B\bBo\boo\bol\ble\bea\ban\bn F\bFl\bla\bag\bgs\bs:
- always_set_home If set, s\bsu\bud\bdo\bo will set the HOME environment variable to
- the home directory of the target user (which is root
+ always_set_home If enabled, s\bsu\bud\bdo\bo will set the HOME environment variable
+ to the home directory of the target user (which is root
unless the -\b-u\bu option is used). This effectively means
- that the -\b-H\bH option is always implied. This flag is _\bo_\bf_\bf
- by default.
+ that the -\b-H\bH option is always implied. Note that HOME
+ is already set when the the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is
+ enabled, so _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be is only effective for
+ configurations where _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is disabled. This flag
+ is _\bo_\bf_\bf by default.
authenticate If set, users must authenticate themselves via a
password (or other means of authentication) before they
long time to complete for some patterns, especially
when the pattern references a network file system that
is mounted on demand (automounted). The _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb
- option causes s\bsu\bud\bdo\bo to use the _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3) function,
- which does not access the file system to do its
- matching. The disadvantage of _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb is that it is
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ option causes s\bsu\bud\bdo\bo to use the _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3) function,
+ which does not access the file system to do its
+ matching. The disadvantage of _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb is that it is
unable to match relative path names such as _\b._\b/_\bl_\bs or
_\b._\b._\b/_\bb_\bi_\bn_\b/_\bl_\bs. This has security implications when path
names that include globbing characters are used with
log_year If set, the four-digit year will be logged in the (non-
syslog) s\bsu\bud\bdo\bo log file. This flag is _\bo_\bf_\bf by default.
- long_otp_prompt When validating with a One Time Password (OPT) scheme
- such as S\bS/\b/K\bKe\bey\by or O\bOP\bPI\bIE\bE, a two-line prompt is used to
- make it easier to cut and paste the challenge to a
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ long_otp_prompt When validating with a One Time Password (OPT) scheme
+ such as S\bS/\b/K\bKe\bey\by or O\bOP\bPI\bIE\bE, a two-line prompt is used to
+ make it easier to cut and paste the challenge to a
local window. It's not as pretty as the default but
some people find it more convenient. This flag is _\bo_\bf_\bf
by default.
preserve_groups By default, s\bsu\bud\bdo\bo will initialize the group vector to
the list of groups the target user is in. When
- _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, the user's existing group
- vector is left unaltered. The real and effective group
- IDs, however, are still set to match the target user.
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, the user's existing group
+ vector is left unaltered. The real and effective group
+ IDs, however, are still set to match the target user.
This flag is _\bo_\bf_\bf by default.
pwfeedback By default, s\bsu\bud\bdo\bo reads the password like most other
instead of the password of the invoking user. This
flag is _\bo_\bf_\bf by default.
- set_home If set and s\bsu\bud\bdo\bo is invoked with the -\b-s\bs option the HOME
- environment variable will be set to the home directory
- of the target user (which is root unless the -\b-u\bu option
- is used). This effectively makes the -\b-s\bs option imply
- -\b-H\bH. This flag is _\bo_\bf_\bf by default.
+ set_home If enabled and s\bsu\bud\bdo\bo is invoked with the -\b-s\bs option the
+ HOME environment variable will be set to the home
+ directory of the target user (which is root unless the
+ -\b-u\bu option is used). This effectively makes the -\b-s\bs
+ option imply -\b-H\bH. Note that HOME is already set when
+ the the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is enabled, so _\bs_\be_\bt_\b__\bh_\bo_\bm_\be is
+ only effective for configurations where _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is
+ disabled. This flag is _\bo_\bf_\bf by default.
set_logname Normally, s\bsu\bud\bdo\bo will set the LOGNAME, USER and USERNAME
environment variables to the name of the target user
since some programs (including the RCS revision control
system) use LOGNAME to determine the real identity of
the user, it may be desirable to change this behavior.
- This can be done by negating the set_logname option.
- Note that if the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option has not been
- disabled, entries in the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list will override
- the value of _\bs_\be_\bt_\b__\bl_\bo_\bg_\bn_\ba_\bm_\be. This flag is _\bo_\bn by default.
-
- setenv Allow the user to disable the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option from the
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ This can be done by negating the set_logname option.
+ Note that if the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option has not been
+ disabled, entries in the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list will override
+ the value of _\bs_\be_\bt_\b__\bl_\bo_\bg_\bn_\ba_\bm_\be. This flag is _\bo_\bn by default.
+
+ setenv Allow the user to disable the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option from the
command line. Additionally, environment variables set
via the command line are not subject to the
restrictions imposed by _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk, _\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be, or
the _\bs_\bc_\br_\bi_\bp_\bt(1) command. If the standard output or
standard error is not connected to the user's tty, due
to I/O redirection or because the command is part of a
- pipeline, that output is also captured and stored in
- separate log files.
-
- Output is logged to the _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo directory
- using a unique session ID that is included in the
- normal s\bsu\bud\bdo\bo log line, prefixed with _\bT_\bS_\bI_\bD_\b=.
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ pipeline, that output is also captured and stored in
+ separate log files.
