From: Todd C. Miller Date: Mon, 17 May 2004 22:33:01 +0000 (+0000) Subject: regen X-Git-Tag: SUDO_1_6_8~123 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1a998e47d01600a32e827b509d895905d996ae7a;p=sudo regen --- diff --git a/sudo.cat b/sudo.cat index 6ad949a2c..8d06bd13b 100644 --- a/sudo.cat +++ b/sudo.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.6.8 February 13, 2004 1 +1.6.8 May 17, 2004 1 @@ -78,7 +78,7 @@ OOPPTTIIOONNSS -H The --HH (_H_O_M_E) option sets the HOME environment vari­ able to the homedir of the target user (root by - default) as specified in _p_a_s_s_w_d(4). By default, ssuuddoo + default) as specified in passwd(4). By default, ssuuddoo does not modify HOME. -K The --KK (sure _k_i_l_l) option to ssuuddoo removes the user's @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.6.8 February 13, 2004 2 +1.6.8 May 17, 2004 2 @@ -176,7 +176,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -h The --hh (_h_e_l_p) option causes ssuuddoo to print a usage mes­ sage and exit. - -i The -i (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell + -i The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell specified in the passwd(4) entry of the user that the command is being run as. The command name argument given to the shell begins with a - to tell the shell @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.6.8 February 13, 2004 3 +1.6.8 May 17, 2004 3 @@ -229,12 +229,12 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) fully qualified or the _f_q_d_n sudoers option is set) - %% two consecutive % characters are collasped + %% two consecutive % characters are collapsed into a single % character -s The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L environment variable if it is set or the shell - as specified in _p_a_s_s_w_d(4). + as specified in passwd(4). -u The --uu (_u_s_e_r) option causes ssuuddoo to run the specified command as a user other than _r_o_o_t. To specify a _u_i_d @@ -259,7 +259,7 @@ RREETTUURRNN VVAALLUUEESS -1.6.8 February 13, 2004 4 +1.6.8 May 17, 2004 4 @@ -325,7 +325,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.6.8 February 13, 2004 5 +1.6.8 May 17, 2004 5 @@ -361,7 +361,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) user an effective root shell. EEXXAAMMPPLLEESS - Note: the following examples assume suitable _s_u_d_o_e_r_s(4) + Note: the following examples assume suitable sudoers(4) entries. To get a file listing of an unreadable directory: @@ -369,7 +369,7 @@ EEXXAAMMPPLLEESS % sudo ls /usr/local/protected To list the home directory of user yazza on a machine - where the filesystem holding ~yazza is not exported as + where the file system holding ~yazza is not exported as root: % sudo -u yazza ls ~yazza @@ -391,7 +391,7 @@ EEXXAAMMPPLLEESS -1.6.8 February 13, 2004 6 +1.6.8 May 17, 2004 6 @@ -430,8 +430,8 @@ EENNVVIIRROONNMMEENNTT is specified) VISUAL Default editor to use in -e (sudoedit) mode - =head1 FILES +FFIILLEESS /etc/sudoers List of who can run what /var/run/sudo Directory containing timestamps @@ -457,7 +457,7 @@ DDIISSCCLLAAIIMMEERR -1.6.8 February 13, 2004 7 +1.6.8 May 17, 2004 7 @@ -476,7 +476,7 @@ CCAAVVEEAATTSS user to run commands via shell escapes, thus avoiding ssuuddoo's checks. However, on most systems it is possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality. - See the _s_u_d_o_e_r_s(4) manual for details. + See the sudoers(4) manual for details. If users have sudo ALL there is nothing to prevent them from creating their own program that gives them a root @@ -489,8 +489,8 @@ CCAAVVEEAATTSS setuid shell scripts are generally safe). SSEEEE AALLSSOO - _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _s_u_d_o_e_r_s(4), - _p_a_s_s_w_d(5), _v_i_s_u_d_o(1m) + _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), sudoers(4), + passwd(4), visudo(1m) @@ -523,6 +523,6 @@ SSEEEE AALLSSOO -1.6.8 February 13, 2004 8 +1.6.8 May 17, 2004 8 diff --git a/sudo.man.in b/sudo.man.in index 867c81f40..2cb2844e5 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -18,7 +18,7 @@ .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .\" $Sudo$ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.13 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 .\" .\" Standard preamble: .