and the
.Nm sudoers
plugin is
-.Em subsystem Ns No @ Ns Em priority
+.Em subsystem Ns @ Ns Em priority
but a plugin is free to use a different format so long as it does
not include a comma
.Pq Ql \&, .
.Nd execute a command as another user
.Sh SYNOPSIS
.Nm sudo
-.Fl h No | Fl K No | Fl k No | Fl V
+.Fl h | K | k | V
.Nm sudo
.Fl v
.Op Fl AknS
.Op Fl t Ar type
.Op Fl u Ar user
.Op Ar VAR Ns = Ns Ar value
-.Op Fl i No | Fl s
+.Op Fl i | s
.Op Ar command
.Nm sudoedit
.Op Fl AknS
.Nm sudo
requires a password, it will read it from the user's terminal.
If the
-.Fl A No ( Em askpass Ns No )
+.Fl A Pq Em askpass
option is specified, a (possibly graphical) helper program is
executed to read the user's password and output the password to the
standard output.
If no askpass program is available,
.Nm sudo
will exit with an error.
-.It Fl a Ar type , Fl -auth-type Ns No = Ns Ar type
+.It Fl a Ar type , Fl -auth-type Ns = Ns Ar type
Use the specified BSD authentication
.Ar type
when validating the user, if allowed by
.Nm sudo .
Most interactive commands will fail to work properly in background
mode.
-.It Fl C Ar num , Fl -close-from Ns No = Ns Ar num
+.It Fl C Ar num , Fl -close-from Ns = Ns Ar num
Close all file descriptors greater than or equal to
.Ar num
before executing a command.
option when the administrator has enabled the
.Em closefrom_override
option.
-.It Fl c Ar class , Fl -login-class Ns No = Ns Ar class
+.It Fl c Ar class , Fl -login-class Ns = Ns Ar class
Run the command with resource limits and scheduling priority of
the specified login
.Ar class .
is unable to update a file with its edited version, the user will
receive a warning and the edited copy will remain in a temporary
file.
-.It Fl g Ar group , Fl -group Ns No = Ns Ar group
+.It Fl g Ar group , Fl -group Ns = Ns Ar group
Run the command with the primary group set to
.Ar group
instead of the primary group specified by the target
Depending on the policy, this may be the default behavior.
.It Fl h , -help
Display a short help message to the standard output and exit.
-.It Fl h Ar host , Fl -host Ns No = Ns Ar host
+.It Fl h Ar host , Fl -host Ns = Ns Ar host
Run the command on the specified
.Ar host
if the security policy plugin supports remote commands.
target user is a member of.
The real and effective group IDs, however, are still set to match
the target user.
-.It Fl p Ar prompt , Fl -prompt Ns No = Ns Ar prompt
+.It Fl p Ar prompt , Fl -prompt Ns = Ns Ar prompt
Use a custom password prompt with optional escape sequences.
The following percent
.Pq Ql %
.Em passprompt_override
flag is disabled in
.Em sudoers .
-.It Fl r Ar role , Fl -role Ns No = Ns Ar role
+.It Fl r Ar role , Fl -role Ns = Ns Ar role
Run the command with an SELinux security context that includes
the specified
.Ar role .
.Fl c
option.
If no command is specified, an interactive shell is executed.
-.It Fl t Ar type , Fl -type Ns No = Ns Ar type
+.It Fl t Ar type , Fl -type Ns = Ns Ar type
Run the command with an SELinux security context that includes
the specified
.Ar type .
If no
.Ar type
is specified, the default type is derived from the role.
-.It Fl U Ar user , Fl -other-user Ns No = Ns Ar user
+.It Fl U Ar user , Fl -other-user Ns = Ns Ar user
Used in conjunction with the
.Fl l
option to list the privileges for
policy only allows root or a user with the
.Li ALL
privilege on the current host to use this option.
-.It Fl u Ar user , Fl -user Ns No = Ns Ar user
+.It Fl u Ar user , Fl -user Ns = Ns Ar user
Run the command as a user other than the default target user
(usually
.Em root ).
.Pp
Environment variables to be set for the command may also be passed
on the command line in the form of
-.Ar VAR Ns No = Ns Ar value ,
+.Ar VAR Ns = Ns Ar value ,
e.g.\&
-.Ev LD_LIBRARY_PATH Ns No = Ns Pa /usr/local/pkg/lib .
+.Ev LD_LIBRARY_PATH Ns = Ns Pa /usr/local/pkg/lib .
Variables passed on the command line are subject to restrictions
imposed by the security policy plugin.
The
or
.Li sudo sh ,
subsequent commands run from that shell are not subject to
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
security policy.
The same is true for commands that offer shell escapes (including
most editors).
.Nm sudo .
Also, many programs (such as editors) allow the user to run commands
via shell escapes, thus avoiding
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
checks.
