From: Todd C. Miller Date: Sun, 28 Nov 1999 23:51:54 +0000 (+0000) Subject: No longer need the .html files as they are generated automatically X-Git-Tag: SUDO_1_6_1~17 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=96ffd91ec5d0b168ba8f95fa1378d2d00ebdb648;p=sudo No longer need the .html files as they are generated automatically on the web site. --- diff --git a/Makefile.in b/Makefile.in index 0e2c302c9..5bac3f5d3 100644 --- a/Makefile.in +++ b/Makefile.in @@ -251,30 +251,18 @@ securid.o: $(authdir)/securid.c $(AUTHDEP) sia.o: $(authdir)/sia.c $(AUTHDEP) $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c -sudo.html: $(srcdir)/sudo.pod - @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2html --title="Sudo Manual" --infile=sudo.pod --outfile=$(srcdir)/$@) - sudo.man: $(srcdir)/sudo.pod @rm -f $(srcdir)/$@ (cd $(srcdir); pod2man --section=$(mansect8) --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod > $(srcdir)/$@) sudo.cat: sudo.man -visudo.html: $(srcdir)/visudo.pod - @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2html --title="Visudo Manual" --infile=visudo.pod --outfile=$(srcdir)/$@) - visudo.man: $(srcdir)/visudo.pod @rm -f $(srcdir)/$@ (cd $(srcdir); pod2man --section=$(mansect8) --release=$(VERSION) --center="MAINTENANCE COMMANDS" visudo.pod > $(srcdir)/$@) visudo.cat: visudo.man -sudoers.html: $(srcdir)/sudoers.pod - @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2html --title="Sudoers Manual" --infile=sudoers.pod --outfile=$(srcdir)/$@) - sudoers.man: $(srcdir)/sudoers.pod @rm -f $(srcdir)/$@ (cd $(srcdir); pod2man --section=$(mansect5) --release=$(VERSION) --center="FILE FORMATS" sudoers.pod > $(srcdir)/$@) @@ -321,7 +309,7 @@ mostlyclean: clean distclean: clean -rm -f Makefile pathnames.h config.h config.status config.cache \ - config.log pod2html-dircache pod2html-itemcache $(PARSESRCS) + config.log $(PARSESRCS) clobber: distclean diff --git a/sudo.html b/sudo.html deleted file mode 100644 index ed9168b47..000000000 --- a/sudo.html +++ /dev/null @@ -1,350 +0,0 @@ - - -Sudo Manual - - - - - - - - - - -
-

-

-

NAME

-

-sudo - execute a command as another user - -

-

-

SYNOPSIS

-

-sudo -V | -h | -l | -L | -v | -k | -K | -s | -H | [ -b ] | [ -p prompt ] [ -u username/#uid] command - - - -

-

-

DESCRIPTION

-

-sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The -real and effective uid and gid are set to match those of the target user as -specified in the passwd file (the group vector is also initialized when the -target user is not root). By default, sudo -requires that users authenticate themselves with a password (NOTE: this is -the user's password, not the root password). Once a user has been -authenticated, a timestamp is updated and the user may then use sudo -without a password for a short period of time (five minutes by default). - -

-sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v flag a user can update the time stamp without running a command. -The password prompt itself will also time out if the user's password is not -entered with N minutes (again, this is defined at configure time and -defaults to 5 minutes). - -

-If a user that is not listed in the sudoers file tries to run a command via sudo, mail is sent to the proper authorities, as defined at configure time -(defaults to root). Note that the mail will not be sent if an unauthorized -user tries to run sudo with the -l or -v flags. This allows users to determine for themselves whether or not they -are allowed to use sudo. - -

-sudo can log both successful an unsuccessful attempts (as well as errors) to -syslog(3), a log file, or both. By default sudo -will log via syslog(3) but this is changeable at configure -time. - -

-

-

OPTIONS

-

-sudo accepts the following command line options: - -

-
-V
-

-The -V (version) option causes sudo to print the version number and exit. - -

-l
-

-The -l (list) option will list out the allowed (and forbidden) commands for the user on -the current host. - -

-L
-

-The -L (list defaults) option will list out the parameters that may be set in a Defaults line along with a short description for each. This option is useful in -conjunction with grep(1). - -

-h
-

-The -h (help) option causes sudo to print a usage message and exit. - -

-v
-

-If given the -v (validate) option, sudo will update the user's timestamp, prompting for the user's password if -necessary. This extends the sudo timeout to for another N minutes (where N is defined at installation time -and defaults to 5 minutes) but does not run a command. - -

