From: Todd C. Miller Date: Fri, 24 Oct 2008 13:52:19 +0000 (+0000) Subject: regen man pages; no more hyphenation X-Git-Tag: SUDO_1_7_0~71 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b3349ed6bcad646914d6aa5fd22c175a1bd4d466;p=sudo regen man pages; no more hyphenation --- diff --git a/sudo.cat b/sudo.cat index 8ef60a67d..c4f2e7840 100644 --- a/sudo.cat +++ b/sudo.cat @@ -25,13 +25,13 @@ DDEESSCCRRIIPPTTIIOONN uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group file (unless the --PP option was specified). If the invoking user is - root or if the target user is the same as the invoking user, no pass- - word is required. Otherwise, ssuuddoo requires that users authenticate - themselves with a password by default (NOTE: in the default configura- - tion this is the user's password, not the root password). Once a user - has been authenticated, a timestamp is updated and the user may then - use sudo without a password for a short period of time (5 minutes - unless overridden in _s_u_d_o_e_r_s). + root or if the target user is the same as the invoking user, no + password is required. Otherwise, ssuuddoo requires that users authenticate + themselves with a password by default (NOTE: in the default + configuration this is the user's password, not the root password). + Once a user has been authenticated, a timestamp is updated and the user + may then use sudo without a password for a short period of time (5 + minutes unless overridden in _s_u_d_o_e_r_s). When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied. @@ -42,11 +42,11 @@ DDEESSCCRRIIPPTTIIOONN overridden via _s_u_d_o_e_r_s). If a user who is not listed in the _s_u_d_o_e_r_s file tries to run a command - via ssuuddoo, mail is sent to the proper authorities, as defined at config- - ure time or in the _s_u_d_o_e_r_s file (defaults to root). Note that the mail - will not be sent if an unauthorized user tries to run sudo with the --ll - or --vv flags. This allows users to determine for themselves whether or - not they are allowed to use ssuuddoo. + via ssuuddoo, mail is sent to the proper authorities, as defined at + configure time or in the _s_u_d_o_e_r_s file (defaults to root). Note that + the mail will not be sent if an unauthorized user tries to run sudo + with the --ll or --vv flags. This allows users to determine for themselves + whether or not they are allowed to use ssuuddoo. If ssuuddoo is run by root and the SUDO_USER environment variable is set, ssuuddoo will use this value to determine who the actual user is. This can @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.0 June 6, 2008 1 +1.7.0 October 24, 2008 1 @@ -70,19 +70,20 @@ DDEESSCCRRIIPPTTIIOONN SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - via _s_y_s_l_o_g(3) but this is changeable at configure time or via the _s_u_d_o_- - _e_r_s file. + via _s_y_s_l_o_g(3) but this is changeable at configure time or via the + _s_u_d_o_e_r_s file. OOPPTTIIOONNSS ssuuddoo accepts the following command line options: -A Normally, if ssuuddoo requires a password, it will read it from - the current terminal. If the --AA (_a_s_k_p_a_s_s) option is speci- - fied, a helper program is executed to read the user's pass- - word and output the password to the standard output. If - the SUDO_ASKPASS environment variable is set, it specifies - the path to the helper program. Otherwise, the value spec- - ified by the _a_s_k_p_a_s_s option in _s_u_d_o_e_r_s(4) is used. + the current terminal. If the --AA (_a_s_k_p_a_s_s) option is + specified, a helper program is executed to read the user's + password and output the password to the standard output. + If the SUDO_ASKPASS environment variable is set, it + specifies the path to the helper program. Otherwise, the + value specified by the _a_s_k_p_a_s_s option in _s_u_d_o_e_r_s(4) is + used. -a _t_y_p_e The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the specified authentication type when validating the user, as @@ -92,9 +93,10 @@ OOPPTTIIOONNSS option is only available on systems that support BSD authentication. - -b The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given com- - mand in the background. Note that if you use the --bb option - you cannot use shell job control to manipulate the process. + -b The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given + command in the background. Note that if you use the --bb + option you cannot use shell job control to manipulate the + process. -C _f_d Normally, ssuuddoo will close all open file descriptors other than standard input, standard output and standard error. @@ -104,17 +106,17 @@ OOPPTTIIOONNSS option is only available if the administrator has enabled the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option in _s_u_d_o_e_r_s(4). - -c _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified com- - mand with resources limited