\" ======================================================================== @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "February 13, 2004" "1.6.8" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "May 17, 2004" "1.6.8" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" @@ -213,7 +213,7 @@ or via the \fIsudoers\fR file. .IX Item "-H" The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable to the homedir of the target user (root by default) as specified -in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR. +in passwd(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR. .IP "\-K" 4 .IX Item "-K" The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp @@ -300,7 +300,7 @@ temporary file. The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. .IP "\-i" 4 .IX Item "-i" -The \f(CW\*(C`\-i\*(C'\fR (\fIsimulate initial login\fR) option runs the shell specified +The \fB\-i\fR (\fIsimulate initial login\fR) option runs the shell specified in the passwd(@mansectform@) entry of the user that the command is being run as. The command name argument given to the shell begins with a \f(CW\*(C`\-\*(C'\fR to tell the shell to run as a login shell. \fBsudo\fR @@ -351,7 +351,7 @@ sudoers option is set) .ie n .IP "\*(C`%%\*(C'" 8 .el .IP "\f(CW\*(C`%%\*(C'\fR" 8 .IX Item "%%" -two consecutive \f(CW\*(C`%\*(C'\fR characters are collasped into a single \f(CW\*(C`%\*(C'\fR character +two consecutive \f(CW\*(C`%\*(C'\fR characters are collapsed into a single \f(CW\*(C`%\*(C'\fR character .RE .RS 4 .RE @@ -359,7 +359,7 @@ two consecutive \f(CW\*(C`%\*(C'\fR characters are collasped into a single \f(CW .IX Item "-s" The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR environment variable if it is set or the shell as specified -in \fIpasswd\fR\|(@mansectform@). +in passwd(@mansectform@). .IP "\-u" 4 .IX Item "-u" The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command @@ -455,7 +455,7 @@ via \fBsudo\fR to verify that the command does not inadvertently give the user an effective root shell. .SH "EXAMPLES" .IX Header "EXAMPLES" -Note: the following examples assume suitable \fIsudoers\fR\|(@mansectform@) entries. +Note: the following examples assume suitable sudoers(@mansectform@) entries. .PP To get a file listing of an unreadable directory: .PP @@ -464,7 +464,7 @@ To get a file listing of an unreadable directory: .Ve .PP To list the home directory of user yazza on a machine where the -filesystem holding ~yazza is not exported as root: +file system holding ~yazza is not exported as root: .PP .Vb 1 \& % sudo -u yazza ls ~yazza @@ -541,11 +541,11 @@ to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. \& is specified) .Ve .PP -.Vb 2 +.Vb 1 \& VISUAL Default editor to use in -e (sudoedit) mode -\&=head1 FILES .Ve -.PP +.SH "FILES" +.IX Header "FILES" .Vb 2 \& @sysconfdir@/sudoers List of who can run what \& @timedir@ Directory containing timestamps @@ -580,7 +580,7 @@ if that user is allowed to run arbitrary commands via \fBsudo\fR. Also, many programs (such as editors) allow the user to run commands via shell escapes, thus avoiding \fBsudo\fR's checks. However, on most systems it is possible to prevent shell escapes with \fBsudo\fR's -\&\fInoexec\fR functionality. See the \fIsudoers\fR\|(@mansectform@) manual for details. +\&\fInoexec\fR functionality. See the sudoers(@mansectform@) manual for details. .PP If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from creating their own program that gives them a root shell regardless of any '!' @@ -592,4 +592,5 @@ that make setuid shell scripts unsafe on some operating systems are generally safe). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIsudoers\fR\|(@mansectform@), \fIpasswd\fR\|(5), \fIvisudo\fR\|(@mansectsu@) +\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \fIlogin_cap\fR\|(3), sudoers(@mansectform@), +passwd(@mansectform@), visudo(@mansectsu@) diff --git a/sudoers.cat b/sudoers.cat index 51e6eaeb4..e8f28fa5c 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.6.8 May 16, 2004 1 +1.6.8 May 17, 2004 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8 May 16, 2004 2 +1.6.8 May 17, 2004 2 @@ -154,7 +154,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) netmask may be specified either in dotted quad notation (e.g. 255.255.255.0) or CIDR notation (number of bits, e.g. 24). A hostname may include shell-style wildcards - (see `Wildcards' section below), but unless the hostname + (see the Wildcards section