bN\bNA\bA\bA\bAM\bM\bM\bME\bE\bE\bE
+ visudo - edit the sudoers file
+
+S\bS\bS\bSY\bY\bY\bYN\bN\bN\bNO\bO\bO\bOP\bP\bP\bPS\bS\bS\bSI\bI\bI\bIS\bS\bS\bS
+ v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo [ -\b-\b-\b-V\bV\bV\bV ]
+
+D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
+ v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous
+ to _\bv_\bi_\bp_\bw(8). v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against
+ multiple simultaneous edits, provides basic sanity checks,
+ and checks for parse errors. If the _\bs_\bu_\bd_\bo_\be_\br_\bs file is
+ currently being edited you will receive a message to try
+ again later. In the default configuration, the _\bv_\bi(1)
+ editor is used, but there is a compile time option to
+ allow use of whatever editor the environment variables
+ EDITOR or VISUAL are set to.
+
+ v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not
+ save the changes if there is a syntax error. Upon finding
+ an error, a message will be printed stating the line
+ _\bn_\bu_\bm_\bb_\be_\br(s) that the error occurred on and the user will
+ receive the "What now?" prompt. At this point the user
+ may enter "e" to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, enter "x" to
+ exit without saving the changes, or "Q" to quit and save
+ changes. The "Q" option should be used with extreme care
+ because if v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo believes there to be a parse error, so
+ will s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo and no one will be able to execute s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo again
+ until the error is fixed. Any other command at this
+ prompt will print a short help message. When editing the
+ _\bs_\bu_\bd_\bo_\be_\br_\bs file after a parse error has been detected the
+ cursor will be placed on the line where the error occurred
+ (if the editor supports this feature).
+
+O\bO\bO\bOP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bNS\bS\bS\bS
+ v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following command line option:
+
+ -V The -V (version) option causes v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print the
+ version number and exit.
+
+E\bE\bE\bER\bR\bR\bRR\bR\bR\bRO\bO\bO\bOR\bR\bR\bRS\bS\bS\bS
+ sudoers file busy, try again later.
+ Either someone is currently editing the _\bs_\bu_\bd_\bo_\be_\br_\bs file
+ or there is a stale sudoers lock file (/etc/stmp by
+ default) that you need to delete.
+
+ /etc/stmp: Permission denied
+ You didn't run v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo as root.
+
+ Can't find you in the passwd database
+ Your userid does not appear in the passwd file.
+
+F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
+ /etc/sudoers file of authorized users.
+ /etc/stmp lock file for visudo.
+
+
+
+17/Oct/98 1.5.7 1
+
+
+
+
+
+visudo(8) MAINTENANCE COMMANDS visudo(8)
+
+
+E\bE\bE\bEN\bN\bN\bNV\bV\bV\bVI\bI\bI\bIR\bR\bR\bRO\bO\bO\bON\bN\bN\bNM\bM\bM\bME\bE\bE\bEN\bN\bN\bNT\bT\bT\bT V\bV\bV\bVA\bA\bA\bAR\bR\bR\bRI\bI\bI\bIA\bA\bA\bAB\bB\bB\bBL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
+ The following are used only if v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was compiled with
+ the _\bE_\bN_\bV_\b__\bE_\bD_\bI_\bT_\bO_\bR option:
+
+ EDITOR Used by visudo as the editor to use.
+ VISUAL Used by visudo if EDITOR is not set.
+
+
+A\bA\bA\bAU\bU\bU\bUT\bT\bT\bTH\bH\bH\bHO\bO\bO\bOR\bR\bR\bR
+ Many people have worked on _\bs_\bu_\bd_\bo over the years, this
+ version of v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was written by:
+
+ Todd Miller <Todd.Miller@courtesan.com>
+
+ See the HISTORY file in the sudo distribution for more
+ details.
+
+ Please send all bugs, comments, and changes to sudo-
+ bugs@courtesan.com.
+
+D\bD\bD\bDI\bI\bI\bIS\bS\bS\bSC\bC\bC\bCL\bL\bL\bLA\bA\bA\bAI\bI\bI\bIM\bM\bM\bME\bE\bE\bER\bR\bR\bR
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU General Public License for more
+ details.
