executed to read the user's password and output the
password to the standard output. If the SUDO_ASKPASS
environment variable is set, it specifies the path to the
- helper program. Otherwise, the value specified by the
- _\ba_\bs_\bk_\bp_\ba_\bs_\bs option in _\bs_\bu_\bd_\bo_\be_\br_\bs(4) is used.
+ helper program. Otherwise, if _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf contains a
+ line specifying the askpass program that value will be
+ used. For example:
+
+ # Path to askpass helper program
+ Path askpass /usr/X11R6/bin/ssh-askpass
+
+ If no askpass program is available, sudo will exit with an
+ error.
-a _\bt_\by_\bp_\be The -\b-a\ba (_\ba_\bu_\bt_\bh_\be_\bn_\bt_\bi_\bc_\ba_\bt_\bi_\bo_\bn _\bt_\by_\bp_\be) option causes s\bsu\bud\bdo\bo to use the
specified authentication type when validating the user, as
Specifying a _\bc_\bl_\ba_\bs_\bs of - indicates that the command should
be run restricted by the default login capabilities for the
user the command is run as. If the _\bc_\bl_\ba_\bs_\bs argument
- specifies an existing user class, the command must be run
- as root, or the s\bsu\bud\bdo\bo command must be run from a shell that
- is already root. This option is only available on systems
- with BSD login classes.
-
- -D _\bl_\be_\bv_\be_\bl Enable debugging of s\bsu\bud\bdo\bo plugins and s\bsu\bud\bdo\bo itself. The
- _\bl_\be_\bv_\be_\bl may be a value from 1 through 9.
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ specifies an existing user class, the command must be run
+ as root, or the s\bsu\bud\bdo\bo command must be run from a shell that
+ is already root. This option is only available on systems
+ with BSD login classes.
+
+ -D _\bl_\be_\bv_\be_\bl Enable debugging of s\bsu\bud\bdo\bo plugins and s\bsu\bud\bdo\bo itself. The
+ _\bl_\be_\bv_\be_\bl may be a value from 1 through 9.
+
-E The -\b-E\bE (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt) option will override the
_\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option in _\bs_\bu_\bd_\bo_\be_\br_\bs(4)). It is only available when
either the matching command has the SETENV tag or the
specified in _\bp_\ba_\bs_\bs_\bw_\bd(4). By default, s\bsu\bud\bdo\bo does not modify
HOME (see _\bs_\be_\bt_\b__\bh_\bo_\bm_\be and _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be in _\bs_\bu_\bd_\bo_\be_\br_\bs(4)).
- -h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes s\bsu\bud\bdo\bo to print a usage message
- and exit.
-
- -i [command]
- The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs the shell
- specified in the _\bp_\ba_\bs_\bs_\bw_\bd(4) entry of the target user as a
- login shell. This means that login-specific resource files
-
1.8.0a2 June 9, 2010 3
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ -h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes s\bsu\bud\bdo\bo to print a usage message
+ and exit.
+
+ -i [command]
+ The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs the shell
+ specified in the _\bp_\ba_\bs_\bs_\bw_\bd(4) entry of the target user as a
+ login shell. This means that login-specific resource files
such as .profile or .login will be read by the shell. If a
command is specified, it is passed to the shell for
execution. Otherwise, an interactive shell is executed.
-P The -\b-P\bP (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\bg_\br_\bo_\bu_\bp _\bv_\be_\bc_\bt_\bo_\br) option causes s\bsu\bud\bdo\bo to
preserve the invoking user's group vector unaltered. By
- default, s\bsu\bud\bdo\bo will initialize the group vector to the list
- of groups the target user is in. The real and effective
- group IDs, however, are still set to match the target user.
-
- -p _\bp_\br_\bo_\bm_\bp_\bt The -\b-p\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the default
- password prompt and use a custom one. The following
- percent (`%') escapes are supported:
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ default, s\bsu\bud\bdo\bo will initialize the group vector to the list
+ of groups the target user is in. The real and effective
+ group IDs, however, are still set to match the target user.
+
+ -p _\bp_\br_\bo_\bm_\bp_\bt The -\b-p\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the default
+ password prompt and use a custom one. The following
+ percent (`%') escapes are supported:
+
%H expanded to the local host name including the domain
name (on if the machine's host name is fully qualified
or the _\bf_\bq_\bd_\bn _\bs_\bu_\bd_\bo_\be_\br_\bs option is set)
is set (see _\bs_\bu_\bd_\bo_\be_\br_\bs(4)) it is not possible to run commands
with a uid not listed in the password database.
