From: Todd C. Miller Date: Tue, 5 Oct 2004 14:22:26 +0000 (+0000) Subject: regen X-Git-Tag: SUDO_1_7_0~897 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5c259f8b470c7c663a3f5294e6b215c59cb57218;p=sudo regen --- diff --git a/sudoers.cat b/sudoers.cat index 0790129d8..9bd88b6b9 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.6.9 September 30, 2004 1 +1.6.9 October 4, 2004 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 2 +1.6.9 October 4, 2004 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 3 +1.6.9 October 4, 2004 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 4 +1.6.9 October 4, 2004 4 @@ -288,7 +288,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) mail_badpass Send mail to the _m_a_i_l_t_o user if the user run­ - ning sudo does not enter the correct password. + ning ssuuddoo does not enter the correct password. This flag is _o_f_f by default. mail_no_user @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 5 +1.6.9 October 4, 2004 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 6 +1.6.9 October 4, 2004 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 7 +1.6.9 October 4, 2004 7 @@ -503,7 +503,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) can be useful on systems that disable some potentially dangerous functionality when a program is run setuid. Note, however, that - this means that sudo will run with the real + this means that ssuuddoo will run with the real uid of the invoking user which may allow that user to kill ssuuddoo before it can log a failure, depending on how your OS defines the interac­ @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 8 +1.6.9 October 4, 2004 8 @@ -541,23 +541,23 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) with the --with-logincap option. This flag is _o_f_f by default. - noexec If set, all commands run via sudo will behave + noexec If set, all commands run via ssuuddoo will behave as if the NOEXEC tag has been set, unless overridden by a EXEC tag. See the description of _N_O_E_X_E_C _a_n_d _E_X_E_C below as well as the "PRE­ VENTING SHELL ESCAPES" section at the end of this manual. This flag is _o_f_f by default. - trace If set, all commands run via sudo will behave - as if the TRACE tag has been set, unless over­ - ridden by a NOTRACE tag. See the description - of _T_R_A_C_E _a_n_d _N_O_T_R_A_C_E below as well as the - "PREVENTING SHELL ESCAPES" section at the end - of this manual. Be aware that tracing is only - supported on certain operating systems. On - systems where it is not supported this flag - will have no effect. This flag is _o_f_f by - default. + monitor If set, all commands run via ssuuddoo will behave + as if the MONITOR tag has been set, unless + overridden by a NOMONITOR tag. See the + description of _M_O_N_I_T_O_R _a_n_d _N_O_M_O_N_I_T_O_R below as + well as the "PREVENTING SHELL ESCAPES" section + at the end of this manual. Be aware that + tracing is only supported on certain operating + systems. On systems where it is not supported + this flag will have no effect. This flag is + _o_f_f by default. ignore_local_sudoers If set via LDAP, parsing of @sysconfdir@/sudo­ @@ -568,7 +568,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) who would attempt to add roles to @sysconfdir@/sudoers. When this option is present, @sysconfdir@/sudoers does not even - need to exist. Since this options tells sudo + need to exist. Since this options tells ssuuddoo how to behave when no specific LDAP entries have been matched, this sudoOption is only meaningful for the cn=defaults section. This @@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 9 +1.6.9 October 4, 2004 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 10 +1.6.9 October 4, 2004 10 @@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 11 +1.6.9 October 4, 2004 11 @@ -738,7 +738,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The default value is _o_n_c_e. lecture_file - Path to a file containing an alternate sudo + Path to a file containing an alternate ssuuddoo lecture that will be used in place of the standard lecture if the named file exists. @@ -759,7 +759,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) mailto Address to send warning and error mail to. The address should be enclosed in double - quotes (") to protect against sudo interpret­ + quotes (") to protect against ssuuddoo interpret­ ing the @ sign. Defaults to root. exempt_group @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 12 +1.6.9 October 4, 2004 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 13 +1.6.9 October 4, 2004 13 @@ -895,7 +895,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Runas_Spec ::= '(' Runas_List ')' Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' | - 'TRACE' | 'NOTRACE') + 'MONITOR' | 'NOMONITOR') A uusseerr ssppeecciiffiiccaattiioonn determines which commands a user may run (and as what user) on specified hosts. By default, @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 14 +1.6.9 October 4, 2004 14 @@ -944,10 +944,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) A command may have zero or more tags associated with it. There are four possible tag values, NOPASSWD, PASSWD, - NOEXEC, EXEC, TRACE and NOTRACE. Once a tag is set on a - Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit the - tag unless it is overridden by the opposite tag (ie: - PASSWD overrides NOPASSWD and NOTRACE overrides TRACE). + NOEXEC, EXEC, MONITOR and NOMONITOR. Once a tag is set on + a Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit + the tag unless it is overridden by the opposite tag (ie: + PASSWD overrides NOPASSWD and NOMONITOR overrides MONI­ + TOR). _N_O_P_A_S_S_W_D _a_n_d _P_A_S_S_W_D @@ -981,11 +982,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) _N_O_E_X_E_C _a_n_d _E_X_E_C - If ssuuddoo has been compiled with _n_o_e_x_e_c support and the -1.6.9 September 30, 2004 15 +1.6.9 October 4, 2004 15 @@ -994,6 +994,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + If ssuuddoo has been compiled with _n_o_e_x_e_c support and the underlying operating system supports it, the NOEXEC tag can be used to prevent a dynamically-linked executable from running further commands itself. @@ -1007,10 +1008,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) details on how NOEXEC works and whether or not it will work on your system. - _T_R_A_C_E _a_n_d _N_O_T_R_A_C_E + _M_O_N_I_T_O_R _a_n_d _N_O_M_O_N_I_T_O_R If ssuuddoo has been configured with the --with-systrace - option, the TRACE tag can be used to cause programs + option, the MONITOR tag can be used to cause programs spawned by a command to be checked against _s_u_d_o_e_r_s and logged just like they would be if run through ssuuddoo directly. This is useful in conjunction with commands @@ -1018,13 +1019,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) nators. In the following example, user cchhuucckk may run any command - on the machine research with tracing enabled. + on the machine research in monitor mode. - chuck research = TRACE: ALL + chuck research = MONITOR: ALL See the "PREVENTING SHELL ESCAPES" section below for more - details on how TRACE works and whether or not it will work - on your system. + details on how MONITOR works and whether or not it will + work on your system. WWiillddccaarrddss @@ -1047,11 +1048,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) "?", "[", and "}". Note that a forward slash ('/') will nnoott be matched by - wildcards used in the pathname. When matching the command -1.6.9 September 30, 2004 16 +1.6.9 October 4, 2004 16 @@ -1060,6 +1060,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + wildcards used in the pathname. When matching the command line arguments, however, a slash ddooeess get matched by wild­ cards. This is to make a path like: @@ -1113,11 +1114,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) #include /etc/sudoers.local - When ssuuddoo reaches this line it will suspend processing of -1.6.9 September 30, 2004 17 +1.6.9 October 4, 2004 17 @@ -1126,6 +1126,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + When ssuuddoo reaches this line it will suspend processing of the current file (_/_e_t_c_/_s_u_d_o_e_r_s) and switch to _/_e_t_c_/_s_u_d_o_­ _e_r_s_._l_o_c_a_l. Upon reaching the end of _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l, the rest of _/_e_t_c_/_s_u_d_o_e_r_s will be processed. Files that @@ -1179,11 +1180,10 @@ EEXXAAMMPPLLEESS is important. In general, you should structure _s_u_d_o_e_r_s such that the Host_Alias, User_Alias, and Cmnd_Alias spec­ ifications come first, followed by any Default_Entry - lines, and finally the Runas_Alias and user -1.6.9 September 30, 2004 18 +1.6.9 October 4, 2004 18 @@ -1192,8 +1192,9 @@ EEXXAAMMPPLLEESS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - specifications. The basic rule of thumb is you cannot - reference an Alias that has not already been defined. + lines, and finally the Runas_Alias and user specifica­ + tions. The basic rule of thumb is you cannot reference an + Alias that has not already been defined. Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit contrived. First, we define our _a_l_i_a_s_e_s: @@ -1248,8 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - -1.6.9 September 30, 2004 19 +1.6.9 October 4, 2004 19 @@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 20 +1.6.9 October 4, 2004 20 @@ -1381,7 +1381,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 September 30, 2004 21 +1.6.9 October 4, 2004 21 @@ -1435,7 +1435,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS the user to run arbitrary commands. Many edi­ tors have a restricted mode where shell escapes are disabled, though ssuuddooeeddiitt is a better solu­ - tion to running editors via sudo. Due to the + tion to running editors via ssuuddoo. Due to the large number of programs that offer shell escapes, restricting users to the set of pro­ grams that do not if often unworkable. @@ -1447,7 +1447,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS -1.6.9 September 30, 2004 22 +1.6.9 October 4, 2004 22 @@ -1457,7 +1457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) On such systems, ssuuddoo's _n_o_e_x_e_c functionality can - be used to prevent a program run by sudo from + be used to prevent a program run by ssuuddoo from executing any other programs. Note, however, that this applies only to native dynamically- linked executables. Statically-linked executa­ @@ -1503,17 +1503,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) porting _n_o_e_x_e_c you can always just try it out and see if it works. - tracing On operating systems that support the ssyyssttrraaccee + monitor On operating systems that support the ssyyssttrraaccee pseudo-device, the --with-systrace configure - option can be used to compile support for com­ - mand tracing in ssuuddoo. With ssyyssttrraaccee support - ssuuddoo can transparently intercept a new command, - allow or deny it based on _s_u_d_o_e_r_s, and log the - result. This does require that ssuuddoo become a + option can be used to compile support for proc­ + cess monitoring in ssuuddoo. In monitor mode ssuuddoo + can transparently intercept a new command, allow + or deny it based on _s_u_d_o_e_r_s, and log the result. + This does require that ssuuddoo become a daemon that -1.6.9 September 30, 2004 23 +1.6.9 October 4, 2004 23 @@ -1522,20 +1522,19 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - daemon that persists until the command and all - its descendents have finished. + persists until the command and all its descen­ + dents have exited. - To enable tracing on a per-command basis, use - the TRACE tag as documented in the User Specifi­ - cation section above. Here is that example - again: + To enable monitor mode on a per-command basis, + use the MONITOR tag as documented in the User + Specification section above. Here is that exam­ + ple again: - chuck research = TRACE: ALL + chuck research = MONITOR: ALL This allows user cchhuucckk to run any command on the - machine research with tracing enabled. Any com­ - mands run via shell escapes will be logged by - sudo. + machine research in monitor mode. Any commands + run via shell escapes will be logged by ssuuddoo. At the time of this writing the ssyyssttrraaccee pseudo- device comes standard with OpenBSD and NetBSD @@ -1575,11 +1574,12 @@ SSUUPPPPOORRTT http://www.sudo.ws/sudo/support.html for details. Limited free support is available via the sudo-users mail­ - ing list, see + ing list, see http://www.sudo.ws/mail­ + man/listinfo/sudo-users to subscribe or search the -1.6.9 September 30, 2004 24 +1.6.9 October 4, 2004 24 @@ -1588,8 +1588,7 @@ SSUUPPPPOORRTT SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - http://www.sudo.ws/mailman/listinfo/sudo-users to sub­ - scribe or search the archives. + archives. DDIISSCCLLAAIIMMEERR SSuuddoo is provided ``AS IS'' and any express or implied war­ @@ -1645,6 +1644,7 @@ DDIISSCCLLAAIIMMEERR -1.6.9 September 30, 2004 25 + +1.6.9 October 4, 2004 25 diff --git a/sudoers.man.in b/sudoers.man.in index b0a10a6ee..a64f28330 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "September 30, 2004" "1.6.9" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "October 4, 2004" "1.6.9" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -413,7 +413,7 @@ Send mail to the \fImailto\fR user every time a users runs \fBsudo\fR. This flag is \fIoff\fR by default. .IP "mail_badpass" 12 .IX Item "mail_badpass" -Send mail to the \fImailto\fR user if the user running sudo does not +Send mail to the \fImailto\fR user if the user running \fBsudo\fR does not enter the correct password. This flag is \fIoff\fR by default. .IP "mail_no_user" 12 .IX Item "mail_no_user" @@ -564,7 +564,7 @@ changes that behavior such that the real \s-1UID\s0 is left