From: Todd C. Miller Date: Fri, 14 Mar 2003 01:24:37 +0000 (+0000) Subject: regen X-Git-Tag: SUDO_1_6_7~50 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=af7c4632f112eeb1899f43b241178ad78c267289;p=sudo regen --- diff --git a/sudo.cat b/sudo.cat index 062410dfe..2bdf62dc5 100644 --- a/sudo.cat +++ b/sudo.cat @@ -1,284 +1,297 @@ -sudo(1m) MAINTENANCE COMMANDS sudo(1m) +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -NNNNAAAAMMMMEEEE +NNAAMMEE sudo - execute a command as another user -SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS - ssssuuuuddddoooo ----VVVV | ----hhhh | ----llll | ----LLLL | ----vvvv | ----kkkk | ----KKKK | ----ssss | [ ----HHHH ] [----PPPP ] - [----SSSS ] [ ----bbbb ] | [ ----pppp _p_r_o_m_p_t ] [ ----cccc _c_l_a_s_s|_- ] [ ----aaaa _a_u_t_h___t_y_p_e - ] [ ----uuuu _u_s_e_r_n_a_m_e|_#_u_i_d ] _c_o_m_m_a_n_d +SSYYNNOOPPSSIISS + ssuuddoo --VV | --hh | --ll | --LL | --vv | --kk | --KK | --ss | [ --HH ] [--PP ] + [--SS ] [ --bb ] | [ --pp _p_r_o_m_p_t ] [ --cc _c_l_a_s_s|_- ] [ --aa _a_u_t_h___t_y_p_e + ] [ --uu _u_s_e_r_n_a_m_e|_#_u_i_d ] _c_o_m_m_a_n_d -DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN - ssssuuuuddddoooo allows a permitted user to execute a _c_o_m_m_a_n_d as the +DDEESSCCRRIIPPTTIIOONN + ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or another user, as specified in the _s_u_d_o_e_r_s file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file (the group vector is also initialized when the target user - is not root). By default, ssssuuuuddddoooo requires that users + is not root). By default, ssuuddoo requires that users authenticate themselves with a password (NOTE: by default this is the user's password, not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5 minutes unless overridden in _s_u_d_o_e_r_s). - ssssuuuuddddoooo determines who is an authorized user by consulting - the file _/_e_t_c_/_s_u_d_o_e_r_s. By giving ssssuuuuddddoooo the ----vvvv flag a user + ssuuddoo determines who is an authorized user by consulting + the file _/_e_t_c_/_s_u_d_o_e_r_s. By giving ssuuddoo the --vv flag a user can update the time stamp without running a _c_o_m_m_a_n_d_. The password prompt itself will also time out if the user's password is not entered within 5 minutes (unless overrid­ den via _s_u_d_o_e_r_s). If a user who is not listed in the _s_u_d_o_e_r_s file tries to - run a command via ssssuuuuddddoooo, mail is sent to the proper author­ + run a command via ssuuddoo, mail is sent to the proper author­ ities, as defined at configure time or the _s_u_d_o_e_r_s file (defaults to root). Note that the mail will not be sent - if an unauthorized user tries to run sudo with the ----llll or - ----vvvv flags. This allows users to determine for themselves - whether or not they are allowed to use ssssuuuuddddoooo. + if an unauthorized user tries to run sudo with the --ll or + --vv flags. This allows users to determine for themselves + whether or not they are allowed to use ssuuddoo. - ssssuuuuddddoooo can log both successful and unsuccessful attempts (as + ssuuddoo can log both successful and unsuccessful attempts (as well as errors) to _s_y_s_l_o_g(3), a log file, or both. By - default ssssuuuuddddoooo will log via _s_y_s_l_o_g(3) but this is changeable + default ssuuddoo will log via _s_y_s_l_o_g(3) but this is changeable at configure time or via the _s_u_d_o_e_r_s file. -OOOOPPPPTTTTIIIIOOOONNNNSSSS - ssssuuuuddddoooo accepts the following command line options: +OOPPTTIIOONNSS + ssuuddoo accepts the following command line options: - -V The ----VVVV (_v_e_r_s_i_o_n) option causes ssssuuuuddddoooo to print the ver­ + -V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the ver­ sion number and exit. If the invoking user is already - root the ----VVVV option will print out a list of the - defaults ssssuuuuddddoooo was compiled with as well as the + root the --VV option will print out a list of the + defaults ssuuddoo was compiled with as well as the machine's local network addresses. - -l The ----llll (_l_i_s_t) option will list out the allowed (and + -l The --ll (_l_i_s_t) option will list out the allowed (and forbidden) commands for the user on the current host. + -L The --LL (_l_i_s_t defaults) option will list out the +1.6.7 March 13, 2003 1 -April 25, 2002 1.6.6 1 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -sudo(1m) MAINTENANCE COMMANDS sudo(1m) + parameters that may be set in a _D_e_f_a_u_l_t_s line along + with a short description for each. This option is + useful in conjunction with _g_r_e_p(1). - -L The ----LLLL (_l_i_s_t defaults) option will list out the param­ - eters that may be set in a _D_e_f_a_u_l_t_s line along with a - short description for each. This option is useful in - conjunction with _g_r_e_p(1). - - -h The ----hhhh (_h_e_l_p) option causes ssssuuuuddddoooo to print a usage mes­ + -h The --hh (_h_e_l_p) option causes ssuuddoo to print a usage mes­ sage and exit. - -v If given the ----vvvv (_v_a_l_i_d_a_t_e) option, ssssuuuuddddoooo will update + -v If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the user's timestamp, prompting for the user's pass­ - word if necessary. This extends the ssssuuuuddddoooo timeout for + word if necessary. This extends the ssuuddoo timeout for another 5 minutes (or whatever the timeout is set to in _s_u_d_o_e_r_s) but does not run a command. - -k The ----kkkk (_k_i_l_l) option to ssssuuuuddddoooo invalidates the user's + -k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's timestamp by setting the time on it to the epoch. The - next time ssssuuuuddddoooo is run a password will be required. + next time ssuuddoo is run a password will be required. This option does not require a password and was added - to allow a user to revoke ssssuuuuddddoooo permissions from a + to allow a user to revoke ssuuddoo permissions from a .logout file. - -K The ----KKKK (sure _k_i_l_l) option to ssssuuuuddddoooo removes the user's + -K The --KK (sure _k_i_l_l) option to ssuuddoo removes the user's timestamp entirely. Likewise, this option does not require a password. - -b The ----bbbb (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the given + -b The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given command in the background. Note that if you use the - ----bbbb option you cannot use shell job control to manipu­ + --bb option you cannot use shell job control to manipu­ late the process. - -p The ----pppp (_p_r_o_m_p_t) option allows you to override the - default password prompt and use a custom one. If the - password prompt contains the %u escape, %u will be - replaced with the user's login name. Similarly, %h - will be replaced with the local hostname. + -p The --pp (_p_r_o_m_p_t) option allows you to override the + default password prompt and use a custom one. The + following percent (`%') escapes are supported: + + %u expanded to the invoking user's login name + + %U expanded to the login name of the user the + command will be run as (defaults to root) + + %h expanded to the local hostname without the + domain name + + %H expanded to the local hostname including the + domain name (on if the machine's hostname is + fully qualified or the _f_q_d_n sudoers option is + set) - -c The ----cccc (_c_l_a_s_s) option causes ssssuuuuddddoooo to run the specified + %% two consecutive % characters are collaped into + a single % character + + -c The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified command with resources limited by the specified login class. The _c_l_a_s_s argument can be either a class name as defined in /etc/login.conf, or a single '-' charac­ - ter. Specifying a _c_l_a_s_s of - indicates that the com­ - mand should be run restricted by the default login - capabilities for the user the command is run as. If - the _c_l_a_s_s argument specifies an existing user class, - the command must be run as root, or the ssssuuuuddddoooo command - must be run from a shell that is already root. This - option is only available on systems with BSD login - classes where ssssuuuuddddoooo has been configured with the - --with-logincap option. + ter. Specifying a _c_l_a_s_s of - indicates that the - -a The ----aaaa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssssuuuuddddoooo to use - the specified authentication type when validating the - user, as allowed by /etc/login.conf. The system - administrator may specify a list of sudo-specific +1.6.7 March 13, 2003 2 -April 25, 2002 1.6.6 2 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -sudo(1m) MAINTENANCE COMMANDS sudo(1m) + command should be run restricted by the default login + capabilities for the user the command is run as. If + the _c_l_a_s_s argument specifies an existing user class, + the command must be run as root, or the ssuuddoo command + must be run from a shell that is already root. This + option is only available on systems with BSD login + classes where ssuuddoo has been configured with the + --with-logincap option. + -a The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use + the specified authentication type when validating the + user, as allowed by /etc/login.conf. The