- -V The -\b-V\bV (_\bv_\be_\br_\bs_\bi_\bo_\bn) option causes s\bsu\bud\bdo\bo to print the version
- number and exit. If the invoking user is already root the
- -\b-V\bV option will print out a list of the defaults s\bsu\bud\bdo\bo was
- compiled with as well as the machine's local network
- addresses.
-
- -v If given the -\b-v\bv (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bsu\bud\bdo\bo will update the
- user's time stamp, prompting for the user's password if
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ -V The -\b-V\bV (_\bv_\be_\br_\bs_\bi_\bo_\bn) option causes s\bsu\bud\bdo\bo to print the version
+ number and exit. If the invoking user is already root the
+ -\b-V\bV option will print out a list of the defaults s\bsu\bud\bdo\bo was
+ compiled with as well as the machine's local network
+ addresses.
+
+ -v If given the -\b-v\bv (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bsu\bud\bdo\bo will update the
+ user's time stamp, prompting for the user's password if
necessary. This extends the s\bsu\bud\bdo\bo timeout for another 5
minutes (or whatever the timeout is set to in _\bs_\bu_\bd_\bo_\be_\br_\bs) but
does not run a command.
#
# Format:
# Plugin plugin_name plugin_path
+ # Path askpass path/to/askpass
#
# The plugin_path is relative to /usr/local/libexec unless
# fully qualified.
A Plugin line consists of the Plugin keyword, followed by the
_\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be and the _\bp_\ba_\bt_\bh to the shared object containing the plugin.
The _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be is the name of the struct policy_plugin or struct
- io_plugin in the plugin shared object. The _\bp_\ba_\bt_\bh may be fully qualified
- or relative. If not fully qualified it is relative to the
- _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc directory. Any additional parameters after the _\bp_\ba_\bt_\bh
- are ignored.
-
- For more information, see the "_\bs_\bu_\bd_\bo_\b__\bp_\bl_\bu_\bg_\bi_\bn(1m) manual."
-
-R\bRE\bET\bTU\bUR\bRN\bN V\bVA\bAL\bLU\bUE\bES\bS
- Upon successful execution of a program, the exit status from s\bsu\bud\bdo\bo will
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ io_plugin in the plugin shared object. The _\bp_\ba_\bt_\bh may be fully qualified
+ or relative. If not fully qualified it is relative to the
+ _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc directory. Any additional parameters after the _\bp_\ba_\bt_\bh
+ are ignored. Lines that don't begin with Plugin or Path are silently
+ ignored
+
+ For more information, see the _\bs_\bu_\bd_\bo_\b__\bp_\bl_\bu_\bg_\bi_\bn(1m) manual.
+
+R\bRE\bET\bTU\bUR\bRN\bN V\bVA\bAL\bLU\bUE\bES\bS
+ Upon successful execution of a program, the exit status from s\bsu\bud\bdo\bo will
simply be the exit status of the program that was executed.
Otherwise, s\bsu\bud\bdo\bo quits with an exit value of 1 if there is a
s\bsu\bud\bdo\bo to preserve them.
To prevent command spoofing, s\bsu\bud\bdo\bo checks "." and "" (both denoting
- current directory) last when searching for a command in the user's PATH
- (if one or both are in the PATH). Note, however, that the actual PATH
- environment variable is _\bn_\bo_\bt modified and is passed unchanged to the
- program that s\bsu\bud\bdo\bo executes.
-
- s\bsu\bud\bdo\bo will check the ownership of its time stamp directory
- (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo by default) and ignore the directory's contents if it is
- not owned by root or if it is writable by a user other than root. On
- systems that allow non-root users to give away files via _\bc_\bh_\bo_\bw_\bn(2), if
- the time stamp directory is located in a directory writable by anyone
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ current directory) last when searching for a command in the user's PATH
+ (if one or both are in the PATH). Note, however, that the actual PATH
+ environment variable is _\bn_\bo_\bt modified and is passed unchanged to the
+ program that s\bsu\bud\bdo\bo executes.
+
+ s\bsu\bud\bdo\bo will check the ownership of its time stamp directory
+ (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo by default) and ignore the directory's contents if it is
+ not owned by root or if it is writable by a user other than root. On
+ systems that allow non-root users to give away files via _\bc_\bh_\bo_\bw_\bn(2), if
+ the time stamp directory is located in a directory writable by anyone
(e.g., _\b/_\bt_\bm_\bp), it is possible for a user to create the time stamp
directory before s\bsu\bud\bdo\bo is run. However, because s\bsu\bud\bdo\bo checks the
ownership and mode of the directory and its contents, the only damage
when giving users access to commands via s\bsu\bud\bdo\bo to verify that the
command does not inadvertently give the user an effective root shell.
