From: Todd C. Miller Date: Sun, 17 Feb 2008 01:26:23 +0000 (+0000) Subject: Document "sudo -ll" and make "sudo -l -l" be equivalent. X-Git-Tag: SUDO_1_7_0~191 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=211be00ccbd3e6242a59359512f1619a7e1ad2a9;p=sudo Document "sudo -ll" and make "sudo -l -l" be equivalent. --- diff --git a/sudo.c b/sudo.c index 073a98bdf..f36058be3 100644 --- a/sudo.c +++ b/sudo.c @@ -920,9 +920,9 @@ parse_args(argc, argv) rval = MODE_LIST; if (excl && excl != 'l') usage_excl(1); - excl = 'l'; - if (NewArgv[0][2] == 'l') + if (NewArgv[0][2] == 'l' || excl == 'l') long_list = 1; + excl = 'l'; break; case 'V': rval = MODE_VERSION; diff --git a/sudo.cat b/sudo.cat index 9672fa459..a20644428 100644 --- a/sudo.cat +++ b/sudo.cat @@ -10,7 +10,8 @@ NNAAMMEE SSYYNNOOPPSSIISS ssuuddoo --hh | --KK | --kk | --LL | --VV | --vv - ssuuddoo --ll [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--UU _u_s_e_r_n_a_m_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d] + ssuuddoo --ll[[ll]] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--UU _u_s_e_r_n_a_m_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [_c_o_m_- + _m_a_n_d] ssuuddoo [--bbEEHHPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] @@ -57,11 +58,10 @@ DDEESSCCRRIIPPTTIIOONN SUDO_USER. ssuuddoo can log both successful and unsuccessful attempts (as well as - errors) to _s_y_s_l_o_g(3), a log file, or both. By default ssuuddoo will log -1.7 February 9, 2008 1 +1.7 February 15, 2008 1 @@ -70,6 +70,7 @@ DDEESSCCRRIIPPTTIIOONN SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + errors) to _s_y_s_l_o_g(3), a log file, or both. By default ssuuddoo will log via _s_y_s_l_o_g(3) but this is changeable at configure time or via the _s_u_d_o_- _e_r_s file. @@ -122,12 +123,11 @@ OOPPTTIIOONNSS 1. Temporary copies are made of the files to be edited with the owner set to the invoking user. - 2. The editor specified by the VISUAL or EDITOR environ- - ment variables is run to edit the temporary files. If + 2. The editor specified by the VISUAL or EDITOR -1.7 February 9, 2008 2 +1.7 February 15, 2008 2 @@ -136,8 +136,9 @@ OOPPTTIIOONNSS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - neither VISUAL nor EDITOR are set, the program listed - in the _e_d_i_t_o_r _s_u_d_o_e_r_s variable is used. + environment variables is run to edit the temporary + files. If neither VISUAL nor EDITOR are set, the pro- + gram listed in the _e_d_i_t_o_r _s_u_d_o_e_r_s variable is used. 3. If they have been modified, the temporary files are copied back to their original location and the tempo- @@ -189,11 +190,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's times- tamp by setting the time on it to the Epoch. The next time - ssuuddoo is run a password will be required. This option does -1.7 February 9, 2008 3 +1.7 February 15, 2008 3 @@ -202,6 +202,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + ssuuddoo is run a password will be required. This option does not require a password and was added to allow a user to revoke ssuuddoo permissions from a .logout file. @@ -210,14 +211,17 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) description for each. This option is useful in conjunction with _g_r_e_p(1). - -l [_c_o_m_m_a_n_d] + -l[l] [_c_o_m_m_a_n_d] If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list the allowed (and forbidden) commands for the invoking user (or the user specified by the --UU option) on the current host. If a _c_o_m_m_a_n_d is specified and is permitted by _s_u_d_o_- _e_r_s, the fully-qualified path to the command is displayed - along with any command line arguments. If _c_o_m_m_a_n_d is not - allowed, ssuuddoo will exit with a return value of 1. + along with any command line arguments. If _c_o_m_m_a_n_d is spec- + ified but not allowed, ssuuddoo will exit with a return value + of 1. If the --ll flag is specified with an ll argument (i.e. + --llll), or if --ll is specified multiple times, a longer list + format is used. -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to pre- serve the invoking user's group vector unaltered. By @@ -251,15 +255,11 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) system password prompt on systems that support PAM unless the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s. - -r _r_o_l_e The --rr (_r_o_l_e) option causes the new (SELinux) security con- - text to have the role specified by _r_o_l_e. - - -S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from - the standard input instead of the terminal device. + -r _r_o_l_e The --rr (_r_o_l_e) option causes the new (SELinux) security -1.7 February 9, 2008 4 +1.7 February 15, 2008 4 @@ -268,6 +268,11 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + context to have the role specified by _r_o_l_e. + + -S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from + the standard input instead of the terminal device. + -s [command] The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L environment variable if it is set or the shell as specified @@ -318,14 +323,9 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) matched is ALL, the user may set variables that would overwise be for- bidden. See _s_u_d_o_e_r_s(4) for more information. -RREETTUURRNN VVAALLUUEESS - Upon successful execution of a program, the return value from ssuuddoo will - simply be the return value of the program that was executed. - - -1.7 February 9, 2008 5 +1.7 February 15, 2008 5 @@ -334,6 +334,10 @@ RREETTUURRNN VVAALLUUEESS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +RREETTUURRNN VVAALLUUEESS + Upon successful execution of a program, the return value from ssuuddoo will + simply be the return value of the program that was executed. + Otherwise, ssuuddoo quits with an exit value of 1 if there is a configura- tion/permission problem or if ssuuddoo cannot execute the given command. In the latter case the error string is printed to stderr. If ssuuddoo can- @@ -384,14 +388,10 @@ SSEECCUURRIITTYY NNOOTTEESS ssuuddoo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's contents if it is not owned by root or if it is writable by a user other than root. On systems that - allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp - directory is located in a directory writable by anyone (e.g., _/_t_m_p), it - is possible for a user to create the timestamp directory before ssuuddoo is - run. However, because ssuuddoo checks the ownership and mode of the -1.7 February 9, 2008 6 +1.7 February 15, 2008 6 @@ -400,14 +400,18 @@ SSEECCUURRIITTYY NNOOTTEESS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - directory and its contents, the only damage that can be done is to - "hide" files by putting them in the timestamp dir. This is unlikely to - happen since once the timestamp dir is owned by root and inaccessible - by any other user, the user placing files there would be unable to get - them back out. To get around this issue you can use a directory that - is not world-writable for the timestamps (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) - or create _/_v_a_r_/_r_u_n_/_s_u_d_o with the appropriate owner (root) and permis- - sions (0700) in the system startup files. + allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp + directory is located in a directory writable by anyone (e.g., _/_t_m_p), it + is possible for a user to create the timestamp directory before ssuuddoo is + run. However, because ssuuddoo checks the ownership and mode of the direc- + tory and its contents, the only damage that can be done is to "hide" + files by putting them in the timestamp dir. This is unlikely to happen + since once the timestamp dir is owned by root and inaccessible by any + other user, the user placing files there would be unable to get them + back out. To get around this issue you can use a directory that is not + world-writable for the timestamps (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) or cre- + ate _/_v_a_r_/_r_u_n_/_s_u_d_o with the appropriate owner (root) and permissions + (0700) in the system startup files. ssuuddoo will not honor timestamps set far in the future. Timestamps with a date greater than current_time + 2 * TIMEOUT will be ignored and sudo @@ -450,14 +454,10 @@ EENNVVIIRROONNMMEENNTT SUDO_GID Set to the gid of the user who invoked sudo - SUDO_PS1 If set, PS1 will be set to its value - USER Set to the target user (root unless the --uu option is - specified) - -1.7 February 9, 2008 7 +1.7 February 15, 2008 7 @@ -466,6 +466,11 @@ EENNVVIIRROONNMMEENNTT SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + SUDO_PS1 If set, PS1 will be set to its value + + USER Set to the target user (root unless the --uu option is + specified) + VISUAL Default editor to use in --ee (sudoedit) mode FFIILLEESS @@ -515,15 +520,10 @@ AAUUTTHHOORRSS CCAAVVEEAATTSS There is no easy way to prevent a user from gaining a root shell if that user is allowed to run arbitrary commands via ssuuddoo. Also, many - programs (such as editors) allow the user to run commands via shell - escapes, thus avoiding ssuuddoo's checks. However, on most systems it is - possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality. - See the _s_u_d_o_e_r_s(4) manual for details. - -1.7 February 9, 2008 8 +1.7 February 15, 2008 8 @@ -532,6 +532,11 @@ CCAAVVEEAATTSS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + programs (such as editors) allow the user to run commands via shell + escapes, thus avoiding ssuuddoo's checks. However, on most systems it is + possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality. + See the _s_u_d_o_e_r_s(4) manual for details. + It is not meaningful to run the cd command directly via sudo, e.g., $ sudo cd /usr/local/protected @@ -584,11 +589,6 @@ DDIISSCCLLAAIIMMEERR - - - - - -1.7 February 9, 2008 9 +1.7 February 15, 2008 9 diff --git a/sudo.man.in b/sudo.man.in index 6da4bce77..44a810d9c 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -150,19 +150,20 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "February 9, 2008" "1.7" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "February 15, 2008" "1.7" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR | \fB\-v\fR .PP -\&\fBsudo\fR \fB\-l\fR [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR] +\&\fBsudo\fR \fB\-l[l]\fR [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fIcommand\fR] .PP \&\fBsudo\fR [\fB\-bEHPS\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR] -[\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] +[\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR] +[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fB\s-1VAR\s0\fR=\fIvalue\fR] [{\fB\-i\fR\ |\ \fB\-s\fR]\ [<\fIcommand\fR}] .PP \&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR] @@ -335,15 +336,17 @@ file. The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters that may be set in a \fIDefaults\fR line along with a short description for each. This option is useful in conjunction with \fIgrep\fR\|(1). -.IP "\-l [\fIcommand\fR]" 12 -.IX Item "-l [command]" +.IP "\-l[l] [\fIcommand\fR]" 12 +.IX Item "-l[l] [command]" If no \fIcommand\fR is specified, the \fB\-l\fR (\fIlist\fR) option will list the allowed (and forbidden) commands for the invoking user (or the user specified by the \fB\-U\fR option) on the current host. If a \&\fIcommand\fR is specified and is permitted by \fIsudoers\fR, the fully-qualified path to the command is displayed along with any -command line arguments. If \fIcommand\fR is not allowed, \fBsudo\fR will -exit with a return value of 1. +command line arguments. If \fIcommand\fR is specified but not allowed, +\&\fBsudo\fR will exit with a return value of 1. If the \fB\-l\fR flag is +specified with an \fBl\fR argument (i.e. \fB\-ll\fR), or if \fB\-l\fR +is specified multiple times, a longer list format is used. .IP "\-P" 12 .IX Item "-P" The \fB\-P\fR (\fIpreserve\fR \fIgroup vector\fR) option causes \fBsudo\fR to diff --git a/sudo.pod b/sudo.pod index a8f2d8e3f..ecb5b3746 100644 --- a/sudo.pod +++ b/sudo.pod @@ -30,12 +30,13 @@ sudo, sudoedit - execute a command as another user B B<-h> | B<-K> | B<-k> | B<-L> | B<-V> | B<-v> -B B<-l> S<[B<-g> I|I<#gid>]> S<[B<-U> I]> +B B<-l[l]> S<[B<-g> I|I<#gid>]> S<[B<-U> I]> S<[B<-u> I|I<#uid>]> [I] B [B<-bEHPS>] S<[B<-a> I]> S<[B<-C> I]> S<[B<-c> I|I<->]> S<[B<-g> I|I<#gid>]> S<[B<-p> I]> -S<[B<-r> I]> S<[B<-t> I]> S<[B<-u> I|I<#uid>]> +S<[B<-r> I]> S<[B<-t> I]> +S<[B<-u> I|I<#uid>]> S<[B=I]> [S<{B<-i> | B<-s>] [}>] B [B<-S>] S<[B<-a> I]> S<[B<-C> I]> @@ -232,15 +233,17 @@ The B<-L> (I defaults) option will list out the parameters that may be set in a I line along with a short description for each. This option is useful in conjunction with L. -=item -l [I] +=item -l[l] [I] If no I is specified, the B<-l> (I) option will list the allowed (and forbidden) commands for the invoking user (or the user specified by the B<-U> option) on the current host. If a I is specified and is permitted by I, the fully-qualified path to the command is displayed along with any -command line arguments. If I is not allowed, B will -exit with a return value of 1. +command line arguments. If I is specified but not allowed, +B will exit with a return value of 1. If the B<-l> flag is +specified with an B argument (i.e. B<-ll>), or if B<-l> +is specified multiple times, a longer list format is used. =item -P diff --git a/sudo_usage.h.in b/sudo_usage.h.in index 068e652ea..c48806ef6 100644 --- a/sudo_usage.h.in +++ b/sudo_usage.h.in @@ -6,7 +6,7 @@ * need to be able to substitute values from configure. */ #define SUDO_USAGE1 " -h | -K | -k | -L | -V | -v" -#define SUDO_USAGE2 " -l [-g groupname|#gid] [-U username] [-u username|#uid] [-g groupname|#gid] [command]" +#define SUDO_USAGE2 " -l[l] [-g groupname|#gid] [-U username] [-u username|#uid] [-g groupname|#gid] [command]" #define SUDO_USAGE3 " [-bEHPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] []" #define SUDO_USAGE4 " -e [-S] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] file ..."