system + administrator may specify a list of sudo-specific authentication methods by adding an "auth-sudo" entry in /etc/login.conf. This option is only available on - systems that support BSD authentication where ssssuuuuddddoooo has + systems that support BSD authentication where ssuuddoo has been configured with the --with-bsdauth option. - -u The ----uuuu (_u_s_e_r) option causes ssssuuuuddddoooo to run the specified + -u The --uu (_u_s_e_r) option causes ssuuddoo to run the specified command as a user other than _r_o_o_t. To specify a _u_i_d instead of a _u_s_e_r_n_a_m_e, use _#_u_i_d. - -s The ----ssss (_s_h_e_l_l) option runs the shell specified by the + -s The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L environment variable if it is set or the shell as specified in _p_a_s_s_w_d(4). - -H The ----HHHH (_H_O_M_E) option sets the HOME environment vari­ + -H The --HH (_H_O_M_E) option sets the HOME environment vari­ able to the homedir of the target user (root by - default) as specified in _p_a_s_s_w_d(4). By default, ssssuuuuddddoooo + default) as specified in _p_a_s_s_w_d(4). By default, ssuuddoo does not modify HOME. - -P The ----PPPP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssssuuuuddddoooo to + -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to preserve the user's group vector unaltered. By - default, ssssuuuuddddoooo will initialize the group vector to the + default, ssuuddoo will initialize the group vector to the list of groups the target user is in. The real and effective group IDs, however, are still set to match the target user. - -S The ----SSSS (_s_t_d_i_n) option causes ssssuuuuddddoooo to read the password + -S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from standard input instead of the terminal device. - -- The -------- flag indicates that ssssuuuuddddoooo should stop processing + -- The ---- flag indicates that ssuuddoo should stop processing command line arguments. It is most useful in conjunc­ - tion with the ----ssss flag. + tion with the --ss flag. -RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEESSSS +RREETTUURRNN VVAALLUUEESS Upon successful execution of a program, the return value - from ssssuuuuddddoooo will simply be the return value of the program + from ssuuddoo will simply be the return value of the program that was executed. - Otherwise, ssssuuuuddddoooo quits with an exit value of 1 if there is - a configuration/permission problem or if ssssuuuuddddoooo cannot exe­ + Otherwise, ssuuddoo quits with an exit value of 1 if there is + a configuration/permission problem or if ssuuddoo cannot exe­ cute the given command. In the latter case the error - string is printed to stderr. If ssssuuuuddddoooo cannot _s_t_a_t(2) one - or more entries in the user's PATH an error is printed on - stderr. (If the directory does not exist or if it is not - really a directory, the entry is ignored and no error is - printed.) This should not happen under normal circum­ - stances. The most common reason for _s_t_a_t(2) to return - "permission denied" is if you are running an automounter - and one of the directories in your PATH is on a machine - that is currently unreachable. + string is printed to stderr. If ssuuddoo cannot _s_t_a_t(2) one -SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTEEEESSSS - ssssuuuuddddoooo tries to be safe when executing external commands. - Variables that control how dynamic loading and binding is - done can be used to subvert the program that ssssuuuuddddoooo runs. +1.6.7 March 13, 2003 3 -April 25, 2002 1.6.6 3 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -sudo(1m) MAINTENANCE COMMANDS sudo(1m) + or more entries in the user's PATH an error is printed on + stderr. (If the directory does not exist or if it is not + really a directory, the entry is ignored and no error is + printed.) This should not happen under normal circum­ + stances. The most common reason for _s_t_a_t(2) to return + "permission denied" is if you are running an automounter + and one of the directories in your PATH is on a machine + that is currently unreachable. +SSEECCUURRIITTYY NNOOTTEESS + ssuuddoo tries to be safe when executing external commands. + Variables that control how dynamic loading and binding is + done can be used to subvert the program that ssuuddoo runs. To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables are removed from the environment passed on to all commands executed. - ssssuuuuddddoooo will also remove the IFS, ENV, BASH_ENV, KRB_CONF, + ssuuddoo will also remove the IFS, ENV, BASH_ENV, KRB_CONF, KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO, TERMINFO_DIRS and TERMPATH variables as they too can pose a threat. If the TERMCAP variable is set and is a path­ name, it too is ignored. Additionally, if the LC_* or LANGUAGE variables contain the / or % characters, they are - ignored. If ssssuuuuddddoooo has been compiled with SecurID support, + ignored. If ssuuddoo has been compiled with SecurID support, the VAR_ACE, USR_ACE and DLC_ACE variables are cleared as - well. The list of environment variables that ssssuuuuddddoooo clears + well. The list of environment variables that ssuuddoo clears is contained in the output of sudo -V when run as root. - To prevent command spoofing, ssssuuuuddddoooo checks "." and "" (both + To prevent command spoofing, ssuuddoo checks "." and "" (both denoting current directory) last when searching for a com­ mand in the user's PATH (if one or both are in the PATH). Note, however, that the actual PATH environment variable is _n_o_t modified and is passed unchanged to the program - that ssssuuuuddddoooo executes. + that ssuuddoo executes. For security reasons, if your OS supports shared libraries and does not disable user-defined library search paths for setuid programs (most do), you should either use a linker - option that disables this behavior or link ssssuuuuddddoooo stati­ + option that disables this behavior or link ssuuddoo stati­ cally. - ssssuuuuddddoooo will check the ownership of its timestamp directory + ssuuddoo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's con­ tents if it is not owned by root and only writable by root. On systems that allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp directory is located in a directory writable by anyone (e.g.: _/_t_m_p), it is pos­ sible for a user to create the timestamp directory before - ssssuuuuddddoooo is run. However, because ssssuuuuddddoooo checks the ownership + ssuuddoo is run. However, because ssuuddoo checks the ownership and mode of the directory and its contents, the only dam­ age that can be done is to "hide" files by putting them in the timestamp dir. This is unlikely to happen since once the timestamp dir is owned by root and inaccessible by any other user the user placing files there would be unable to - get them back out. To get around this issue you can use a - directory that is not world-writable for the timestamps - (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) or create _/_v_a_r_/_r_u_n_/_s_u_d_o with - the appropriate owner (root) and permissions (0700) in the - system startup files. - ssssuuuuddddoooo will not honor timestamps set far in the future. - Timestamps with a date greater than current_time + 2 * - TIMEOUT will be ignored and sudo will log and complain. - This is done to keep a user from creating his/her own - timestamp with a bogus date on systems that allow users to - give away files. +1.6.7 March 13, 2003 4 -April 25, 2002 1.6.6 4 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -sudo(1m) MAINTENANCE COMMANDS sudo(1m) + get them back out. To get around this issue you can use a + directory that is not world-writable for the timestamps + (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) or create _/_v_a_r_/_r_u_n_/_s_u_d_o with + the appropriate owner (root) and permissions (0700) in the + system startup files. + ssuuddoo will not honor timestamps set far in the future. + Timestamps with a date greater than current_time + 2 * + TIMEOUT will be ignored and sudo will log and complain. + This is done to keep a user from creating his/her own + timestamp with a bogus date on systems that allow users to + give away files. - Please note that ssssuuuuddddoooo will only log the command it explic­ + Please note that ssuuddoo will only log the command it explic­ itly runs. If a user runs a command such as sudo su or sudo sh, subsequent commands run from that shell will _n_o_t - be logged, nor will ssssuuuuddddoooo's access control affect them. + be logged, nor will ssuuddoo's access control affect them. The same is true for commands that offer shell escapes (including most editors). Because of this, care must be - taken when giving users access to commands via ssssuuuuddddoooo to - verify that the command does not inadvertantly give the + taken when giving users access to commands via ssuuddoo to + verify that the command does not inadvertently give the user an effective root shell. -EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS +EEXXAAMMPPLLEESS Note: the following examples assume suitable _s_u_d_o_e_r_s(4) entries. @@ -306,32 +319,19 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" - -EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT - ssssuuuuddddoooo utilizes the following environment variables: - - - - - - - +EENNVVIIRROONNMMEENNTT + ssuuddoo utilizes the following environment variables: +1.6.7 March 13, 2003 5 -April 25, 2002 1.6.6 5 - - - - - -sudo(1m) MAINTENANCE COMMANDS sudo(1m) +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) PATH Set to a sane value if SECURE_PATH is set @@ -348,35 +348,33 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m) SUDO_GID Set to the gid of the user who invoked sudo SUDO_PS1 If set, PS1 will be set to its value - -FFFFIIIILLLLEEEESSSS +FFIILLEESS /etc/sudoers List of who can run what /var/run/sudo Directory containing timestamps - -AAAAUUUUTTTTHHHHOOOORRRRSSSS - Many people have worked on ssssuuuuddddoooo over the years; this ver­ +AAUUTTHHOORRSS + Many people have worked on ssuuddoo over the years; this ver­ sion consists of code written primarily by: Todd Miller Chris Jepeway - See the HISTORY file in the ssssuuuuddddoooo distribution or visit + See the HISTORY file in the ssuuddoo distribution or visit http://www.sudo.ws/sudo/history.html for a short history - of ssssuuuuddddoooo. + of ssuuddoo. -BBBBUUUUGGGGSSSS +BBUUGGSS If you feel you have found a bug in sudo, please submit a bug report at http://www.sudo.ws/sudo/bugs/ -DDDDIIIISSSSCCCCLLLLAAAAIIIIMMMMEEEERRRR - SSSSuuuuddddoooo is provided ``AS IS'' and any express or implied war­ +DDIISSCCLLAAIIMMEERR + SSuuddoo is provided ``AS IS'' and any express or implied war­ ranties, including, but not limited to, the implied war­ ranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed - with ssssuuuuddddoooo for complete details. + with ssuuddoo for complete details. -CCCCAAAAVVVVEEEEAAAATTTTSSSS +CCAAVVEEAATTSS There is no easy way to prevent a user from gaining a root shell if that user has access to commands allowing shell escapes. @@ -386,26 +384,28 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS shell regardless of any '!' elements in the user specifi­ cation. - Running shell scripts via ssssuuuuddddoooo can expose the same kernel - bugs that make setuid shell scripts unsafe on some + Running shell scripts via ssuuddoo can expose the same kernel + bugs that make setuid shell scripts unsafe on some operat­ + ing systems (if your OS supports the /dev/fd/ directory, + setuid shell scripts are generally safe). + + +1.6.7 March 13, 2003 6 -April 25, 2002 1.6.6 6 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -sudo(1m) MAINTENANCE COMMANDS sudo(1m) +SSEEEE AALLSSOO + _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _s_u_d_o_e_r_s(4), + _p_a_s_s_w_d(5), _v_i_s_u_d_o(1m) - operating systems (if your OS supports the /dev/fd/ direc­ - tory, setuid shell scripts are generally safe). -SSSSEEEEEEEE AAAALLLLSSSSOOOO - _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _s_u_d_o_e_r_s(4), _p_a_s_s_w_d(5), _v_i_s_u_d_o(1m), - _g_r_e_p(1), _s_u(1). @@ -457,6 +457,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -April 25, 2002 1.6.6 7 +1.6.7 March 13, 2003 7 diff --git a/sudoers.cat b/sudoers.cat index a78c0302b..62c3c9b66 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -1,13 +1,13 @@ -sudoers(4) MAINTENANCE COMMANDS sudoers(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -NNNNAAAAMMMMEEEE +NNAAMMEE sudoers - list of which users may execute what -DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN +DDEESSCCRRIIPPTTIIOONN The _s_u_d_o_e_r_s file is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what). The grammar of _s_u_d_o_e_r_s @@ -15,7 +15,7 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN (EBNF). Don't despair if you don't know what EBNF is; it is fairly simple, and the definitions below are annotated. - QQQQuuuuiiiicccckkkk gggguuuuiiiiddddeeee ttttoooo EEEEBBBBNNNNFFFF + QQuuiicckk gguuiiddee ttoo EEBBNNFF EBNF is a concise and exact way of describing the grammar of a language. Each EBNF definition is made up of _p_r_o_d_u_c_­ @@ -44,7 +44,7 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN is a verbatim character string (as opposed to a symbol name). - AAAAlllliiiiaaaasssseeeessss + AAlliiaasseess There are four kinds of aliases: User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias. @@ -61,13 +61,13 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN -April 25, 2002 1.6.6 1 +1.6.7 March 13, 2003 1 -sudoers(4) MAINTENANCE COMMANDS sudoers(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Host_Alias ::= NAME '=' Host_List @@ -82,10 +82,10 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) where _A_l_i_a_s___T_y_p_e is one of User_Alias, Runas_Alias, Host_Alias, or Cmnd_Alias. A NAME is a string of upper­ - case letters, numbers, and the underscore characters - ('_'). A NAME mmmmuuuusssstttt start with an uppercase letter. It is - possible to put several alias definitions of the same type - on a single line, joined by a colon (':'). E.g., + case letters, numbers, and underscore characters ('_'). A + NAME mmuusstt start with an uppercase letter. It is possible + to put several alias definitions of the same type on a + single line, joined by a colon (':'). E.g., Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 @@ -127,13 +127,13 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 25, 2002 1.6.6 2 +1.6.7 March 13, 2003 2 -sudoers(4) MAINTENANCE COMMANDS sudoers(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Host ::= '!'* hostname | @@ -147,7 +147,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) and other aliases. Again, the value of an item may be negated with the '!' operator. If you do not specify a netmask with a network number, the netmask of the host's - ethernet _i_n_t_e_r_f_a_c_e(s) will be used when matching. The + ethernet interface(s) will be used when matching. The netmask may be specified either in dotted quad notation (e.g. 255.255.255.0) or CIDR notation (number of bits, e.g. 24). A hostname may include shell-style wildcards @@ -174,7 +174,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) the user to run the command with any arguments he/she wishes. However, you may also specify command line argu­ ments (including wildcards). Alternately, you can specify - "" to indicate that the command may only be run wwwwiiiitttthhhhoooouuuutttt + "" to indicate that the command may only be run wwiitthhoouutt command line arguments. A directory is a fully qualified pathname ending in a '/'. When you specify a directory in a Cmnd_List, the user will be able to run any file within @@ -193,28 +193,29 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 25, 2002 1.6.6 3 +1.6.7 March 13, 2003 3 -sudoers(4) MAINTENANCE COMMANDS sudoers(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - DDDDeeeeffffaaaauuuullllttttssss + DDeeffaauullttss Certain configuration options may be changed from their default values at runtime via one or more Default_Entry lines. These may affect all users on any host, all users - on a specific host, or just a specific user. When multi­ - ple entries match, they are applied in order. Where there - are conflicting values, the last value on a matching line - takes effect. + on a specific host, a specific user, or commands being run + as a specific user. When multiple entries match, they are + applied in order. Where there are conflicting values, the + last value on a matching line takes effect. Default_Type ::= 'Defaults' || + 'Defaults' '@' Host || 'Defaults' ':' User || - 'Defaults' '@' Host + 'Defaults' '>' RunasUser Default_Entry ::= Default_Type Parameter_List @@ -223,8 +224,8 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) Parameter '-=' Value || '!'* Parameter || - Parameters may be ffffllllaaaaggggssss, iiiinnnntttteeeeggggeeeerrrr values, ssssttttrrrriiiinnnnggggssss, or - lllliiiissssttttssss. Flags are implicitly boolean and can be turned off + Parameters may be ffllaaggss, iinntteeggeerr values, ssttrriinnggss, or + lliissttss. Flags are implicitly boolean and can be turned off via the '!' operator. Some integer, string and list parameters may also be used in a boolean context to dis­ able them. Values may be enclosed in double quotes (") @@ -240,17 +241,17 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) best place to put the Defaults section is after the Host, User, and Cmnd aliases but before the user specifications. - FFFFllllaaaaggggssss: + FFllaaggss: long_otp_prompt When validating with a One Time Password - scheme (SSSS////KKKKeeeeyyyy or OOOOPPPPIIIIEEEE), a two-line prompt is + scheme (SS//KKeeyy or OOPPIIEE), a two-line prompt is used to make it easier to cut and paste the challenge to a local window. It's not as pretty as the default but some people find it more convenient. This flag is _o_f_f by default. - ignore_dot If set, ssssuuuuddddoooo will ignore '.' or '' (current + ignore_dot If set, ssuuddoo will ignore '.' or '' (current dir) in the PATH environment variable; the PATH itself is not modified. This flag is _o_f_f by default. @@ -258,18 +259,17 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) +1.6.7 March 13, 2003 