below), but unless the hostname command on your machine returns the fully qualified host­ name, you'll need to use the _f_q_d_n option for wildcards to be useful. @@ -174,26 +174,26 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) A Cmnd_List is a list of one or more commandnames, direc­ tories, and other aliases. A commandname is a fully qual­ ified filename which may include shell-style wildcards - (see `Wildcards' section below). A simple filename allows - the user to run the command with any arguments he/she - wishes. However, you may also specify command line argu­ - ments (including wildcards). Alternately, you can specify - "" to indicate that the command may only be run wwiitthhoouutt - command line arguments. A directory is a fully qualified - pathname ending in a '/'. When you specify a directory in - a Cmnd_List, the user will be able to run any file within - that directory (but not in any subdirectories therein). + (see the Wildcards section below). A simple filename + allows the user to run the command with any arguments + he/she wishes. However, you may also specify command line + arguments (including wildcards). Alternately, you can + specify "" to indicate that the command may only be run + wwiitthhoouutt command line arguments. A directory is a fully + qualified pathname ending in a '/'. When you specify a + directory in a Cmnd_List, the user will be able to run any + file within that directory (but not in any subdirectories + therein). If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following characters must - be escaped with a '\' if they are used in command argu­ - ments: ',', ':', '=', '\'. The special command "sudoedit" + be escaped with a '\' if they are used in command -1.6.8 May 16, 2004 3 +1.6.8 May 17, 2004 3 @@ -202,9 +202,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - is used to permit a user to run ssuuddoo with the --ee flag (or - as ssuuddooeeddiitt). It may take command line arguments just as - a normal command does. + arguments: ',', ':', '=', '\'. The special command + "sudoedit" is used to permit a user to run ssuuddoo with the + --ee flag (or as ssuuddooeeddiitt). It may take command line argu­ + ments just as a normal command does. DDeeffaauullttss @@ -255,11 +256,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) scheme (SS//KKeeyy or OOPPIIEE), a two-line prompt is used to make it easier to cut and paste the challenge to a local window. It's not as - pretty as the default but some people find it -1.6.8 May 16, 2004 4 +1.6.8 May 17, 2004 4 @@ -268,6 +268,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + pretty as the default but some people find it more convenient. This flag is _o_f_f by default. ignore_dot If set, ssuuddoo will ignore '.' or '' (current @@ -321,11 +322,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) may be overridden via the PASSWD and NOPASSWD tags. This flag is _o_n by default. - root_sudo If set, root is allowed to run ssuuddoo too. -1.6.8 May 16, 2004 5 +1.6.8 May 17, 2004 5 @@ -334,7 +334,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - Disabling this prevents users from "chaining" + root_sudo If set, root is allowed to run ssuuddoo too. Dis­ + abling this prevents users from "chaining" ssuuddoo commands to get a root shell by doing something like "sudo sudo /bin/sh". Note, however, that turning off _r_o_o_t___s_u_d_o will also @@ -386,12 +387,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) that they are not allowed to run it, which can be confusing. This flag is _o_f_f by default. - preserve_groups - By default ssuuddoo will initialize the group -1.6.8 May 16, 2004 6 + +1.6.8 May 17, 2004 6 @@ -400,12 +400,14 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - vector to the list of groups the target user - is in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the - user's existing group vector is left unal­ - tered. The real and effective group IDs, how­ - ever, are still set to match the target user. - This flag is _o_f_f by default. + preserve_groups + By default ssuuddoo will initialize the group vec­ + tor to the list of groups the target user is + in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's + existing group vector is left unaltered. The + real and effective group IDs, however, are + still set to match the target user. This flag + is _o_f_f by