by the specified login class. - The _c_l_a_s_s argument can be either a class name as defined in - _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single '-' character. Specifying a - _c_l_a_s_s of - indicates that the command should be run - restricted by the default login capabilities for the user - the command is run as. If the _c_l_a_s_s argument specifies an - existing user class, the command must be run as root, or - the ssuuddoo command must be run from a shell that is already - root. This option is only available on systems with BSD - login classes. + -c _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified + command with resources limited by the specified login + class. The _c_l_a_s_s argument can be either a class name as + defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single '-' character. + Specifying a _c_l_a_s_s of - indicates that the command should + be run restricted by the default login capabilities for the + user the command is run as. If the _c_l_a_s_s argument + specifies an existing user class, the command must be run + as root, or the ssuuddoo command must be run from a shell that + is already root. This option is only available on systems + with BSD login classes. -E The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option will override the _e_n_v___r_e_s_e_t option in _s_u_d_o_e_r_s(4)). It is only available when @@ -122,12 +124,10 @@ OOPPTTIIOONNSS _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s(4). -e The --ee (_e_d_i_t) option indicates that, instead of running a - command, the user wishes to edit one or more files. In - lieu of a command, the string "sudoedit" is used when -1.7.0 June 6, 2008 2 +1.7.0 October 24, 2008 2 @@ -136,20 +136,23 @@ OOPPTTIIOONNSS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + command, the user wishes to edit one or more files. In + lieu of a command, the string "sudoedit" is used when consulting the _s_u_d_o_e_r_s file. If the user is authorized by _s_u_d_o_e_r_s the following steps are taken: 1. Temporary copies are made of the files to be edited with the owner set to the invoking user. - 2. The editor specified by the VISUAL or EDITOR environ- - ment variables is run to edit the temporary files. If - neither VISUAL nor EDITOR are set, the program listed - in the _e_d_i_t_o_r _s_u_d_o_e_r_s variable is used. + 2. The editor specified by the SUDO_EDITOR, VISUAL or + EDITOR environment variables is run to edit the + temporary files. If none of SUDO_EDITOR, VISUAL or + EDITOR are set, the first program listed in the _e_d_i_t_o_r + _s_u_d_o_e_r_s variable is used. 3. If they have been modified, the temporary files are - copied back to their original location and the tempo- - rary versions are removed. + copied back to their original location and the + temporary versions are removed. If the specified file does not exist, it will be created. Note that unlike most commands run by ssuuddoo, the editor is @@ -170,30 +173,27 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) group will be set to _g_r_o_u_p. -H The --HH (_H_O_M_E) option sets the HOME environment variable to - the homedir of the target user (root by default) as speci- - fied in _p_a_s_s_w_d(4). By default, ssuuddoo does not modify HOME - (see _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e in _s_u_d_o_e_r_s(4)). + the homedir of the target user (root by default) as + specified in _p_a_s_s_w_d(4). By default, ssuuddoo does not modify + HOME (see _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e in _s_u_d_o_e_r_s(4)). -h The --hh (_h_e_l_p) option causes ssuuddoo to print a usage message and exit. -i [command] - The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell spec- - ified in the _p_a_s_s_w_d(4) entry of the target user as a login - shell. This means that login-specific resource files such - as .profile or .login will be read by the shell. If a com- - mand is specified, it is passed to the shell for execution. - Otherwise, an interactive shell is executed. ssuuddoo attempts - to change to that user's home directory before running the - shell. It also initializes the environment, leaving _D_I_S_- - _P_L_A_Y and _T_E_R_M unchanged, setting _H_O_M_E, _S_H_E_L_L, _U_S_E_R, _L_O_G_- - _N_A_M_E, and _P_A_T_H, as well as the contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t - on Linux and AIX systems. All other environment variables - are removed. + The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell + specified in the _p_a_s_s_w_d(4) entry of the target user as a + login shell. This means that login-specific resource files + such as .profile or .login will be read by the shell. If a + command is specified, it is passed to the shell for + execution. Otherwise, an interactive shell is executed. + ssuuddoo attempts to change to that user's home directory + before running