we use in OpenBSD.
via B<sudo> to verify that the command does not inadvertently give
the user an effective root shell.
-=head1 EXAMPLES
-
-Note: the following examples assume suitable L<sudoers(@mansectform@)> entries.
-
-To get a file listing of an unreadable directory:
-
- $ sudo ls /usr/local/protected
-
-To list the home directory of user yazza on a machine where the
-file system holding ~yazza is not exported as root:
-
- $ sudo -u yazza ls ~yazza
-
-To edit the F<index.html> file as user www:
-
- $ sudo -u www vi ~www/htdocs/index.html
-
-To shutdown a machine:
-
- $ sudo shutdown -r +15 "quick reboot"
-
-To make a usage listing of the directories in the /home
-partition. Note that this runs the commands in a sub-shell
-to make the C<cd> and file redirection work.
-
- $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
-
=head1 ENVIRONMENT
B<sudo> utilizes the following environment variables:
@sysconfdir@/sudoers List of who can run what
@timedir@ Directory containing timestamps
+=head1 EXAMPLES
+
+Note: the following examples assume suitable L<sudoers(@mansectform@)> entries.
+
+To get a file listing of an unreadable directory:
+
+ $ sudo ls /usr/local/protected
+
+To list the home directory of user yazza on a machine where the
+file system holding ~yazza is not exported as root:
+
+ $ sudo -u yazza ls ~yazza
+
+To edit the F<index.html> file as user www:
+
+ $ sudo -u www vi ~www/htdocs/index.html
+
+To shutdown a machine:
+
+ $ sudo shutdown -r +15 "quick reboot"
+
+To make a usage listing of the directories in the /home
+partition. Note that this runs the commands in a sub-shell
+to make the C<cd> and file redirection work.
+
+ $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
+
+=head1 SEE ALSO
+
+L<grep(1)>, L<su(1)>, L<stat(2)>, L<login_cap(3)>, L<sudoers(@mansectform@)>,
+L<passwd(@mansectform@)>, L<visudo(@mansectsu@)>
+
=head1 AUTHORS
Many people have worked on B<sudo> over the years; this
http://www.sudo.ws/sudo/history.html for a short history
of B<sudo>.
-=head1 BUGS
-
-If you feel you have found a bug in sudo, please submit a bug report
-at http://www.sudo.ws/sudo/bugs/
-
-=head1 DISCLAIMER
-
-B<Sudo> is provided ``AS IS'' and any express or implied warranties,
-including, but not limited to, the implied warranties of merchantability
-and fitness for a particular purpose are disclaimed.
-See the LICENSE file distributed with B<sudo> for complete details.
-
=head1 CAVEATS
There is no easy way to prevent a user from gaining a root shell
make setuid shell scripts unsafe on some operating systems (if your OS
has a /dev/fd/ directory, setuid shell scripts are generally safe).
-=head1 SEE ALSO
+=head1 BUGS
-L<grep(1)>, L<su(1)>, L<stat(2)>, L<login_cap(3)>, L<sudoers(@mansectform@)>,
-L<passwd(@mansectform@)>, L<visudo(@mansectsu@)>
+If you feel you have found a bug in B<sudo>, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+
+=head1 SUPPORT
+
+Commercial support is available for B<sudo>, see
+http://www.sudo.ws/sudo/support.html for details.
+
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+
+=head1 DISCLAIMER
+
+B<Sudo> is provided ``AS IS'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed. See the LICENSE
+file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
+for complete details.
used as part of a word (e.g. a username or hostname):
'@', '!', '=', ':', ',', '(', ')', '\'.
+=head1 FILES
+
+ @sysconfdir@/sudoers List of who can run what
+ /etc/group Local groups file
+ /etc/netgroup List of network groups
+
=head1 EXAMPLES
Since the I<sudoers> file is parsed in a single pass, order is
privilege escalation. In the specific case of an editor, a safer
approach is to give the user permission to run B<sudoedit>.
+=head1 SEE ALSO
+
+L<rsh(1)>, L<su(1)>, L<fnmatch(3)>, L<sudo(@mansectsu@)>, L<visudo(@mansectsu@)>
+
=head1 CAVEATS
The I<sudoers> file should B<always> be edited by the B<visudo>
as returned by the C<hostname> command or use the I<fqdn> option in
I<sudoers>.
-=head1 FILES
+=head1 BUGS
- @sysconfdir@/sudoers List of who can run what
- /etc/group Local groups file
- /etc/netgroup List of network groups
+If you feel you have found a bug in B<sudo>, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
-=head1 SEE ALSO
+=head1 SUPPORT
-L<rsh(1)>, L<su(1)>, L<fnmatch(3)>, L<sudo(@mansectsu@)>, L<visudo(@mansectsu@)>
+Commercial support is available for B<sudo>, see
+http://www.sudo.ws/sudo/support.html for details.
+
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+
+=head1 DISCLAIMER
+
+B<Sudo> is provided ``AS IS'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed. See the LICENSE
+file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
+for complete details.
=back
-=head1 ERRORS
+=head1 ENVIRONMENT
+
+The following environment variables are used only if B<visudo>
+was configured with the I<--with-env-editor> option:
+
+ VISUAL Invoked by visudo as the editor to use
+ EDITOR Used by visudo if VISUAL is not set
+
+=head1 FILES
+
+ @sysconfdir@/sudoers List of who can run what
+ @sysconfdir@/sudoers.tmp Lock file for visudo
+
+=head1 DIAGNOSTICS
=over 4
=back
-=head1 ENVIRONMENT
-
-The following environment variables are used only if B<visudo>
-was configured with the I<--with-env-editor> option:
-
- VISUAL Invoked by visudo as the editor to use
- EDITOR Used by visudo if VISUAL is not set
-
-=head1 FILES
+=head1 SEE ALSO
- @sysconfdir@/sudoers List of who can run what
- @sysconfdir@/sudoers.tmp Lock file for visudo
+L<vi(1)>, L<sudoers(@mansectform@)>, L<sudo(@mansectsu@)>, L<vipw(@mansectsu@)>
=head1 AUTHOR
See the HISTORY file in the sudo distribution or visit
http://www.sudo.ws/sudo/history.html for more details.
+=head1 CAVEATS
+
+There is no easy way to prevent a user from gaining a root shell if
+the editor used by B<visudo> allows shell escapes.
+
=head1 BUGS
-If you feel you have found a bug in sudo, please submit a bug report
+If you feel you have found a bug in B<visudo>, please submit a bug report
at http://www.sudo.ws/sudo/bugs/
-=head1 DISCLAIMER
+=head1 SUPPORT
-B<Visudo> is provided ``AS IS'' and any express or implied warranties,
-including, but not limited to, the implied warranties of merchantability
-and fitness for a particular purpose are disclaimed.
-See the LICENSE file distributed with B<sudo> for complete details.
-
-=head1 CAVEATS
+Commercial support is available for B<sudo>, see
+http://www.sudo.ws/sudo/support.html for details.
-There is no easy way to prevent a user from gaining a root shell if
-the editor used by B<visudo> allows shell escapes.
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
-=head1 SEE ALSO
+=head1 DISCLAIMER
-L<vi(1)>, L<sudoers(@mansectform@)>, L<sudo(@mansectsu@)>, L<vipw(@mansectsu@)>
+B<Visudo> is provided ``AS IS'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed. See the LICENSE
+file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
+for complete details.
projects / sudo / commitdiff