-k
-

-The -k (kill) option to sudo invalidates the user's timestamp by setting the time on it to the epoch. -The next time sudo is run a password will be required. This option does not require a password -and was added to allow a user to revoke sudo permissions from a .logout file. - -

-K
-

-The -K (sure kill) option to sudo removes the user's timestamp entirely. This option does not require a -password. - -

-b
-

-The -b (background) option tells sudo to run the given command in the background. Note that if you use the -b -option you cannot use shell job control to manipulate the command. - -

-p
-

-The -p (prompt) option allows you to override the default password prompt and use a -custom one. If the password prompt contains the %u escape, %u will be replaced with the user's login name. Similarly, %h will be replaced with the local hostname. - -

-u
-

-The -u (user) option causes sudo to run the specified command as a user other than root. To specify a uid instead of a -username, use ``#uid''. - -

-s
-

-The -s (shell) option runs the shell specified by the SHELL -environment variable if it is set or the shell as specified in -passwd(5). - -

-H
-

-The -H (HOME) option sets the HOME environment variable to the homedir of the target user (root by default) as -specified in passwd(5). By default, sudo does not modify HOME. - -

--
-

-The -- flag indicates that sudo should stop processing command line arguments. It is most useful in -conjunction with the -s flag. - -

-

-

-

RETURN VALUES

-

-sudo quits with an exit value of 1 if there is a configuration/permission -problem or if sudo cannot execute the given command. In the latter case the error string is -printed to stderr. If sudo cannot stat(2) one or more entries in the user's -PATH an error is printed on stderr. (If the directory does not exist or if it is -not really a directory, the entry is ignored and no error is printed.) This -should not happen under normal circumstances. The most common reason for -stat(2) to return ``permission denied'' is if you are running -an automounter and one of the directories in your PATH is on a machine that is currently unreachable. - -

-

-

SECURITY NOTES

-

-sudo tries to be safe when executing external commands. Variables that control -how dynamic loading and binding is done can be used to subvert the program -that sudo runs. To combat this the -LD_*, _RLD_*, SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables are removed from the environment passed on -to all commands executed. sudo will also remove the IFS, -ENV, BASH_ENV, KRB_CONF, KRB5_CONFIG, LOCALDOMAIN, -RES_OPTIONS and HOSTALIASES variables as they too can pose a threat. - -

-To prevent command spoofing, sudo checks ``.'' and ``'' (both denoting current directory) last when searching -for a command in the user's PATH (if one or both are in the PATH). Note, -however, that the actual PATH environment variable is not modified and is passed unchanged to the program that sudo executes. - -

-For security reasons, if your OS supports shared libraries and does not -disable user-defined library search paths for setuid programs (most do), -you should either use a linker option that disables this behavior or link sudo statically. - -

-sudo will check the ownership of its timestamp directory (/var/run/sudo or /tmp/.odus by default) and ignore the directory's contents if it is not owned by root -and only writable by root. On systems that allow non-root users to give -away files via chown(2), if the timestamp directory is located -in a directory writable by anyone (ie: /tmp), it is possible for a user to create the timestamp directory before sudo is run. However, because sudo checks the ownership and mode of the directory and its contents, the only -damage that can be done is to ``hide'' files by putting them in the -timestamp dir. This is unlikely to happen since once the timestamp dir is -owned by root and inaccessible by any other user the user placing files -there would be unable to get them back out. To get around this issue you -can use a directory that is not world-writable for the timestamps (/var/adm/sudo for instance) or create /tmp/.odus with the appropriate owner (root) and -permissions (0700) in the system startup files. - -

-sudo will not honor timestamps set far in the future. Timestamps with a date -greater than current_time + 2 * TIMEOUT -will be ignored and sudo will log and complain. This is done to keep a user -from creating his/her own timestamp with a bogus date on system that allow -users to give away files. - -

-

-

EXAMPLES

-

-Note: the following examples assume suitable sudoers(5) -entries. - -

-To get a file listing of an unreadable directory: - -

-

 % sudo ls /usr/local/protected
-
-

-To list the home directory of user yazza on a machine where the filesystem -holding ~yazza is not exported as root: - -

-

 % sudo -u yazza ls ~yazza
-
-

-To edit the index.html file as user www: - -

-

 % sudo -u www vi ~www/htdocs/index.html
-
-

-To shutdown a machine: - -

-

 % sudo shutdown -r +15 "quick reboot"
-
-

-To make a usage listing of the directories in the /home partition. Note -that this runs the commands in a sub-shell to make the cd and file redirection work. - -

