From: Todd C. Miller Date: Mon, 17 Jan 2000 03:57:26 +0000 (+0000) Subject: o Fix some typos/omissions X-Git-Tag: SUDO_1_6_2~21 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a597c4ad556905d0e89ad74bf12c99918accfcb9;p=sudo o Fix some typos/omissions o Add section on verifypw and listpw o Define how NOPASSWD interacts with the -v and -l flags --- diff --git a/sudoers.cat b/sudoers.cat index 439b52848..4c686cdbf 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -50,9 +50,9 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN Runas_Alias, Host_Alias and Cmnd_Alias. Alias ::= 'User_Alias' = User_Alias (':' User_Alias)* | - 'Runas_Alias' (':' Runas_Alias)* | - 'Host_Alias' (':' Host_Alias)* | - 'Cmnd_Alias' (':' Cmnd_Alias)* + 'Runas_Alias' = Runas_Alias (':' Runas_Alias)* | + 'Host_Alias' = Host_Alias (':' Host_Alias)* | + 'Cmnd_Alias' = Cmnd_Alias (':' Cmnd_Alias)* User_Alias ::= NAME '=' User_List @@ -61,7 +61,7 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN -4/Dec/1999 1.6.1 1 +16/Jan/2000 1.6.1 1 @@ -127,7 +127,7 @@ sudoers(5) FILE FORMATS sudoers(5) -4/Dec/1999 1.6.1 2 +16/Jan/2000 1.6.1 2 @@ -193,7 +193,7 @@ sudoers(5) FILE FORMATS sudoers(5) -4/Dec/1999 1.6.1 3 +16/Jan/2000 1.6.1 3 @@ -259,7 +259,7 @@ sudoers(5) FILE FORMATS sudoers(5) -4/Dec/1999 1.6.1 4 +16/Jan/2000 1.6.1 4 @@ -325,7 +325,7 @@ sudoers(5) FILE FORMATS sudoers(5) -4/Dec/1999 1.6.1 5 +16/Jan/2000 1.6.1 5 @@ -353,6 +353,61 @@ sudoers(5) FILE FORMATS sudoers(5) secure_path Value to override user's $PATH with + verifypw This option controls when a password will be + required when a user runs sudo with the ----vvvv. + It has the following possible values: + + all All the user's sudoers entries for the + current host must have the C + flag set to avoid entering a password. + + any At least one of the user's sudoers entries + for the current host must have the + C flag set to avoid entering a + password. + + never The user need never enter a password to use + the B<-v> flag. + + always The user must always enter a password to use + the B<-v> flag. + + The default value is `all'. + + listpw This option controls when a password will be + required when a user runs sudo with the ----llll. + It has the following possible values: + + all All the user's sudoers entries for the + current host must have the C + flag set to avoid entering a password. + + any At least one of the user's sudoers entries + for the current host must have the + C flag set to avoid entering a + password. + + + + + +16/Jan/2000 1.6.1 6 + + + + + +sudoers(5) FILE FORMATS sudoers(5) + + + never The user need never enter a password to use + the B<-l> flag. + + always The user must always enter a password to use + the B<-l> flag. + + The default value is `any'. + When logging via _s_y_s_l_o_g(3), sudo accepts the following values for the syslog facility (the value of the ssssyyyysssslllloooogggg Parameter): aaaauuuutttthhhhpppprrrriiiivvvv (if your OS supports it), aaaauuuutttthhhh, @@ -364,14 +419,15 @@ sudoers(5) FILE FORMATS sudoers(5) UUUUsssseeeerrrr SSSSppppeeeecccciiiiffffiiiiccccaaaattttiiiioooonnnn - Runas_Spec ::= '(' Runas_List ')' - - Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd + User_Spec ::= User_list Host_List '=' User_List Cmnd_Spec_List \ + (':' User_Spec)* Cmnd_Spec_List ::= Cmnd_Spec | Cmnd_Spec ',' Cmnd_Spec_List - User_Spec ::= User_list Cmnd_Spec_List (':' User_Spec)* + Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd + + Runas_Spec ::= '(' Runas_List ')' A