From: Todd C. Miller Date: Fri, 2 Jul 2010 19:37:47 +0000 (-0400) Subject: Document group_plugin syntax. X-Git-Tag: SUDO_1_8_0~421 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2822c6c8ce509ea942679e50422e6b82903887c2;p=sudo Document group_plugin syntax. --- diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 241126953..b10ed3eb6 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.8.0b1 July 1, 2010 1 +1.8.0b1 July 2, 2010 1 @@ -127,7 +127,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT -1.8.0b1 July 1, 2010 2 +1.8.0b1 July 2, 2010 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 3 +1.8.0b1 July 2, 2010 3 @@ -226,7 +226,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) space. The nonunix_group syntax depends on the underlying implementation. For - instance, the QAS AD backend supports the following formats: + instance, the QAS AD plugin supports the following formats: +o Group in the same domain: "Group Name" @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 4 +1.8.0b1 July 2, 2010 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 5 +1.8.0b1 July 2, 2010 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 6 +1.8.0b1 July 2, 2010 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 7 +1.8.0b1 July 2, 2010 7 @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 8 +1.8.0b1 July 2, 2010 8 @@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 9 +1.8.0b1 July 2, 2010 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 10 +1.8.0b1 July 2, 2010 10 @@ -721,7 +721,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.8.0b1 July 1, 2010 11 +1.8.0b1 July 2, 2010 11 @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 12 +1.8.0b1 July 2, 2010 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 13 +1.8.0b1 July 2, 2010 13 @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 14 +1.8.0b1 July 2, 2010 14 @@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 15 +1.8.0b1 July 2, 2010 15 @@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 16 +1.8.0b1 July 2, 2010 16 @@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 17 +1.8.0b1 July 2, 2010 17 @@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 18 +1.8.0b1 July 2, 2010 18 @@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 1, 2010 19 +1.8.0b1 July 2, 2010 19 @@ -1275,6 +1275,24 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Users in this group are exempt from password and PATH requirements. This is not set by default. + group_plugin + A string containing a _s_u_d_o_e_r_s group plugin with optional + arguments. This can be used to implement support for the + nonunix_group syntax described earlier. The string should + consist of the plugin path, either fully-qualified or + relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory, followed by + any configuration arguments the plugin requires. These + arguments (if any) will be passed to the plugin's + initialization function. If arguments are present, the + string must be enclosed in double quotes ("). + + For example, given _/_e_t_c_/_s_u_d_o_-_g_r_o_u_p, a group file in Unix + group format, the sample group plugin can be used: + + Defaults sudo_plugin="sample_group.so /etc/sudo-group" + + For more information see _s_u_d_o___p_l_u_g_i_n(4). + lecture This option controls when a short lecture will be printed along with the password prompt. It has the following possible values: @@ -1294,6 +1312,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) will be used in place of the standard lecture if the named file exists. By default, ssuuddoo uses a built-in lecture. + + + +1.8.0b1 July 2, 2010 20 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + listpw This option controls when a password will be required when a user runs ssuuddoo with the --ll option. It has the following possible values: @@ -1312,18 +1342,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) never The user need never enter a password to use the --ll option. - - - -1.8.0b1 July 1, 2010 20 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - If no value is specified, a value of _a_n_y is implied. Negating the option results in a value of _n_e_v_e_r being used. The default value is _a_n_y. @@ -1361,6 +1379,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) a user runs ssuuddoo with the --vv option. It has the following possible values: + + +1.8.0b1 July 2, 2010 21 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + all All the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid entering a password. @@ -1379,17 +1408,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Negating the option results in a value of _n_e_v_e_r being used. The default value is _a_l_l. - - -1.8.0b1 July 1, 2010 21 