-

 % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
-
-

-

-

ENVIRONMENT

-

-sudo utilizes the following environment variables: - -

-

 PATH                   Set to a sane value if SECURE_PATH is set
- SHELL                  Used to determine shell to run with -s option
- USER                   Set to the target user (root unless the -u option
-                        is specified)
- HOME                   In -s or -H mode (or if sudo was configured with
-                        the --enable-shell-sets-home option), set to
-                        homedir of the target user.
- SUDO_PROMPT            Used as the default password prompt
- SUDO_COMMAND           Set to the command run by sudo
- SUDO_USER              Set to the login of the user who invoked sudo
- SUDO_UID               Set to the uid of the user who invoked sudo
- SUDO_GID               Set to the gid of the user who invoked sudo
- SUDO_PS1               If set, PS1 will be set to its value
-
-

-

-

FILES

-

-

 /etc/sudoers           List of who can run what
- /var/run/sudo          Directory containing timestamps
-
-

-sudo utilizes the following environment variables: - -

-

 PATH                   Set to a sane value if SECURE_PATH is set
- SHELL                  Used to determine shell to run with -s option
- USER                   Set to the target user (root unless the -u option
-                        is specified)
- HOME                   In -s or -H mode (or if sudo was configured with
-                        the --enable-shell-sets-home option), set to
-                        homedir of the target user.
- SUDO_PROMPT            Used as the default password prompt
- SUDO_COMMAND           Set to the command run by sudo
- SUDO_USER              Set to the login of the user who invoked sudo
- SUDO_UID               Set to the uid of the user who invoked sudo
- SUDO_GID               Set to the gid of the user who invoked sudo
- SUDO_PS1               If set, PS1 will be set to its value
-
-

-

-

FILES

-

-

 /etc/sudoers           List of who can run what
- /var/run/sudo          Directory containing timestamps
- /tmp/.odus             Same as above if no /var/run exists
-
-

-

-

AUTHORS

-

-Many people have worked on sudo over the years, this version consists of code written primarily by: - -

-

        Todd Miller
-        Chris Jepeway
-
-

-See the HISTORY file in the sudo distribution for a short history of sudo. - -

-

-

BUGS

-

-If you feel you have found a bug in sudo, please submit a bug report at http://www.courtesan.com/sudo/bugs/. - - -

-

-

DISCLAIMER

-

-Sudo is provided ``AS IS'' and any express or implied warranties, including, but -not limited to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. See the LICENSE file distributed with sudo for complete details. - -

-

-

CAVEATS

-

-There is no easy way to prevent a user from gaining a root shell if that -user has access to commands allowing shell escapes. - -

-If users have sudo ALL there is nothing to prevent them from creating their own program that gives -them a root shell regardless of any '!' elements in the user specification. - -

-Running shell scripts via sudo can expose the same kernel bugs that make setuid shell scripts unsafe on -some operating systems (if your OS supports the /dev/fd/ directory, setuid -shell scripts are generally safe). - -

-

-

SEE ALSO

-

-sudoers(5), visudo(8), su(1). - - - diff --git a/sudoers.html b/sudoers.html deleted file mode 100644 index 221746646..000000000 --- a/sudoers.html +++ /dev/null @@ -1,810 +0,0 @@ - - -Sudoers Manual - - - - - - - -

- - -
-

-

-

NAME

-

-sudoers - list of which users may execute what - -

-

-

DESCRIPTION

-

-The sudoers file is composed two types of entries: aliases (basically variables) and -user specifications (which specify who may run what). The grammar of sudoers -will be described below in Extended Backus-Naur Form (EBNF). Don't despair -if you don't know what EBNF is, it is fairly simple and the definitions -below are annotated. - -

-

-

Quick guide to EBNF

-

-EBNF is a concise and exact way of describing the grammar of a language. -Each EBNF definition is made up of production rules. Eg. - -

-

 symbol ::= definition | alternate1 | alternate2 ...
-
-

-Each production rule references others and thus makes up a grammar for the language. EBNF also -contains the following operators, which many readers will recognize from -regular expressions. Do not, however, confuse them with ``wildcard'' -characters, which have different meanings. - -

-
?
-

-Means that the preceding symbol (or group of symbols) is optional. That is, -it may appear once or not at all. - -

*
-

-Means that the preceding symbol (or group of symbols) may appear zero or -more times. - -

+
-

-Means that the preceding symbol (or group of symbols) may appear one or -more times. - -