+
+ You should have received a copy of the GNU General Public
+ License along with this program; if not, write to the Free
+ Software Foundation, Inc., 675 Mass Ave, Cambridge, MA
+ 02139, USA.
+
+C\bC\bC\bCA\bA\bA\bAV\bV\bV\bVE\bE\bE\bEA\bA\bA\bAT\bT\bT\bTS\bS\bS\bS
+ Due to the syntax of the _\bs_\bu_\bd_\bo_\be_\br_\bs file, there is no way for
+ v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to tell the difference between a mistyped
+ {Host,User,Cmnd}_Alias and a user or host name.
+
+ There is no easy way to prevent a user from gaining a root
+ shell if the editor used by v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows shell escapes.
+
+B\bB\bB\bBU\bU\bU\bUG\bG\bG\bGS\bS\bS\bS
+ The _\b-_\bV flag gives the version of the _\bs_\bu_\bd_\bo package rather
+ than the individual v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo program.
+
+S\bS\bS\bSE\bE\bE\bEE\bE\bE\bE A\bA\bA\bAL\bL\bL\bLS\bS\bS\bSO\bO\bO\bO
+ _\bs_\bu_\bd_\bo(8), _\bv_\bi_\bp_\bw(8).
+
+
+
+
+
+
+
+
+
+
+
+17/Oct/98 1.5.7 2
+
+
+
+
+
+visudo(8) MAINTENANCE COMMANDS visudo(8)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+17/Oct/98 1.5.7 3
+
+
--- /dev/null
+ <HTML>
+ <HEAD>
+ <TITLE>visudo - edit the sudoers file
+
+</TITLE>
+ </HEAD>
+
+ <BODY>
+
+<!-- INDEX BEGIN -->
+
+<UL>
+
+ <LI><A HREF="#NAME">NAME</A>
+ <LI><A HREF="#SYNOPSIS">SYNOPSIS</A>
+ <LI><A HREF="#DESCRIPTION">DESCRIPTION</A>
+ <LI><A HREF="#OPTIONS">OPTIONS</A>
+ <LI><A HREF="#ERRORS">ERRORS</A>
+ <LI><A HREF="#FILES">FILES</A>
+ <LI><A HREF="#ENVIRONMENT_VARIABLES">ENVIRONMENT VARIABLES</A>
+ <LI><A HREF="#AUTHOR">AUTHOR</A>
+ <LI><A HREF="#DISCLAIMER">DISCLAIMER</A>
+ <LI><A HREF="#CAVEATS">CAVEATS</A>
+ <LI><A HREF="#BUGS">BUGS</A>
+ <LI><A HREF="#SEE_ALSO">SEE ALSO</A>
+</UL>
+<!-- INDEX END -->
+
+<HR>
+<P>
+<HR>
+<H1><A NAME="NAME">NAME
+
+</A></H1>
+visudo - edit the sudoers file
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="SYNOPSIS">SYNOPSIS
+
+</A></H1>
+<STRONG>visudo</STRONG> [ <STRONG>-V</STRONG> ]
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="DESCRIPTION">DESCRIPTION
+
+</A></H1>
+<STRONG>visudo</STRONG> edits the <EM>sudoers</EM> file in a safe fashion, analogous to <CODE>vipw(8).</CODE> <STRONG>visudo</STRONG> locks the <EM>sudoers</EM> file against multiple simultaneous edits, provides basic sanity checks, and
+checks for parse errors. If the <EM>sudoers</EM> file is currently being edited you will receive a message to try again
+later. In the default configuration, the <CODE>vi(1)</CODE> editor is used,
+but there is a compile time option to allow use of whatever editor the
+environment variables <CODE>EDITOR</CODE> or <CODE>VISUAL</CODE> are set to.
+
+
+<P>
+
+<STRONG>visudo</STRONG> parses the <EM>sudoers</EM> file after the edit and will not save the changes if there is a syntax
+error. Upon finding an error, a message will be printed stating the line
+<CODE>number(s)</CODE> that the error occurred on and the user will receive
+the ``What now?'' prompt. At this point the user may enter ``e'' to re-edit
+the <EM>sudoers</EM> file, enter ``x'' to exit without saving the changes, or ``Q'' to quit and
+save changes. The ``Q'' option should be used with extreme care because if <STRONG>visudo</STRONG>
+believes there to be a parse error, so will <STRONG>sudo</STRONG> and no one will be able to execute <STRONG>sudo</STRONG> again until the error is fixed. Any other command at this prompt will print
+a short help message. When editing the <EM>sudoers</EM> file after a parse error has been detected the cursor will be placed on the
+line where the error occurred (if the editor supports this feature).
