From: Todd C. Miller Date: Wed, 21 Jul 2010 19:18:05 +0000 (-0400) Subject: Mention that 127.0.0.1 will not match, nor will localhost unless X-Git-Tag: SUDO_1_7_4~39 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=88b743ec34ea1b03ead28bba7fbc7aea1dae8ef6;p=sudo Mention that 127.0.0.1 will not match, nor will localhost unless that is the actual host name. --HG-- branch : 1.7 --- diff --git a/sudoers.cat b/sudoers.cat index 7341869a6..0ad1b77bd 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.4b3 July 21, 2010 1 +1.7.4 July 21, 2010 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4b3 July 21, 2010 2 +1.7.4 July 21, 2010 2 @@ -171,6 +171,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) shell-style wildcards (see the Wildcards section below), but unless the host name command on your machine returns the fully qualified host name, you'll need to use the _f_q_d_n option for wildcards to be useful. + Note ssuuddoo only inspects actual network interfaces; this means that IP + address 127.0.0.1 (localhost) will never match. Also, the host name + "localhost" will only match if that is the actual host name, which is + usually only the case for non-networked systems. Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List @@ -186,14 +190,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) A Cmnd_List is a list of one or more commandnames, directories, and other aliases. A commandname is a fully qualified file name which may - include shell-style wildcards (see the Wildcards section below). A - simple file name allows the user to run the command with any arguments - he/she wishes. However, you may also specify command line arguments - (including wildcards). Alternately, you can specify "" to indicate -1.7.4b3 July 21, 2010 3 +1.7.4 July 21, 2010 3 @@ -202,6 +202,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + include shell-style wildcards (see the Wildcards section below). A + simple file name allows the user to run the command with any arguments + he/she wishes. However, you may also specify command line arguments + (including wildcards). Alternately, you can specify "" to indicate that the command may only be run wwiitthhoouutt command line arguments. A directory is a fully qualified path name ending in a '/'. When you specify a directory in a Cmnd_List, the user will be able to run any @@ -252,14 +256,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) is not an error to use the -= operator to remove an element that does not exist in a list. - Defaults entries are parsed in the following order: generic, host and - user Defaults first, then runas Defaults and finally command defaults. - - See "SUDOERS OPTIONS" for a list of supported Defaults parameters. -1.7.4b3 July 21, 2010 4 +1.7.4 July 21, 2010 4 @@ -268,6 +268,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + Defaults entries are parsed in the following order: generic, host and + user Defaults first, then runas Defaults and finally command defaults. + + See "SUDOERS OPTIONS" for a list of supported Defaults parameters. + UUsseerr SSppeecciiffiiccaattiioonn User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \ (':' Host_List '=' Cmnd_Spec_List)* @@ -317,22 +322,22 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) $ sudo -u operator /bin/ls. - It is also possible to override a Runas_Spec later on in an entry. If - we modify the entry like so: - dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm +1.7.4 July 21, 2010 5 -1.7.4b3 July 21, 2010 5 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + It is also possible to override a Runas_Spec later on in an entry. If + we modify the entry like so: + dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm Then user ddggbb is now allowed to run _/_b_i_n_/_l_s as ooppeerraattoorr, but _/_b_i_n_/_k_i_l_l and _/_u_s_r_/_b_i_n_/_l_p_r_m as rroooott. @@ -383,15 +388,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm Note, however, that the PASSWD tag has no effect on users who are in - the group specified by the _e_x_e_m_p_t___g_r_o_u_p option. - - By default, if the NOPASSWD tag is applied to any of the entries for a - user on the current host, he or she will be able to run sudo -l without - a password. Additionally, a user may only run sudo -v without a -1.7.4b3 July 21, 2010 6 +1.7.4 July 21, 2010 6 @@ -400,6 +400,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + the group specified by the _e_x_e_m_p_t___g_r_o_u_p option. + + By default, if the NOPASSWD tag is applied to any of the entries for a + user on the current host, he or she will be able to run sudo -l without + a password. Additionally, a user may only run sudo -v without a password if the NOPASSWD tag is