-

-Parentheses may be used to group symbols together. For clarity, we will use -single quotes ('') to designate what is a verbatim character string (as -opposed to a symbol name). - -

-

-

Aliases

-

-There are four kinds of aliases: the User_Alias, Runas_Alias, -Host_Alias and Cmnd_Alias. - -

-

 Alias ::= 'User_Alias' = User_Alias (':' User_Alias)* |
-           'Runas_Alias' (':' Runas_Alias)* |
-           'Host_Alias' (':' Host_Alias)* |
-           'Cmnd_Alias' (':' Cmnd_Alias)*
-
-

-

 User_Alias ::= NAME '=' User_List
-
-

-

 Runas_Alias ::= NAME '=' Runas_User_List
-
-

-

 Host_Alias ::= NAME '=' Host_List
-
-

-

 Cmnd_Alias ::= NAME '=' Cmnd_List
-
-

-

 NAME ::= [A-Z]([A-Z][0-9]_)*
-
-

-Each alias definition is of the form - -

-

 Alias_Type NAME = item1, item2, ...
-
-

-where Alias_Type is one of User_Alias, Runas_Alias, Host_Alias, or Cmnd_Alias. A NAME is a string of upper case letters, numbers, and the underscore characters -('_'). A NAME must start with an upper case letter. It is possible to put several alias -definitions of the same type on a single line, joined by a semicolon (':'). -Eg. - -

-

 Alias_Type NAME = item1, item2, item3 : NAME = item4, item5
-
-

-The definitions of what constitutes a valid alias member follow. - -

-

 User_List ::= User |
-               User ',' User_List
-
-

-

 User ::= '!'* username |
-          '!'* '#'uid |
-          '!'* '%'group |
-          '!'* '+'netgroup |
-          '!'* User_Alias
-
-

-A User_List is made up of one or more usernames, uids (prefixed with '#'), System -groups (prefixed with '%'), netgroups (prefixed with '+') and other -aliases. Each list item may be prefixed with one or more '!' operators. An -odd number of '!' operators negates the value of the item; an even number -just cancel each other out. - -

-

 Runas_List ::= Runas_User |
-                Runas_User ',' Runas_List
-
-

-

 Runas_User ::= '!'* username |
-                '!'* '#'uid |
-                '!'* '%'group |
-                '!'* +netgroup |
-                '!'* Runas_Alias
-
-

-Likewise, a Runas_List has the same possible elements as a User_List, except that it can include a Runas_Alias, instead of a User_Alias. - -

-

 Host_List ::= Host |
-               Host ',' Host_List
-
-

-

 Host ::= '!'* hostname |
-          '!'* ip_addr |
-          '!'* network(/netmask)? |
-          '!'* '+'netgroup |
-          '!'* Host_Alias
-
-

-A Host_List is made up of one or more hostnames, IP addresses, network numbers, -netgroups (prefixed with '+') and other aliases. Again, the value of an -item may be negated with the '!' operator. If you do not specify a netmask -with a network number, the netmask of the host's ethernet -interface(s) will be used when matching. The netmask may be -specified either in dotted quad notation (eg. 255.255.255.0) or CIDR -notation (number of bits, eg. 24). - -

-

 Cmnd_List ::= Cmnd |
-               Cmnd ',' Cmnd_List
-
-

-

 commandname ::= filename |
-                 filename args |
-                 filename '""'
-
-

-

 Cmnd ::= '!'* commandname |
-          '!'* directory |
-          '!'* Cmnd_Alias
-
-

-A Cmnd_List is a list of one or more commandnames, directories, and other aliases. A -commandname is a fully-qualified filename which may include shell-style -wildcards (see `Wildcards' section below). A simple filename allows the -user to run the command with any arguments he/she wishes. However, you may -also command line arguments (including wildcards). Alternately, you can -specify "" to indicate that the command may only be run without command line arguments. A directory is a fully qualified pathname ending in -a '/'. When you specify a directory in a Cmnd_List, the user will be able to run any file within that directory (but not in -any subdirectories therein). - -

-If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match -the wildcards if there are any). Note that the following characters must be -escaped with a '\' if they are used in command arguments: ',', ':', '=', -'\'. - -

-

-

Defaults

-

-Certain configuration options may be changed from their default values at -runtime via one or more Default_Entry lines. These may affect all users on any host, all users on a specific -host, or just a specific user. When multiple entries match, they are -applied in order. Where there are conflicting values, the last value on a -matching line takes effect. - -