For more information, please see the PREVENTING SHELL ESCAPES section
- in _\bs_\bu_\bd_\bo_\be_\br_\bs(4).
-E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
- s\bsu\bud\bdo\bo utilizes the following environment variables:
- EDITOR Default editor to use in -\b-e\be (sudoedit) mode if neither
- SUDO_EDITOR nor VISUAL is set
- HOME In -\b-s\bs or -\b-H\bH mode (or if sudo was configured with the
- --enable-shell-sets-home option), set to homedir of the
+1.8.0a2 June 9, 2010 8
-1.8.0a2 June 9, 2010 8
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ in _\bs_\bu_\bd_\bo_\be_\br_\bs(4).
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
+ s\bsu\bud\bdo\bo utilizes the following environment variables:
+ EDITOR Default editor to use in -\b-e\be (sudoedit) mode if neither
+ SUDO_EDITOR nor VISUAL is set
+ HOME In -\b-s\bs or -\b-H\bH mode (or if sudo was configured with the
+ --enable-shell-sets-home option), set to homedir of the
target user
PATH Set to a sane value if the _\bs_\be_\bc_\bu_\br_\be_\b__\bp_\ba_\bt_\bh sudoers option
SUDO_EDITOR is not set
F\bFI\bIL\bLE\bES\bS
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf s\bsu\bud\bdo\bo plugin configuration
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf s\bsu\bud\bdo\bo plugin and path configuration
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
Note: the following examples assume suitable _\bs_\bu_\bd_\bo_\be_\br_\bs(4) entries.
- To get a file listing of an unreadable directory:
-
- $ sudo ls /usr/local/protected
- To list the home directory of user yaz on a machine where the file
- system holding ~yaz is not exported as root:
- $ sudo -u yaz ls ~yaz
+1.8.0a2 June 9, 2010 9
-1.8.0a2 June 9, 2010 9
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ To get a file listing of an unreadable directory:
+ $ sudo ls /usr/local/protected
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ To list the home directory of user yaz on a machine where the file
+ system holding ~yaz is not exported as root:
+ $ sudo -u yaz ls ~yaz
To edit the _\bi_\bn_\bd_\be_\bx_\b._\bh_\bt_\bm_\bl file as user www:
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
_\bg_\br_\be_\bp(1), _\bs_\bu(1), _\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), _\bp_\ba_\bs_\bs_\bw_\bd(4), _\bs_\bu_\bd_\bo_\be_\br_\bs(4),
- "_\bs_\bu_\bd_\bo_\b__\bp_\bl_\bu_\bg_\bi_\bn(1m), "_\bs_\bu_\bd_\bo_\br_\be_\bp_\bl_\ba_\by(1m), _\bv_\bi_\bs_\bu_\bd_\bo(1m)""
+ _\bs_\bu_\bd_\bo_\b__\bp_\bl_\bu_\bg_\bi_\bn(1m), _\bs_\bu_\bd_\bo_\br_\be_\bp_\bl_\ba_\by(1m), _\bv_\bi_\bs_\bu_\bd_\bo(1m)
A\bAU\bUT\bTH\bHO\bOR\bRS\bS
Many people have worked on s\bsu\bud\bdo\bo over the years; this version consists
It is not meaningful to run the cd command directly via sudo, e.g.,
- $ sudo cd /usr/local/protected
- since when the command exits the parent process (your shell) will still
- be the same. Please see the EXAMPLES section for more information.
- If users have sudo ALL there is nothing to prevent them from creating
- their own program that gives them a root shell regardless of any '!'
- elements in the user specification.
+1.8.0a2 June 9, 2010 10
-1.8.0a2 June 9, 2010 10
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ $ sudo cd /usr/local/protected
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ since when the command exits the parent process (your shell) will still
+ be the same. Please see the EXAMPLES section for more information.
+ If users have sudo ALL there is nothing to prevent them from creating
+ their own program that gives them a root shell regardless of any '!'
+ elements in the user specification.
Running shell scripts via s\bsu\bud\bdo\bo can expose the same kernel bugs that
make setuid shell scripts unsafe on some operating systems (if your OS
See the LICENSE file distributed with s\bsu\bud\bdo\bo or
http://www.sudo.ws/sudo/license.html for complete details.