present for all a user's entries that pertain to the current host. This behavior may be overridden via the verifypw and listpw options. @@ -450,21 +455,20 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) ? Matches any single character. - [...] Matches any character in the specified range. - - [!...] Matches any character nnoott in the specified range. +1.7.4 July 21, 2010 7 -1.7.4b3 July 21, 2010 7 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + [...] Matches any character in the specified range. + [!...] Matches any character nnoott in the specified range. \x For any character "x", evaluates to "x". This is used to escape special characters such as: "*", "?", "[", and "}". @@ -517,13 +521,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) #include /etc/sudoers.%h - will cause ssuuddoo to include the file _/_e_t_c_/_s_u_d_o_e_r_s_._x_e_r_x_e_s. - - The #includedir directive can be used to create a _s_u_d_o_._d directory that - -1.7.4b3 July 21, 2010 8 +1.7.4 July 21, 2010 8 @@ -532,6 +532,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + will cause ssuuddoo to include the file _/_e_t_c_/_s_u_d_o_e_r_s_._x_e_r_x_e_s. + + The #includedir directive can be used to create a _s_u_d_o_._d directory that the system package manager can drop _s_u_d_o_e_r_s rules into as part of package installation. For example, given: @@ -582,14 +585,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) used as part of a word (e.g. a user name or host name): '@', '!', '=', ':', ',', '(', ')', '\'. -SSUUDDOOEERRSS OOPPTTIIOONNSS - ssuuddoo's behavior can be modified by Default_Entry lines, as explained - earlier. A list of all supported Defaults parameters, grouped by type, - are listed below. -1.7.4b3 July 21, 2010 9 + +1.7.4 July 21, 2010 9 @@ -598,6 +598,11 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) +SSUUDDOOEERRSS OOPPTTIIOONNSS + ssuuddoo's behavior can be modified by Default_Entry lines, as explained + earlier. A list of all supported Defaults parameters, grouped by type, + are listed below. + BBoooolleeaann FFllaaggss: always_set_home If enabled, ssuuddoo will set the HOME environment variable @@ -647,15 +652,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) variable. This flag is _o_n by default. fast_glob Normally, ssuuddoo uses the _g_l_o_b(3) function to do shell- - style globbing when matching path names. However, - since it accesses the file system, _g_l_o_b(3) can take a - long time to complete for some patterns, especially - when the pattern references a network file system that - is mounted on demand (automounted). The _f_a_s_t___g_l_o_b -1.7.4b3 July 21, 2010 10 +1.7.4 July 21, 2010 10 @@ -664,6 +664,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + style globbing when matching path names. However, + since it accesses the file system, _g_l_o_b(3) can take a + long time to complete for some patterns, especially + when the pattern references a network file system that + is mounted on demand (automounted). The _f_a_s_t___g_l_o_b option causes ssuuddoo to use the _f_n_m_a_t_c_h(3) function, which does not access the file system to do its matching. The disadvantage of _f_a_s_t___g_l_o_b is that it is @@ -713,22 +718,22 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) incorrect password. This flag is _o_f_f by default. log_host If set, the host name will be logged in the (non- - syslog) ssuuddoo log file. This flag is _o_f_f by default. - log_year If set, the four-digit year will be logged in the (non- - syslog) ssuuddoo log file. This flag is _o_f_f by default. +1.7.4 July 21, 2010 11 -1.7.4b3 July 21, 2010 11 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + syslog) ssuuddoo log file. This flag is _o_f_f by default. + log_year If set, the four-digit year will be logged in the (non- + syslog) ssuuddoo log file. This flag is _o_f_f by default. long_otp_prompt When validating with a One Time Password (OPT) scheme such as SS//KKeeyy or OOPPIIEE, a two-line prompt is used to @@ -779,15 +784,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The password prompt specified by _p_a_s_s_p_r_o_m_p_t will normally only be used if the password prompt provided by systems such as PAM matches the string "Password:". - If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always - be used. This flag is _o_f_f by default. - - preserve_groups By default, ssuuddoo will initialize the group vector to - the list of groups the target user is in. When -1.7.4b3 July 21, 2010 12 +1.7.4 July 21, 2010 12 @@ -796,6 +796,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always + be used. This flag is _o_f_f by default. + + preserve_groups By default, ssuuddoo will initialize the group vector to + the list of groups the target user is in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's existing group vector is left unaltered. The real and effective group IDs, however, are still set to match the target user. @@ -845,15 +850,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) disabled. This flag is _o_f_f by default. set_logname Normally, ssuuddoo will set the LOGNAME, USER and USERNAME - environment variables to the name of the target user - (usually root unless the --uu option is given). However, - since some programs (including the RCS revision control - system) use LOGNAME to determine the real identity of - the user, it may be desirable to change this behavior. -1.7.4b3 July 21, 2010 13 +1.7.4 July 21, 2010 13 @@ -862,6 +862,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + environment variables to the name of the target user + (usually root unless the --uu option is given). However, + since some programs (including the RCS revision control + system) use LOGNAME to determine the real identity of + the user, it may be desirable to change this behavior. This can be done by negating the set_logname option. Note that if the _e_n_v___r_e_s_e_t option has not been disabled, entries in the _e_n_v___k_e_e_p list will override @@ -911,15 +916,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) a unique session ID that is included in the normal ssuuddoo log line, prefixed with _T_S_I_D_=. - log_output If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and - log all output that is sent to the screen, similar to - the _s_c_r_i_p_t(1) command. If the standard output or - standard error is not connected to the user's tty, due - to I/O redirection or because the command is part of a -1.7.4b3 July 21, 2010 14 +1.7.4 July 21, 2010 14 @@ -928,6 +928,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + log_output If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and + log all output that is sent to the screen, similar to + the _s_c_r_i_p_t(1) command. If the standard output or + standard error is not connected to the user's tty, due + to I/O redirection or because the command is part of a pipeline, that output is also captured and stored in separate log files. @@ -977,15 +982,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) closefrom Before it executes a command, ssuuddoo will close all open file descriptors other than standard input, standard - output and standard error (ie: file descriptors 0-2). - The _c_l_o_s_e_f_r_o_m option can be used to specify a different - file descriptor at which to start closing. The default - is 3. - -1.7.4b3 July 21, 2010 15 +1.7.4 July 21, 2010 15 @@ -994,6 +994,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + output and standard error (ie: file descriptors 0-2). + The _c_l_o_s_e_f_r_o_m option can be used to specify a different + file descriptor at which to start closing. The default + is 3. + passwd_tries The number of tries a user gets to enter his/her password before ssuuddoo logs the failure and exits. The default is 3. @@ -1043,15 +1048,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) possible, or the first editor in the list that exists and is executable. The default is "vi". - mailsub Subject of the mail sent to the _m_a_i_l_t_o user. The escape - %h will expand to the host name of the machine. - Default is *** SECURITY information for %h ***. - - noexec_file Path to a shared library containing dummy versions of -1.7.4b3 July 21, 2010 16 +1.7.4 July 21, 2010 16 @@ -1060,6 +1060,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + mailsub Subject of the mail sent to the _m_a_i_l_t_o user. The escape + %h will expand to the host name of the machine. + Default is *** SECURITY information for %h ***. + + noexec_file Path to a shared library containing dummy versions of the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and _f_e_x_e_c_v_e_(_) library functions that just return an error. This is used to implement the _n_o_e_x_e_c functionality on systems that support @@ -1109,15 +1114,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) syslog_goodpri Syslog priority to use when user authenticates successfully. Defaults to notice. - sudoers_locale Locale to use when parsing the sudoers file. Note that - changing the locale may affect how sudoers is - interpreted. Defaults to "C". - - timestampdir The directory in which ssuuddoo stores its timestamp files. -1.7.4b3 July 21, 2010 17 +1.7.4 July 21, 2010 17 @@ -1126,6 +1126,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + sudoers_locale Locale to use when parsing the sudoers file. Note that + changing the locale may affect how sudoers is + interpreted. Defaults to "C". + + timestampdir