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - LLiissttss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: env_check Environment variables to be removed from the user's @@ -1426,6 +1444,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the =, +=, + + + +1.8.0b1 July 2, 2010 22 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + -=, and ! operators respectively. The default list of variables to keep is displayed when ssuuddoo is run by root with the _-_V option. @@ -1444,18 +1474,6 @@ FFIILLEESS _/_e_t_c_/_n_e_t_g_r_o_u_p List of network groups - - - -1.8.0b1 July 1, 2010 22 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o I/O log files _/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing time stamps for the @@ -1492,6 +1510,18 @@ EEXXAAMMPPLLEESS Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\ /usr/sbin/restore, /usr/sbin/rrestore Cmnd_Alias KILL = /usr/bin/kill + + + +1.8.0b1 July 2, 2010 23 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt @@ -1510,18 +1540,6 @@ EEXXAAMMPPLLEESS Additionally, on the machines in the _S_E_R_V_E_R_S Host_Alias, we keep an additional local log file and make sure we log the year in each log line since the log entries will be kept around for several years. - - - -1.8.0b1 July 1, 2010 23 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - Lastly, we disable shell escapes for the commands in the PAGERS Cmnd_Alias (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and _/_u_s_r_/_b_i_n_/_l_e_s_s). @@ -1558,6 +1576,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of those networks, only 128.138.204.0 has an explicit netmask (in CIDR + + + +1.8.0b1 July 2, 2010 24 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + notation) indicating it is a class C network. For the other networks in _C_S_N_E_T_S, the local machine's netmask will be used during matching. @@ -1576,18 +1606,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) joe ALL = /usr/bin/su operator - - - -1.8.0b1 July 1, 2010 24 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - The user jjooee may only _s_u(1) to operator. pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root @@ -1624,6 +1642,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* + + + +1.8.0b1 July 2, 2010 25 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is not allowed to specify any options to the _s_u(1) command. @@ -1643,17 +1673,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The user sstteevvee may run any command in the directory /usr/local/op_commands/ but only as user operator. - - -1.8.0b1 July 1, 2010 25 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - matt valkyrie = KILL On his personal workstation, valkyrie, mmaatttt needs to be able to kill @@ -1689,6 +1708,18 @@ SSEECCUURRIITTYY NNOOTTEESS Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to reliably negate commands where the path name includes globbing (aka + + + +1.8.0b1 July 2, 2010 26 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + wildcard) characters. This is because the C library's _f_n_m_a_t_c_h(3) function cannot resolve relative paths. While this is typically only an inconvenience for rules that grant privileges, it can result in a @@ -1708,18 +1739,6 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS since it is not uncommon for a program to allow shell escapes, which lets a user bypass ssuuddoo's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, - - - -1.8.0b1 July 1, 2010 26 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - paginators, mail and terminal programs. There are two basic approaches to this problem: @@ -1755,6 +1774,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) error. Unfortunately, there is no foolproof way to know whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, + + + +1.8.0b1 July 2, 2010 27 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and UnixWare. _n_o_e_x_e_c is expected to work on most operating systems that support the LD_PRELOAD environment variable. @@ -1774,18 +1805,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) unsure whether or not your system is capable of supporting _n_o_e_x_e_c you can always just try it out and see if it works. - - - -1.8.0b1 July 1, 2010 27 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - Note that restricting shell escapes is not a panacea. Programs running as root are still capable of many potentially hazardous operations (such as changing or overwriting files) that could lead to unintended @@ -1821,6 +1840,18 @@ SSEECCUURRIITTYY NNOOTTEESS command with ssuuddoo after authenticating, logout, login again, and run ssuuddoo without authenticating so long as the time stamp file's modification time is within 5 minutes (or whatever the timeout is set + + + +1.8.0b1 July 2, 