default. fqdn Set this flag if you want to put fully quali­ fied hostnames in the _s_u_d_o_e_r_s file. I.e., @@ -452,12 +454,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) rootpw If set, ssuuddoo will prompt for the root password instead of the password of the invoking user. - This flag is _o_f_f by default. - -1.6.8 May 16, 2004 7 +1.6.8 May 17, 2004 7 @@ -466,6 +466,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + This flag is _o_f_f by default. + runaspw If set, ssuuddoo will prompt for the password of the user defined by the _r_u_n_a_s___d_e_f_a_u_l_t option (defaults to root) instead of the password of @@ -518,12 +520,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) use_loginclass If set, ssuuddoo will apply the defaults specified for the target user's login class if one - exists. Only available if ssuuddoo is configured - with the --with-logincap option. This flag is -1.6.8 May 16, 2004 8 +1.6.8 May 17, 2004 8 @@ -532,13 +532,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + exists. Only available if ssuuddoo is configured + with the --with-logincap option. This flag is _o_f_f by default. noexec If set, all commands run via sudo will behave as if the NOEXEC tag has been set, unless overridden by a EXEC tag. See the description - of _N_O_E_X_E_C _a_n_d _E_X_E_C below as well as the PPRREE­­ - VVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS section at the end of + of _N_O_E_X_E_C _a_n_d _E_X_E_C below as well as the "PRE­ + VENTING SHELL ESCAPES" section at the end of this manual. This flag is _o_f_f by default. IInntteeggeerrss: @@ -583,13 +585,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) the machine. Default is *** SECURITY informa­ tion for %h ***. - badpass_message - Message that is displayed if a user enters an - incorrect password. The default is Sorry, try -1.6.8 May 16, 2004 9 + +1.6.8 May 17, 2004 9 @@ -598,6 +598,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + badpass_message + Message that is displayed if a user enters an + incorrect password. The default is Sorry, try again. unless insults are enabled. timestampdir @@ -649,13 +652,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) editor A colon (':') separated list of editors allowed to be used with vviissuuddoo. vviissuuddoo will - choose the editor that matches the user's USER - environment variable if possible, or the first - editor in the list that exists and is -1.6.8 May 16, 2004 10 +1.6.8 May 17, 2004 10 @@ -664,7 +664,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - executable. The default is the path to vi on + choose the editor that matches the user's USER + environment variable if possible, or the first + editor in the list that exists and is exe­ + cutable. The default is the path to vi on your system. noexec_file Path to a shared library containing dummy ver­ @@ -715,13 +718,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) quotes (") to protect against sudo interpret­ ing the @ sign. Defaults to root. - exempt_group - Users in this group are exempt from password - and PATH requirements. This is not set by -1.6.8 May 16, 2004 11 +1.6.8 May 17, 2004 11 @@ -730,6 +730,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + exempt_group + Users in this group are exempt from password + and PATH requirements. This is not set by default. verifypw This option controls when a password will be @@ -781,13 +784,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) contains % or / characters. This can be used to guard against printf-style format vulnera­ bilities in poorly-written programs. The - argument may be a double-quoted, space-sepa­ - rated list or a single value without dou­ - ble-quotes. The list can be replaced, added -1.6.8 May 16, 2004 12 +1.6.8 May 17, 2004 12 @@ -796,6 +796,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + argument may be a double-quoted, space-sepa­ + rated list or a single value without dou­ + ble-quotes. The list can be replaced, added to, deleted from, or disabled by using the =, +=, -=, and ! operators respectively. The default list of environment variables to check @@ -847,13 +850,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Runas_Spec ::= '(' Runas_List ')' - Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:') - A uusseerr ssppeecciiffiiccaattiioonn determines which commands a user may - -1.6.8 May 16, 2004 