4 -April 25, 2002 1.6.6 4 - -sudoers(4) MAINTENANCE COMMANDS sudoers(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) mail_always Send mail to the _m_a_i_l_t_o user every time a - users runs ssssuuuuddddoooo. This flag is _o_f_f by default. + users runs ssuuddoo. This flag is _o_f_f by default. mail_badpass Send mail to the _m_a_i_l_t_o user if the user run­ @@ -290,21 +290,21 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) mail_no_perms If set, mail will be sent to the _m_a_i_l_t_o user - if the invoking user allowed to use ssssuuuuddddoooo but - the command they are trying is not listed in - their _s_u_d_o_e_r_s file entry. This flag is _o_f_f by - default. + if the invoking user is allowed to use ssuuddoo + but the command they are trying is not listed + in their _s_u_d_o_e_r_s file entry. This flag is _o_f_f + by default. tty_tickets If set, users must authenticate on a per-tty - basis. Normally, ssssuuuuddddoooo uses a directory in the + basis. Normally, ssuuddoo uses a directory in the ticket dir with the same name as the user run­ - ning it. With this flag enabled, ssssuuuuddddoooo will + ning it. With this flag enabled, ssuuddoo will use a file named for the tty the user is logged in on in that directory. This flag is _o_f_f by default. lecture If set, a user will receive a short lecture - the first time he/she runs ssssuuuuddddoooo. This flag is + the first time he/she runs ssuuddoo. This flag is _o_n by default. authenticate @@ -314,69 +314,69 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) may be overridden via the PASSWD and NOPASSWD tags. This flag is _o_n by default. - root_sudo If set, root is allowed to run ssssuuuuddddoooo too. Dis­ + root_sudo If set, root is allowed to run ssuuddoo too. Dis­ abling this prevents users from "chaining" - ssssuuuuddddoooo commands to get a root shell by doing + ssuuddoo commands to get a root shell by doing something like "sudo sudo /bin/sh". This flag is _o_n by default. log_host If set, the hostname will be logged in the - (non-syslog) ssssuuuuddddoooo log file. This flag is _o_f_f + (non-syslog) ssuuddoo log file. This flag is _o_f_f -April 25, 2002 1.6.6 5 +1.6.7 March 13, 2003 5 -sudoers(4) MAINTENANCE COMMANDS sudoers(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) by default. log_year If set, the four-digit year will be logged in - the (non-syslog) ssssuuuuddddoooo log file. This flag is + the (non-syslog) ssuuddoo log file. This flag is _o_f_f by default. shell_noargs - If set and ssssuuuuddddoooo is invoked with no arguments - it acts as if the ----ssss flag had been given. + If set and ssuuddoo is invoked with no arguments + it acts as if the --ss flag had been given. That is, it runs a shell as root (the shell is determined by the SHELL environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is _o_f_f by default. - set_home If set and ssssuuuuddddoooo is invoked with the ----ssss flag + set_home If set and ssuuddoo is invoked with the --ss flag the HOME environment variable will be set to the home directory of the target user (which - is root unless the ----uuuu option is used). This - effectively makes the ----ssss flag imply ----HHHH. This + is root unless the --uu option is used). This + effectively makes the --ss flag imply --HH. This flag is _o_f_f by default. always_set_home - If set, ssssuuuuddddoooo will set the HOME environment + If set, ssuuddoo will set the HOME environment variable to the home directory of the target - user (which is root unless the ----uuuu option is - used). This effectively means that the ----HHHH + user (which is root unless the --uu option is + used). This effectively means that the --HH flag is always implied. This flag is _o_f_f by default. - path_info Normally, ssssuuuuddddoooo will tell the user when a com­ + path_info Normally, ssuuddoo will tell the user when a com­ mand could not be found in their PATH environ­ ment variable. Some sites may wish to disable this as it could be used to gather information on the location of executables that the normal user does not have access to. The disadvan­ tage is that if the executable is simply not - in the user's PATH, ssssuuuuddddoooo will tell the user + in the user's PATH, ssuuddoo will tell the user that they are not allowed to run it, which can be confusing. This flag is _o_f_f by default. preserve_groups - By default ssssuuuuddddoooo will initialize the group vec­ + By default ssuuddoo will initialize the group vec­ tor to the list of groups the target user is in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's existing group vector is left unaltered. The @@ -385,24 +385,24 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) is _o_f_f by default. fqdn Set this flag if you want to put fully quali­ - fied hostnames in the _s_u_d_o_e_r_s file. I.e.: + fied hostnames in the _s_u_d_o_e_r_s file. I.e., instead of myhost you would use myhost.mydo­ main.edu. You may still use the short form if -April 25, 2002 1.6.6 6 +1.6.7 March 13, 2003 6 -sudoers(4) MAINTENANCE COMMANDS sudoers(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) you wish (and even mix the two). Beware that - turning on _f_q_d_n requires ssssuuuuddddoooo to make DNS - lookups which may make ssssuuuuddddoooo unusable if DNS + turning on _f_q_d_n requires ssuuddoo to make DNS + lookups which may make ssuuddoo unusable if DNS stops working (for example if the machine is not plugged into the network). Also note that you must use the host's official name as DNS @@ -414,61 +414,61 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) already fully qualified you shouldn't need to set _f_q_d_n. This flag is _o_f_f by default. - insults If set, ssssuuuuddddoooo will insult users when they enter + insults If set, ssuuddoo will insult users when they enter an incorrect password. This flag is _o_f_f by default. - requiretty If set, ssssuuuuddddoooo will only run when the user is + requiretty If set, ssuuddoo will only run when the user is logged in to a real tty. This will disallow things like "rsh somehost sudo ls" since _r_s_h(1) does not allocate a tty. Because it is - not possible to turn of echo when there is no + not possible to turn off echo when there is no tty present, some sites may with to set this flag to prevent a user from entering a visible password. This flag is _o_f_f by default. - env_editor If set, vvvviiiissssuuuuddddoooo will use the value of the EDI­ + env_editor If set, vviissuuddoo will use the value of the EDI­ TOR or VISUAL environment variables before falling back on the default editor list. Note that this may create a security hole as it allows the user to run any arbitrary command as root without logging. A safer alternative is to place a colon-separated list of editors - in the editor variable. vvvviiiissssuuuuddddoooo will then only + in the editor variable. vviissuuddoo will then only use the EDITOR or VISUAL if they match a value specified in editor. This flag is off by default. - rootpw If set, ssssuuuuddddoooo will prompt for the root password + rootpw If set, ssuuddoo will prompt for the root password instead of the password of the invoking user. This flag is _o_f_f by default. - runaspw If set, ssssuuuuddddoooo will prompt for the password of + runaspw If set, ssuuddoo will prompt for the password of the user defined by the _r_u_n_a_s___d_e_f_a_u_l_t option (defaults to root) instead of the password of the invoking user. This flag is _o_f_f by default. - targetpw If set, ssssuuuuddddoooo will prompt for the password of - the user specified by the ----uuuu flag (defaults to + targetpw If set, ssuuddoo will prompt for the password of + the user specified by the --uu flag (defaults to root) instead of the password of the invoking user. This flag is _o_f_f by default. -April 25, 2002 1.6.6 7 +1.6.7 March 13, 2003 7 -sudoers(4) MAINTENANCE COMMANDS sudoers(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - set_logname Normally, ssssuuuuddddoooo will set the LOGNAME and USER + set_logname Normally, ssuuddoo will set the LOGNAME and USER environment variables to the name of the tar­ - get user (usually root unless the ----uuuu flag is + get user (usually root unless the --uu flag is given). However, since some programs (includ­ ing the RCS revision control system) use LOG­ NAME to determine the real identity of the @@ -476,60 +476,60 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) behavior. This can be done by negating the set_logname option. - stay_setuid Normally, when ssssuuuuddddoooo executes a command the + stay_setuid Normally, when ssuuddoo executes a command the real and effective UIDs are set to the target user (root by default). This option changes that behavior such that the real UID is left as the invoking user's UID. In other words, - this makes ssssuuuuddddoooo act as a setuid wrapper. This + this makes ssuuddoo act as a setuid wrapper. This can be useful on systems that disable some potentially dangerous functionality when a program is run setuid. Note, however, that this means that sudo will run with the real uid of the invoking user which may allow that - user to kill