uuuusssseeeerrrr ssssppppeeeecccciiiiffffiiiiccccaaaattttiiiioooonnnn determines which commands a user may run (and as what user) on specified hosts. By default, @@ -389,26 +445,26 @@ sudoers(5) FILE FORMATS sudoers(5) commands that follow it. What this means is that for the entry: + dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who + The user ddddggggbbbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m + -- but only as ooooppppeeeerrrraaaattttoooorrrr. Eg. -4/Dec/1999 1.6.1 6 + sudo -u operator /bin/ls. + It is also possible to override a Runas_Spec later on in + an entry. If we modify the entry like so: +16/Jan/2000 1.6.1 7 -sudoers(5) FILE FORMATS sudoers(5) - dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who - The user ddddggggbbbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m - -- but only as ooooppppeeeerrrraaaattttoooorrrr. Eg. - sudo -u operator /bin/ls. +sudoers(5) FILE FORMATS sudoers(5) - It is also possible to override a Runas_Spec later on in - an entry. If we modify the entry like so: dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm @@ -434,6 +490,16 @@ sudoers(5) FILE FORMATS sudoers(5) ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm + Note however, that the PASSWD tag has no effect on users + who are in the group specified by the exempt_group option. + + By default, if the NOPASSWD tag is applied to any of the + entries for a user on the current host, he or she will be + able to run sudo -l without a password. Additionally, a + user may only run sudo -v without a password if the + NOPASSWD tag is present for all a user's entries that + pertain to the current host. This behavior may be + overridden via the verifypw and listpw options. WWWWiiiillllddddccccaaaarrrrddddssss ((((aaaakkkkaaaa mmmmeeeettttaaaa cccchhhhaaaarrrraaaacccctttteeeerrrrssss)))):::: @@ -457,7 +523,7 @@ sudoers(5) FILE FORMATS sudoers(5) -4/Dec/1999 1.6.1 7 +16/Jan/2000 1.6.1 8 @@ -523,7 +589,7 @@ sudoers(5) FILE FORMATS sudoers(5) -4/Dec/1999 1.6.1 8 +16/Jan/2000 1.6.1 9 @@ -589,7 +655,7 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS -4/Dec/1999 1.6.1 9 +16/Jan/2000 1.6.1 10 @@ -655,7 +721,7 @@ sudoers(5) FILE FORMATS sudoers(5) -4/Dec/1999 1.6.1 10 +16/Jan/2000 1.6.1 11 @@ -721,7 +787,7 @@ sudoers(5) FILE FORMATS sudoers(5) -4/Dec/1999 1.6.1 11 +16/Jan/2000 1.6.1 12 @@ -787,7 +853,7 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -4/Dec/1999 1.6.1 12 +16/Jan/2000 1.6.1 13 @@ -853,6 +919,6 @@ sudoers(5) FILE FORMATS sudoers(5) -4/Dec/1999 1.6.1 13 +16/Jan/2000 1.6.1 14 diff --git a/sudoers.man b/sudoers.man index c583af43e..da2dffd8e 100644 --- a/sudoers.man +++ b/sudoers.man @@ -2,8 +2,10 @@ ''' $RCSfile$$Revision$$Date$ ''' ''' $Log$ -''' Revision 1.18 1999/12/05 02:18:47 millert -''' crank version to 1.6 +''' Revision 1.19 2000/01/17 03:57:26 millert +''' o Fix some typos/omissions +''' o Add section on verifypw and listpw +''' o Define how NOPASSWD interacts with the -v and -l flags ''' ''' .de Sh @@ -96,7 +98,7 @@ .nr % 0 .rr F .