13 +1.6.8 May 17, 2004 13 @@ -862,6 +862,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:') + + A uusseerr ssppeecciiffiiccaattiioonn determines which commands a user may run (and as what user) on specified hosts. By default, commands are run as rroooott, but this can be changed on a per-command basis. @@ -882,7 +885,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The user ddggbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m -- but only as ooppeerraattoorr. E.g., - sudo -u operator /bin/ls. + $ sudo -u operator /bin/ls. It is also possible to override a Runas_Spec later on in an entry. If we modify the entry like so: @@ -913,13 +916,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm would allow the user rraayy to run _/_b_i_n_/_k_i_l_l, _/_b_i_n_/_l_s, and - _/_u_s_r_/_b_i_n_/_l_p_r_m as root on the machine rushmore as rroooott - without authenticating himself. If we only want rraayy to be - able to run _/_b_i_n_/_k_i_l_l without a password the entry would -1.6.8 May 16, 2004 14 +1.6.8 May 17, 2004 14 @@ -928,6 +928,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + _/_u_s_r_/_b_i_n_/_l_p_r_m as root on the machine rushmore as rroooott + without authenticating himself. If we only want rraayy to be + able to run _/_b_i_n_/_k_i_l_l without a password the entry would be: ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm @@ -955,16 +958,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi - See the PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS section below for more + See the "PREVENTING SHELL ESCAPES" section below for more details on how _n_o_e_x_e_c works and whether or not it will work on your system. - WWiillddccaarrddss ((aakkaa mmeettaa cchhaarraacctteerrss)):: + WWiillddccaarrddss - ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s to be used in pathnames - as well as command line arguments in the _s_u_d_o_e_r_s file. - Wildcard matching is done via the PPOOSSIIXX fnmatch(3) rou­ - tine. Note that these are _n_o_t regular expressions. + ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s (aka meta or glob char­ + acters) to be used in pathnames as well as command line + arguments in the _s_u_d_o_e_r_s file. Wildcard matching is done + via the PPOOSSIIXX _f_n_m_a_t_c_h(3) routine. Note that these are _n_o_t + regular expressions. * Matches any set of zero or more characters. @@ -978,14 +982,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) used to escape special characters such as: "*", "?", "[", and "}". - Note that a forward slash ('/') will nnoott be matched by - wildcards used in the pathname. When matching the command - line arguments, however, a slash ddooeess get matched by wild­ - cards. This is to make a path like: -1.6.8 May 16, 2004 15 +1.6.8 May 17, 2004 15 @@ -994,11 +994,16 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + Note that a forward slash ('/') will nnoott be matched by + wildcards used in the pathname. When matching the command + line arguments, however, a slash ddooeess get matched by wild­ + cards. This is to make a path like: + /usr/bin/* match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m. - EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess:: + EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess The following exceptions apply to the above rules: @@ -1006,7 +1011,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) argument in the _s_u_d_o_e_r_s entry it means that com­ mand is not allowed to be run with aannyy arguments. - OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss:: + OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss The pound sign ('#') is used to indicate a comment (unless it occurs in the context of a user name and is followed by @@ -1043,15 +1048,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) EEXXAAMMPPLLEESS Below are example _s_u_d_o_e_r_s entries. Admittedly, some of - these are a bit contrived. First, we define our _a_l_i_a_s_e_s: - - - - -1.6.8 May 16, 2004 16 +1.6.8 May 17, 2004 16 @@ -1060,6 +1060,8 @@ EEXXAAMMPPLLEESS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + these are a bit contrived. First, we define our _a_l_i_a_s_e_s: + # User alias specification User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl @@ -1085,8 +1087,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown - Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt - Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot + Cmnd_Alias HALT = /usr/sbin/halt + Cmnd_Alias REBOOT = /usr/sbin/reboot Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \ /usr/local/bin/tcsh, /usr/bin/rsh, \ /usr/local/bin/zsh @@ -1115,9 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - -1.6.8 May 16, 2004 17 +1.6.8 May 17, 2004 17 @@ -1157,8 +1157,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The user lliissaa may run any command on any host in the _C_U_N_E_T_S alias (the class B network 128.138.0.0). - operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\ - /usr/oper/bin/ + operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\ + sudoedit /etc/printcap, /usr/oper/bin/ The ooppeerraattoorr user may run commands limited to simple main­ tenance. Here, those are commands related to backups, @@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8 May 16, 2004 18 +1.6.8 May 17, 2004 18 @@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8 May 16, 2004 19 +1.6.8 May 17, 2004 19 @@ -1301,7 +1301,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you can run the following as root: - # sudo -V | grep "dummy exec" + \# sudo -V | grep "dummy exec" If the resulting output contains a line that begins with: @@ -1315,7 +1315,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS -1.6.8 May 16, 2004 20 +1.6.8 May 17, 2004 20 @@ -1340,11 +1340,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Note that disabling shell escapes is not a panacea. Pro­ grams running as root are still capable of many poten­ - tially hazardous operations (such as chaning or overwrit­ + tially hazardous operations (such as changing or overwrit­ ing files) that could lead to unintended privilege escala­ tion. In the specific case of an editor, a safer approach - is to give the user permission to run the ssuuddooeeddiitt pro­ - gram. + is to give the user permission to run ssuuddooeeddiitt. CCAAVVEEAATTSS The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo @@ -1365,7 +1364,8 @@ FFIILLEESS /etc/netgroup List of network groups SSEEEE AALLSSOO - _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _s_u_d_o(1m), _v_i_s_u_d_o(8) + _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), sudo(1m), visudo(1m) + @@ -1381,6 +1381,6 @@ SSEEEE AALLSSOO -1.6.8 May 16, 2004 21 +1.6.8 May 17, 2004 21 diff --git a/sudoers.man.in b/sudoers.man.in index 45c0a0c5a..693938ccf 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "May 16, 2004" "1.6.8" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "May 17, 2004" "1.6.8" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -302,7 +302,7 @@ If you do not specify a netmask with a network number, the netmask of the host's ethernet interface(s) will be used when matching. The netmask may be specified either in dotted quad notation (e.g. 255.255.255.0) or \s-1CIDR\s0 notation (number of bits, e.g. 24). A hostname -may include shell-style wildcards (see `Wildcards' section below), +may include shell-style wildcards (see the Wildcards section below), but unless the \f(CW\*(C`hostname\*(C'\fR command on your machine returns the fully qualified hostname, you'll need to use the \fIfqdn\fR option for wildcards to be useful. @@ -327,7 +327,7 @@ to be useful. .PP A \f(CW\*(C`Cmnd_List\*(C'\fR is a list of one or more commandnames, directories, and other aliases. A commandname is a fully qualified filename which may include -shell-style wildcards (see `Wildcards' section below). A simple +shell-style wildcards (see the Wildcards section below). A simple filename allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify \f(CW""\fR to indicate that the command @@ -587,8 +587,7 @@ the \-\-with\-logincap option. This flag is \fIoff\fR by default. .IX Item "noexec" If set, all commands run via sudo will behave as if the \f(CW\*(C`NOEXEC\*(C'\fR tag has been set, unless overridden by a \f(CW\*(C`EXEC\*(C'\fR tag. See the -description of \fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR below as well as the \fB\s-1PREVENTING\s0 \s-1SHELL\s0 -\&\s-1ESCAPES\s0\fR section at the end of this manual. This flag is \fIoff\fR by default. +description of \fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR below as well as the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section at the end of this manual. This flag is \fIoff\fR by default. .PP \&\fBIntegers\fR: .IP "passwd_tries" 12 @@ -828,12 +827,13 @@ single value without double\-quotes. The list can be replaced, added to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \&\f(CW\*(C`!