-

 Default_Type ::= 'Defaults' ||
-                  'Defaults' ':' User ||
-                  'Defaults' '@' Host
-
-

-

 Default_Entry ::= Default_Type Parameter_List
-
-

-

 Parameter ::= Parameter '=' Value ||
-               '!'* Parameter ||
-
-

-Parameters may be flags, integer values, or strings. Flags are implicitly boolean and can be turned off via the '!' operator. -Some integer and string parameters may also be used in a boolean context to -disable them. Values may be enclosed in double quotes (") when they contain multiple words. Special characters may be escaped with -a backslash (\). - -

-Flags: - -

-
long_otp_prompt
-

-Put OTP prompt on its own line - -

ignore_dot
-

-Ignore '.' in $PATH - -

mail_always
-

-Always send mail when sudo is run - -

mail_no_user
-

-Send mail if the user is not in sudoers - -

mail_no_host
-

-Send mail if the user is not in sudoers for this host - -

mail_no_perms
-

-Send mail if the user is not allowed to run a command - -

tty_tickets
-

-Use a separate timestamp for each user/tty combo - -

lecture
-

-Lecture user the first time they run sudo - -

authenticate
-

-Require users to authenticate by default - -

root_sudo
-

-Root may run sudo - -

log_host
-

-Log the hostname in the (non-syslog) log file - -

log_year
-

-Log the year in the (non-syslog) log file - -

shell_noargs
-

-If sudo is invoked with no arguments, start a shell - -

set_home
-

-Set $HOME to the target user when starting a shell with -s - - - -

path_info
-

-Allow some information gathering to give useful error messages - -

fqdn
-

-Require fully-qualified hostnames in the sudoers file - -

insults
-

-Insult the user when they enter an incorrect password - -

requiretty
-

-Only allow the user to run sudo if they have a tty - -

-

-Integers: - -

-
passwd_tries
-

-Number of tries to enter a password - -

-

-Integers that can be used in a boolean context: - -

-
loglinelen
-

-Length at which to wrap log file lines (use 0 or negate for no wrap) - -

timestamp_timeout
-

-Authentication timestamp timeout - -

passwd_timeout
-

-Password prompt timeout - -

umask
-

-Umask to use or 0777 to use user's - -

-

-Strings: - -

-
mailsub
-

-Subject line for mail messages - -

badpass_message
-

-Incorrect password message - -

timestampdir
-

-Path to authentication timestamp dir - -

passprompt
-

-Default password prompt - -

runas_default
-

-Default user to run commands as - -

syslog_goodpri
-

-Syslog priority to use when user authenticates successfully - -

syslog_badpri
-

-Syslog priority to use when user authenticates unsuccessfully - -

-

-Strings that can be used in a boolean context: - -

-
syslog
-

-Syslog facility if syslog is being used for logging (negate to disable -syslog) - -

mailerpath
-

-Path to mail program - -

mailerflags
-

-Flags for mail program - -

mailto
-

-Address to send mail to - -

exempt_group
-

-Users in this group are exempt from password and PATH requirements - -

secure_path
-

-Value to override user's $PATH with - -

-

-When logging via syslog(3), sudo accepts the following values -for the syslog facility (the value of the syslog Parameter): authpriv (if your OS supports it), auth, daemon, user, local0, local1, local2, -local3, local4, local5, local6, and local7. The following syslog priorities are supported: alert, crit, debug, emerg, -err, info, notice, and warning. - -

-

-

User Specification

-

-

 Runas_Spec ::= '(' Runas_List ')'
-
-

-

 Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd
-
-

-

 Cmnd_Spec_List ::= Cmnd_Spec |
-                    Cmnd_Spec ',' Cmnd_Spec_List
-
-

-

 User_Spec ::= User_list Cmnd_Spec_List (':' User_Spec)*
-
-

-A user specification determines which commands a user may run (and as what user) on specified -hosts. By default, commands are run as root but this can be changed on a per-command basis. - -

-Let's break that down into its constituent parts: - -

-

-

Runas_Spec

-

-A Runas_Spec is simply a Runas_List (as defined above) enclosed in a set of parentheses. If you do not specify -a -Runas_Spec in the user specification, a default Runas_Spec -of root will be used. A Runas_Spec sets the default for commands that follow it. What this means is that for -the entry: - -

-

 dgb    boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who
-
-

-The user dgb may run /bin/ls, /bin/kill, and -/usr/bin/lprm -- but only as operator. Eg. - -