-P\bPO\bOD\bD E\bER\bRR\bRO\bOR\bRS\bS
- Hey! T\bTh\bhe\be a\bab\bbo\bov\bve\be d\bdo\boc\bcu\bum\bme\ben\bnt\bt h\bha\bad\bd s\bso\bom\bme\be c\bco\bod\bdi\bin\bng\bg e\ber\brr\bro\bor\brs\bs,\b, w\bwh\bhi\bic\bch\bh a\bar\bre\be e\bex\bxp\bpl\bla\bai\bin\bne\bed\bd
- b\bbe\bel\blo\bow\bw:\b:
-
- Around line 442:
- Unterminated L<...> sequence
-
- Around line 678:
- Unterminated L<L<...>> sequence
.IX Item "-A"
Normally, if \fBsudo\fR requires a password, it will read it from the
current terminal. If the \fB\-A\fR (\fIaskpass\fR) option is specified,
-a (possibly graphical) helper program is executed to read the
-user's password and output the password to the standard output. If
-the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable is set, it specifies the
-path to the helper program. Otherwise, the value specified by the
-\&\fIaskpass\fR option in \fIsudoers\fR\|(@mansectform@) is used.
+a (possibly graphical) helper program is executed to read the user's
+password and output the password to the standard output. If the
+\&\f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable is set, it specifies the path
+to the helper program. Otherwise, if \fI@sysconfdir@/sudo.conf\fR
+contains a line specifying the askpass program that value will be
+used. For example:
+.Sp
+.Vb 2
+\& # Path to askpass helper program
+\& Path askpass /usr/X11R6/bin/ssh\-askpass
+.Ve
+.Sp
+If no askpass program is available, sudo will exit with an error.
.if \n(BA \{\
.IP "\-a \fItype\fR" 12
.IX Item "-a type"
\& #
\& # Format:
\& # Plugin plugin_name plugin_path
+\& # Path askpass path/to/askpass
\& #
\& # The plugin_path is relative to @prefix@/libexec unless
\& # fully qualified.
plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR
or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR
may be fully qualified or relative. If not fully qualified it is
-relative to the \fI@prefix@/libexec\fR directory. Any additional parameters
-after the \fIpath\fR are ignored.
+relative to the \fI@prefix@/libexec\fR directory. Any additional
+parameters after the \fIpath\fR are ignored. Lines that don't begin
+with \f(CW\*(C`Plugin\*(C'\fR or \f(CW\*(C`Path\*(C'\fR are silently ignored
.PP
-For more information, see the \*(L"\fIsudo_plugin\fR\|(@mansectsu@) manual.\*(R"
+For more information, see the \fIsudo_plugin\fR\|(@mansectsu@) manual.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Upon successful execution of a program, the exit status from \fBsudo\fR
.ie n .IP "\fI@sysconfdir@/sudo.conf\fR" 24
.el .IP "\fI@sysconfdir@/sudo.conf\fR" 24
.IX Item "@sysconfdir@/sudo.conf"
-\&\fBsudo\fR plugin configuration
+\&\fBsudo\fR plugin and path configuration
.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24
.el .IP "\fI@sysconfdir@/sudoers\fR" 24
.IX Item "@sysconfdir@/sudoers"
.IX Header "SEE ALSO"
\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2),
.if \n(LC \&\fIlogin_cap\fR\|(3),
-\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), "\fIsudo_plugin\fR\|(@mansectsu@), "\fIsudoreplay\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)""
+\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), \fIsudo_plugin\fR\|(@mansectsu@), \fIsudoreplay\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)
.SH "AUTHORS"
.IX Header "AUTHORS"
Many people have worked on \fBsudo\fR over the years; this
and fitness for a particular purpose are disclaimed. See the \s-1LICENSE\s0
file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
for complete details.
-.SH "POD ERRORS"
-.IX Header "POD ERRORS"
-Hey! \fBThe above document had some coding errors, which are explained below:\fR
-.IP "Around line 442:" 4
-.IX Item "Around line 442:"
-Unterminated L<...> sequence
-.IP "Around line 678:" 4
-.IX Item "Around line 678:"
-Unterminated L<L<...>> sequence
Normally, if B<sudo> requires a password, it will read it from the
current terminal. If the B<-A> (I<askpass>) option is specified,
-a (possibly graphical) helper program is executed to read the
-user's password and output the password to the standard output. If
-the C<SUDO_ASKPASS> environment variable is set, it specifies the
-path to the helper program. Otherwise, the value specified by the
-I<askpass> option in L<sudoers(5)> is used.
+a (possibly graphical) helper program is executed to read the user's
+password and output the password to the standard output. If the
+C<SUDO_ASKPASS> environment variable is set, it specifies the path
+to the helper program. Otherwise, if F<@sysconfdir@/sudo.conf>
+contains a line specifying the askpass program that value will be
+used. For example:
+
+ # Path to askpass helper program
+ Path askpass /usr/X11R6/bin/ssh-askpass
+
+If no askpass program is available, sudo will exit with an error.