The directory in which ssuuddoo stores its timestamp files. The default is _/_v_a_r_/_a_d_m_/_s_u_d_o. timestampowner The owner of the timestamp directory and the timestamps @@ -1175,15 +1180,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Negating the option results in a value of _n_e_v_e_r being used. The default value is _o_n_c_e. - lecture_file - Path to a file containing an alternate ssuuddoo lecture that - will be used in place of the standard lecture if the named - file exists. By default, ssuuddoo uses a built-in lecture. - -1.7.4b3 July 21, 2010 18 +1.7.4 July 21, 2010 18 @@ -1192,6 +1192,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + lecture_file + Path to a file containing an alternate ssuuddoo lecture that + will be used in place of the standard lecture if the named + file exists. By default, ssuuddoo uses a built-in lecture. + listpw This option controls when a password will be required when a user runs ssuuddoo with the --ll option. It has the following possible values: @@ -1241,15 +1246,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) option is not set by default. syslog Syslog facility if syslog is being used for logging (negate - to disable syslog logging). Defaults to local2. - - verifypw This option controls when a password will be required when - a user runs ssuuddoo with the --vv option. It has the following - possible values: -1.7.4b3 July 21, 2010 19 +1.7.4 July 21, 2010 19 @@ -1258,6 +1258,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + to disable syslog logging). Defaults to local2. + + verifypw This option controls when a password will be required when + a user runs ssuuddoo with the --vv option. It has the following + possible values: + all All the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid entering a password. @@ -1306,16 +1312,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) any setuid process (such as ssuuddoo). env_keep Environment variables to be preserved in the user's - environment when the _e_n_v___r_e_s_e_t option is in effect. - This allows fine-grained control over the environment - ssuuddoo-spawned processes will receive. The argument may - be a double-quoted, space-separated list or a single - value without double-quotes. The list can be replaced, - added to, deleted from, or disabled by using the =, +=, -1.7.4b3 July 21, 2010 20 +1.7.4 July 21, 2010 20 @@ -1324,6 +1324,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + environment when the _e_n_v___r_e_s_e_t option is in effect. + This allows fine-grained control over the environment + ssuuddoo-spawned processes will receive. The argument may + be a double-quoted, space-separated list or a single + value without double-quotes. The list can be replaced, + added to, deleted from, or disabled by using the =, +=, -=, and ! operators respectively. The default list of variables to keep is displayed when ssuuddoo is run by root with the _-_V option. @@ -1372,16 +1378,10 @@ EEXXAAMMPPLLEESS Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 Host_Alias SERVERS = master, mail, www, ns - Host_Alias CDROM = orion, perseus, hercules - - # Cmnd alias specification - Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\ - /usr/sbin/restore, /usr/sbin/rrestore - Cmnd_Alias KILL = /usr/bin/kill -1.7.4b3 July 21, 2010 21 +1.7.4 July 21, 2010 21 @@ -1390,6 +1390,12 @@ EEXXAAMMPPLLEESS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + Host_Alias CDROM = orion, perseus, hercules + + # Cmnd alias specification + Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\ + /usr/sbin/restore, /usr/sbin/rrestore + Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt @@ -1439,15 +1445,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) any host but they must authenticate themselves first (since the entry lacks the NOPASSWD tag). - jack CSNETS = ALL - - The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias - (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of - those networks, only 128.138.204.0 has an explicit netmask (in CIDR - -1.7.4b3 July 21, 2010 22 +1.7.4 July 21, 2010 22 @@ -1456,6 +1456,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + jack CSNETS = ALL + + The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias + (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of + those networks, only 128.138.204.0 has an explicit netmask (in CIDR notation) indicating it is a class C network. For the other networks in _C_S_N_E_T_S, the local machine's netmask will be used during matching. @@ -1505,22 +1510,22 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) fred ALL = (DB) NOPASSWD: ALL - The user ffrreedd can run commands as any user in the _D_B Runas_Alias - (oorraaccllee or ssyybbaassee) without giving a password. - john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* +1.7.4 July 21, 2010 23 -1.7.4b3 July 21, 2010 23 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + The user ffrreedd can run commands as any user in the _D_B Runas_Alias + (oorraaccllee or ssyybbaassee) without giving a password. + john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is not allowed to specify any options to the _s_u(1) command. @@ -1571,15 +1576,10 @@ SSEECCUURRIITTYY NNOOTTEESS Doesn't really prevent bbiillll from running the commands listed in _S_U or _S_H_E_L_L_S since he can simply copy those commands to a different name, or use a shell escape from an editor or other program. Therefore, these - kind of restrictions should be considered advisory at best (and - reinforced by policy). - Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to - reliably negate commands where the path name includes globbing (aka - -1.7.4b3 July 21, 2010 24 +1.7.4 July 21, 2010 24 @@ -1588,6 +1588,11 @@ SSEECCUURRIITTYY NNOOTTEESS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + kind of restrictions should be considered advisory at best (and + reinforced by policy). + + Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to + reliably negate commands where the path name includes globbing (aka wildcard) characters. This is because the C library's _f_n_m_a_t_c_h(3) function cannot resolve relative paths. While this is typically only an inconvenience for rules that grant privileges, it can result in a @@ -1637,15 +1642,10 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS File containing dummy exec functions: - then ssuuddoo may be able to replace the exec family of functions - in the standard library with its own that simply return an - error. Unfortunately, there is no foolproof way to know - whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c - should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, -1.7.4b3 July 21, 2010 25 +1.7.4 July 21, 2010 25 @@ -1654,6 +1654,11 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + then ssuuddoo may be able to replace the exec family of functions + in the standard library with its own that simply return an + error. Unfortunately, there is no foolproof way to know + whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c + should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and UnixWare. _n_o_e_x_e_c is expected to work on most operating systems that support the LD_PRELOAD environment variable. @@ -1702,6 +1707,19 @@ SSUUPPPPOORRTT http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. + + + + +1.7.4 July 21, 2010 26 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + DDIISSCCLLAAIIMMEERR ssuuddoo is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of @@ -1711,6 +1729,54 @@ DDIISSCCLLAAIIMMEERR -1.7.4b3 July 21, 2010 26 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +1.7.4 July 21, 2010 27 diff --git a/sudoers.man.in b/sudoers.man.in index 2fdd61435..5dff20053 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -148,7 +148,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "July 21, 2010" "1.7.4b3" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "July 21, 2010" "1.7.4" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -318,7 +318,11 @@ or \s-1CIDR\s0 notation (number of bits, e.g.\ 24 or 64). A host name may include shell-style wildcards (see the Wildcards section below), but unless the \f(CW\*(C`host name\*(C'\fR command on your machine returns the fully qualified host name, you'll need to use the \fIfqdn\fR option for -wildcards to be useful. +wildcards to be useful. Note \fBsudo\fR only inspects actual network +interfaces; this means that \s-1IP\s0 address 127.0.0.1 (localhost) will +never match. Also, the host name \*(L"localhost\*(R" will only match if +that is the actual host name, which is usually only the case for +non-networked systems. .PP .Vb 2 \& Cmnd_List ::= Cmnd | diff --git a/sudoers.pod b/sudoers.pod index 7e1c1737b..798295ce6 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -189,7 +189,11 @@ or CIDR notation (number of bits, e.g.E24 or 64). A host name may include shell-style wildcards (see the L section below), but unless the C command on your machine returns the fully qualified host name, you'll need to use the I option for -wildcards to be useful. +wildcards to be useful. Note B only inspects actual network +interfaces; this means that IP address 127.0.0.1 (localhost) will +never match. Also, the host name "localhost" will only match if +that is the actual host name, which is usually only the case for +non-networked systems. Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List