-

    sudo -u operator /bin/ls.
-
-

-It is also possible to override a Runas_Spec later on in an entry. If we modify the entry like so: - -

-

 dgb    boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
-
-

-Then user dgb is now allowed to run /bin/ls as operator, but /bin/kill and /usr/bin/lprm as root. - -

-

-

NOPASSWD and PASSWD

-

-By default, sudo requires that a user authenticate him or herself before running a command. -This behavior can be modified via the -NOPASSWD tag. Like a Runas_Spec, the NOPASSWD tag sets a default for the commands that follow it in the Cmnd_Spec_List. Conversely, the PASSWD tag can be used to reverse things. For example: - -

-

 ray    rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
-
-

-would allow the user ray to run /bin/kill, /bin/ls, and -/usr/bin/lprm as root on the machine rushmore as root without authenticating himself. If we only want ray to be able to run /bin/kill without a password the entry would be: - -

-

 ray    rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
-
-

-

-

Wildcards (aka meta characters):

-

-sudo allows shell-style wildcards to be used in pathnames as well as command line arguments in the sudoers file. Wildcard matching is done via the POSIX fnmatch(3) routine. Note that these are not regular expressions. - -

-

-Note that a forward slash ('/') will not be matched by wildcards used in the pathname. When matching the command -line arguments, however, as slash does get matched by wildcards. This is to make a path like: - -

-

    /usr/bin/*
-
-

-match /usr/bin/who but not /usr/bin/X11/xterm. - -

-

-

Exceptions to wildcard rules:

-

-The following exceptions apply to the above rules: - -

-
""
-

-If the empty string "" is the only command line argument in the -sudoers entry it means that command is not allowed to be run with any arguments. - -

-

-

-

Other special characters and reserved words:

-

-The pound sign ('#') is used to indicate a comment (unless it occurs in the -context of a user name and is followed by one or more digits, in which case -it is treated as a uid). Both the comment character and any text after it, -up to the end of the line, are ignored. - -

-The reserved word ALL is a a built in alias that always causes a match to succeed. It can be used wherever one might -otherwise use a Cmnd_Alias, User_Alias, Runas_Alias, or Host_Alias. You should not try to define your own alias called ALL as the built in alias will be used in preference to your own. Please note -that using ALL can be dangerous since in a command context, it allows the user to run any command on the system. - -

-An exclamation point ('!') can be used as a logical not operator both in an alias and in front of a Cmnd. This allows one to exclude certain values. Note, however, that using a ! in conjunction with the built in ALL alias to allow a user to run ``all but a few'' commands rarely works as -intended (see SECURITY NOTES below). - -

-Long lines can be continued with a backslash ('\') as the last character on -the line. - -

-Whitespace between elements in a list as well as specicial syntactic -characters in a User Specification ('=', ':', '(', ')') is optional. - -

-The following characters must be escaped with a backslash ('\') when used -as part of a word (eg. a username or hostname): '@', '!', '=', ':', ',', -'(', ')', '\'. - -

-

-

EXAMPLES

-

-Below are example sudoers entries. Admittedly, some of these are a bit contrived. First, we define -our aliases: - -

-

 # User alias specification
- User_Alias     FULLTIMERS = millert, mikef, dowdy
- User_Alias     PARTTIMERS = bostley, jwfox, crawl
- User_Alias     WEBMASTERS = will, wendy, wim
-
-

-

 # Runas alias specification
- Runas_Alias    OP = root, operator
- Runas_Alias    DB = oracle, sybase
-
-

-

 # Host alias specification
- Host_Alias     SPARC = bigtime, eclipse, moet, anchor :\
-                SGI = grolsch, dandelion, black :\
-                ALPHA = widget, thalamus, foobar :\
-                HPPA = boa, nag, python
- Host_Alias     CUNETS = 128.138.0.0/255.255.0.0
- Host_Alias     CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
- Host_Alias     SERVERS = master, mail, www, ns
- Host_Alias     CDROM = orion, perseus, hercules
-
-

-

 # Cmnd alias specification
- Cmnd_Alias     DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
-                        /usr/sbin/restore, /usr/sbin/rrestore
- Cmnd_Alias     KILL = /usr/bin/kill
- Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm
- Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown
- Cmnd_Alias     HALT = /usr/sbin/halt, /usr/sbin/fasthalt
- Cmnd_Alias     REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
- Cmnd_Alias     SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
-                         /usr/local/bin/tcsh, /usr/bin/rsh, \
-                         /usr/local/bin/zsh
- Cmnd_Alias     SU = /usr/bin/su
-
-