as the invoking user's \s-1UID\s0. In other words, this makes \fBsudo\fR act as a setuid wrapper. This can be useful on systems that disable some potentially dangerous functionality when a program is run setuid. Note, however, -that this means that sudo will run with the real uid of the invoking +that this means that \fBsudo\fR will run with the real uid of the invoking user which may allow that user to kill \fBsudo\fR before it can log a failure, depending on how your \s-1OS\s0 defines the interaction between signals and setuid processes. @@ -586,14 +586,14 @@ login class if one exists. Only available if \fBsudo\fR is configured with the \-\-with\-logincap option. This flag is \fIoff\fR by default. .IP "noexec" 12 .IX Item "noexec" -If set, all commands run via sudo will behave as if the \f(CW\*(C`NOEXEC\*(C'\fR +If set, all commands run via \fBsudo\fR will behave as if the \f(CW\*(C`NOEXEC\*(C'\fR tag has been set, unless overridden by a \f(CW\*(C`EXEC\*(C'\fR tag. See the description of \fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR below as well as the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section at the end of this manual. This flag is \fIoff\fR by default. -.IP "trace" 12 -.IX Item "trace" -If set, all commands run via sudo will behave as if the \f(CW\*(C`TRACE\*(C'\fR -tag has been set, unless overridden by a \f(CW\*(C`NOTRACE\*(C'\fR tag. See the -description of \fI\s-1TRACE\s0 and \s-1NOTRACE\s0\fR below as well as the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section at the end of this manual. Be aware that +.IP "monitor" 12 +.IX Item "monitor" +If set, all commands run via \fBsudo\fR will behave as if the \f(CW\*(C`MONITOR\*(C'\fR +tag has been set, unless overridden by a \f(CW\*(C`NOMONITOR\*(C'\fR tag. See the +description of \fI\s-1MONITOR\s0 and \s-1NOMONITOR\s0\fR below as well as the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section at the end of this manual. Be aware that tracing is only supported on certain operating systems. On systems where it is not supported this flag will have no effect. This flag is \fIoff\fR by default. @@ -604,7 +604,7 @@ This is intended for an Enterprises that wish to prevent the usage of local sudoers files so that only \s-1LDAP\s0 is used. This thwarts the efforts of rogue operators who would attempt to add roles to \f(CW@sysconfdir\fR@/sudoers. When this option is present, \f(CW@sysconfdir\fR@/sudoers does not even need to exist. -Since this options tells sudo how to behave when no specific \s-1LDAP\s0 entries +Since this options tells \fBsudo\fR how to behave when no specific \s-1LDAP\s0 entries have been matched, this sudoOption is only meaningful for the cn=defaults section. This flag is \fIoff\fR by default. .PP @@ -740,7 +740,7 @@ The default value is \fI@lecture@\fR. .RE .IP "lecture_file" 12 .IX Item "lecture_file" -Path to a file containing an alternate sudo lecture that will +Path to a file containing an alternate \fBsudo\fR lecture that will be used in place of the standard lecture if the named file exists. .IP "logfile" 12 .IX Item "logfile" @@ -760,7 +760,7 @@ Flags to use when invoking mailer. Defaults to \fB\-t\fR. .IP "mailto" 12 .IX Item "mailto" Address to send warning and error mail to. The address should -be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to protect against sudo +be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to protect against \fBsudo\fR interpreting the \f(CW\*(C`@\*(C'\fR sign. Defaults to \f(CW\*(C`@mailto@\*(C'\fR. .IP "exempt_group" 12 .IX Item "exempt_group" @@ -877,7 +877,7 @@ supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, \fBerr\fR, \fBinfo .PP .Vb 2 \& Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' | -\& 'TRACE' | 'NOTRACE') +\& 'MONITOR' | 'NOMONITOR') .Ve .PP A \fBuser specification\fR determines which commands a user may run @@ -917,11 +917,11 @@ but \fI/bin/kill\fR and \fI/usr/bin/lprm\fR as \fBroot\fR. .IX Subsection "Tag_Spec" A command may have zero or more tags associated with it. There are four possible tag values, \f(CW\*(C`NOPASSWD\*(C'\fR, \f(CW\*(C`PASSWD\*(C'\fR, \f(CW\*(C`NOEXEC\*(C'\fR, \f(CW\*(C`EXEC\*(C'\fR, -\&\f(CW\*(C`TRACE\*(C'\fR and \f(CW\*(C`NOTRACE\*(C'\fR. +\&\f(CW\*(C`MONITOR\*(C'\fR and \f(CW\*(C`NOMONITOR\*(C'\fR. Once a tag is set on a \f(CW\*(C`Cmnd\*(C'\fR, subsequent \f(CW\*(C`Cmnd\*(C'\fRs in the \&\f(CW\*(C`Cmnd_Spec_List\*(C'\fR, inherit the tag unless it is overridden by the -opposite tag (ie: \f(CW\*(C`PASSWD\*(C'\fR overrides \f(CW\*(C`NOPASSWD\*(C'\fR and \f(CW\*(C`NOTRACE\*(C'\fR -overrides \f(CW\*(C`TRACE\*(C'\fR). +opposite tag (ie: \f(CW\*(C`PASSWD\*(C'\fR overrides \f(CW\*(C`NOPASSWD\*(C'\fR and \f(CW\*(C`NOMONITOR\*(C'\fR +overrides \f(CW\*(C`MONITOR\*(C'\fR). .PP \fI\s-1NOPASSWD\s0 and \s-1PASSWD\s0\fR .IX Subsection "NOPASSWD and PASSWD" @@ -973,25 +973,25 @@ and \fI/usr/bin/vi\fR but shell escapes will be disabled. See the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section below for more details on how \f(CW\*(C`NOEXEC\*(C'\fR works and whether or not it will work on your system. .PP -\fI\s-1TRACE\s0 and \s-1NOTRACE\s0\fR -.IX Subsection "TRACE and NOTRACE" +\fI\s-1MONITOR\s0 and \s-1NOMONITOR\s0\fR +.IX Subsection "MONITOR and NOMONITOR" .PP If \fBsudo\fR has been configured with the \f(CW\*(C`\-\-with\-systrace\*(C'\fR option, -the \f(CW\*(C`TRACE\*(C'\fR tag can be used to cause programs spawned by a command +the \f(CW\*(C`MONITOR\*(C'\fR tag can be used to cause programs spawned by a command to be checked against \fIsudoers\fR and logged just like they would be if run through \fBsudo\fR directly. This is useful in conjunction with commands that allow shell escapes such as editors, shells and paginators. .PP In the following example, user \fBchuck\fR may run any command on the -machine research with tracing enabled. +machine research in monitor mode. .PP .Vb 1 -\& chuck research = TRACE: ALL +\& chuck research = MONITOR: ALL .Ve .PP See the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section below for more details -on how \f(CW\*(C`TRACE\*(C'\fR works and whether or not it will work on your system. +on how \f(CW\*(C`MONITOR\*(C'\fR works and whether or not it will work on your system. .Sh "Wildcards" .IX Subsection "Wildcards" \&\fBsudo\fR allows shell-style \fIwildcards\fR (aka meta or glob characters) @@ -1379,7 +1379,7 @@ There are three basic approaches to this problem: Avoid giving users access to commands that allow the user to run arbitrary commands. Many editors have a restricted mode where shell escapes are disabled, though \fBsudoedit\fR is a better solution to -running editors via sudo. Due to the large number of programs that +running editors via \fBsudo\fR. Due to the large number of programs that offer shell escapes, restricting users to the set of programs that do not if often unworkable. .IP "noexec" 10 @@ -1388,7 +1388,7 @@ Many systems that support shared libraries have the ability to override default library functions by pointing an environment variable (usually \f(CW\*(C`LD_PRELOAD\*(C'\fR) to an alternate shared library. On such systems, \fBsudo\fR's \fInoexec\fR functionality can be used to -prevent a program run by sudo from executing any other programs. +prevent a program run by \fBsudo\fR from executing any other programs. Note, however, that this applies only to native dynamically-linked executables. Statically-linked executables and foreign executables running under binary emulation are not affected. @@ -1429,27 +1429,27 @@ with \fInoexec\fR enabled. This will prevent those two commands from executing other commands (such as a shell). If you are unsure whether or not your system is capable of supporting \fInoexec\fR you can always just try it out and see if it works. -.IP "tracing" 10 -.IX Item "tracing" +.IP "monitor" 10 +.IX Item "monitor" On operating systems that support the \fBsystrace\fR pseudo\-device, the \f(CW\*(C`\-\-with\-systrace\*(C'\fR configure option can be used to compile -support for command tracing in \fBsudo\fR. With \fBsystrace\fR support +support for proccess monitoring in \fBsudo\fR. In monitor mode \&\fBsudo\fR can transparently intercept a new command, allow or deny it based on \fIsudoers\fR, and log the result. This does require that \&\fBsudo\fR become a daemon that persists until the command and all its -descendents have finished. +descendents have exited. .Sp -To enable tracing on a per-command basis, use the \f(CW\*(C`TRACE\*(C'\fR tag as -documented in the User Specification section above. Here is that -example again: +To enable monitor mode on a per-command basis, use the \f(CW\*(C`MONITOR\*(C'\fR +tag as documented in the User Specification section above. Here +is that example again: .Sp .Vb 1 -\& chuck research = TRACE: ALL +\& chuck research = MONITOR: ALL .Ve .Sp This allows user \fBchuck\fR to run any command on the machine research -with tracing enabled. Any commands run via shell escapes will be -logged by sudo. +in monitor mode. Any commands run via shell escapes will be logged +by \fBsudo\fR. .Sp At the time of this writing the \fBsystrace\fR pseudo-device comes standard with OpenBSD and NetBSD and is available as patches to