+
+ Output is logged to the _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo directory
+ using a unique session ID that is included in the
+ normal s\bsu\bud\bdo\bo log line, prefixed with _\bT_\bS_\bI_\bD_\b=.
+
Output logs may be viewed with the _\bs_\bu_\bd_\bo_\br_\be_\bp_\bl_\ba_\by(1m)
utility, which can also be used to list or search the
available logs.
file descriptor at which to start closing. The default
is 3.
- passwd_tries The number of tries a user gets to enter his/her
- password before s\bsu\bud\bdo\bo logs the failure and exits. The
- default is 3.
-
- I\bIn\bnt\bte\beg\bge\ber\brs\bs t\bth\bha\bat\bt c\bca\ban\bn b\bbe\be u\bus\bse\bed\bd i\bin\bn a\ba b\bbo\boo\bol\ble\bea\ban\bn c\bco\bon\bnt\bte\bex\bxt\bt:
-
-
1.7.4 July 19, 2010 15
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ passwd_tries The number of tries a user gets to enter his/her
+ password before s\bsu\bud\bdo\bo logs the failure and exits. The
+ default is 3.
+
+ I\bIn\bnt\bte\beg\bge\ber\brs\bs t\bth\bha\bat\bt c\bca\ban\bn b\bbe\be u\bus\bse\bed\bd i\bin\bn a\ba b\bbo\boo\bol\ble\bea\ban\bn c\bco\bon\bnt\bte\bex\bxt\bt:
+
loglinelen Number of characters per line for the file log. This
value is used to decide when to wrap lines for nicer
log files. This has no effect on the syslog log file,
Default is *** SECURITY information for %h ***.
noexec_file Path to a shared library containing dummy versions of
- the _\be_\bx_\be_\bc_\bv_\b(_\b), _\be_\bx_\be_\bc_\bv_\be_\b(_\b) and _\bf_\be_\bx_\be_\bc_\bv_\be_\b(_\b) library functions
- that just return an error. This is used to implement
- the _\bn_\bo_\be_\bx_\be_\bc functionality on systems that support
- LD_PRELOAD or its equivalent. Defaults to
- _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo_\b__\bn_\bo_\be_\bx_\be_\bc_\b._\bs_\bo.
-
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ the _\be_\bx_\be_\bc_\bv_\b(_\b), _\be_\bx_\be_\bc_\bv_\be_\b(_\b) and _\bf_\be_\bx_\be_\bc_\bv_\be_\b(_\b) library functions
+ that just return an error. This is used to implement
+ the _\bn_\bo_\be_\bx_\be_\bc functionality on systems that support
+ LD_PRELOAD or its equivalent. Defaults to
+ _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo_\b__\bn_\bo_\be_\bx_\be_\bc_\b._\bs_\bo.
+
passprompt The default prompt to use when asking for a password;
can be overridden via the -\b-p\bp option or the SUDO_PROMPT
environment variable. The following percent (`%')
interpreted. Defaults to "C".
timestampdir The directory in which s\bsu\bud\bdo\bo stores its timestamp files.
- The default is _\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo.
-
- timestampowner The owner of the timestamp directory and the timestamps
- stored therein. The default is root.
-
- type The default SELinux type to use when constructing a new
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ The default is _\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo.
+
+ timestampowner The owner of the timestamp directory and the timestamps
+ stored therein. The default is root.
+
+ type The default SELinux type to use when constructing a new
security context to run the command. The default type
may be overridden on a per-command basis in _\bs_\bu_\bd_\bo_\be_\br_\bs or
via command line options. This option is only
will be used in place of the standard lecture if the named
file exists. By default, s\bsu\bud\bdo\bo uses a built-in lecture.
- listpw This option controls when a password will be required when
- a user runs s\bsu\bud\bdo\bo with the -\b-l\bl option. It has the following
- possible values:
-
- all All the user's _\bs_\bu_\bd_\bo_\be_\br_\bs entries for the current host
- must have the NOPASSWD flag set to avoid entering a
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ listpw This option controls when a password will be required when
+ a user runs s\bsu\bud\bdo\bo with the -\b-l\bl option. It has the following
+ possible values:
+
+ all All the user's _\bs_\bu_\bd_\bo_\be_\br_\bs entries for the current host
+ must have the NOPASSWD flag set to avoid entering a
password.
always The user must always enter a password to use the -\b-l\bl
a user runs s\bsu\bud\bdo\bo with the -\b-v\bv option. It has the following
possible values:
- all All the user's _\bs_\bu_\bd_\bo_\be_\br_\bs entries for the current host
- must have the NOPASSWD flag set to avoid entering a
- password.
-
- always The user must always enter a password to use the -\b-v\bv
-
1.7.4 July 19, 2010 19
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ all All the user's _\bs_\bu_\bd_\bo_\be_\br_\bs entries for the current host
+ must have the NOPASSWD flag set to avoid entering a
+ password.
