B\bBo\boo\bol\ble\bea\ban\bn F\bFl\bla\bag\bgs\bs:
- always_set_home If set, s\bsu\bud\bdo\bo will set the HOME environment variable to
- the home directory of the target user (which is root
+ always_set_home If enabled, s\bsu\bud\bdo\bo will set the HOME environment variable
+ to the home directory of the target user (which is root
unless the -\b-u\bu option is used). This effectively means
- that the -\b-H\bH option is always implied. This flag is _\bo_\bf_\bf
- by default.
+ that the -\b-H\bH option is always implied. Note that HOME
+ is already set when the the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is
+ enabled, so _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be is only effective for
+ configurations where _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is disabled. This flag
+ is _\bo_\bf_\bf by default.
authenticate If set, users must authenticate themselves via a
password (or other means of authentication) before they
may run commands. This default may be overridden via
- the PASSWD and NOPASSWD tags. This flag is _\bo_\bn by
- default.
-
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ the PASSWD and NOPASSWD tags. This flag is _\bo_\bn by
+ default.
+
closefrom_override
If set, the user may use s\bsu\bud\bdo\bo's -\b-C\bC option which
overrides the default starting point at which s\bsu\bud\bdo\bo
fqdn Set this flag if you want to put fully qualified host
names in the _\bs_\bu_\bd_\bo_\be_\br_\bs file. I.e., instead of myhost you
- would use myhost.mydomain.edu. You may still use the
- short form if you wish (and even mix the two). Beware
- that turning on _\bf_\bq_\bd_\bn requires s\bsu\bud\bdo\bo to make DNS lookups
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ would use myhost.mydomain.edu. You may still use the
+ short form if you wish (and even mix the two). Beware
+ that turning on _\bf_\bq_\bd_\bn requires s\bsu\bud\bdo\bo to make DNS lookups
which may make s\bsu\bud\bdo\bo unusable if DNS stops working (for
example if the machine is not plugged into the
network). Also note that you must use the host's
does not enter the correct password. This flag is _\bo_\bf_\bf
by default.
- mail_no_host If set, mail will be sent to the _\bm_\ba_\bi_\bl_\bt_\bo user if the
- invoking user exists in the _\bs_\bu_\bd_\bo_\be_\br_\bs file, but is not
- allowed to run commands on the current host. This flag
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ mail_no_host If set, mail will be sent to the _\bm_\ba_\bi_\bl_\bt_\bo user if the
+ invoking user exists in the _\bs_\bu_\bd_\bo_\be_\br_\bs file, but is not
+ allowed to run commands on the current host. This flag
is _\bo_\bf_\bf by default.
mail_no_perms If set, mail will be sent to the _\bm_\ba_\bi_\bl_\bt_\bo user if the
able to determine the length of the password being
entered. This flag is _\bo_\bf_\bf by default.
- requiretty If set, s\bsu\bud\bdo\bo will only run when the user is logged in
- to a real tty. When this flag is set, s\bsu\bud\bdo\bo can only be
-
1.8.0b1 July 19, 2010 14
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ requiretty If set, s\bsu\bud\bdo\bo will only run when the user is logged in
+ to a real tty. When this flag is set, s\bsu\bud\bdo\bo can only be
run from a login session and not via other means such
as _\bc_\br_\bo_\bn(1m) or cgi-bin scripts. This flag is _\bo_\bf_\bf by
default.
instead of the password of the invoking user. This
flag is _\bo_\bf_\bf by default.
- set_home If set and s\bsu\bud\bdo\bo is invoked with the -\b-s\bs option the HOME
- environment variable will be set to the home directory
- of the target user (which is root unless the -\b-u\bu option
- is used). This effectively makes the -\b-s\bs option imply
- -\b-H\bH. This flag is _\bo_\bf_\bf by default.