=item -a I<type>
#
# Format:
# Plugin plugin_name plugin_path
+ # Path askpass path/to/askpass
#
# The plugin_path is relative to @prefix@/libexec unless
# fully qualified.
plugin. The I<symbol_name> is the name of the C<struct policy_plugin>
or C<struct io_plugin> in the plugin shared object. The I<path>
may be fully qualified or relative. If not fully qualified it is
-relative to the F<@prefix@/libexec> directory. Any additional parameters
-after the I<path> are ignored.
+relative to the F<@prefix@/libexec> directory. Any additional
+parameters after the I<path> are ignored. Lines that don't begin
+with C<Plugin> or C<Path> are silently ignored
-For more information, see the L<sudo_plugin(8) manual.
+For more information, see the L<sudo_plugin(8)> manual.
=head1 RETURN VALUES
=item F<@sysconfdir@/sudo.conf>
-B<sudo> plugin configuration
+B<sudo> plugin and path configuration
=item F<@sysconfdir@/sudoers>
L<grep(1)>, L<su(1)>, L<stat(2)>,
L<login_cap(3)>,
-L<passwd(5)>, L<sudoers(5)>, L<sudo_plugin(8), L<sudoreplay(8), L<visudo(8)>
+L<passwd(5)>, L<sudoers(5)>, L<sudo_plugin(8)>, L<sudoreplay(8)>, L<visudo(8)>
=head1 AUTHORS
io_plugin in the plugin shared object. The _\bp_\ba_\bt_\bh may be fully qualified
or relative. If not fully qualified it is relative to the
_\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc directory. Any additional parameters after the _\bp_\ba_\bt_\bh
- are ignored.
+ are ignored. Lines that don't begin with Plugin or Path are silently
+ ignored.
The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid 0
#
# Format:
# Plugin plugin_name plugin_path
+ # Path askpass /path/to/askpass
#
# The plugin_path is relative to /usr/local/libexec unless
# fully qualified.
P\bPo\bol\bli\bic\bcy\by P\bPl\blu\bug\bgi\bin\bn A\bAP\bPI\bI
A policy plugin must declare and populate a policy_plugin struct in the
global scope. This structure contains pointers to the functions that
- implement the s\bsu\bud\bdo\bo policy checks. The name of the symbol should be
- specified in _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf along with a path to the plugin so that
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ implement the s\bsu\bud\bdo\bo policy checks. The name of the symbol should be
+ specified in _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf along with a path to the plugin so that
s\bsu\bud\bdo\bo can load it.
struct policy_plugin {
the major and minor version number of the plugin API supported
by s\bsu\bud\bdo\bo.
- conversation
- A pointer to the conversation function that can be used by the
- plugin to interact with the user (see below).
+
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ conversation
+ A pointer to the conversation function that can be used by the
+ plugin to interact with the user (see below).
+
plugin_printf
A pointer to a printf-style function that may be used to
display informational or error messages (see below).
set _\bi_\bm_\bp_\bl_\bi_\be_\bd_\b__\bs_\bh_\be_\bl_\bl to true. This allows s\bsu\bud\bdo\bo with no
arguments to be used similarly to _\bs_\bu(1). If the plugin
does not to support this usage, it may return a value of -2
- from the check_policy function, which will cause s\bsu\bud\bdo\bo to
- print a usage message and exit.
-
-
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ from the check_policy function, which will cause s\bsu\bud\bdo\bo to
+ print a usage message and exit.
+
preserve_groups=bool
Set to true if the user specified the -P flag, indicating
that the user wishes to preserve the group vector instead
Additional settings may be added in the future so the plugin
should silently ignore settings that it does not recognize.
- user_info
- A vector of information about the user running the command in
-
1.8.0a2 June 9, 2010 4
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ user_info
+ A vector of information about the user running the command in
the form of "name=value" strings. The vector is terminated by
a NULL pointer.
close
void (*close)(int exit_status, int error);
- The close function is called when the command being run by s\bsu\bud\bdo\bo
-
1.8.0a2 June 9, 2010 5
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ The close function is called when the command being run by s\bsu\bud\bdo\bo
finishes.