However, on most systems it is possible to prevent shell escapes with the
.Xr sudoers @mansectform@
Returns 0 on success and \-1 on failure.
.It plugin_printf
A pointer to a
-.Fn printf Ns No -style
+.Fn printf Ns -style
function that may be used to display informational or error messages
(see below).
Returns the number of characters printed on success and \-1 on failure.
list.
.It debug_flags=string
A comma-separated list of debug flags that correspond to
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Li Debug
entry in
.Xr sudo.conf @mansectform@ ,
and the
.Nm sudoers
plugin is
-.Em subsystem Ns No @ Ns Em priority
+.Em subsystem Ns @ Ns Em priority
but the plugin is free to use a different
format so long as it does not include a comma
.Pq Ql ,\& .
passed as arguments to the plugin.
These arguments are split on a white space boundary and are passed to
the plugin in the form of a
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
array of strings.
If no arguments were
specified,
.El
.It user_env
The user's environment in the form of a
-.Dv NULL Ns No -terminated vector of
+.Dv NULL Ns -terminated vector of
.Dq name=value
strings.
.Pp
.It env_add
Additional environment variables specified by the user on the command
line in the form of a
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
vector of
.Dq name=value
strings.
Unsupported values will be ignored.
.It argv_out
The
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
argument vector to pass to the
.Xr execve 2
system call when executing the command.
The plugin is responsible for allocating and populating the vector.
.It user_env_out
The
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
environment vector to use when executing the command.
The plugin is responsible for allocating and populating the vector.
.El
.Em user_env
argument points to the environment the command will
run in, in the form of a
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
vector of
.Dq name=value
strings.
function returns 0 on success and \-1 on failure.
.It plugin_printf
A pointer to a
-.Fn printf Ns No -style
+.Fn printf Ns -style
function that may be used by the
.Fn show_version
function to display version information (see
system call.
.It user_env
The user's environment in the form of a
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
vector of
.Dq name=value
strings.
treated as arguments to the plugin.
These arguments are split on a white space boundary and are passed to
the plugin in the form of a
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
array of strings.
If no arguments were specified,
.Em plugin_options
if one is to be printed.
.Pp
A
-.Fn printf Ns No -style
+.Fn printf Ns -style
function is also available that can be used to display informational
or error messages to the user, which is usually more convenient for
simple messages where no use input is required.
Pointers to the
.Fn conversation
and
-.Fn printf Ns No -style
+.Fn printf Ns -style
functions are passed
in to the plugin's
.Fn open
function when clearing passwords filled in by the conversation function.
.Pp
The
-.Fn printf Ns No -style
+.Fn printf Ns -style
function uses the same underlying mechanism as the
.Fn conversation
function but only supports
.Nm sudoers .
.It plugin_printf
A pointer to a
-.Fn printf Ns No -style
+.Fn printf Ns -style
function that may be used to display informational or error message to the user.
Returns the number of characters printed on success and \-1 on failure.
.It argv
A
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
array of arguments generated from the
.Em group_plugin
option in
Another major difference between LDAP and file-based
.Em sudoers
is that in LDAP,
-.Nm sudo Ns No -specific
+.Nm sudo Ns -specific
Aliases are not supported.
.Pp
For the most part, there is really no need for
-.Nm sudo Ns No -specific
+.Nm sudo Ns -specific
Aliases.
Unix groups, non-Unix groups (via the
.Em group_plugin )
or user netgroups can be used in place of User_Aliases and Runas_Aliases.
Host netgroups can be used in place of Host_Aliases.
Since groups and netgroups can also be stored in LDAP there is no real need for
-.Nm sudo Ns No -specific
+.Nm sudo Ns -specific
aliases.
.Pp
Cmnd_Aliases are not really required either since it is possible
.Ed
.Ss Sudoers schema
In order to use
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
LDAP support, the
.Nm sudo
schema must be
file for LDAP-specific configuration.
Typically, this file is shared between different LDAP-aware clients.
As such, most of the settings are not
-.Nm sudo Ns No -specific.
+.Nm sudo Ns -specific.
Note that
.Nm sudo
parses
parameter specifies the amount of time, in seconds, to wait while trying
to connect to an LDAP server.
If multiple
-.Sy URI Ns No s
+.Sy URI Ns s
or
-.Sy HOST Ns No s
+.Sy HOST Ns s
are specified, this is the amount of time to wait before trying
the next one in the list.
.It Sy NETWORK_TIMEOUT Ar seconds
to preserve them.
.Pp
As a special case, if
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Fl i
option (initial login) is
specified,
and
.Ql %:#
respectively) and
-.Li User_Alias Ns No es.
+.Li User_Alias Ns es.
Each list item may be prefixed with zero or more
.Ql \&!
operators.
.Li User_List
except that instead
of
-.Li User_Alias Ns No es
+.Li User_Alias Ns es
it can contain
-.Li Runas_Alias Ns No es .