+ set_home If enabled and s\bsu\bud\bdo\bo is invoked with the -\b-s\bs option the
+ HOME environment variable will be set to the home
+ directory of the target user (which is root unless the
+ -\b-u\bu option is used). This effectively makes the -\b-s\bs
+ option imply -\b-H\bH. Note that HOME is already set when
+ the the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is enabled, so _\bs_\be_\bt_\b__\bh_\bo_\bm_\be is
+ only effective for configurations where _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is
+ disabled. This flag is _\bo_\bf_\bf by default.
set_logname Normally, s\bsu\bud\bdo\bo will set the LOGNAME, USER and USERNAME
environment variables to the name of the target user
shell_noargs If set and s\bsu\bud\bdo\bo is invoked with no arguments it acts as
if the -\b-s\bs option had been given. That is, it runs a
- shell as root (the shell is determined by the SHELL
- environment variable if it is set, falling back on the
- shell listed in the invoking user's /etc/passwd entry
- if not). This flag is _\bo_\bf_\bf by default.
-
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ shell as root (the shell is determined by the SHELL
+ environment variable if it is set, falling back on the
+ shell listed in the invoking user's /etc/passwd entry
+ if not). This flag is _\bo_\bf_\bf by default.
+
stay_setuid Normally, when s\bsu\bud\bdo\bo executes a command the real and
effective UIDs are set to the target user (root by
default). This option changes that behavior such that
Normally, s\bsu\bud\bdo\bo uses a directory in the ticket dir with
the same name as the user running it. With this flag
enabled, s\bsu\bud\bdo\bo will use a file named for the tty the
- user is logged in on in that directory. This flag is
- _\bo_\bf_\bf by default.
-
- umask_override If set, s\bsu\bud\bdo\bo will set the umask as specified by _\bs_\bu_\bd_\bo_\be_\br_\bs
- without modification. This makes it possible to
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ user is logged in on in that directory. This flag is
+ _\bo_\bf_\bf by default.
+
+ umask_override If set, s\bsu\bud\bdo\bo will set the umask as specified by _\bs_\bu_\bd_\bo_\be_\br_\bs
+ without modification. This makes it possible to
specify a more permissive umask in _\bs_\bu_\bd_\bo_\be_\br_\bs than the
user's own umask and matches historical behavior. If
_\bu_\bm_\ba_\bs_\bk_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be is not set, s\bsu\bud\bdo\bo will set the umask to
passwd_timeout Number of minutes before the s\bsu\bud\bdo\bo password prompt times
out, or 0 for no timeout. The timeout may include a
- fractional component if minute granularity is
- insufficient, for example 2.5. The default is 5.
-
- timestamp_timeout
- Number of minutes that can elapse before s\bsu\bud\bdo\bo will ask
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ fractional component if minute granularity is
+ insufficient, for example 2.5. The default is 5.
+
+ timestamp_timeout
+ Number of minutes that can elapse before s\bsu\bud\bdo\bo will ask
for a passwd again. The timeout may include a
fractional component if minute granularity is
insufficient, for example 2.5. The default is 5. Set
domain name (on if the machine's host name is fully
qualified or the _\bf_\bq_\bd_\bn option is set)
- %h expanded to the local host name without the domain
- name
-
- %p expanded to the user whose password is being asked
-
1.8.0b1 July 19, 2010 18
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ %h expanded to the local host name without the domain
+ name
+
+ %p expanded to the user whose password is being asked
for (respects the _\br_\bo_\bo_\bt_\bp_\bw, _\bt_\ba_\br_\bg_\be_\bt_\bp_\bw and _\br_\bu_\bn_\ba_\bs_\bp_\bw
flags in _\bs_\bu_\bd_\bo_\be_\br_\bs)
askpass The _\ba_\bs_\bk_\bp_\ba_\bs_\bs option specifies the fully qualified path to a
helper program used to read the user's password when no
- terminal is available. This may be the case when s\bsu\bud\bdo\bo is
- executed from a graphical (as opposed to text-based)
- application. The program specified by _\ba_\bs_\bk_\bp_\ba_\bs_\bs should
- display the argument passed to it as the prompt and write
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ terminal is available. This may be the case when s\bsu\bud\bdo\bo is
+ executed from a graphical (as opposed to text-based)
+ application. The program specified by _\ba_\bs_\bk_\bp_\ba_\bs_\bs should
+ display the argument passed to it as the prompt and write
the user's password to the standard output. The value of
_\ba_\bs_\bk_\bp_\ba_\bs_\bs may be overridden by the SUDO_ASKPASS environment
variable.
lecture_file
Path to a file containing an alternate s\bsu\bud\bdo\bo lecture that
- will be used in place of the standard lecture if the named
- file exists. By default, s\bsu\bud\bdo\bo uses a built-in lecture.