\} -.TH sudoers 5 "1.6.1" "4/Dec/1999" "FILE FORMATS" +.TH sudoers 5 "1.6.1" "16/Jan/2000" "FILE FORMATS" .UC .if n .hy 0 .if n .na @@ -230,9 +232,9 @@ There are four kinds of aliases: the \f(CWUser_Alias\fR, \f(CWRunas_Alias\fR, .PP .Vb 4 \& Alias ::= 'User_Alias' = User_Alias (':' User_Alias)* | -\& 'Runas_Alias' (':' Runas_Alias)* | -\& 'Host_Alias' (':' Host_Alias)* | -\& 'Cmnd_Alias' (':' Cmnd_Alias)* +\& 'Runas_Alias' = Runas_Alias (':' Runas_Alias)* | +\& 'Host_Alias' = Host_Alias (':' Host_Alias)* | +\& 'Cmnd_Alias' = Cmnd_Alias (':' Cmnd_Alias)* .Ve .Vb 1 \& User_Alias ::= NAME '=' User_List @@ -453,6 +455,54 @@ Address to send mail to Users in this group are exempt from password and \s-1PATH\s0 requirements .Ip "secure_path" 12 Value to override user's \f(CW$PATH\fR with +.Ip "verifypw" 12 +This option controls when a password will be required when a +user runs sudo with the \fB\-v\fR. It has the following possible values: +.Sp +.Vb 3 +\& all All the user's sudoers entries for the +\& current host must have the C +\& flag set to avoid entering a password. +.Ve +.Vb 4 +\& any At least one of the user's sudoers entries +\& for the current host must have the +\& C flag set to avoid entering a +\& password. +.Ve +.Vb 2 +\& never The user need never enter a password to use +\& the B<-v> flag. +.Ve +.Vb 2 +\& always The user must always enter a password to use +\& the B<-v> flag. +.Ve +The default value is `all\*(R'. +.Ip "listpw" 12 +This option controls when a password will be required when a +user runs sudo with the \fB\-l\fR. It has the following possible values: +.Sp +.Vb 3 +\& all All the user's sudoers entries for the +\& current host must have the C +\& flag set to avoid entering a password. +.Ve +.Vb 4 +\& any At least one of the user's sudoers entries +\& for the current host must have the +\& C flag set to avoid entering a +\& password. +.Ve +.Vb 2 +\& never The user need never enter a password to use +\& the B<-l> flag. +.Ve +.Vb 2 +\& always The user must always enter a password to use +\& the B<-l> flag. +.Ve +The default value is `any\*(R'. .PP When logging via \fIsyslog\fR\|(3), sudo accepts the following values for the syslog facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your \s-1OS\s0 @@ -462,18 +512,19 @@ syslog priorities are supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\ \fBerr\fR, \fBinfo\fR, \fBnotice\fR, and \fBwarning\fR. .Sh "User Specification" .PP -.Vb 1 -\& Runas_Spec ::= '(' Runas_List ')' -.Ve -.Vb 1 -\& Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd +.Vb 2 +\& User_Spec ::= User_list Host_List '=' User_List Cmnd_Spec_List \e +\& (':' User_Spec)* .Ve .Vb 2 \& Cmnd_Spec_List ::= Cmnd_Spec | \& Cmnd_Spec ',' Cmnd_Spec_List .Ve .Vb 1 -\& User_Spec ::= User_list Cmnd_Spec_List (':' User_Spec)* +\& Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd +.Ve +.Vb 1 +\& Runas_Spec ::= '(' Runas_List ')' .Ve A \fBuser specification\fR determines which commands a user may run (and as what user) on specified hosts. By default, commands are @@ -523,6 +574,15 @@ run \fI/bin/kill\fR without a password the entry would be: .Vb 1 \& ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm .Ve +Note however, that the \f(CWPASSWD\fR tag has no effect on users who are +in the group specified by the exempt_group option. +.PP +By default, if the \f(CWNOPASSWD\fR tag is applied to any of the entries +for a user on the current host, he or she will be able to run +\f(CWsudo -l\fR without a password. Additionally, a user may only run +\f(CWsudo -v\fR without a password if the \f(CWNOPASSWD\fR tag is present +for all a user's entries that pertain to the current host. +This behavior may be overridden via the verifypw and listpw options. .Sh "Wildcards (aka meta characters):" \fBsudo\fR allows shell-style \fIwildcards\fR to be used in pathnames as well as command line arguments in the \fIsudoers\fR file. Wildcard @@ -891,6 +951,10 @@ will not run with a syntactically incorrect \fIsudoers\fR