-Here we override some of the compiled in default values. We want sudo to -log via syslog(3) using the auth facility in all cases. We don't want to subject the full time staff to the sudo lecture, and user millert need not give a password. In addition, on the machines in the SERVERS Host_Alias, we keep an additional local log file and make sure we log the year in -each log line since the log entries will be kept around for several years. - -

-

 # Override builtin defaults
- Defaults               syslog=auth
- Defaults:FULLTIMERS    !lecture
- Defaults:millert       !authenticate
- Defaults@SERVERS       log_year, logfile=/var/log/sudo.log
-
-

-The User specification is the part that actually determines who may run what. - -

-

 root           ALL = (ALL) ALL
- %wheel         ALL = (ALL) ALL
-
-

-We let root and any user in group wheel run any command on any host as any user. - -

-

 FULLTIMERS     ALL = NOPASSWD: ALL
-
-

-Full time sysadmins (millert, mikef, and dowdy) may run any command on any host without authenticating themselves. - -

-

 PARTTIMERS     ALL = ALL
-
-

-Part time sysadmins (bostley, jwfox, and crawl) may run any command on any host but they must authenticate themselves -first (since the entry lacks the NOPASSWD tag). - -

-

 jack           CSNETS = ALL
-
-

-The user jack may run any command on the machines in the CSNETS alias (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of those networks, only <128.138.204.0> has an explicit netmask (in CIDR notation) indicating it -is a class C network. For the other networks in CSNETS, the local machine's netmask will be used during matching. - -

-

 lisa           CUNETS = ALL
-
-

-The user lisa may run any command on any host in the CUNETS alias (the class B network 128.138.0.0). - -

-

 operator       ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\
-                /usr/oper/bin/
-
-

-The operator user may run commands limited to simple maintenance. Here, those are -commands related to backups, killing processes, the printing system, -shutting down the system, and any commands in the directory /usr/oper/bin/. - -

-

 joe            ALL = /usr/bin/su operator
-
-

-The user joe may only su(1) to operator. - -

-

 pete           HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
-
-

-The user pete is allowed to change anyone's password except for root on the HPPA machines. Note that this assumes passwd(1) does not take -multiple usernames on the command line. - -

-

 bob            SPARC = (OP) ALL : SGI = (OP) ALL
-
-

-The user bob may run anything on the SPARC and SGI machines as any user listed in the OP Runas_Alias (root and operator). - -

-

 jim            +biglab = ALL
-
-

-The user jim may run any command on machines in the biglab netgroup. -Sudo knows that ``biglab'' is a netgroup due to the '+' prefix. - -

-

 +secretaries   ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
-
-

-Users in the secretaries netgroup need to help manage the printers as well as add and remove users, -so they are allowed to run those commands on all machines. - -

-

 fred           ALL = (DB) NOPASSWD: ALL
-
-

-The user fred can run commands as any user in the DB Runas_Alias -(oracle or sybase) without giving a password. - -

-

 john           ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
-
-

-On the ALPHA machines, user john may su to anyone except root but he is not allowed to give -su(1) any flags. - -

-

 jen            ALL, !SERVERS = ALL
-
-

-The user jen may run any command on any machine except for those in the SERVERS Host_Alias (master, mail, www and ns). - -

-

 jill           SERVERS = /usr/bin/, !SU, !SHELLS
-
-

-For any machine in the SERVERS Host_Alias, jill may run any commands in the directory /usr/bin/ except for those commands -belonging to the SU and SHELLS Cmnd_Aliases. - -

-

 steve          CSNETS = (operator) /usr/local/op_commands/
-
-

-The user steve may run any command in the directory /usr/local/op_commands/ but only as -user operator. - -

-

 matt           valkyrie = KILL
-
-

-On his personal workstation, valkyrie, matt needs to be able to kill hung processes. - -

-

 WEBMASTERS     www = (www) ALL, (root) /usr/bin/su www
-
-

-On the host www, any user in the WEBMASTERS User_Alias (will, wendy, and wim), may run any command as user www (which owns the web -pages) or simply su(1) to www. - -

-

 ALL            CDROM = NOPASSWD: /sbin/umount /CDROM,\
-                /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
-
-

-Any user may mount or unmount a CD-ROM on the machines in the CDROM -Host_Alias (orion, perseus, hercules) without entering a password. This is a bit -tedious for users to type, so it is a prime candiate for encapsulating in a -shell script. - -