the shell. It also initializes the + environment, leaving _D_I_S_P_L_A_Y and _T_E_R_M unchanged, setting -1.7.0 June 6, 2008 3 +1.7.0 October 24, 2008 3 @@ -202,15 +202,19 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + _H_O_M_E, _S_H_E_L_L, _U_S_E_R, _L_O_G_N_A_M_E, and _P_A_T_H, as well as the + contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t on Linux and AIX systems. All + other environment variables are removed. + -K The --KK (sure _k_i_l_l) option is like --kk except that it removes the user's timestamp entirely. Like --kk, this option does not require a password. - -k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's times- - tamp by setting the time on it to the Epoch. The next time - ssuuddoo is run a password will be required. This option does - not require a password and was added to allow a user to - revoke ssuuddoo permissions from a .logout file. + -k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's + timestamp by setting the time on it to the Epoch. The next + time ssuuddoo is run a password will be required. This option + does not require a password and was added to allow a user + to revoke ssuuddoo permissions from a .logout file. -L The --LL (_l_i_s_t defaults) option will list out the parameters that may be set in a _D_e_f_a_u_l_t_s line along with a short @@ -221,28 +225,28 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list the allowed (and forbidden) commands for the invoking user (or the user specified by the --UU option) on the current - host. If a _c_o_m_m_a_n_d is specified and is permitted by _s_u_d_o_- - _e_r_s, the fully-qualified path to the command is displayed - along with any command line arguments. If _c_o_m_m_a_n_d is spec- - ified but not allowed, ssuuddoo will exit with a return value - of 1. If the --ll flag is specified with an ll argument (i.e. - --llll), or if --ll is specified multiple times, a longer list - format is used. - - -n The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from prompt- - ing the user for a password. If a password is required for - the command to run, ssuuddoo will display an error messages and - exit. - - -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to pre- - serve the invoking user's group vector unaltered. By + host. If a _c_o_m_m_a_n_d is specified and is permitted by + _s_u_d_o_e_r_s, the fully-qualified path to the command is + displayed along with any command line arguments. If + _c_o_m_m_a_n_d is specified but not allowed, ssuuddoo will exit with a + return value of 1. If the --ll flag is specified with an ll + argument (i.e. --llll), or if --ll is specified multiple times, + a longer list format is used. + + -n The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from + prompting the user for a password. If a password is + required for the command to run, ssuuddoo will display an error + messages and exit. + + -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to + preserve the invoking user's group vector unaltered. By default, ssuuddoo will initialize the group vector to the list of groups the target user is in. The real and effective group IDs, however, are still set to match the target user. -p _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default - password prompt and use a custom one. The following per- - cent (`%') escapes are supported: + password prompt and use a custom one. The following + percent (`%') escapes are supported: %H expanded to the local hostname including the domain name (on if the machine's hostname is fully qualified @@ -252,14 +256,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) %p expanded to the user whose password is being asked for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w flags in - _s_u_d_o_e_r_s) - - %U expanded to the login name of the user the command will - be run as (defaults to root) -1.7.0 June 6, 2008 4 +1.7.0 October 24, 2008 4 @@ -268,10 +268,15 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + _s_u_d_o_e_r_s) + + %U expanded to the login name of the user the command will + be run as (defaults to root) + %u expanded to the invoking user's login name - %% two consecutive % characters are collapsed into a sin- - gle % character + %% two consecutive % characters are collapsed into a + single % character The prompt specified by the --pp option will override the system password prompt on systems that support PAM unless @@ -292,12 +297,12 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) listed. Only root or a user with ssuuddoo ALL on the current host may use this option. - -u _u_s_e_r The --uu (_u_s_e_r) option causes ssuuddoo to run the specified com- - mand as a user other than _r_o_o_t. To specify a _u_i_d instead - of a _u_s_e_r _n_a_m_e, use _#_u_i_d. When running commands as a _u_i_d, - many shells require that the '#' be escaped with a back- - slash ('\'). Note that if the _t_a_r_g_e_t_p_w Defaults option is - set (see _s_u_d_o_e_r_s(4)) it is not possible to run commands + -u _u_s_e_r The --uu (_u_s_e_r) option causes ssuuddoo to run the specified + command as a user other than _r_o_o_t. To specify a _u_i_d + instead of a _u_s_e_r _n_a_m_e, use _#_u_i_d. When running commands as + a _u_i_d, many shells require that the '#' be escaped with a + backslash ('\'). Note that if the _t_a_r_g_e_t_p_w Defaults option + is set (see _s_u_d_o_e_r_s(4)) it is not possible to run commands with a uid not listed in the password database. -V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the version @@ -307,25 +312,20 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) addresses. -v If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the - user's timestamp, prompting for the user's password if nec- - essary. This extends the ssuuddoo timeout for another 5 min- - utes (or whatever the timeout is set to in _s_u_d_o_e_r_s) but + user's timestamp, prompting for the user's password if + necessary. This extends the ssuuddoo timeout for another 5 + minutes (or whatever the timeout is set to in _s_u_d_o_e_r_s) but does not run a command. - -- The ---- flag indicates that ssuuddoo should stop processing com- - mand line arguments. It is most useful in conjunction with - the --ss flag. + -- The ---- flag indicates that ssuuddoo should stop processing + command line arguments. It is most useful in conjunction + with the --ss flag. Environment variables to be set for the command may also be passed on - the command line in the form of VVAARR=_v_a_l_u_e, e.g. - LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b. Variables passed on the command - line are subject to the same restrictions as normal environment vari- - ables with one important exception. If the _s_e_t_e_n_v option is set in - _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command -1.7.0 June 6, 2008 5 +1.7.0 October 24, 2008 5 @@ -334,23 +334,28 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - matched is ALL, the user may set variables that would overwise be for- - bidden. See _s_u_d_o_e_r_s(4) for more information. + the command line in the form of VVAARR=_v_a_l_u_e, e.g. + LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b. Variables passed on the command + line are subject to the same restrictions as normal environment + variables with one important exception. If the _s_e_t_e_n_v option is set in + _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command + matched is ALL, the user may set variables that would overwise be + forbidden. See _s_u_d_o_e_r_s(4) for more information. RREETTUURRNN VVAALLUUEESS Upon successful execution of a program, the return value from ssuuddoo will simply be the return value of the program that was executed. - Otherwise, ssuuddoo quits with an exit value of 1 if there is a configura- - tion/permission problem or if ssuuddoo cannot execute the given command. - In the latter case the error string is printed to stderr. If ssuuddoo can- - not _s_t_a_t(2) one or more entries in the user's PATH an error is printed - on stderr. (If the directory does not exist or if it is not really a - directory, the entry is ignored and no error is printed.) This should - not happen under normal circumstances. The most common reason for - _s_t_a_t(2) to return "permission denied" is if you are running an auto- - mounter and one of the directories in your PATH is on a machine that is - currently unreachable. + Otherwise, ssuuddoo quits with an exit value of 1 if there is a + configuration/permission problem or if ssuuddoo cannot execute the given + command. In the latter case the error string is printed to stderr. If + ssuuddoo cannot _s_t_a_t(2) one or more entries in the user's PATH an error is + printed on stderr. (If the directory does not exist or if it is not + really a directory, the entry is ignored and no error is printed.) + This should not happen under normal circumstances. The most common + reason for _s_t_a_t(2) to return "permission denied" is if you are running + an automounter and one of the directories in your PATH is on a machine + that is currently unreachable. SSEECCUURRIITTYY NNOOTTEESS ssuuddoo tries to be safe when executing external commands. @@ -365,8 +370,8 @@ SSEECCUURRIITTYY NNOOTTEESS If, however, the _e_n_v___r_e_s_e_t option is disabled in _s_u_d_o_e_r_s, any variables not explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are inherited from the invoking process. In this case, _e_n_v___c_h_e_c_k and - _e_n_v___d_e_l_e_t_e behave like a blacklist. Since it is not possible to black- - list all potentially dangerous environment variables, use of the + _e_n_v___d_e_l_e_t_e behave like a blacklist. Since it is not possible to + blacklist all potentially dangerous environment variables, use of the