The function arguments are as follows:
not allowed, -1 for a general error, or -2 for a usage error or if
s\bsu\bud\bdo\boe\bed\bdi\bit\bt was specified but is unsupported by the plugin. In the
latter case, s\bsu\bud\bdo\bo will print a usage message before it exits. If
- an error occurs, the plugin may optionally call the conversation or
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ an error occurs, the plugin may optionally call the conversation or
plugin_printf function with SUDO_CONF_ERROR_MSG to present
additional error information to the user.
runas_groups=list
The supplementary group vector to use for the command in
the form of a comma-separated list of group IDs. If
- _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, this option is ignored.
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, this option is ignored.
+
login_class=login_class
BSD login class to use when setting resource limits and
nice value (optional). This option is only set on systems
argv_out
The NULL-terminated argument vector to pass to the _\be_\bx_\be_\bc_\bv_\be_\b(_\b)
- system call when executing the command. The plugin is
- responsible for allocating and populating the vector.
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ system call when executing the command. The plugin is
+ responsible for allocating and populating the vector.
+
user_env_out
The NULL-terminated environment vector to use when executing
the command. The plugin is responsible for allocating and
Returns 1 on success, 0 on failure and -1 on error. On error, the
plugin may optionally call the conversation or plugin_printf
function with SUDO_CONF_ERROR_MSG to present additional error
- information to the user.
-
-
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ information to the user.
+
invalidate
void (*invalidate)(int remove);
const char *msg;
};
- struct sudo_conv_reply {
-
1.8.0a2 June 9, 2010 10
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+
+ struct sudo_conv_reply {
char *reply;
};
I/O for logging before passing it on.
The log_ttyin function receives the raw user input from the terminal
- device (note that this will include input even when echo is disabled,
- such as when a password is read). The log_ttyout function receives
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ device (note that this will include input even when echo is disabled,
+ such as when a password is read). The log_ttyout function receives
output from the pseudo-tty that is suitable for replaying the user's
session at a later time. The log_stdin, log_stdout and log_stderr
functions are only called if the standard input, standard output or
plugin_printf
A pointer to a printf-style function that may be used by the
_\bs_\bh_\bo_\bw_\b__\bv_\be_\br_\bs_\bi_\bo_\bn function to display version information (see
- show_version below). The plugin_printf function may also be
- used to display additional error message to the user.
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ show_version below). The plugin_printf function may also be
+ used to display additional error message to the user.
+
settings
A vector of user-supplied s\bsu\bud\bdo\bo settings in the form of
"name=value" strings. The vector is terminated by a NULL
The function arguments are as follows:
- exit_status
- The command's exit status, as returned by the _\bw_\ba_\bi_\bt(2) system
- call. The value of exit_status is undefined if error is non-
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ exit_status
+ The command's exit status, as returned by the _\bw_\ba_\bi_\bt(2) system
+ call. The value of exit_status is undefined if error is non-
zero.
error
log_stdin
int (*log_stdin)(const char *buf, unsigned int len);
- The _\bl_\bo_\bg_\b__\bs_\bt_\bd_\bi_\bn function is only used if the standard input does not
- correspond to a tty device. It is called whenever data can be read
- from the standard input but before it is passed to the running
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ The _\bl_\bo_\bg_\b__\bs_\bt_\bd_\bi_\bn function is only used if the standard input does not
+ correspond to a tty device. It is called whenever data can be read
+ from the standard input but before it is passed to the running
command. This allows the plugin to reject data if it chooses to
(for instance if the input contains banned content). Returns 1 if
the data should be passed to the command, 0 if the data is rejected
-
-
-
1.8.0a2 June 9, 2010 15
plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR
or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR
may be fully qualified or relative. If not fully qualified it is
-relative to the \fI@prefix@/libexec\fR directory. Any additional parameters
-after the \fIpath\fR are ignored.
+relative to the \fI@prefix@/libexec\fR directory. Any additional
+parameters after the \fIpath\fR are ignored. Lines that don't begin
+with \f(CW\*(C`Plugin\*(C'\fR or \f(CW\*(C`Path\*(C'\fR are silently ignored.
.PP
The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid
\& #
\& # Format:
\& # Plugin plugin_name plugin_path
+\& # Path askpass /path/to/askpass
\& #
\& # The plugin_path is relative to @prefix@/libexec unless
\& # fully qualified.
plugin. The I<symbol_name> is the name of the C<struct policy_plugin>
or C<struct io_plugin> in the plugin shared object. The I<path>
may be fully qualified or relative. If not fully qualified it is
-relative to the F<@prefix@/libexec> directory. Any additional parameters
-after the I<path> are ignored.
+relative to the F<@prefix@/libexec> directory. Any additional
+parameters after the I<path> are ignored. Lines that don't begin
+with C<Plugin> or C<Path> are silently ignored.