ssssuuuuddddoooo before it can log a failure, + user to kill ssuuddoo before it can log a failure, depending on how your OS defines the interac­ tion between signals and setuid processes. - env_reset If set, ssssuuuuddddoooo will reset the environment to + env_reset If set, ssuuddoo will reset the environment to only contain the following variables: HOME, LOGNAME, PATH, SHELL, TERM, and USER (in addi­ tion to the SUDO_* variables). Of these, only TERM is copied unaltered from the old environ­ ment. The other variables are set to default values (possibly modified by the value of the - _s_e_t___l_o_g_n_a_m_e option). If ssssuuuuddddoooo was compiled + _s_e_t___l_o_g_n_a_m_e option). If ssuuddoo was compiled with the SECURE_PATH option, its value will be used for the PATH environment variable. Other variables may be preserved with the _e_n_v___k_e_e_p option. use_loginclass - If set, ssssuuuuddddoooo will apply the defaults specified + If set, ssuuddoo will apply the defaults specified for the target user's login class if one - exists. Only available if ssssuuuuddddoooo is configured + exists. Only available if ssuuddoo is configured with the --with-logincap option. This flag is _o_f_f by default. - IIIInnnntttteeeeggggeeeerrrrssss: + IInntteeggeerrss: passwd_tries The number of tries a user gets to enter - his/her password before ssssuuuuddddoooo logs the failure + his/her password before ssuuddoo logs the failure and exits. The default is 3. - IIIInnnntttteeeeggggeeeerrrrssss tttthhhhaaaatttt ccccaaaannnn bbbbeeee uuuusssseeeedddd iiiinnnn aaaa bbbboooooooolllleeeeaaaannnn ccccoooonnnntttteeeexxxxtttt: + IInntteeggeerrss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: -April 25, 2002 1.6.6 8 +1.6.7 March 13, 2003 8 -sudoers(4) MAINTENANCE COMMANDS sudoers(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) loglinelen Number of characters per line for the file @@ -540,7 +540,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) option to disable word wrap). timestamp_timeout - Number of minutes that can elapse before ssssuuuuddddoooo + Number of minutes that can elapse before ssuuddoo will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a pass­ word. If set to a value less than 0 the @@ -550,7 +550,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) respectively. passwd_timeout - Number of minutes before the ssssuuuuddddoooo password + Number of minutes before the ssuuddoo password prompt times out. The default is 5, set this to 0 for no password timeout. @@ -558,7 +558,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) this option or set it to 0777 to preserve the user's umask. The default is 0022. - SSSSttttrrrriiiinnnnggggssss: + SSttrriinnggss: mailsub Subject of the mail sent to the _m_a_i_l_t_o user. The escape %h will expand to the hostname of @@ -571,32 +571,54 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) again. unless insults are enabled. timestampdir - The directory in which ssssuuuuddddoooo stores its times­ + The directory in which ssuuddoo stores its times­ tamp files. The default is _/_v_a_r_/_r_u_n_/_s_u_d_o. + timestampowner + The owner of the timestamp directory and the + timestamps stored therein. The default is + root. + passprompt The default prompt to use when asking for a - password; can be overridden via the ----pppp option - or the SUDO_PROMPT environment variable. Sup­ - ports two escapes: "%u" expands to the user's - login name and "%h" expands to the local host­ - name. The default value is Password:. + password; can be overridden via the --pp option + or the SUDO_PROMPT environment variable. The + following percent (`%') escapes are supported: - runas_default - The default user to run commands as if the ----uuuu - flag is not specified on the command line. - This defaults to root. + %u expanded to the invoking user's login + name +1.6.7 March 13, 2003 9 -April 25, 2002 1.6.6 9 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -sudoers(4) MAINTENANCE COMMANDS sudoers(4) + %U expanded to the login name of the user + the command will be run as (defaults + to root) + + %h expanded to the local hostname without + the domain name + + %H expanded to the local hostname includ­ + ing the domain name (on if the + machine's hostname is fully qualified + or the _f_q_d_n option is set) + + %% two consecutive % characters are col­ + laped into a single % character + + The default value is Password:. + + runas_default + The default user to run commands as if the --uu + flag is not specified on the command line. + This defaults to root. syslog_goodpri Syslog priority to use when user authenticates @@ -607,16 +629,16 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) unsuccessfully. Defaults to alert. editor A colon (':') separated list of editors - allowed to be used with vvvviiiissssuuuuddddoooo. vvvviiiissssuuuuddddoooo will + allowed to be used with vviissuuddoo. vviissuuddoo will choose the editor that matches the user's USER environment variable if possible, or the first editor in the list that exists and is exe­ cutable. The default is the path to vi on your system. - SSSSttttrrrriiiinnnnggggssss tttthhhhaaaatttt ccccaaaannnn bbbbeeee uuuusssseeeedddd iiiinnnn aaaa bbbboooooooolllleeeeaaaannnn ccccoooonnnntttteeeexxxxtttt: + SSttrriinnggss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: - logfile Path to the ssssuuuuddddoooo log file (not the syslog log + logfile Path to the ssuuddoo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. @@ -629,7 +651,18 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) at configure time. mailerflags Flags to use when invoking mailer. Defaults to - ----tttt. + --tt. + + + +1.6.7 March 13, 2003 10 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + mailto Address to send warning and error mail to. The address should be enclosed in double @@ -642,7 +675,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) default. verifypw This option controls when a password will be - required when a user runs ssssuuuuddddoooo with the ----vvvv + required when a user runs ssuuddoo with the --vv flag. It has the following possible values: all All the user's _s_u_d_o_e_r_s entries for the @@ -651,32 +684,20 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) any At least one of the user's _s_u_d_o_e_r_s entries for the current host must have - the NOPASSWD flag set to avoid - - - -April 25, 2002 1.6.6 10 - - - - - -sudoers(4) MAINTENANCE COMMANDS sudoers(4) - - - entering a password. + the NOPASSWD flag set to avoid enter­ + ing a password. never The user need never enter a password - to use the ----vvvv flag. + to use the --vv flag. always The user must always enter a password - to use the ----vvvv flag. + to use the --vv flag. The default value is `all'. listpw This option controls when a password will be - required when a user runs ssssuuuuddddoooo with the ----llll. - It has the following possible values: + required when a user runs ssuuddoo with the --ll + flag. It has the following possible values: all All the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD @@ -688,27 +709,40 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) ing a password. never The user need never enter a password - to use the ----llll flag. + to use the --ll flag. always The user must always enter a password - to use the ----llll flag. + to use the --ll flag. The default value is `any'. - LLLLiiiissssttttssss tttthhhhaaaatttt ccccaaaannnn bbbbeeee uuuusssseeeedddd iiiinnnn aaaa bbbboooooooolllleeeeaaaannnn ccccoooonnnntttteeeexxxxtttt: + LLiissttss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: + + + + +1.6.7 March 13, 2003 11 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + env_check Environment variables to be removed from the user's environment if the variable's value contains % or / characters. This can be used to guard against printf-style format vulnera­ - bilties in poorly-written programs. The argu­ - ment may be a double-quoted, space-separated - list or a single value without double-quotes. - The list can be replaced, added to, deleted - from, or disabled by using the =, +=, -=, and - ! operators respectively. The default list of - environment variable to check is printed when - ssssuuuuddddoooo is run by root with the _-_V option. + bilities in poorly-written programs. The + argument may be a double-quoted, space-sepa­ + rated list or a single value without dou­ + ble-quotes. The list can be replaced, added + to, deleted from, or disabled by using the =, + +=, -=, and ! operators respectively. The + default list of environment variables to check + is printed when ssuuddoo is run by root with the + _-_V option. env_delete Environment variables to be removed from the user's environment. The argument may be a @@ -717,25 +751,16 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) be replaced, added to, deleted from, or dis­ abled by using the =, +=, -=, and ! operators respectively. The default list of environment - variable to remove is printed when ssssuuuuddddoooo is run - - - -April 25, 2002 1.6.6 11 - - - - - -sudoers(4) MAINTENANCE COMMANDS sudoers(4) - - - by root with