default _e_n_v___r_e_s_e_t behavior is encouraged. In all cases, environment variables with a value beginning with () are @@ -382,16 +387,11 @@ SSEECCUURRIITTYY NNOOTTEESS before ssuuddoo even begins execution and, as such, it is not possible for ssuuddoo to preserve them. - To prevent command spoofing, ssuuddoo checks "." and "" (both denoting cur- - rent directory) last when searching for a command in the user's PATH - (if one or both are in the PATH). Note, however, that the actual PATH - environment variable is _n_o_t modified and is passed unchanged to the - program that ssuuddoo executes. - + To prevent command spoofing, ssuuddoo checks "." and "" (both denoting -1.7.0 June 6, 2008 6 +1.7.0 October 24, 2008 6 @@ -400,21 +400,26 @@ SSEECCUURRIITTYY NNOOTTEESS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + current directory) last when searching for a command in the user's PATH + (if one or both are in the PATH). Note, however, that the actual PATH + environment variable is _n_o_t modified and is passed unchanged to the + program that ssuuddoo executes. + ssuuddoo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's contents if it is not owned by root or if it is writable by a user other than root. On systems that allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp directory is located in a directory writable by anyone (e.g., _/_t_m_p), it is possible for a user to create the timestamp directory before ssuuddoo is - run. However, because ssuuddoo checks the ownership and mode of the direc- - tory and its contents, the only damage that can be done is to "hide" - files by putting them in the timestamp dir. This is unlikely to happen - since once the timestamp dir is owned by root and inaccessible by any - other user, the user placing files there would be unable to get them - back out. To get around this issue you can use a directory that is not - world-writable for the timestamps (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) or cre- - ate _/_v_a_r_/_r_u_n_/_s_u_d_o with the appropriate owner (root) and permissions - (0700) in the system startup files. + run. However, because ssuuddoo checks the ownership and mode of the + directory and its contents, the only damage that can be done is to + "hide" files by putting them in the timestamp dir. This is unlikely to + happen since once the timestamp dir is owned by root and inaccessible + by any other user, the user placing files there would be unable to get + them back out. To get around this issue you can use a directory that + is not world-writable for the timestamps (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) + or create _/_v_a_r_/_r_u_n_/_s_u_d_o with the appropriate owner (root) and + permissions (0700) in the system startup files. ssuuddoo will not honor timestamps set far in the future. Timestamps with a date greater than current_time + 2 * TIMEOUT will be ignored and sudo @@ -427,16 +432,16 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) commands run from that shell will _n_o_t be logged, nor will ssuuddoo's access control affect them. The same is true for commands that offer shell escapes (including most editors). Because of this, care must be taken - when giving users access to commands via ssuuddoo to verify that the com- - mand does not inadvertently give the user an effective root shell. For - more information, please see the PREVENTING SHELL ESCAPES section in - _s_u_d_o_e_r_s(4). + when giving users access to commands via ssuuddoo to verify that the + command does not inadvertently give the user an effective root shell. + For more information, please see the PREVENTING SHELL ESCAPES section + in _s_u_d_o_e_r_s(4). EENNVVIIRROONNMMEENNTT ssuuddoo utilizes the following environment variables: - EDITOR Default editor to use in --ee (sudoedit) mode if VISUAL - is not set + EDITOR Default editor to use in --ee (sudoedit) mode if neither + SUDO_EDITOR nor VISUAL is set HOME In --ss or --HH mode (or if sudo was configured with the --enable-shell-sets-home option), set to homedir of the @@ -449,35 +454,40 @@ EENNVVIIRROONNMMEENNTT SUDO_ASKPASS Specifies the path to a helper program used to read the password if no terminal is available or if the -A - option is specified. - SUDO_PROMPT Used as the default password prompt - SUDO_COMMAND Set to the command run by sudo +1.7.0 October 24, 2008 7 -1.7.0 June 6, 2008 7 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + option is specified. + SUDO_COMMAND Set to the command run by sudo - SUDO_USER Set to the login of the user who invoked sudo + SUDO_EDITOR Default editor to use in --ee (sudoedit) mode - SUDO_UID Set to the uid of the user who invoked sudo + SUDO_GID Set to the group ID of the user who invoked sudo + + SUDO_PROMPT Used as the default password prompt - SUDO_GID Set to the gid of the user who invoked sudo + SUDO_PS1 If set, PS1 will be set to its value for the program + being run - SUDO_PS1 If set, PS1 will be set to its value + SUDO_UID Set to the user ID of the user who invoked sudo + + SUDO_USER Set to the login of the user who invoked sudo USER Set to the target user (root unless the --uu option is specified) - VISUAL Default editor to use in --ee (sudoedit) mode + VISUAL Default editor to use in --ee (sudoedit) mode if + SUDO_EDITOR is not set FFIILLEESS _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what @@ -511,26 +521,26 @@ EEXXAAMMPPLLEESS Note that this runs the commands in a sub-shell to make the cd and file redirection work. - $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" -SSEEEE AALLSSOO - _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(5), - _v_i_s_u_d_o(1m) -AAUUTTHHOORRSS - Many people have worked on ssuuddoo over the years; this version consists - of code written primarily by: +1.7.0 October 24, 2008 8 -1.7.0 June 6, 2008 8 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SSEEEE AALLSSOO + _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(5), + _v_i_s_u_d_o(1m) +AAUUTTHHOORRSS + Many people have worked on ssuuddoo over the years; this version consists + of code written primarily by: Todd C. Miller @@ -571,24 +581,14 @@ SSUUPPPPOORRTT DDIISSCCLLAAIIMMEERR ssuuddoo is provided ``AS IS'' and any express or implied warranties, - including, but not limited to, the implied warranties of merchantabil- - ity and fitness for a particular purpose are disclaimed. See the - LICENSE file distributed with ssuuddoo or + including, but not limited to, the implied warranties of + merchantability and fitness for a particular purpose are disclaimed. + See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. - - - - - - - - - - -1.7.0 June 6, 2008 9 +1.7.0 October 24, 2008 9 diff --git a/sudo.man.in b/sudo.man.in index d8298a595..b32f83d4b 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -19,7 +19,7 @@ .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .\" $Sudo$ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,11 +46,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -69,22 +69,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -150,7 +153,11 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "June 6, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "October 24, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" @@ -238,7 +245,7 @@ in \fIsudoers\fR\|(@mansectform@) is used. @BAMAN@The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the @BAMAN@specified authentication type when validating the user, as allowed @BAMAN@by \fI/etc/login.conf\fR. The system administrator may specify a list -@BAMAN@of sudo-specific authentication methods by adding an \*(L"auth\-sudo\*(R" +@BAMAN@of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R" @BAMAN@entry in \fI/etc/login.conf\fR. This option is only available on systems @BAMAN@that support \s-1BSD\s0 authentication. .IP "\-b" 12 @@ -284,10 +291,10 @@ the following steps are taken: Temporary copies are made of the files to be edited with the owner set to the invoking user. .IP "2." 4 -The editor specified by the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment -variables is run to edit the temporary files. If neither \f(CW\*(C`VISUAL\*(C'\fR -nor \f(CW\*(C`EDITOR\*(C'\fR are set, the program listed in the \fIeditor\fR \fIsudoers\fR -variable is used. +The editor specified by the \f(CW\*(C`SUDO_EDITOR\*(C'\fR, \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR +environment variables is run to edit the temporary files. If none +of \f(CW\*(C`SUDO_EDITOR\*(C'\fR, \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR are set, the first program +listed in the \fIeditor\fR \fIsudoers\fR variable is used. .IP "3." 4 If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed. @@ -567,7 +574,8 @@ information, please see the \f(CW\*(C`PREVENTING SHELL ESCAPES\*(C'\fR section i .ie n .IP "\*(C`EDITOR\*(C'" 16 .el .IP "\f(CW\*(C`EDITOR\*(C'\fR" 16 .IX Item "EDITOR" -Default editor to use in \fB\-e\fR (sudoedit) mode if \f(CW\*(C`VISUAL\*(C'\fR is not set +Default editor to use in \fB\-e\fR (sudoedit) mode if neither \f(CW\*(C`SUDO_EDITOR\*(C'\fR +nor \f(CW\*(C`VISUAL\*(C'\fR is set .ie n .IP "\*(C`HOME\*(C'" 16 .el .IP "\f(CW\*(C`HOME\*(C'\fR" 16 .IX Item "HOME" @@ -586,30 +594,34 @@ Used to determine shell to run with \f(CW\*(C`\-s\*(C'\fR option .IX Item "SUDO_ASKPASS" Specifies the path to a helper program used to read the password if no terminal is available or if the \f(CW\*(C`\-A\*(C'\fR option is specified. -.ie n .IP "\*(C`SUDO_PROMPT\*(C'" 16 -.el .IP "\f(CW\*(C`SUDO_PROMPT\*(C'\fR" 16 -.IX Item "SUDO_PROMPT" -Used as the default password prompt .ie n .IP "\*(C`SUDO_COMMAND\*(C'" 16 .el .IP "\f(CW\*(C`SUDO_COMMAND\*(C'\fR" 16 .IX Item "SUDO_COMMAND" Set to the