\*(C'\fR operators respectively. This list has no default members. .PP -When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values for the syslog -facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your \s-1OS\s0 -supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR, -\&\fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. The following -syslog priorities are supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, -\&\fBerr\fR, \fBinfo\fR, \fBnotice\fR, and \fBwarning\fR. +When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values +for the syslog facility (the value of the \fBsyslog\fR Parameter): +\&\fBauthpriv\fR (if your \s-1OS\s0 supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, +\&\fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR, \fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, +\&\fBlocal6\fR, and \fBlocal7\fR. The following syslog priorities are +supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, \fBerr\fR, \fBinfo\fR, +\&\fBnotice\fR, and \fBwarning\fR. .Sh "User Specification" .IX Subsection "User Specification" .Vb 2 @@ -879,7 +879,7 @@ The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and \&\fI/usr/bin/lprm\fR \*(-- but only as \fBoperator\fR. E.g., .PP .Vb 1 -\& sudo -u operator /bin/ls. +\& $ sudo -u operator /bin/ls. .Ve .PP It is also possible to override a \f(CW\*(C`Runas_Spec\*(C'\fR later on in an @@ -947,14 +947,14 @@ and \fI/usr/bin/vi\fR but shell escapes will be disabled. \& aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi .Ve .PP -See the \fB\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\fR section below for more details +See the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section below for more details on how \fInoexec\fR works and whether or not it will work on your system. -.Sh "Wildcards (aka meta characters):" -.IX Subsection "Wildcards (aka meta characters):" -\&\fBsudo\fR allows shell-style \fIwildcards\fR to be used in pathnames -as well as command line arguments in the \fIsudoers\fR file. Wildcard -matching is done via the \fB\s-1POSIX\s0\fR \f(CWfnmatch(3)\fR routine. Note that -these are \fInot\fR regular expressions. +.Sh "Wildcards" +.IX Subsection "Wildcards" +\&\fBsudo\fR allows shell-style \fIwildcards\fR (aka meta or glob characters) +to be used in pathnames as well as command line arguments in the +\&\fIsudoers\fR file. Wildcard matching is done via the \fB\s-1POSIX\s0\fR +\&\fIfnmatch\fR\|(3) routine. Note that these are \fInot\fR regular expressions. .ie n .IP "\*(C`*\*(C'" 8 .el .IP "\f(CW\*(C`*\*(C'\fR" 8 .IX Item "*" @@ -987,8 +987,8 @@ wildcards. This is to make a path like: .Ve .PP match \fI/usr/bin/who\fR but not \fI/usr/bin/X11/xterm\fR. -.Sh "Exceptions to wildcard rules:" -.IX Subsection "Exceptions to wildcard rules:" +.Sh "Exceptions to wildcard rules" +.IX Subsection "Exceptions to wildcard rules" The following exceptions apply to the above rules: .ie n .IP """""" 8 .el .IP "\f(CW``''\fR" 8 @@ -996,8 +996,8 @@ The following exceptions apply to the above rules: If the empty string \f(CW""\fR is the only command line argument in the \&\fIsudoers\fR entry it means that command is not allowed to be run with \fBany\fR arguments. -.Sh "Other special characters and reserved words:" -.IX Subsection "Other special characters and reserved words:" +.Sh "Other special characters and reserved words" +.IX Subsection "Other special characters and reserved words" The pound sign ('#') is used to indicate a comment (unless it occurs in the context of a user name and is followed by one or more digits, in which case it is treated as a uid). Both the @@ -1065,8 +1065,8 @@ these are a bit contrived. First, we define our \fIaliases\fR: \& Cmnd_Alias KILL = /usr/bin/kill \& Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm \& Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown -\& Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt -\& Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot +\& Cmnd_Alias HALT = /usr/sbin/halt +\& Cmnd_Alias REBOOT = /usr/sbin/reboot \& Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \e \& /usr/local/bin/tcsh, /usr/bin/rsh, \e \& /usr/local/bin/zsh @@ -1137,8 +1137,8 @@ The user \fBlisa\fR may run any command on any host in the \fI\s-1CUNETS\s0\fR a (the class B network \f(CW128.138.0.0\fR). .PP .Vb 2 -\& operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\e -\& /usr/oper/bin/ +\& operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\e +\& sudoedit /etc/printcap, /usr/oper/bin/ .Ve .PP The \fBoperator\fR user may run commands limited to simple maintenance. @@ -1280,7 +1280,7 @@ To tell whether or not \fBsudo\fR supports \fInoexec\fR, you can run the following as root: .PP .Vb 1 -\& # sudo -V | grep "dummy exec" +\& \e# sudo -V | grep "dummy exec" .Ve .PP If the resulting output contains a line that begins with: @@ -1307,10 +1307,9 @@ just try it out and see if it works. .PP Note that disabling shell escapes is not a panacea. Programs running as root are still capable of many potentially hazardous operations -(such as chaning or overwriting files) that could lead to unintended +(such as changing or overwriting files) that could lead to unintended privilege escalation. In the specific case of an editor, a safer -approach is to give the user permission to run the \fBsudoedit\fR -program. +approach is to give the user permission to run \fBsudoedit\fR. .SH "CAVEATS" .IX Header "CAVEATS" The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR @@ -1332,4 +1331,4 @@ as returned by the \f(CW\*(C`hostname\*(C'\fR command or use the \fIfqdn\fR opti .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(8) +\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), sudo(@mansectsu@), visudo(@mansectsu@) diff --git a/visudo.cat b/visudo.cat index 912ccae02..b9c82e149 100644 --- a/visudo.cat +++ b/visudo.cat @@ -12,7 +12,7 @@ SSYYNNOOPPSSIISS DDEESSCCRRIIPPTTIIOONN vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous - to _v_i_p_w(1m). vviissuuddoo locks the _s_u_d_o_e_r_s file against multi­ + to vipw(1m). vviissuuddoo locks the _s_u_d_o_e_r_s file against multi­ ple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the _s_u_d_o_e_r_s file is currently being edited you will receive a message to try again @@ -61,7 +61,7 @@ OOPPTTIIOONNSS -1.6.8 February 13, 2004 1 +1.6.8 May 17, 2004 1 @@ -122,12 +122,12 @@ AAUUTTHHOORR Many people have worked on _s_u_d_o over the years; this ver­ sion of vviissuuddoo was written by: - Todd Miller + Todd Miller -1.6.8 February 13, 2004 2 +1.6.8 May 17, 2004 2 @@ -155,7 +155,7 @@ CCAAVVEEAATTSS shell if the editor used by vviissuuddoo allows shell escapes. SSEEEE AALLSSOO - _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(8) + _v_i(1), sudoers(4), sudo(1m), vipw(1m) @@ -193,6 +193,6 @@ SSEEEE AALLSSOO -1.6.8 February 13, 2004 3 +1.6.8 May 17, 2004 3 diff --git a/visudo.man.in b/visudo.man.in index da6c773d3..e3eab6c32 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -18,7 +18,7 @@ .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .\" $Sudo$ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.13 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 .\" .\" Standard preamble: .\" ======================================================================== @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "February 13, 2004" "1.6.8" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "May 17, 2004" "1.6.8" "MAINTENANCE COMMANDS" .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS" @@ -158,7 +158,7 @@ visudo \- edit the sudoers file .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to -\&\fIvipw\fR\|(@mansectsu@). \fBvisudo\fR locks the \fIsudoers\fR file against multiple +vipw(@mansectsu@). \fBvisudo\fR locks the \fIsudoers\fR file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the \fIsudoers\fR file is currently being edited you will receive a message to try again later. @@ -261,7 +261,7 @@ Many people have worked on \fIsudo\fR over the years; this version of \&\fBvisudo\fR was written by: .PP .Vb 1 -\& Todd Miller +\& Todd Miller .Ve .PP See the \s-1HISTORY\s0 file in the sudo distribution or visit @@ -282,4 +282,4 @@ There is no easy way to prevent a user from gaining a root shell if the editor used by \fBvisudo\fR allows shell escapes. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIvi\fR\|(1), \fIsudoers\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8) +\&\fIvi\fR\|(1), sudoers(@mansectform@), sudo(@mansectsu@), vipw(@mansectsu@)