the _-_V option. + variables to remove is printed when ssuuddoo is + run by root with the _-_V option. Note that + many operating systems will remove potentially + dangerous variables from the environment of + any setuid process (such as ssuuddoo). env_keep Environment variables to be preserved in the user's environment when the _e_n_v___r_e_s_e_t option is in effect. This allows fine-grained con­ - trol over the environment ssssuuuuddddoooo-spawned pro­ + trol over the environment ssuuddoo-spawned pro­ cesses will receive. The argument may be a double-quoted, space-separated list or a sin­ gle value without double-quotes. The list can @@ -744,15 +769,15 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) respectively. This list has no default mem­ bers. - When logging via _s_y_s_l_o_g(3), ssssuuuuddddoooo accepts the following - values for the syslog facility (the value of the ssssyyyysssslllloooogggg - Parameter): aaaauuuutttthhhhpppprrrriiiivvvv (if your OS supports it), aaaauuuutttthhhh, ddddaaaaeeee­­­­ - mmmmoooonnnn, uuuusssseeeerrrr, llllooooccccaaaallll0000, llllooooccccaaaallll1111, llllooooccccaaaallll2222, llllooooccccaaaallll3333, llllooooccccaaaallll4444, llllooooccccaaaallll5555, - llllooooccccaaaallll6666, and llllooooccccaaaallll7777. The following syslog priorities are - supported: aaaalllleeeerrrrtttt, ccccrrrriiiitttt, ddddeeeebbbbuuuugggg, eeeemmmmeeeerrrrgggg, eeeerrrrrrrr, iiiinnnnffffoooo, nnnnoooottttiiiicccceeee, - and wwwwaaaarrrrnnnniiiinnnngggg. + When logging via _s_y_s_l_o_g(3), ssuuddoo accepts the following + values for the syslog facility (the value of the ssyysslloogg + Parameter): aauutthhpprriivv (if your OS supports it), aauutthh, ddaaee­­ + mmoonn, uusseerr, llooccaall00, llooccaall11, llooccaall22, llooccaall33, llooccaall44, llooccaall55, + llooccaall66, and llooccaall77. The following syslog priorities are + supported: aalleerrtt, ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee, + and wwaarrnniinngg. - UUUUsssseeeerrrr SSSSppppeeeecccciiiiffffiiiiccccaaaattttiiiioooonnnn + UUsseerr SSppeecciiffiiccaattiioonn User_Spec ::= User_list Host_List '=' Cmnd_Spec_List \ (':' User_Spec)* @@ -760,41 +785,41 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) Cmnd_Spec_List ::= Cmnd_Spec | Cmnd_Spec ',' Cmnd_Spec_List + + +1.6.7 March 13, 2003 12 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd Runas_Spec ::= '(' Runas_List ')' - A uuuusssseeeerrrr ssssppppeeeecccciiiiffffiiiiccccaaaattttiiiioooonnnn determines which commands a user may + A uusseerr ssppeecciiffiiccaattiioonn determines which commands a user may run (and as what user) on specified hosts. By default, - commands are run as rrrrooooooootttt, but this can be changed on a + commands are run as rroooott, but this can be changed on a per-command basis. Let's break that down into its constituent parts: - RRRRuuuunnnnaaaassss____SSSSppppeeeecccc + RRuunnaass__SSppeecc A Runas_Spec is simply a Runas_List (as defined above) enclosed in a set of parentheses. If you do not specify a Runas_Spec in the user specification, a default Runas_Spec - of rrrrooooooootttt will be used. A Runas_Spec sets the default for + of rroooott will be used. A Runas_Spec sets the default for commands that follow it. What this means is that for the entry: - dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who - - The user ddddggggbbbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m - -- but only as ooooppppeeeerrrraaaattttoooorrrr. E.g., - - - -April 25, 2002 1.6.6 12 - - - - - -sudoers(4) MAINTENANCE COMMANDS sudoers(4) + dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm + The user ddggbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m + -- but only as ooppeerraattoorr. E.g., sudo -u operator /bin/ls. @@ -803,12 +828,12 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm - Then user ddddggggbbbb is now allowed to run _/_b_i_n_/_l_s as ooooppppeeeerrrraaaattttoooorrrr, - but _/_b_i_n_/_k_i_l_l and _/_u_s_r_/_b_i_n_/_l_p_r_m as rrrrooooooootttt. + Then user ddggbb is now allowed to run _/_b_i_n_/_l_s as ooppeerraattoorr, + but _/_b_i_n_/_k_i_l_l and _/_u_s_r_/_b_i_n_/_l_p_r_m as rroooott. - NNNNOOOOPPPPAAAASSSSSSSSWWWWDDDD aaaannnndddd PPPPAAAASSSSSSSSWWWWDDDD + NNOOPPAASSSSWWDD aanndd PPAASSSSWWDD - By default, ssssuuuuddddoooo requires that a user authenticate him or + By default, ssuuddoo requires that a user authenticate him or herself before running a command. This behavior can be modified via the NOPASSWD tag. Like a Runas_Spec, the NOPASSWD tag sets a default for the commands that follow @@ -817,14 +842,26 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm - would allow the user rrrraaaayyyy to run _/_b_i_n_/_k_i_l_l, _/_b_i_n_/_l_s, and - _/_u_s_r_/_b_i_n_/_l_p_r_m as root on the machine rushmore as rrrrooooooootttt - without authenticating himself. If we only want rrrraaaayyyy to be + would allow the user rraayy to run _/_b_i_n_/_k_i_l_l, _/_b_i_n_/_l_s, and + _/_u_s_r_/_b_i_n_/_l_p_r_m as root on the machine rushmore as rroooott + without authenticating himself. If we only want rraayy to be able to run _/_b_i_n_/_k_i_l_l without a password the entry would be: ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm + + + +1.6.7 March 13, 2003 13 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + Note, however, that the PASSWD tag has no effect on users who are in the group specified by the exempt_group option. @@ -836,11 +873,11 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) tain to the current host. This behavior may be overridden via the verifypw and listpw options. - WWWWiiiillllddddccccaaaarrrrddddssss ((((aaaakkkkaaaa mmmmeeeettttaaaa cccchhhhaaaarrrraaaacccctttteeeerrrrssss)))):::: + WWiillddccaarrddss ((aakkaa mmeettaa cchhaarraacctteerrss)):: - ssssuuuuddddoooo allows shell-style _w_i_l_d_c_a_r_d_s to be used in pathnames + ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s to be used in pathnames as well as command line arguments in the _s_u_d_o_e_r_s file. - Wildcard matching is done via the PPPPOOOOSSSSIIIIXXXX fnmatch(3) rou­ + Wildcard matching is done via the PPOOSSIIXX fnmatch(3) rou­ tine. Note that these are _n_o_t regular expressions. * Matches any set of zero or more characters. @@ -849,43 +886,30 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) [...] Matches any character in the specified range. - - - - -April 25, 2002 1.6.6 13 - - - - - -sudoers(4) MAINTENANCE COMMANDS sudoers(4) - - - [!...] Matches any character nnnnooootttt in the specified range. + [!...] Matches any character nnoott in the specified range. \x For any character "x", evaluates to "x". This is used to escape special characters such as: "*", "?", "[", and "}". - Note that a forward slash ('/') will nnnnooootttt be matched by + Note that a forward slash ('/') will nnoott be matched by wildcards used in the pathname. When matching the command - line arguments, however, as slash ddddooooeeeessss get matched by - wildcards. This is to make a path like: + line arguments, however, a slash ddooeess get matched by wild­ + cards. This is to make a path like: /usr/bin/* match /usr/bin/who but not /usr/bin/X11/xterm. - EEEExxxxcccceeeeppppttttiiiioooonnnnssss ttttoooo wwwwiiiillllddddccccaaaarrrrdddd rrrruuuulllleeeessss:::: + EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess:: The following exceptions apply to the above rules: - """" If the empty string "" is the only command line + "" If the empty string "" is the only command line argument in the _s_u_d_o_e_r_s entry it means that com­ - mand is not allowed to be run with aaaannnnyyyy arguments. + mand is not allowed to be run with aannyy arguments. - OOOOtttthhhheeeerrrr ssssppppeeeecccciiiiaaaallll cccchhhhaaaarrrraaaacccctttteeeerrrrssss aaaannnndddd rrrreeeesssseeeerrrrvvvveeeedddd wwwwoooorrrrddddssss:::: + OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss:: The pound sign ('#') is used to indicate a comment (unless it occurs in the context of a user name and is followed by @@ -893,14 +917,25 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) Both the comment character and any text after it, up to the end of the line, are ignored. - The reserved word AAAALLLLLLLL is a built in _a_l_i_a_s that always + + +1.6.7 March 13, 2003 14 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + + The reserved word AALLLL is a built in _a_l_i_a_s that always causes a match to succeed. It can be used wherever one might otherwise use a Cmnd_Alias, User_Alias, Runas_Alias, or Host_Alias. You should not try to define your own - _a_l_i_a_s called AAAALLLLLLLL as the built in alias will be used in - preference to your own. Please note that using AAAALLLLLLLL can be + _a_l_i_a_s called AALLLL as the built in alias will be used in + preference to your own. Please note that using AALLLL can be dangerous since in a command context, it allows the user - to run aaaannnnyyyy command on the system. + to run aannyy command on the system. An exclamation point ('!') can be used as a logical _n_o_t operator both in an _a_l_i_a_s and in front of a Cmnd. This @@ -916,23 +951,11 