+
+
+<P>
+
+<P>
+<HR>
+<H1><A NAME="OPTIONS">OPTIONS
+
+</A></H1>
+<STRONG>visudo</STRONG> accepts the following command line option:
+
+
+<P>
+
+<DL>
+<DT><STRONG><A NAME="item__V">-V
+
+</A></STRONG><DD>
+The <CODE>-V</CODE> (version) option causes <STRONG>visudo</STRONG> to print the version number and exit.
+
+
+<P>
+
+</DL>
+<P>
+<HR>
+<H1><A NAME="ERRORS">ERRORS
+
+</A></H1>
+<DL>
+<DT><STRONG><A NAME="item_sudoers">sudoers file busy, try again later.
+
+</A></STRONG><DD>
+Either someone is currently editing the <EM>sudoers</EM> file or there is a stale sudoers lock file (/etc/stmp by default) that you
+need to delete.
+
+
+<P>
+
+You didn't run <STRONG>visudo</STRONG> as root.
+
+
+<P>
+
+Your userid does not appear in the passwd file.
+
+
+<P>
+
+<H1><A NAME="FILES">FILES
+
+</A></H1>
+<PRE> /etc/sudoers file of authorized users.
+ /etc/stmp lock file for visudo.
+</PRE>
+
+<P>
+
+<H1><A NAME="ENVIRONMENT_VARIABLES">ENVIRONMENT VARIABLES
+
+</A></H1>
+The following are used only if <STRONG>visudo</STRONG> was compiled with the
+<EM>ENV_EDITOR</EM> option:
+
+
+<P>
+
+<PRE> EDITOR Used by visudo as the editor to use.
+ VISUAL Used by visudo if EDITOR is not set.
+</PRE>
+
+<P>
+
+<H1><A NAME="AUTHOR">AUTHOR
+
+</A></H1>
+Many people have worked on <EM>sudo</EM> over the years, this version of
+<STRONG>visudo</STRONG> was written by:
+
+
+<P>
+
+<PRE> Todd Miller <Todd.Miller@courtesan.com>
+</PRE>
+
+<P>
+
+See the HISTORY file in the sudo distribution for more details.
+
+
+<P>
+
+Please send all bugs, comments, and changes to <A
+HREF="MAILTO:sudo-bugs@courtesan.com.">sudo-bugs@courtesan.com.</A>
+
+
+<P>
+
+<H1><A NAME="DISCLAIMER">DISCLAIMER
+
+</A></H1>
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+more details.
+
+
+<P>
+
+You should have received a copy of the GNU General Public License along
+with this program; if not, write to the Free Software Foundation, Inc., 675
+Mass Ave, Cambridge, MA 02139, USA.
+
+
+<P>
+
+<H1><A NAME="CAVEATS">CAVEATS
+
+</A></H1>
+Due to the syntax of the <EM>sudoers</EM> file, there is no way for <STRONG>visudo</STRONG> to tell the difference between a mistyped {Host,User,Cmnd}_Alias and a user
+or host name.
+
+
+<P>
+
+There is no easy way to prevent a user from gaining a root shell if the
+editor used by <STRONG>visudo</STRONG> allows shell escapes.
+
+
+<P>
+
+<H1><A NAME="BUGS">BUGS
+
+</A></H1>
+The <EM>-V</EM> flag gives the version of the <EM>sudo</EM> package rather than the individual <STRONG>visudo</STRONG> program.
+
+
+<P>
+
+<H1><A NAME="SEE_ALSO">SEE ALSO
+
+</A></H1>
+<CODE><A HREF="sudo.html">sudo(8)</A>, <CODE>vipw(8).</CODE>
+
+<P>
+
+</DL>
+</DL>
+ </BODY>
+
+ </HTML>
-.\" $Id$
-.TH VISUDO 8
-.SH NAME
-visudo \- edit the sudoers file
-.SH SYNOPSIS
-.B visudo
-[
-.B \-V
-]
-.SH DESCRIPTION
-.B visudo
-edits the
-.I sudoers
-file in a safe fashion, analogous to
-.BR vipw (8).