2010 28 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + to in _s_u_d_o_e_r_s). When the _t_t_y___t_i_c_k_e_t_s option is enabled, the time stamp has per-tty granularity but still may outlive the user's session. On Linux systems where the devpts filesystem is used, Solaris systems with @@ -1837,20 +1868,8 @@ SSEECCUURRIITTYY NNOOTTEESS specification. SSEEEE AALLSSOO - _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _g_l_o_b(3), _s_u_d_o_e_r_s_._l_d_a_p(4), _s_u_d_o(1m), - _v_i_s_u_d_o(1m) - - - - -1.8.0b1 July 1, 2010 28 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - + _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _g_l_o_b(3), _s_u_d_o_e_r_s_._l_d_a_p(4), _s_u_d_o___p_l_u_g_i_n(4), + _s_u_d_o(1m), _v_i_s_u_d_o(1m) CCAAVVEEAATTSS The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which @@ -1890,25 +1909,6 @@ DDIISSCCLLAAIIMMEERR - - - - - - - - - - - - - - - - - - - -1.8.0b1 July 1, 2010 29 +1.8.0b1 July 2, 2010 29 diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index e90fcc60c..570d0fa27 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -148,7 +148,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "July 1, 2010" "1.8.0b1" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "July 2, 2010" "1.8.0b1" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -361,7 +361,7 @@ characters. Alternately, special characters may be specified in escaped hex mode, e.g. \ex20 for space. .PP The \f(CW\*(C`nonunix_group\*(C'\fR syntax depends on the underlying implementation. -For instance, the \s-1QAS\s0 \s-1AD\s0 backend supports the following formats: +For instance, the \s-1QAS\s0 \s-1AD\s0 plugin supports the following formats: .IP "\(bu" 4 Group in the same domain: \*(L"Group Name\*(R" .IP "\(bu" 4 @@ -1308,6 +1308,25 @@ as \fIenv_keep\fR and \fIenv_check\fR. .IX Item "exempt_group" Users in this group are exempt from password and \s-1PATH\s0 requirements. This is not set by default. +.IP "group_plugin" 12 +.IX Item "group_plugin" +A string containing a \fIsudoers\fR group plugin with optional arguments. +This can be used to implement support for the \f(CW\*(C`nonunix_group\*(C'\fR +syntax described earlier. The string should consist of the plugin +path, either fully-qualified or relative to the \fI@prefix@/libexec\fR +directory, followed by any configuration arguments the plugin +requires. These arguments (if any) will be passed to the plugin's +initialization function. If arguments are present, the string must +be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR). +.Sp +For example, given \fI/etc/sudo\-group\fR, a group file in Unix group +format, the sample group plugin can be used: +.Sp +.Vb 1 +\& Defaults sudo_plugin="sample_group.so /etc/sudo\-group" +.Ve +.Sp +For more information see \fIsudo_plugin\fR\|(@mansectform@). .IP "lecture" 12 .IX Item "lecture" This option controls when a short lecture will be printed along with @@ -1863,7 +1882,7 @@ user specification. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIglob\fR\|(3), \fIsudoers.ldap\fR\|(@mansectform@), -\&\fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@) +\&\fIsudo_plugin\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@) .SH "CAVEATS" .IX Header "CAVEATS" The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR diff --git a/doc/sudoers.pod b/doc/sudoers.pod index b0aa084df..88522d5fc 100644 --- a/doc/sudoers.pod +++ b/doc/sudoers.pod @@ -229,7 +229,7 @@ characters. Alternately, special characters may be specified in escaped hex mode, e.g. \x20 for space. The C syntax depends on the underlying implementation. -For instance, the QAS AD backend supports the following formats: +For instance, the QAS AD plugin supports the following formats: =over 4 @@ -1242,6 +1242,24 @@ as I and I. Users in this group are exempt from password and PATH requirements. This is not set by default. +=item group_plugin + +A string containing a I group plugin with optional arguments. +This can be used to implement support for the C +syntax described earlier. The string should consist of the plugin +path, either fully-qualified or relative to the F<@prefix@/libexec> +directory, followed by any configuration arguments the plugin +requires. These arguments (if any) will be passed to the plugin's +initialization function. If arguments are present, the string must +be enclosed in double quotes (C<">). + +For example, given F, a group file in Unix group +format, the sample group plugin can be used: + + Defaults sudo_plugin="sample_group.so /etc/sudo-group" + +For more information see L. + =item lecture This option controls when a short lecture will be printed along with @@ -1793,7 +1811,7 @@ user specification. =head1 SEE ALSO L, L, L, L, L, -L, L +L, L, L =head1 CAVEATS