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) syntactic characters in a _U_s_e_r _S_p_e_c_i_f_i_c_a_t_i_o_n ('=', ':', '(', ')') is optional. - - - -April 25, 2002 1.6.6 14 - - - - - -sudoers(4) MAINTENANCE COMMANDS sudoers(4) - - The following characters must be escaped with a backslash ('\') when used as part of a word (e.g. a username or hostname): '@', '!', '=', ':', ',', '(', ')', '\'. -EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS +EEXXAAMMPPLLEESS Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit contrived. First, we define our _a_l_i_a_s_e_s: @@ -955,6 +978,22 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS Host_Alias SERVERS = master, mail, www, ns Host_Alias CDROM = orion, perseus, hercules + + + + + + + +1.6.7 March 13, 2003 15 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + # Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\ /usr/sbin/restore, /usr/sbin/rrestore @@ -969,54 +1008,58 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS Cmnd_Alias SU = /usr/bin/su Here we override some of the compiled in default values. - We want ssssuuuuddddoooo to log via _s_y_s_l_o_g(3) using the _a_u_t_h facility + We want ssuuddoo to log via _s_y_s_l_o_g(3) using the _a_u_t_h facility in all cases. We don't want to subject the full time - staff to the ssssuuuuddddoooo lecture, and user mmmmiiiilllllllleeeerrrrtttt need not give - a password. In addition, on the machines in the _S_E_R_V_E_R_S - Host_Alias, we keep an additional local log file and make - sure we log the year in each log line since the log - entries will be kept around for several years. + staff to the ssuuddoo lecture, user mmiilllleerrtt need not give a + password, and we don't want to set the LOGNAME or USER + environment variables when running commands as root. + Additionally, on the machines in the _S_E_R_V_E_R_S Host_Alias, + we keep an additional local log file and make sure we log + the year in each log line since the log entries will be + kept around for several years. # Override built in defaults Defaults syslog=auth + Defaults>root !set_logname Defaults:FULLTIMERS !lecture Defaults:millert !authenticate Defaults@SERVERS log_year, logfile=/var/log/sudo.log - - -April 25, 2002 1.6.6 15 - - - - - -sudoers(4) MAINTENANCE COMMANDS sudoers(4) - - The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually deter­ mines who may run what. root ALL = (ALL) ALL %wheel ALL = (ALL) ALL - We let rrrrooooooootttt and any user in group wwwwhhhheeeeeeeellll run any command on + We let rroooott and any user in group wwhheeeell run any command on any host as any user. FULLTIMERS ALL = NOPASSWD: ALL - Full time sysadmins (mmmmiiiilllllllleeeerrrrtttt, mmmmiiiikkkkeeeeffff, and ddddoooowwwwddddyyyy) may run + Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on any host without authenticating themselves. PARTTIMERS ALL = ALL - Part time sysadmins (bbbboooossssttttlllleeeeyyyy, jjjjwwwwffffooooxxxx, and ccccrrrraaaawwwwllll) may run + Part time sysadmins (bboossttlleeyy, jjwwffooxx, and ccrraawwll) may run any command on any host but they must authenticate them­ selves first (since the entry lacks the NOPASSWD tag). jack CSNETS = ALL - The user jjjjaaaacccckkkk may run any command on the machines in the + The user jjaacckk may run any command on the machines in the + + + +1.6.7 March 13, 2003 16 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + _C_S_N_E_T_S alias (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of those networks, only 128.138.204.0 has an explicit netmask (in CIDR notation) indicating it @@ -1025,87 +1068,87 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) lisa CUNETS = ALL - The user lllliiiissssaaaa may run any command on any host in the + The user lliissaa may run any command on any host in the _C_U_N_E_T_S alias (the class B network 128.138.0.0). operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\ /usr/oper/bin/ - The ooooppppeeeerrrraaaattttoooorrrr user may run commands limited to simple main­ + The ooppeerraattoorr user may run commands limited to simple main­ tenance. Here, those are commands related to backups, killing processes, the printing system, shutting down the system, and any commands in the directory _/_u_s_r_/_o_p_e_r_/_b_i_n_/. joe ALL = /usr/bin/su operator - The user jjjjooooeeee may only _s_u(1) to operator. + The user jjooee may only _s_u(1) to operator. pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root - The user ppppeeeetttteeee is allowed to change anyone's password + The user ppeettee is allowed to change anyone's password except for root on the _H_P_P_A machines. Note that this assumes _p_a_s_s_w_d(1) does not take multiple usernames on the command line. bob SPARC = (OP) ALL : SGI = (OP) ALL + The user bboobb may run anything on the _S_P_A_R_C and _S_G_I + machines as any user listed in the _O_P Runas_Alias (rroooott + and ooppeerraattoorr). + jim +biglab = ALL -April 25, 2002 1.6.6 16 + The user jjiimm may run any command on machines in the _b_i_g_l_a_b + netgroup. SSuuddoo knows that "biglab" is a netgroup due to + the '+' prefix. + +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser + Users in the sseeccrreettaarriieess netgroup need to help manage the + printers as well as add and remove users, so they are + allowed to run those commands on all machines. + fred ALL = (DB) NOPASSWD: ALL + The user ffrreedd can run commands as any user in the _D_B + Runas_Alias (oorraaccllee or ssyybbaassee) without giving a password. -sudoers(4) MAINTENANCE COMMANDS sudoers(4) + john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* - The user bbbboooobbbb may run anything on the _S_P_A_R_C and _S_G_I - machines as any user listed in the _O_P Runas_Alias (rrrrooooooootttt - and ooooppppeeeerrrraaaattttoooorrrr). - jim +biglab = ALL +1.6.7 March 13, 2003 17 - The user jjjjiiiimmmm may run any command on machines in the _b_i_g_l_a_b - netgroup. SSSSuuuuddddoooo knows that "biglab" is a netgroup due to - the '+' prefix. - +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser - Users in the sssseeeeccccrrrreeeettttaaaarrrriiiieeeessss netgroup need to help manage the - printers as well as add and remove users, so they are - allowed to run those commands on all machines. - fred ALL = (DB) NOPASSWD: ALL - The user ffffrrrreeeedddd can run commands as any user in the _D_B - Runas_Alias (oooorrrraaaacccclllleeee or ssssyyyybbbbaaaasssseeee) without giving a password. +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* - On the _A_L_P_H_A machines, user jjjjoooohhhhnnnn may su to anyone except + On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is not allowed to give _s_u(1) any flags. jen ALL, !SERVERS = ALL - The user jjjjeeeennnn may run any command on any machine except for + The user jjeenn may run any command on any machine except for those in the _S_E_R_V_E_R_S Host_Alias (master, mail, www and ns). jill SERVERS = /usr/bin/, !SU, !SHELLS - For any machine in the _S_E_R_V_E_R_S Host_Alias, jjjjiiiillllllll may run + For any machine in the _S_E_R_V_E_R_S Host_Alias, jjiillll may run any commands in the directory /usr/bin/ except for those commands belonging to the _S_U and _S_H_E_L_L_S Cmnd_Aliases. steve CSNETS = (operator) /usr/local/op_commands/ - The user sssstttteeeevvvveeee may run any command in the directory + The user sstteevvee may run any command in the directory /usr/local/op_commands/ but only as user operator. matt valkyrie = KILL - On his personal workstation, valkyrie, mmmmaaaatttttttt needs to be + On his personal workstation, valkyrie, mmaatttt needs to be able to kill hung processes. WEBMASTERS www = (www) ALL, (root) /usr/bin/su www @@ -1114,18 +1157,6 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) (will, wendy, and wim), may run any command as user www (which owns the web pages) or simply _s_u(1) to www. - - - -April 25, 2002 1.6.6 17 - - - - - -sudoers(4) MAINTENANCE COMMANDS sudoers(4) - - ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM @@ -1135,7 +1166,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) type, so it is a prime candidate for encapsulating in a shell script. -SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTEEEESSSS +SSEECCUURRIITTYY NNOOTTEESS It is generally not effective to "subtract" commands from ALL using the '!' operator. A user can trivially circum­ vent this by copying the desired command to a different @@ -1143,18 +1174,29 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE bill ALL = ALL, !SU, !SHELLS - Doesn't really prevent bbbbiiiillllllll from running the commands + Doesn't really prevent bbiillll from running the commands listed in _S_U or _S_H_E_L_L_S since he can simply copy those com­ mands to a different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy). -CCCCAAAAVVVVEEEEAAAATTTTSSSS - The _s_u_d_o_e_r_s file should aaaallllwwwwaaaayyyyssss be edited by the vvvviiiissssuuuuddddoooo + + +1.6.7 March 13, 2003 18 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + +CCAAVVEEAATTSS + The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which locks the file and does grammatical check­ ing. It is imperative that _s_u_d_o_e_r_s