The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid
#
# Format:
# Plugin plugin_name plugin_path
+ # Path askpass /path/to/askpass
#
# The plugin_path is relative to @prefix@/libexec unless
# fully qualified.
return -1;
}
-#if 0 /* XXX - checks need to be done in main driver */
- /* If user specified -A, make sure we have an askpass helper. */
- if (ISSET(tgetpass_flags, TGP_ASKPASS)) {
- if (user_askpass == NULL)
- log_error(NO_MAIL,
- "no askpass program specified, try setting SUDO_ASKPASS");
- } else if (!ISSET(tgetpass_flags, TGP_STDIN)) {
- /* If no tty but DISPLAY is set, use askpass if we have it. */
- if (!user_ttypath && !tty_present()) {
- if (user_askpass && user_display && *user_display != '\0') {
- SET(tgetpass_flags, TGP_ASKPASS);
- } else if (!def_visiblepw) {
- log_error(NO_MAIL,
- "no tty present and no askpass program specified");
- }
- }
- }
-
- if (!ISSET(tgetpass_flags, TGP_ASKPASS))
-#endif
- lecture(status);
+ /* XXX - should not lecture if askpass help is being used. */
+ lecture(status);
/* Expand any escapes in the prompt. */
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
"type", T_STR,
"SELinux type to use in the new security context: %s",
NULL,
- }, {
- "askpass", T_STR|T_PATH|T_BOOL,
- "Path to the askpass helper program: %s",
- NULL,
}, {
"env_file", T_STR|T_PATH|T_BOOL,
"Path to the sudo-specific environment file: %s",
#define I_ROLE 64
#define def_type (sudo_defs_table[65].sd_un.str)
#define I_TYPE 65
-#define def_askpass (sudo_defs_table[66].sd_un.str)
-#define I_ASKPASS 66
-#define def_env_file (sudo_defs_table[67].sd_un.str)
-#define I_ENV_FILE 67
-#define def_sudoers_locale (sudo_defs_table[68].sd_un.str)
-#define I_SUDOERS_LOCALE 68
-#define def_visiblepw (sudo_defs_table[69].sd_un.flag)
-#define I_VISIBLEPW 69
-#define def_pwfeedback (sudo_defs_table[70].sd_un.flag)
-#define I_PWFEEDBACK 70
-#define def_fast_glob (sudo_defs_table[71].sd_un.flag)
-#define I_FAST_GLOB 71
-#define def_umask_override (sudo_defs_table[72].sd_un.flag)
-#define I_UMASK_OVERRIDE 72
-#define def_log_input (sudo_defs_table[73].sd_un.flag)
-#define I_LOG_INPUT 73
-#define def_log_output (sudo_defs_table[74].sd_un.flag)
-#define I_LOG_OUTPUT 74
-#define def_compress_io (sudo_defs_table[75].sd_un.flag)
-#define I_COMPRESS_IO 75
-#define def_use_pty (sudo_defs_table[76].sd_un.flag)
-#define I_USE_PTY 76
+#define def_env_file (sudo_defs_table[66].sd_un.str)
+#define I_ENV_FILE 66
+#define def_sudoers_locale (sudo_defs_table[67].sd_un.str)
+#define I_SUDOERS_LOCALE 67
+#define def_visiblepw (sudo_defs_table[68].sd_un.flag)
+#define I_VISIBLEPW 68
+#define def_pwfeedback (sudo_defs_table[69].sd_un.flag)
+#define I_PWFEEDBACK 69
+#define def_fast_glob (sudo_defs_table[70].sd_un.flag)
+#define I_FAST_GLOB 70
+#define def_umask_override (sudo_defs_table[71].sd_un.flag)
+#define I_UMASK_OVERRIDE 71
+#define def_log_input (sudo_defs_table[72].sd_un.flag)
+#define I_LOG_INPUT 72
+#define def_log_output (sudo_defs_table[73].sd_un.flag)
+#define I_LOG_OUTPUT 73
+#define def_compress_io (sudo_defs_table[74].sd_un.flag)
+#define I_COMPRESS_IO 74
+#define def_use_pty (sudo_defs_table[75].sd_un.flag)
+#define I_USE_PTY 75
enum def_tupple {
never,
type
T_STR
"SELinux type to use in the new security context: %s"
-askpass
- T_STR|T_PATH|T_BOOL
- "Path to the askpass helper program: %s"
env_file
T_STR|T_PATH|T_BOOL
"Path to the sudo-specific environment file: %s"
#endif