-

-

SECURITY NOTES

-

-It is generally not effective to ``subtract'' commands from ALL -using the '!' operator. A user can trivially circumvent this by copying the -desired command to a different name and then executing that. For example: - -

-

    bill        ALL = ALL, !SU, !SHELLS
-
-

-Doesn't really prevent bill from running the commands listed in -SU or SHELLS since he can simply copy those commands to a different name, or use a shell -escape from an editor or other program. Therefore, these kind of -restrictions should be considered advisory at best (and reinforced by -policy). - -

-

-

CAVEATS

-

-The sudoers file should always be edited by the visudo -command which locks the file and does grammatical checking. It is -imperative that sudoers be free of syntax errors since sudo -will not run with a syntactically incorrect sudoers file. - -

-

-

FILES

-

-

 /etc/sudoers           List of who can run what
- /etc/group             Local groups file
- /etc/netgroup          List of network groups
-
-

-

-

SEE ALSO

-

-sudo(8), visudo(8), su(1), fnmatch(3). - - - diff --git a/visudo.html b/visudo.html deleted file mode 100644 index 8eaaf9b51..000000000 --- a/visudo.html +++ /dev/null @@ -1,151 +0,0 @@ - - -Visudo Manual - - - - - - - -

- - -
-

-

-

NAME

-

-visudo - edit the sudoers file - -

-

-

SYNOPSIS

-

-visudo [ -s ] [ -V ] - -

-

-

DESCRIPTION

-

-visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and -checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again -later. In the default configuration, the vi(1) editor is used, -but there is a compile time option to allow use of whatever editor the -environment variables EDITOR or VISUAL are set to. - -

-visudo parses the sudoers file after the edit and will not save the changes if there is a syntax -error. Upon finding an error, a message will be printed stating the line -number(s) that the error occurred on and the user will receive -the ``What now?'' prompt. At this point the user may enter ``e'' to re-edit -the sudoers file, enter ``x'' to exit without saving the changes, or ``Q'' to quit and -save changes. The ``Q'' option should be used with extreme care because if visudo -believes there to be a parse error, so will sudo and no one will be able to execute sudo again until the error is fixed. Any other command at this prompt will print -a short help message. When editing the sudoers file after a parse error has been detected the cursor will be placed on the -line where the error occurred (if the editor supports this feature). - -

-

-

OPTIONS

-

-visudo accepts the following command line option: - -

-
-s
-

-Enable strict checking of the sudoers file. If an alias is used before it is defined, visudo will consider this a parse error. Note that it is not possible to -differentiate between an alias and a hostname or username that consists -solely of upper case letters, digits, and the underscore ('_') character. - -

-V
-

-The -V (version) option causes visudo to print the version number and exit. - -

-

-

-

ERRORS

-
-
sudoers file busy, try again later.
-

-Someone else is currently editing the sudoers file. - -

/etc/sudoers.tmp: Permission denied
-

-You didn't run visudo as root. - -

Can't find you in the passwd database
-

-Your userid does not appear in the system passwd file. - -

Warning: undeclared Alias referenced near ...
-

-Either you are using a {User,Runas,Host,Cmnd}_Alias before defining it or -you have a user or hostname listed that consists solely of upper case -letters, digits, and the underscore ('_') character. If the latter, you can -ignore the warnings (sudo will not complain). In -s (strict) mode these are errors not warnings. - -

ENVIRONMENT

-

-The following environment variables are used only if visudo -was configured with the --with-env-editor option: - -

-

 EDITOR                 Used by visudo as the editor to use
- VISUAL                 Used by visudo if EDITOR is not set
-
-

FILES

-

-

 /etc/sudoers           List of who can run what
- /etc/sudoers.tmp       Lock file for visudo
-
-

AUTHOR

-

-Many people have worked on sudo over the years, this version of -visudo was written by: - -

-

 Todd Miller            <Todd.Miller@courtesan.com>
-
-

-See the HISTORY file in the sudo distribution for more details. - -

BUGS

-

-If you feel you have found a bug in sudo, please submit a bug report at http://www.courtesan.com/sudo/bugs/. - - -

DISCLAIMER

-

-Visudo is provided ``AS IS'' and any express or implied warranties, including, but -not limited to, the implied warranties of merchantability and fitness for a -particular purpose are disclaimed. See the LICENSE file distributed with sudo for complete details. - -

CAVEATS

-

-There is no easy way to prevent a user from gaining a root shell if the -editor used by visudo allows shell escapes. - -

SEE ALSO

-

-sudo(8), vipw(8). -

- - -