+.Li Runas_Alias Ns es .
Note that
user names and groups are matched as strings.
In other words, two
A fully-specified
.Li Runas_Spec
consists of two
-.Li Runas_List Ns No s
+.Li Runas_List Ns s
(as defined above) separated by a colon
.Pq Ql :\&
and enclosed in a set of parentheses.
.Li Runas_List
indicates
which users the command may be run as via
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Fl u
option.
The second defines a list of groups that can be specified via
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Fl g
option.
If both
-.Li Runas_List Ns No s
+.Li Runas_List Ns s
are specified, the command may be run with any combination of users
and groups listed in their respective
-.Li Runas_List Ns No s.
+.Li Runas_List Ns s.
If only the first is specified, the command may be run as any user
in the list but no
.Fl g
with the group set to any listed in the
.Li Runas_List .
If both
-.Li Runas_List Ns No s
+.Li Runas_List Ns s
are empty, the command may only be run as the invoking user.
If no
.Li Runas_Spec
.Pa /bin/ls ,
.Pa /bin/kill ,
and
-.Pa /usr/bin/lprm Ns No \(em Ns but
+.Pa /usr/bin/lprm Ns \(em Ns but
only as
.Sy operator .
E.g.,
Once a tag is set on a
.Li Cmnd ,
subsequent
-.Li Cmnd Ns No s
+.Li Cmnd Ns s
in the
.Li Cmnd_Spec_List ,
inherit the tag unless it is overridden by the opposite tag (in other words,
.Ql )\& ,
.Ql \e .
.Sh SUDOERS OPTIONS
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
behavior can be modified by
.Li Default_Entry
lines, as explained earlier.
by default.
.It closefrom_override
If set, the user may use
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Fl C
option which overrides the default starting point at which
.Nm sudo
.Pp
In addition to the escape sequences, path names that end in six or
more
-.Li X Ns No s
+.Li X Ns s
will have the
-.Li X Ns No s
+.Li X Ns s
replaced with a unique combination of digits and letters, similar to the
.Xr mktemp 3
function.
.Em iolog_file
ends in six or
more
-.Li X Ns No s .
+.Li X Ns s .
.It lecture_status_dir
The directory in which
.Nm sudo
.Em env_reset
option is in effect.
This allows fine-grained control over the environment
-.Nm sudo Ns No -spawned
+.Nm sudo Ns -spawned
processes will receive.
The argument may be a double-quoted, space-separated list or a
single value without double-quotes.
.Em passwd_tries
option.
.It a password is required
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Fl n
option was specified but a password was required.
.It sorry, you are not allowed to set the following environment variables
it pleases, including run other programs.
This can be a security issue since it is not uncommon for a program to
allow shell escapes, which lets a user bypass
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
access control and logging.
Common programs that permit shell escapes include shells (obviously),
editors, paginators, mail and terminal programs.
.Ev LD_PRELOAD )
to an alternate shared library.
On such systems,
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
.Em noexec
functionality can be used to prevent a program run by
.Nm sudo
plugin uses the same debug flag format as the
.Nm sudo
front-end:
-.Em subsystem Ns No @ Ns Em priority .
+.Em subsystem Ns @ Ns Em priority .
.Pp
The priorities used by
.Nm sudoers ,
The
.Em ID
may also be determined using
-.Nm sudoreplay Ns No 's
+.Nm sudoreplay Ns 's
list mode.
.Pp
In list mode,
.Bl -tag -width 12n
.It So Li \en Sc No or So Li \er Sc
Skip to the next replay event; useful for long pauses.
-.It So Li \ Sc No (space)
+.It So Li \ Sc Pq space
Pause output; press any key to resume.
.It Ql <
Reduce the playback speed by one half.
.Pp
The options are as follows:
.Bl -tag -width Fl
-.It Fl d Ar dir , Fl -directory Ns No = Ns Ar dir
+.It Fl d Ar dir , Fl -directory Ns = Ns Ar dir
Store session logs in
.Ar dir
instead of the default,
.Pa @iolog_dir@ .
-.It Fl f Ar filter , Fl -filter Ns No = Ns Ar filter
+.It Fl f Ar filter , Fl -filter Ns = Ns Ar filter
Select which I/O type(s) to display.
By default,
.Nm sudoreplay
If an error is encountered,
.Nm visudo
will exit with a value of 1.
-.It Fl f Ar sudoers , Fl -file Ns No = Ns Ar sudoers
+.It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers
Specify an alternate
.Em sudoers
file location.
and
.Em sudoers
grammar versions and exit.
-.It Fl x Ar file , Fl -export Ns No = Ns Ar file
+.It Fl x Ar file , Fl -export Ns = Ns Ar file
Export
.Em sudoers
in JSON format and write it to
projects / sudo / commitdiff