#ifdef ENV_EDITOR
def_env_editor = TRUE;
-#endif
-#ifdef _PATH_SUDO_ASKPASS
- def_askpass = estrdup(_PATH_SUDO_ASKPASS);
#endif
def_sudoers_locale = estrdup("C");
def_env_reset = TRUE;
for (ep = envp; *ep; ep++) {
/* XXX - don't fill in if empty string */
switch (**ep) {
- case 'D':
- if (strncmp("DISPLAY=", *ep, 8) == 0)
- user_display = *ep + 8;
- break;
case 'K':
if (strncmp("KRB5CCNAME=", *ep, 11) == 0)
user_ccname = *ep + 11;
user_prompt = *ep + 12;
else if (strncmp("SUDO_USER=", *ep, 10) == 0)
prev_user = *ep + 10;
- else if (strncmp("SUDO_ASKPASS=", *ep, 13) == 0)
- user_askpass = *ep + 13;
break;
}
}
char *cmnd_safe;
char *class_name;
char *krb5_ccname;
- char *display;
- char *askpass;
int closefrom;
int ngroups;
uid_t uid;
#define user_host (sudo_user.host)
#define user_shost (sudo_user.shost)
#define user_ccname (sudo_user.krb5_ccname)
-#define user_display (sudo_user.display)
-#define user_askpass (sudo_user.askpass)
#define safe_cmnd (sudo_user.cmnd_safe)
#define login_class (sudo_user.class_name)
#define runas_pw (sudo_user._runas_pw)
if (*cp == '\0')
continue;
- /* Look for a line starting with "Plugin" */
- if (strncasecmp(cp, "Plugin", 6) != 0)
+ /* Look for a line starting with "Path" */
+ if (strncasecmp(cp, "Path", 4) == 0) {
+ /* Parse line */
+ if ((name = strtok(cp + 4, " \t")) == NULL ||
+ (path = strtok(NULL, " \t")) == NULL) {
+ continue;
+ }
+ if (strcasecmp(name, "askpass") != 0)
+ continue;
+ /* XXX - Just set in environment for now */
+ setenv("SUDO_ASKPASS", path, 0);
continue;
+ }
- /* Parse line */
- if ((name = strtok(cp + 6, " \t")) == NULL ||
- (path = strtok(NULL, " \t")) == NULL) {
+ /* Look for a line starting with "Plugin" */
+ if (strncasecmp(cp, "Plugin", 6) == 0) {
+ /* Parse line */
+ if ((name = strtok(cp + 6, " \t")) == NULL ||
+ (path = strtok(NULL, " \t")) == NULL) {
+ continue;
+ }
+ info = emalloc(sizeof(*info));
+ info->symbol_name = estrdup(name);
+ info->path = estrdup(path);
+ info->prev = info;
+ info->next = NULL;
+ tq_append(&pil, info);
continue;
}
-
- info = emalloc(sizeof(*info));
- info->symbol_name = estrdup(name);
- info->path = estrdup(path);
- info->prev = info;
- info->next = NULL;
- tq_append(&pil, info);
}
fclose(fp);
sudo_settings[ARG_IMPLIED_SHELL].value = "true";
}
+#ifndef _PATH_SUDO_ASKPASS
+ if (ISSET(tgetpass_flags, TGP_ASKPASS) && !getenv("SUDO_ASKPASS"))
+ errorx(1, "no askpass program specified, try setting SUDO_ASKPASS");
+#endif
+
if (mode == MODE_HELP)
usage(0);
(void) fflush(stdout);
- /* If using a helper program to get the password, run it instead. */
- /* XXX - askpass may be set by policy */
- if (ISSET(flags, TGP_ASKPASS)) {
- if (!askpass) {
- askpass = getenv("SUDO_ASKPASS");
+ if (askpass == NULL) {
+ askpass = getenv("SUDO_ASKPASS");
#ifdef _PATH_SUDO_ASKPASS
- if (!askpass)
- askpass = _PATH_SUDO_ASKPASS;
+ if (askpass == NULL)
+ askpass = _PATH_SUDO_ASKPASS;
#endif
+ }
+
+ /* If no tty present and we need to disable echo, try askpass. */
+ if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS) && !tty_present()) {
+ if (askpass == NULL || getenv("DISPLAY") == NULL) {
+ warningx("no tty present and no askpass program specified");
+ return(NULL);
}
+ SET(flags, TGP_ASKPASS);
+ }
+
+ /* If using a helper program to get the password, run it instead. */
+ if (ISSET(flags, TGP_ASKPASS)) {
if (askpass && *askpass)
return(sudo_askpass(askpass, prompt));
}
projects / sudo / commitdiff