-
- listpw This option controls when a password will be required when
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ will be used in place of the standard lecture if the named
+ file exists. By default, s\bsu\bud\bdo\bo uses a built-in lecture.
+
+ listpw This option controls when a password will be required when
a user runs s\bsu\bud\bdo\bo with the -\b-l\bl option. It has the following
possible values:
syslog Syslog facility if syslog is being used for logging (negate
to disable syslog logging). Defaults to local2.
- verifypw This option controls when a password will be required when
- a user runs s\bsu\bud\bdo\bo with the -\b-v\bv option. It has the following
- possible values:
-
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ verifypw This option controls when a password will be required when
+ a user runs s\bsu\bud\bdo\bo with the -\b-v\bv option. It has the following
+ possible values:
+
all All the user's _\bs_\bu_\bd_\bo_\be_\br_\bs entries for the current host
must have the NOPASSWD flag set to avoid entering a
password.
env_keep Environment variables to be preserved in the user's
environment when the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is in effect.
This allows fine-grained control over the environment
- s\bsu\bud\bdo\bo-spawned processes will receive. The argument may
- be a double-quoted, space-separated list or a single
- value without double-quotes. The list can be replaced,
- added to, deleted from, or disabled by using the =, +=,
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ s\bsu\bud\bdo\bo-spawned processes will receive. The argument may
+ be a double-quoted, space-separated list or a single
+ value without double-quotes. The list can be replaced,
+ added to, deleted from, or disabled by using the =, +=,
-=, and ! operators respectively. The default list of
variables to keep is displayed when s\bsu\bud\bdo\bo is run by root
with the _\b-_\bV option.
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
ALPHA = widget, thalamus, foobar :\
- HPPA = boa, nag, python
- Host_Alias CUNETS = 128.138.0.0/255.255.0.0
- Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
- Host_Alias SERVERS = master, mail, www, ns
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ HPPA = boa, nag, python
+ Host_Alias CUNETS = 128.138.0.0/255.255.0.0
+ Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
+ Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification
PARTTIMERS ALL = ALL
- Part time sysadmins (b\bbo\bos\bst\btl\ble\bey\by, j\bjw\bwf\bfo\box\bx, and c\bcr\bra\baw\bwl\bl) may run any command on
- any host but they must authenticate themselves first (since the entry
- lacks the NOPASSWD tag).
-
1.8.0b1 July 19, 2010 24
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ Part time sysadmins (b\bbo\bos\bst\btl\ble\bey\by, j\bjw\bwf\bfo\box\bx, and c\bcr\bra\baw\bwl\bl) may run any command on
+ any host but they must authenticate themselves first (since the entry
+ lacks the NOPASSWD tag).
+
jack CSNETS = ALL
The user j\bja\bac\bck\bk may run any command on the machines in the _\bC_\bS_\bN_\bE_\bT_\bS alias
Users in the s\bse\bec\bcr\bre\bet\bta\bar\bri\bie\bes\bs netgroup need to help manage the printers as
well as add and remove users, so they are allowed to run those commands
- on all machines.
-
- fred ALL = (DB) NOPASSWD: ALL
-
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ on all machines.
+
+ fred ALL = (DB) NOPASSWD: ALL
+
The user f\bfr\bre\bed\bd can run commands as any user in the _\bD_\bB Runas_Alias
(o\bor\bra\bac\bcl\ble\be or s\bsy\byb\bba\bas\bse\be) without giving a password.
bill ALL = ALL, !SU, !SHELLS
- Doesn't really prevent b\bbi\bil\bll\bl from running the commands listed in _\bS_\bU or
- _\bS_\bH_\bE_\bL_\bL_\bS since he can simply copy those commands to a different name, or
- use a shell escape from an editor or other program. Therefore, these
-
1.8.0b1 July 19, 2010 26
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ Doesn't really prevent b\bbi\bil\bll\bl from running the commands listed in _\bS_\bU or
+ _\bS_\bH_\bE_\bL_\bL_\bS since he can simply copy those commands to a different name, or
+ use a shell escape from an editor or other program. Therefore, these
kind of restrictions should be considered advisory at best (and
reinforced by policy).