-.B visudo
-locks the
-.I sudoers
-file against multiple simultaneous edits, provides basic sanity checks,
-and checks for parse errors. If the
-.I sudoers
-file is currently being edited you will receive a message to try
-again later. In the default configuration, the
-.BR vi (1)
-editor is used, but there is a compile time option to allow use
-of whatever editor the environmental variables EDITOR or VISUAL are
-set to.
-.sp
-.B visudo
-parses the
-.I sudoers
-file after the edit and will not save the changes if there is a
-syntax error. Upon finding an error, a message will be printed
-stating the line number(s) that the error occurred on
-and the user will receive the "What now?" prompt. At this point
-the user may enter "e" to re-edit the
-.I sudoers
-file, enter "x" to exit without saving the changes, or "q" to quit
-and save changes. The "q" option should be used with extreme care
-because if
-.B visudo
-believes there to be a parse error, so will
-.B sudo
-and no one will be able to execute
-.B sudo
-again until the error is fixed. Any other command at this prompt will print
-a short help message. When editing the
-.I sudoers
-file after a parse error has been detected the cursor will be placed on the
-line where the error occurred (if the editor supports this feature).
-.SH OPTIONS
-.B visudo
-accepts the following command line option:
-.IP -V
-The -V (version) option causes visudo to print the version number
-and exit.
-.SH FILES
-.nf
-/etc/sudoers file of authorized users.
-/etc/stmp lock file for visudo.
-.fi
-.SH ENVIRONMENT VARIABLES
-The following are used only if
-.B visudo
-was compiled with the ENV_EDITOR option:
+.rn '' }`
+''' $RCSfile$$Revision$$Date$
+'''
+''' $Log$
+''' Revision 1.3 1999/01/17 21:31:37 millert
+''' regen based on sudo.pod, sudoers.pod, and visudo.pod
+'''
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
.nf
+.ne \\$1
+..
+.de Ve
+.ft R
-EDITOR Used by visudo as the editor to use.
-VISUAL Used by visudo if EDITOR is not set.
.fi
-.SH AUTHOR
-Many people have worked on
-.I sudo
-over the years, this version of
-.I visudo
-was written by:
-.nf
-
-Todd Miller <Todd.Miller@cs.colorado.edu>
-
+..
+'''
+'''
+''' Set up \*(-- to give an unbreakable dash;
+''' string Tr holds user defined translation string.
+''' Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
+''' \*(L" and \*(R", except that they are used on ".xx" lines,
+''' such as .IP and .SH, which do another additional levels of
+''' double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \(*p
+'br\}
+.\" If the F register is turned on, we'll generate
+.\" index entries out stderr for the following things:
+.\" TH Title
+.\" SH Header
+.\" Sh Subsection
+.\" Ip Item
+.\" X<> Xref (embedded
+.\" Of course, you have to process the output yourself
+.\" in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH visudo 8 "1.5.7" "17/Oct/98" "MAINTENANCE COMMANDS"
+.UC
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+. \" AM - accent mark definitions
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds ? ?
+. ds ! !
+. ds /
+. ds q
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds v \h'-1'\o'\(aa\(ga'
+. ds _ \h'-1'^
+. ds . \h'-1'.
+. ds 3 3
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+. ds oe oe
+. ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
+visudo \- edit the sudoers file
+.SH "SYNOPSIS"
+\fBvisudo\fR [ \fB\-V\fR ]
+.SH "DESCRIPTION"
+\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
+\fIvipw\fR\|(8). \fBvisudo\fR locks the \fIsudoers\fR file against multiple
+simultaneous edits, provides basic sanity checks, and checks
+for parse errors. If the \fIsudoers\fR file is currently being
+edited you will receive a message to try again later. In the
+default configuration, the \fIvi\fR\|(1) editor is used, but there is
+a compile time option to allow use of whatever editor the
+environment variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to.