be free of syntax - errors since ssssuuuuddddoooo will not run with a syntactically incor­ + errors since ssuuddoo will not run with a syntactically incor­ rect _s_u_d_o_e_r_s file. When using netgroups of machines (as opposed to users), if @@ -1163,14 +1205,38 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS hostname be fully qualified as returned by the hostname command or use the _f_q_d_n option in _s_u_d_o_e_r_s. -FFFFIIIILLLLEEEESSSS +FFIILLEESS /etc/sudoers List of who can run what /etc/group Local groups file /etc/netgroup List of network groups + +SSEEEE AALLSSOO + _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _s_u_d_o(1m), _v_i_s_u_d_o(8) + + + + + + + + + + + + + + + + + + + + + + + -SSSSEEEEEEEE AAAALLLLSSSSOOOO - _r_s_h(1), _s_u_d_o(1m), _v_i_s_u_d_o(8), _s_u(1), _f_n_m_a_t_c_h(3). @@ -1183,6 +1249,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -April 25, 2002 1.6.6 18 +1.6.7 March 13, 2003 19 diff --git a/visudo.cat b/visudo.cat index 4c821697c..f0b72a5ef 100644 --- a/visudo.cat +++ b/visudo.cat @@ -1,99 +1,99 @@ -visudo(1m) MAINTENANCE COMMANDS visudo(1m) +VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) -NNNNAAAAMMMMEEEE +NNAAMMEE visudo - edit the sudoers file -SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS - vvvviiiissssuuuuddddoooo [ ----cccc ] [ ----ffff _s_u_d_o_e_r_s ] [ ----qqqq ] [ ----ssss ] [ ----VVVV ] +SSYYNNOOPPSSIISS + vviissuuddoo [ --cc ] [ --ff _s_u_d_o_e_r_s ] [ --qq ] [ --ss ] [ --VV ] -DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN - vvvviiiissssuuuuddddoooo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous - to _v_i_p_w(1m). vvvviiiissssuuuuddddoooo locks the _s_u_d_o_e_r_s file against multi­ +DDEESSCCRRIIPPTTIIOONN + vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous + to _v_i_p_w(1m). vviissuuddoo locks the _s_u_d_o_e_r_s file against multi­ ple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the _s_u_d_o_e_r_s file is currently being edited you will receive a message to try again later. - There is a hard-coded list of editors that vvvviiiissssuuuuddddoooo will use + There is a hard-coded list of editors that vviissuuddoo will use set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s Default variable. This list defaults to the path to _v_i(1) on your system, as determined by the _c_o_n_f_i_g_u_r_e - script. Normally, vvvviiiissssuuuuddddoooo does not honor the EDITOR or + script. Normally, vviissuuddoo does not honor the EDITOR or VISUAL environment variables unless they contain an editor - in the aforementioned editors list. However, if vvvviiiissssuuuuddddoooo is + in the aforementioned editors list. However, if vviissuuddoo is configured with the _-_-_w_i_t_h_-_e_n_v_e_d_i_t_o_r flag or the _e_n_v_e_d_i_t_o_r - Default variable is set in _s_u_d_o_e_r_s, vvvviiiissssuuuuddddoooo will use any + Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by EDITOR or VISUAL. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting EDITOR or VISUAL. - vvvviiiissssuuuuddddoooo parses the _s_u_d_o_e_r_s file after the edit and will not + vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the changes if there is a syntax error. Upon finding - an error, vvvviiiissssuuuuddddoooo will print a message stating the line - _n_u_m_b_e_r(s) where the error occurred and the user will + an error, vviissuuddoo will print a message stating the line + number(s) where the error occurred and the user will receive the "What now?" prompt. At this point the user may enter "e" to re-edit the _s_u_d_o_e_r_s file, "x" to exit without saving the changes, or "Q" to quit and save changes. The "Q" option should be used with extreme care - because if vvvviiiissssuuuuddddoooo believes there to be a parse error, so - will ssssuuuuddddoooo and no one will be able to ssssuuuuddddoooo again until the + because if vviissuuddoo believes there to be a parse error, so + will ssuuddoo and no one will be able to ssuuddoo again until the error is fixed. If "e" is typed to edit the _s_u_d_o_e_r_s file after a parse error has been detected, the cursor will be placed on the line where the error occurred (if the editor supports this feature). -OOOOPPPPTTTTIIIIOOOONNNNSSSS - vvvviiiissssuuuuddddoooo accepts the following command line options: +OOPPTTIIOONNSS + vviissuuddoo accepts the following command line options: - -c Enable cccchhhheeeecccckkkk----oooonnnnllllyyyy mode. The existing _s_u_d_o_e_r_s file + -c Enable cchheecckk--oonnllyy mode. The existing _s_u_d_o_e_r_s file will be checked for syntax and a message will be printed to the standard output detailing the status of _s_u_d_o_e_r_s. If the syntax check completes successfully, - vvvviiiissssuuuuddddoooo will exit with a value of 0. If a syntax error - is encountered, vvvviiiissssuuuuddddoooo will exit with a value of 1. + vviissuuddoo will exit with a value of 0. If a syntax error + is encountered, vviissuuddoo will exit with a value of 1. -f Specify and alternate _s_u_d_o_e_r_s file location. With - this option vvvviiiissssuuuuddddoooo will edit (or check) the _s_u_d_o_e_r_s + this option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s -April 25, 2002 1.6.6 1 +1.6.7 March 13, 2003 1 -visudo(1m) MAINTENANCE COMMANDS visudo(1m) +VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) file of your choice, instead of the default, @sysconfdir@/sudoers. The lock file used is the spec­ ified _s_u_d_o_e_r_s file with ".tmp" appended to it. - -q Enable qqqquuuuiiiieeeetttt mode. In this mode details about syntax + -q Enable qquuiieett mode. In this mode details about syntax errors are not printed. This option is only useful - when combined with the ----cccc flag. + when combined with the --cc flag. - -s Enable ssssttttrrrriiiicccctttt checking of the _s_u_d_o_e_r_s file. If an - alias is used before it is defined, vvvviiiissssuuuuddddoooo will con­ + -s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an + alias is used before it is defined, vviissuuddoo will con­ sider this a parse error. Note that it is not possi­ ble to differentiate between an alias and a hostname or username that consists solely of uppercase letters, digits, and the underscore ('_') character. - -V The ----VVVV (version) option causes vvvviiiissssuuuuddddoooo to print its + -V The --VV (version) option causes vviissuuddoo to print its version number and exit. -EEEERRRRRRRROOOORRRRSSSS +EERRRROORRSS sudoers file busy, try again later. Someone else is currently editing the _s_u_d_o_e_r_s file. /etc/sudoers.tmp: Permission denied - You didn't run vvvviiiissssuuuuddddoooo as root. + You didn't run vviissuuddoo as root. Can't find you in the passwd database Your userid does not appear in the system passwd file. @@ -103,61 +103,61 @@ EEEERRRRRRRROOOORRRRSSSS before defining it or you have a user or hostname listed that consists solely of uppercase letters, dig­ its, and the underscore ('_') character. If the lat­ - ter, you can ignore the warnings (ssssuuuuddddoooo will not com­ - plain). In ----ssss (strict) mode these are errors, not + ter, you can ignore the warnings (ssuuddoo will not com­ + plain). In --ss (strict) mode these are errors, not warnings. -EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT +EENNVVIIRROONNMMEENNTT The following environment variables are used only if - vvvviiiissssuuuuddddoooo was configured with the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option: + vviissuuddoo was configured with the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option: EDITOR Invoked by visudo as the editor to use VISUAL Used Invoked visudo if EDITOR is not set - -FFFFIIIILLLLEEEESSSS +FFIILLEESS /etc/sudoers List of who can run what /etc/sudoers.tmp Lock file for visudo - -AAAAUUUUTTTTHHHHOOOORRRR +AAUUTTHHOORR Many people have worked on _s_u_d_o over the years; this ver­ - sion of vvvviiiissssuuuuddddoooo was written by: + sion of vviissuuddoo was written by: + Todd Miller -April 25, 2002 1.6.6 2 +1.6.7 March 13, 2003 2 -visudo(1m) MAINTENANCE COMMANDS visudo(1m) +VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) - Todd Miller See the HISTORY file in the sudo distribution or visit http://www.sudo.ws/sudo/history.html for more details. -BBBBUUUUGGGGSSSS +BBUUGGSS If you feel you have found a bug in sudo, please submit a bug report at http://www.sudo.ws/sudo/bugs/ -DDDDIIIISSSSCCCCLLLLAAAAIIIIMMMMEEEERRRR - VVVViiiissssuuuuddddoooo is provided ``AS IS'' and any express or implied +DDIISSCCLLAAIIMMEERR + VViissuuddoo is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed - with ssssuuuuddddoooo for complete details. + with ssuuddoo for complete details. -CCCCAAAAVVVVEEEEAAAATTTTSSSS +CCAAVVEEAATTSS There is no easy way to prevent a user from gaining a root - shell if the editor used by vvvviiiissssuuuuddddoooo allows shell escapes. + shell if the editor used by vviissuuddoo allows shell escapes. + +SSEEEE AALLSSOO + _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(8) + -SSSSEEEEEEEE AAAALLLLSSSSOOOO - _v_i(1), _s_u_d_o(1m), _v_i_p_w(8). @@ -193,6 +193,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -April 25, 2002 1.6.6 3 +1.6.7 March 13, 2003 3