sudo - execute a command as another user
S\bS\bS\bSY\bY\bY\bYN\bN\bN\bNO\bO\bO\bOP\bP\bP\bPS\bS\bS\bSI\bI\bI\bIS\bS\bS\bS
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo -\b-\b-\b-V\bV\bV\bV | -\b-\b-\b-h\bh\bh\bh | -\b-\b-\b-l\bl\bl\bl | -\b-\b-\b-L\bL\bL\bL | -\b-\b-\b-v\bv\bv\bv | -\b-\b-\b-k\bk\bk\bk | -\b-\b-\b-K\bK\bK\bK | -\b-\b-\b-s\bs\bs\bs | -\b-\b-\b-H\bH\bH\bH | [ -\b-\b-\b-b\bb\bb\bb ] |
- [ -\b-\b-\b-p\bp\bp\bp prompt ] [ -\b-\b-\b-u\bu\bu\bu username/#uid] _\bc_\bo_\bm_\bm_\ba_\bn_\bd
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo -\b-\b-\b-V\bV\bV\bV | -\b-\b-\b-h\bh\bh\bh | -\b-\b-\b-l\bl\bl\bl | -\b-\b-\b-L\bL\bL\bL | -\b-\b-\b-v\bv\bv\bv | -\b-\b-\b-k\bk\bk\bk | -\b-\b-\b-K\bK\bK\bK | -\b-\b-\b-s\bs\bs\bs | [ -\b-\b-\b-H\bH\bH\bH ] [-\b-\b-\b-S\bS\bS\bS ]
+ [ -\b-\b-\b-b\bb\bb\bb ] | [ -\b-\b-\b-p\bp\bp\bp prompt ] [ -\b-\b-\b-u\bu\bu\bu username/#uid ] _\bc_\bo_\bm_\bm_\ba_\bn_\bd
D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows a permitted user to execute a _\bc_\bo_\bm_\bm_\ba_\bn_\bd as the
-15/Feb/2000 1.6.3 1
+26/Feb/2000 1.6.3 1
default) as specified in _\bp_\ba_\bs_\bs_\bw_\bd(5). By default, s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo
does not modify _\bH_\bO_\bM_\bE.
+ -S The -S (_\bs_\bt_\bd_\bi_\bn) option causes s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to read the password
+ from standard input instead of the terminal device.
+
-- The -- flag indicates that s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo should stop processing
command line arguments. It is most useful in
conjunction with the -s flag.
R\bR\bR\bRE\bE\bE\bET\bT\bT\bTU\bU\bU\bUR\bR\bR\bRN\bN\bN\bN V\bV\bV\bVA\bA\bA\bAL\bL\bL\bLU\bU\bU\bUE\bE\bE\bES\bS\bS\bS
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo quits with an exit value of 1 if there is a
- configuration/permission problem or if s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot execute
- the given command. In the latter case the error string is
- printed to stderr. If s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot _\bs_\bt_\ba_\bt(2) one or more
-15/Feb/2000 1.6.3 2
+26/Feb/2000 1.6.3 2
sudo(8) MAINTENANCE COMMANDS sudo(8)
+ configuration/permission problem or if s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot execute
+ the given command. In the latter case the error string is
+ printed to stderr. If s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo cannot _\bs_\bt_\ba_\bt(2) one or more
entries in the user's PATH an error is printed on stderr.
(If the directory does not exist or if it is not really a
directory, the entry is ignored and no error is printed.)
instance) or create /tmp/.odus with the appropriate owner
(root) and permissions (0700) in the system startup files.
- s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will not honor timestamps set far in the future.
- Timestamps with a date greater than current_time + 2 *
-
-15/Feb/2000 1.6.3 3
+26/Feb/2000 1.6.3 3
sudo(8) MAINTENANCE COMMANDS sudo(8)
+ s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will not honor timestamps set far in the future.
+ Timestamps with a date greater than current_time + 2 *
TIMEOUT will be ignored and sudo will log and complain.
This is done to keep a user from creating his/her own
timestamp with a bogus date on system that allow users to
SUDO_PS1 If set, PS1 will be set to its value
-F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
-
-15/Feb/2000 1.6.3 4
+26/Feb/2000 1.6.3 4
sudo(8) MAINTENANCE COMMANDS sudo(8)
+F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
/etc/sudoers List of who can run what
/var/run/sudo Directory containing timestamps
escapes.
If users have sudo ALL there is nothing to prevent them
- from creating their own program that gives them a root
-15/Feb/2000 1.6.3 5
+26/Feb/2000 1.6.3 5
sudo(8) MAINTENANCE COMMANDS sudo(8)
+ from creating their own program that gives them a root
shell regardless of any '!' elements in the user
specification.
-
-15/Feb/2000 1.6.3 6
+26/Feb/2000 1.6.3 6
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
-''' Revision 1.44 2000/02/16 00:07:28 millert
-''' crank versino to 1.6.3
+''' Revision 1.45 2000/02/27 03:56:40 millert
+''' document -S flag
'''
'''
.de Sh
.nr % 0
.rr F
.\}
-.TH sudo 8 "1.6.3" "15/Feb/2000" "MAINTENANCE COMMANDS"
+.TH sudo 8 "1.6.3" "26/Feb/2000" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.if n .na
.SH "NAME"
sudo \- execute a command as another user
.SH "SYNOPSIS"
-\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \fB\-H\fR |
-[ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
+\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR |
+[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ]
+[ \fB\-u\fR username/#uid ] \fIcommand\fR
.SH "DESCRIPTION"
\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
superuser or another user, as specified in the sudoers file. The
The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable
to the homedir of the target user (root by default) as specified
in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR.
+.Ip "-S" 4
+The \f(CW-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
+standard input instead of the terminal device.
.Ip "--" 4
The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command
line arguments. It is most useful in conjunction with the \f(CW-s\fR flag.
.IX Item "-H"
+.IX Item "-S"
+
.IX Item "--"
.IX Header "RETURN VALUES"
=head1 SYNOPSIS
-B<sudo> B<-V> | B<-h> | B<-l> | B<-L> | B<-v> | B<-k> | B<-K> | B<-s> | B<-H> |
-[ B<-b> ] | [ B<-p> prompt ] [ B<-u> username/#uid] I<command>
+B<sudo> B<-V> | B<-h> | B<-l> | B<-L> | B<-v> | B<-k> | B<-K> | B<-s> |
+[ B<-H> ] [B<-S> ] [ B<-b> ] | [ B<-p> prompt ]
+[ B<-u> username/#uid ] I<command>
=head1 DESCRIPTION
to the homedir of the target user (root by default) as specified
in passwd(5). By default, B<sudo> does not modify I<HOME>.
+=item -S
+
+The C<-S> (I<stdin>) option causes B<sudo> to read the password from
+standard input instead of the terminal device.
+
=item --
The C<--> flag indicates that B<sudo> should stop processing command