file. .IX Item "secure_path" +.IX Item "verifypw" + +.IX Item "listpw" + .IX Subsection "User Specification" .IX Subsection "Runas_Spec" @@ -911,7 +975,7 @@ will not run with a syntactically incorrect \fIsudoers\fR file. .IX Subsection "Exceptions to wildcard rules:" -.IX Item \f(CW""\fR +.IX Item "\f(CW""\fR" .IX Subsection "Other special characters and reserved words:" diff --git a/sudoers.pod b/sudoers.pod index 2a1effc98..4a48ef070 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -90,9 +90,9 @@ There are four kinds of aliases: the C, C, C and C. Alias ::= 'User_Alias' = User_Alias (':' User_Alias)* | - 'Runas_Alias' (':' Runas_Alias)* | - 'Host_Alias' (':' Host_Alias)* | - 'Cmnd_Alias' (':' Cmnd_Alias)* + 'Runas_Alias' = Runas_Alias (':' Runas_Alias)* | + 'Host_Alias' = Host_Alias (':' Host_Alias)* | + 'Cmnd_Alias' = Cmnd_Alias (':' Cmnd_Alias)* User_Alias ::= NAME '=' User_List @@ -385,6 +385,50 @@ Users in this group are exempt from password and PATH requirements Value to override user's $PATH with +=item verifypw + +This option controls when a password will be required when a +user runs sudo with the B<-v>. It has the following possible values: + + all All the user's sudoers entries for the + current host must have the C + flag set to avoid entering a password. + + any At least one of the user's sudoers entries + for the current host must have the + C flag set to avoid entering a + password. + + never The user need never enter a password to use + the B<-v> flag. + + always The user must always enter a password to use + the B<-v> flag. + +The default value is `all'. + +=item listpw + +This option controls when a password will be required when a +user runs sudo with the B<-l>. It has the following possible values: + + all All the user's sudoers entries for the + current host must have the C + flag set to avoid entering a password. + + any At least one of the user's sudoers entries + for the current host must have the + C flag set to avoid entering a + password. + + never The user need never enter a password to use + the B<-l> flag. + + always The user must always enter a password to use + the B<-l> flag. + +The default value is `any'. + =back 12 When logging via syslog(3), sudo accepts the following values for the syslog @@ -396,14 +440,15 @@ B, B, B, and B. =head2 User Specification - Runas_Spec ::= '(' Runas_List ')' - - Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd + User_Spec ::= User_list Host_List '=' User_List Cmnd_Spec_List \ + (':' User_Spec)* Cmnd_Spec_List ::= Cmnd_Spec | Cmnd_Spec ',' Cmnd_Spec_List - User_Spec ::= User_list Cmnd_Spec_List (':' User_Spec)* + Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd + + Runas_Spec ::= '(' Runas_List ')' A B determines which commands a user may run (and as what user) on specified hosts. By default, commands are @@ -452,6 +497,16 @@ run F without a password the entry would be: ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm +Note however, that the C tag has no effect on users who are +in the group specified by the exempt_group option. + +By default, if the C tag is applied to any of the entries +for a user on the current host, he or she will be able to run +C without a password. Additionally, a user may only run +C without a password if the C tag is present +for all a user's entries that pertain to the current host. +This behavior may be overridden via the verifypw and listpw options. + =head2 Wildcards (aka meta characters): B allows shell-style I to be used in pathnames