+.PP
+\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
+not save the changes if there is a syntax error. Upon finding
+an error, a message will be printed stating the line \fInumber\fR\|(s)
+that the error occurred on and the user will receive the
+\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R"
+to re-edit the \fIsudoers\fR file, enter \*(L"x\*(R" to exit without
+saving the changes, or \*(L"Q\*(R" to quit and save changes. The
+\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR
+believes there to be a parse error, so will \fBsudo\fR and no one
+will be able to execute \fBsudo\fR again until the error is fixed.
+Any other command at this prompt will print a short help message.
+When editing the \fIsudoers\fR file after a parse error has been
+detected the cursor will be placed on the line where the error
+occurred (if the editor supports this feature).
+.SH "OPTIONS"
+\fBvisudo\fR accepts the following command line option:
+.Ip "-V" 4
+The \f(CW-V\fR (version) option causes \fBvisudo\fR to print the version number
+and exit.
+.SH "ERRORS"
+.Ip "sudoers file busy, try again later." 4
+Either someone is currently editing the \fIsudoers\fR file
+or there is a stale sudoers lock file (/etc/stmp by default)
+that you need to delete.
+.Ip "/etc/stmp: Permission denied" 4
+You didn't run \fBvisudo\fR as root.
+.Ip "Can't find you in the passwd database" 4
+Your userid does not appear in the passwd file.
+.SH "FILES"
+.Sp
+.Vb 2
+\& /etc/sudoers file of authorized users.
+\& /etc/stmp lock file for visudo.
+.Ve
+.SH "ENVIRONMENT VARIABLES"
+The following are used only if \fBvisudo\fR was compiled with the
+\fIENV_EDITOR\fR option:
+.Sp
+.Vb 2
+\& EDITOR Used by visudo as the editor to use.
+\& VISUAL Used by visudo if EDITOR is not set.
+.Ve
+.SH "AUTHOR"
+Many people have worked on \fIsudo\fR over the years, this version of
+\fBvisudo\fR was written by:
+.Sp
+.Vb 1
+\& Todd Miller <Todd.Miller@courtesan.com>
+.Ve
See the HISTORY file in the sudo distribution for more details.
-.fi
-.sp
-Please send all bugs, comments, and changes to sudo-bugs@cs.colorado.edu.
-.SH DISCLAIMER
+.Sp
+Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
+.SH "DISCLAIMER"
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-.sp
+.Sp
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
675 Mass Ave, Cambridge, MA 02139, USA.
-.SH CAVEATS
+.SH "CAVEATS"
+Due to the syntax of the \fIsudoers\fR file, there is no way
+for \fBvisudo\fR to tell the difference between a mistyped
+{Host,User,Cmnd}_Alias and a user or host name.
+.Sp
There is no easy way to prevent a user from gaining a root shell if
-the editor used by visudo allows shell escapes.
-.SH BUGS
-The
-.I -V
-flag gives the version of the
-.I sudo
-package rather than the individual
-.I visudo
-program.
-.SH SEE ALSO
-.BR sudo (8),
-.BR vipw (8)
+the editor used by \fBvisudo\fR allows shell escapes.
+.SH "BUGS"
+The \fI\-V\fR flag gives the version of the \fIsudo\fR package rather than
+the individual \fBvisudo\fR program.
+.SH "SEE ALSO"
+\fIsudo\fR\|(8), \fIvipw\fR\|(8).
+
+.rn }` ''
+.IX Title "visudo 8"
+.IX Name "visudo - edit the sudoers file"
+
+.IX Header "NAME"
+
+.IX Header "SYNOPSIS"
+
+.IX Header "DESCRIPTION"
+
+.IX Header "OPTIONS"
+
+.IX Item "-V"
+
+.IX Header "ERRORS"
+
+.IX Item "sudoers file busy, try again later."
+
+.IX Item "/etc/stmp: Permission denied"
+
+.IX Item "Can't find you in the passwd database"
+
+.IX Header "FILES"
+
+.IX Header "ENVIRONMENT VARIABLES"
+
+.IX Header "AUTHOR"
+
+.IX Header "DISCLAIMER"
+
+.IX Header "CAVEATS"
+
+.IX Header "BUGS"
+
+.IX Header "SEE ALSO"
+
projects / sudo / commitdiff