+
+ always The user must always enter a password to use the -\b-v\bv
option.
any At least one of the user's _\bs_\bu_\bd_\bo_\be_\br_\bs entries for the
be a double-quoted, space-separated list or a single
value without double-quotes. The list can be replaced,
added to, deleted from, or disabled by using the =, +=,
- -=, and ! operators respectively. The default list of
- variables to keep is displayed when s\bsu\bud\bdo\bo is run by root
- with the _\b-_\bV option.
-
- When logging via _\bs_\by_\bs_\bl_\bo_\bg(3), s\bsu\bud\bdo\bo accepts the following values for the
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ -=, and ! operators respectively. The default list of
+ variables to keep is displayed when s\bsu\bud\bdo\bo is run by root
+ with the _\b-_\bV option.
+
+ When logging via _\bs_\by_\bs_\bl_\bo_\bg(3), s\bsu\bud\bdo\bo accepts the following values for the
syslog facility (the value of the s\bsy\bys\bsl\blo\bog\bg Parameter): a\bau\but\bth\bhp\bpr\bri\biv\bv (if your
OS supports it), a\bau\but\bth\bh, d\bda\bae\bem\bmo\bon\bn, u\bus\bse\ber\br, l\blo\boc\bca\bal\bl0\b0, l\blo\boc\bca\bal\bl1\b1, l\blo\boc\bca\bal\bl2\b2, l\blo\boc\bca\bal\bl3\b3,
l\blo\boc\bca\bal\bl4\b4, l\blo\boc\bca\bal\bl5\b5, l\blo\boc\bca\bal\bl6\b6, and l\blo\boc\bca\bal\bl7\b7. The following syslog priorities
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
- Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
- Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
- Cmnd_Alias HALT = /usr/sbin/halt
- Cmnd_Alias REBOOT = /usr/sbin/reboot
- Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+ Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+ Cmnd_Alias HALT = /usr/sbin/halt
+ Cmnd_Alias REBOOT = /usr/sbin/reboot
+ Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
The user j\bja\bac\bck\bk may run any command on the machines in the _\bC_\bS_\bN_\bE_\bT_\bS alias
(the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of
those networks, only 128.138.204.0 has an explicit netmask (in CIDR
- notation) indicating it is a class C network. For the other networks
- in _\bC_\bS_\bN_\bE_\bT_\bS, the local machine's netmask will be used during matching.
-
- lisa CUNETS = ALL
-
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ notation) indicating it is a class C network. For the other networks
+ in _\bC_\bS_\bN_\bE_\bT_\bS, the local machine's netmask will be used during matching.
+
+ lisa CUNETS = ALL
+
The user l\bli\bis\bsa\ba may run any command on any host in the _\bC_\bU_\bN_\bE_\bT_\bS alias (the
class B network 128.138.0.0).
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
- On the _\bA_\bL_\bP_\bH_\bA machines, user j\bjo\boh\bhn\bn may su to anyone except root but he is
- not allowed to specify any options to the _\bs_\bu(1) command.
-
- jen ALL, !SERVERS = ALL
-
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ On the _\bA_\bL_\bP_\bH_\bA machines, user j\bjo\boh\bhn\bn may su to anyone except root but he is
+ not allowed to specify any options to the _\bs_\bu(1) command.
+
+ jen ALL, !SERVERS = ALL
+
The user j\bje\ben\bn may run any command on any machine except for those in the
_\bS_\bE_\bR_\bV_\bE_\bR_\bS Host_Alias (master, mail, www and ns).
Furthermore, if the _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb option is in use, it is not possible to
reliably negate commands where the path name includes globbing (aka
- wildcard) characters. This is because the C library's _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3)
- function cannot resolve relative paths. While this is typically only
- an inconvenience for rules that grant privileges, it can result in a
- security issue for rules that subtract or revoke privileges.
-
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ wildcard) characters. This is because the C library's _\bf_\bn_\bm_\ba_\bt_\bc_\bh(3)
+ function cannot resolve relative paths. While this is typically only
+ an inconvenience for rules that grant privileges, it can result in a
+ security issue for rules that subtract or revoke privileges.
+
For example, given the following _\bs_\bu_\bd_\bo_\be_\br_\bs entry:
john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,
error. Unfortunately, there is no foolproof way to know
whether or not _\bn_\bo_\be_\bx_\be_\bc will work at compile-time. _\bn_\bo_\be_\bx_\be_\bc
should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
- MacOS X, and HP-UX 11.x. It is known n\bno\bot\bt to work on AIX and
- UnixWare. _\bn_\bo_\be_\bx_\be_\bc is expected to work on most operating
- systems that support the LD_PRELOAD environment variable.
- Check your operating system's manual pages for the dynamic
- linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ MacOS X, and HP-UX 11.x. It is known n\bno\bot\bt to work on AIX and
+ UnixWare. _\bn_\bo_\be_\bx_\be_\bc is expected to work on most operating
+ systems that support the LD_PRELOAD environment variable.
+ Check your operating system's manual pages for the dynamic
+ linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader)
to see if LD_PRELOAD is supported.
To enable _\bn_\bo_\be_\bx_\be_\bc for a command, use the NOEXEC tag as
-
-
-
-
-
1.7.4 July 19, 2010 26
projects / sudo / commitdiff