S\bS\bS\bSY\bY\bY\bYN\bN\bN\bNO\bO\bO\bOP\bP\bP\bPS\bS\bS\bSI\bI\bI\bIS\bS\bS\bS
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo -\b-\b-\b-V\bV\bV\bV | -\b-\b-\b-h\bh\bh\bh | -\b-\b-\b-l\bl\bl\bl | -\b-\b-\b-L\bL\bL\bL | -\b-\b-\b-v\bv\bv\bv | -\b-\b-\b-k\bk\bk\bk | -\b-\b-\b-K\bK\bK\bK | -\b-\b-\b-s\bs\bs\bs | -\b-\b-\b-H\bH\bH\bH | [ -\b-\b-\b-b\bb\bb\bb ] |
- [ -\b-\b-\b-r\br\br\br realm ] | [ -\b-\b-\b-p\bp\bp\bp prompt ] [ -\b-\b-\b-u\bu\bu\bu username/#uid] _\bc_\bo_\bm_\bm_\ba_\bn_\bd
+ [ -\b-\b-\b-p\bp\bp\bp prompt ] [ -\b-\b-\b-u\bu\bu\bu username/#uid] _\bc_\bo_\bm_\bm_\ba_\bn_\bd
D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows a permitted user to execute a _\bc_\bo_\bm_\bm_\ba_\bn_\bd as the
-11/Oct/1999 1.6 1
+12/Oct/1999 1.6 1
-b option you cannot use shell job control to
manipulate the command.
- -r The -r (_\br_\be_\ba_\bl_\bm) option is only available if s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was
- configured with K\bK\bK\bKe\be\be\ber\br\br\brb\bb\bb\bbe\be\be\ber\br\br\bro\bo\bo\bos\bs\bs\bs version 5 support. It allows
- the user to specify a K\bK\bK\bKe\be\be\ber\br\br\brb\bb\bb\bbe\be\be\ber\br\br\bro\bo\bo\bos\bs\bs\bs realm other than the
- system default to use when authenticating the user via
- K\bK\bK\bKe\be\be\ber\br\br\brb\bb\bb\bbe\be\be\ber\br\br\bro\bo\bo\bos\bs\bs\bs.
-
-p The -p (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the
default password prompt and use a custom one. If the
password prompt contains the %u escape, %u will be
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo quits with an exit value of 1 if there is a
configuration/permission problem or if s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot execute
the given command. In the latter case the error string is
+ printed to stderr. If s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot _\bs_\bt_\ba_\bt(2) one or more
+ entries in the user's PATH an error is printed on stderr.
+ (If the directory does not exist or if it is not really a
+ directory, the entry is ignored and no error is printed.)
+ This should not happen under normal circumstances. The
+ most common reason for _\bs_\bt_\ba_\bt(2) to return "permission
-11/Oct/1999 1.6 2
+12/Oct/1999 1.6 2
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
- printed to stderr. If s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot _\bs_\bt_\ba_\bt(2) one or more
- entries in the user's PATH an error is printed on stderr.
- (If the directory does not exist or if it is not really a
- directory, the entry is ignored and no error is printed.)
- This should not happen under normal circumstances. The
- most common reason for _\bs_\bt_\ba_\bt(2) to return "permission
denied" is if you are running an automounter and one of
the directories in your PATH is on a machine that is
currently unreachable.
(root) and permissions (0700) in the system startup files.
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will not honor timestamps set far in the future.
+ Timestamps with a date greater than current_time + 2 *
+ TIMEOUT will be ignored and sudo will log and complain.
+ This is done to keep a user from creating his/her own
+ timestamp with a bogus date on system that allow users to
+ give away files.
-11/Oct/1999 1.6 3
+
+12/Oct/1999 1.6 3
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
- Timestamps with a date greater than current_time + 2 *
- TIMEOUT will be ignored and sudo will log and complain.
- This is done to keep a user from creating his/her own
- timestamp with a bogus date on system that allow users to
- give away files.
-
E\bE\bE\bEX\bX\bX\bXA\bA\bA\bAM\bM\bM\bMP\bP\bP\bPL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
Note: the following examples assume suitable _\bs_\bu_\bd_\bo_\be_\br_\bs(5)
entries.
SUDO_PS1 If set, PS1 will be set to its value
+F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
+ /etc/sudoers List of who can run what
+ /var/run/sudo Directory containing timestamps
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo utilizes the following environment variables:
-11/Oct/1999 1.6 4
+12/Oct/1999 1.6 4
-SUDO(8) MAINTENANCE COMMANDS SUDO(8)
-F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
- /etc/sudoers List of who can run what
- /var/run/sudo Directory containing timestamps
+SUDO(8) MAINTENANCE COMMANDS SUDO(8)
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo utilizes the following environment variables:
PATH Set to a sane value if SECURE_PATH is set
SHELL Used to determine shell to run with -s option
shell if that user has access to commands allowing shell
escapes.
+ If users have sudo ALL there is nothing to prevent them
+ from creating their own program that gives them a root
+ shell regardless of any '!' elements in the user
+ specification.
+
+ Running shell scripts via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo can expose the same kernel
-11/Oct/1999 1.6 5
+12/Oct/1999 1.6 5
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
- If users have sudo ALL there is nothing to prevent them
- from creating their own program that gives them a root
- shell regardless of any '!' elements in the user
- specification.
-
- Running shell scripts via s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo can expose the same kernel
bugs that make setuid shell scripts unsafe on some
operating systems (if your OS supports the /dev/fd/
directory, setuid shell scripts are generally safe).
-11/Oct/1999 1.6 6
+
+
+
+
+
+
+12/Oct/1999 1.6 6
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
-''' Revision 1.37 1999/10/12 00:05:39 millert
-''' document -L flag
+''' Revision 1.38 1999/10/13 04:18:40 millert
+''' Remove -r realm option
'''
'''
.de Sh
.nr % 0
.rr F
.\}
-.TH SUDO 8 "1.6" "11/Oct/1999" "MAINTENANCE COMMANDS"
+.TH SUDO 8 "1.6" "12/Oct/1999" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.if n .na
sudo \- execute a command as another user
.SH "SYNOPSIS"
\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \fB\-H\fR |
-[ \fB\-b\fR ] | [ \fB\-r\fR realm ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
+[ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
.SH "DESCRIPTION"
\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
superuser or another user, as specified in the sudoers file. The
The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
command in the background. Note that if you use the \f(CW-b\fR
option you cannot use shell job control to manipulate the command.
-.Ip "-r" 4
-The \f(CW-r\fR (\fIrealm\fR) option is only available if \fBsudo\fR was configured
-with \fBKerberos\fR version 5 support. It allows the user to specify a
-\fBKerberos\fR realm other than the system default to use when authenticating
-the user via \fBKerberos\fR.
.Ip "-p" 4
The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default
password prompt and use a custom one. If the password prompt
.IX Item "-b"
-.IX Item "-r"
-
.IX Item "-p"
.IX Item "-u"
projects / sudo / commitdiff