If the resulting output contains a line that begins with:
- File containing dummy exec functions:
-
-
1.8.0b1 July 19, 2010 27
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ File containing dummy exec functions:
+
then s\bsu\bud\bdo\bo may be able to replace the exec family of functions
in the standard library with its own that simply return an
error. Unfortunately, there is no foolproof way to know
writable directory.
On systems where the boot time is available, _\bs_\bu_\bd_\bo_\be_\br_\bs will ignore time
- stamps that date from before the machine booted.
-
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ stamps that date from before the machine booted.
+
Since time stamp files live in the file system, they can outlive a
user's login session. As a result, a user may be able to login, run a
command with s\bsu\bud\bdo\bo after authenticating, logout, login again, and run
-
-
1.8.0b1 July 19, 2010 29
static const char *initial_keepenv_table[] = {
"COLORS",
"DISPLAY",
- "HOME",
"HOSTNAME",
"KRB5CCNAME",
"LS_COLORS",
char **old_envp, **ep, *cp, *ps1;
char idbuf[MAX_UID_T_LEN];
unsigned int didvar;
+ int reset_home = FALSE;
/*
* Either clean out the environment or reset to a safe default.
memset(env.envp, 0, env.env_size * sizeof(char *));
#endif
if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+ /* Reset HOME based on target user unless keeping old value. */
+ reset_home = TRUE;
+
/* Pull in vars we want to keep from the old environment. */
for (ep = old_envp; *ep; ep++) {
int keepit;
* on sudoers options).
*/
if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
- sudo_setenv("HOME", runas_pw->pw_dir, ISSET(didvar, DID_HOME));
sudo_setenv("SHELL", runas_pw->pw_shell, ISSET(didvar, DID_SHELL));
sudo_setenv("LOGNAME", runas_pw->pw_name,
ISSET(didvar, DID_LOGNAME));
sudo_setenv("USERNAME", runas_pw->pw_name,
ISSET(didvar, DID_USERNAME));
} else {
- if (!ISSET(didvar, DID_HOME))
- sudo_setenv("HOME", user_dir, FALSE);
if (!ISSET(didvar, DID_SHELL))
sudo_setenv("SHELL", sudo_user.pw->pw_shell, FALSE);
if (!ISSET(didvar, DID_LOGNAME))
sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
}
} else {
+ /* Reset HOME based on target user if configured to. */
+ if (ISSET(sudo_mode, MODE_RUN)) {
+ if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME) ||
+ (ISSET(sudo_mode, MODE_SHELL) && def_set_home))
+ reset_home = TRUE;
+ }
+
/*
* Copy environ entries as long as they don't match env_delete or
* env_check.
}
/* Set $USER, $LOGNAME and $USERNAME to target if "set_logname" is true. */
- /* XXX - not needed for MODE_LOGIN_SHELL */
- if (def_set_logname && runas_pw->pw_name) {
+ if (def_set_logname && !ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
if (!ISSET(didvar, KEPT_LOGNAME))
sudo_setenv("LOGNAME", runas_pw->pw_name, TRUE);
if (!ISSET(didvar, KEPT_USER))
sudo_setenv("USERNAME", runas_pw->pw_name, TRUE);
}
- /* Set $HOME for `sudo -H'. Only valid at PERM_FULL_RUNAS. */
- /* XXX - not needed for MODE_LOGIN_SHELL */
- if (runas_pw->pw_dir) {
- if (ISSET(sudo_mode, MODE_RESET_HOME) ||
- (ISSET(sudo_mode, MODE_RUN) && (def_always_set_home ||
- (ISSET(sudo_mode, MODE_SHELL) && def_set_home))))
- sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
- }
+ /* Set $HOME to target user if not preserving user's value. */
+ if (reset_home && !ISSET(didvar, KEPT_HOME))
+ sudo_setenv("HOME", runas_pw->pw_dir, ISSET(didvar, DID_HOME));
/* Provide default values for $TERM and $PATH if they are not set. */
if (!ISSET(didvar, DID_TERM))
projects / sudo / commitdiff