command run by sudo -.ie n .IP "\*(C`SUDO_USER\*(C'" 16 -.el .IP "\f(CW\*(C`SUDO_USER\*(C'\fR" 16 -.IX Item "SUDO_USER" -Set to the login of the user who invoked sudo -.ie n .IP "\*(C`SUDO_UID\*(C'" 16 -.el .IP "\f(CW\*(C`SUDO_UID\*(C'\fR" 16 -.IX Item "SUDO_UID" -Set to the uid of the user who invoked sudo +.ie n .IP "\*(C`SUDO_EDITOR\*(C'" 16 +.el .IP "\f(CW\*(C`SUDO_EDITOR\*(C'\fR" 16 +.IX Item "SUDO_EDITOR" +Default editor to use in \fB\-e\fR (sudoedit) mode .ie n .IP "\*(C`SUDO_GID\*(C'" 16 .el .IP "\f(CW\*(C`SUDO_GID\*(C'\fR" 16 .IX Item "SUDO_GID" -Set to the gid of the user who invoked sudo +Set to the group \s-1ID\s0 of the user who invoked sudo +.ie n .IP "\*(C`SUDO_PROMPT\*(C'" 16 +.el .IP "\f(CW\*(C`SUDO_PROMPT\*(C'\fR" 16 +.IX Item "SUDO_PROMPT" +Used as the default password prompt .ie n .IP "\*(C`SUDO_PS1\*(C'" 16 .el .IP "\f(CW\*(C`SUDO_PS1\*(C'\fR" 16 .IX Item "SUDO_PS1" -If set, \f(CW\*(C`PS1\*(C'\fR will be set to its value +If set, \f(CW\*(C`PS1\*(C'\fR will be set to its value for the program being run +.ie n .IP "\*(C`SUDO_UID\*(C'" 16 +.el .IP "\f(CW\*(C`SUDO_UID\*(C'\fR" 16 +.IX Item "SUDO_UID" +Set to the user \s-1ID\s0 of the user who invoked sudo +.ie n .IP "\*(C`SUDO_USER\*(C'" 16 +.el .IP "\f(CW\*(C`SUDO_USER\*(C'\fR" 16 +.IX Item "SUDO_USER" +Set to the login of the user who invoked sudo .ie n .IP "\*(C`USER\*(C'" 16 .el .IP "\f(CW\*(C`USER\*(C'\fR" 16 .IX Item "USER" @@ -617,13 +629,16 @@ Set to the target user (root unless the \fB\-u\fR option is specified) .ie n .IP "\*(C`VISUAL\*(C'" 16 .el .IP "\f(CW\*(C`VISUAL\*(C'\fR" 16 .IX Item "VISUAL" -Default editor to use in \fB\-e\fR (sudoedit) mode +Default editor to use in \fB\-e\fR (sudoedit) mode if \f(CW\*(C`SUDO_EDITOR\*(C'\fR +is not set .SH "FILES" .IX Header "FILES" -.IP "\fI@sysconfdir@/sudoers\fR" 24 +.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24 +.el .IP "\fI@sysconfdir@/sudoers\fR" 24 .IX Item "@sysconfdir@/sudoers" List of who can run what -.IP "\fI@timedir@\fR" 24 +.ie n .IP "\fI@timedir@\fR" 24 +.el .IP "\fI@timedir@\fR" 24 .IX Item "@timedir@" Directory containing timestamps .IP "\fI/etc/environment\fR" 24 @@ -643,19 +658,19 @@ To list the home directory of user yazza on a machine where the file system holding ~yazza is not exported as root: .PP .Vb 1 -\& $ sudo -u yazza ls ~yazza +\& $ sudo \-u yazza ls ~yazza .Ve .PP To edit the \fIindex.html\fR file as user www: .PP .Vb 1 -\& $ sudo -u www vi ~www/htdocs/index.html +\& $ sudo \-u www vi ~www/htdocs/index.html .Ve .PP To shutdown a machine: .PP .Vb 1 -\& $ sudo shutdown -r +15 "quick reboot" +\& $ sudo shutdown \-r +15 "quick reboot" .Ve .PP To make a usage listing of the directories in the /home @@ -663,7 +678,7 @@ partition. Note that this runs the commands in a sub-shell to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. .PP .Vb 1 -\& $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" +\& $ sudo sh \-c "cd /home ; du \-s * | sort \-rn > USAGE" .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/sudoers.cat b/sudoers.cat index 6b6a305c5..1901d81f3 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -8,9 +8,9 @@ NNAAMMEE sudoers - list of which users may execute what DDEESSCCRRIIPPTTIIOONN - The _s_u_d_o_e_r_s file is composed of two types of entries: aliases (basi- - cally variables) and user specifications (which specify who may run - what). + The _s_u_d_o_e_r_s file is composed of two types of entries: aliases + (basically variables) and user specifications (which specify who may + run what). When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not @@ -22,15 +22,15 @@ DDEESSCCRRIIPPTTIIOONN QQuuiicckk gguuiiddee ttoo EEBBNNFF - EBNF is a concise and exact way of describing the grammar of a lan- - guage. Each EBNF definition is made up of _p_r_o_d_u_c_t_i_o_n _r_u_l_e_s. E.g., + EBNF is a concise and exact way of describing the grammar of a + language. Each EBNF definition is made up of _p_r_o_d_u_c_t_i_o_n _r_u_l_e_s. E.g., symbol ::= definition | alternate1 | alternate2 ... Each _p_r_o_d_u_c_t_i_o_n _r_u_l_e references others and thus makes up a grammar for the language. EBNF also contains the following operators, which many - readers will recognize from regular expressions. Do not, however, con- - fuse them with "wildcard" characters, which have different meanings. + readers will recognize from regular expressions. Do not, however, + confuse them with "wildcard" characters, which have different meanings. ? Means that the preceding symbol (or group of symbols) is optional. That is, it may appear once or not at all. @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.0 May 2, 2008 1 +1.7.0 October 24, 2008 1 @@ -70,6 +70,7 @@ DDEESSCCRRIIPPTTIIOONN SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + Host_Alias ::= NAME '=' Host_List Cmnd_Alias ::= NAME '=' Cmnd_List @@ -82,9 +83,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) where _A_l_i_a_s___T_y_p_e is one of User_Alias, Runas_Alias, Host_Alias, or Cmnd_Alias. A NAME is a string of uppercase letters, numbers, and - underscore characters ('_'). A NAME mmuusstt start with an uppercase let- - ter. It is possible to put several alias definitions of the same type - on a single line, joined by a colon (':'). E.g., + underscore characters ('_'). A NAME mmuusstt start with an uppercase + letter. It is possible to put several alias definitions of the same + type on a single line, joined by a colon (':'). E.g., Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 @@ -126,8 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - -1.7.0 May 2, 2008 2 +1.7.0 October 24, 2008 2 @@ -136,6 +136,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + Host ::= '!'* hostname | '!'* ip_addr | '!'* network(/netmask)? | @@ -146,8 +147,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) numbers, netgroups (prefixed with '+') and other aliases. Again, the value of an item may be negated with the '!' operator. If you do not specify a netmask along with the network number, ssuuddoo will query each - of the local host's network interfaces and, if the network number cor- - responds to one of the hosts's network interfaces, the corresponding + of the local host's network interfaces and, if the network number + corresponds to one of the hosts's network interfaces, the corresponding netmask will be used. The netmask may be specified either in standard IP address notation (e.g. 255.255.255.0 or ffff:ffff:ffff:ffff::), or CIDR notation (number of bits, e.g. 24 or 64). A hostname may include @@ -181,19 +182,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following - characters must be escaped with a '\' if they are used in command argu- - ments: ',', ':', '=', '\'. The special command "sudoedit" is used to - permit a user to run ssuuddoo with the --ee flag (or as ssuuddooeeddiitt). It may + characters must be escaped with a '\' if they are used in command + arguments: ',', ':', '=', '\'. The special command "sudoedit" is used + to permit a user to run ssuuddoo with the --ee flag (or as ssuuddooeeddiitt). It may take command line arguments just as a normal command does. - DDeeffaauullttss - Certain configuration options may be changed from their default values - at runtime via one or more Default_Entry lines. These may affect all -1.7.0 May 2, 2008 3 + + +1.7.0 October 24, 2008 3 @@ -202,6 +202,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + DDeeffaauullttss + + Certain configuration options may be changed from their default values + at runtime via one or more Default_Entry lines. These may affect all users on any host, all users on a specific host, a specific user, a specific command, or commands being run as a specific user. Note that per-command entries may not include command line arguments. If you @@ -226,15 +230,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Parameters may be ffllaaggss, iinntteeggeerr values, ssttrriinnggss, or lliissttss. Flags are implicitly boolean and can be turned off via the '!' operator. Some - integer, string and list parameters may also be used in a boolean con- - text to disable them. Values may be enclosed in double quotes (") when - they contain multiple words. Special characters may be escaped with a - backslash (\). + integer, string and list parameters may also be used in a boolean + context to disable them. Values may be enclosed in double quotes (") + when they contain multiple words. Special characters may be escaped + with a backslash (\). - Lists have two additional assignment operators, += and -=. These oper- - ators are used to add to and delete from a list respectively. It is - not an error to use the -= operator to remove an element that does not - exist in a list. + Lists have two additional assignment operators, += and -=. These + operators are used to add to and delete from a list respectively. It + is not an error to use the -= operator to remove an element that does + not exist in a list. See "SUDOERS OPTIONS" for a list of supported Defaults parameters. @@ -253,13 +257,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' | 'SETENV:' | 'NOSETENV:' ) - A uusseerr ssppeecciiffiiccaattiioonn determines which commands a user may run (and as - what user) on specified hosts. By default, commands are run as rroooott, - but this can be changed on a per-command basis. - -1.7.0 May 2, 2008 4 +1.7.0 October 24, 2008 4 @@ -268,6 +268,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + A uusseerr ssppeecciiffiiccaattiioonn determines which commands a user may run (and as + what user) on specified hosts. By default, commands are run as rroooott, + but this can be changed on a per-command basis. + Let's break that down into its constituent parts: RRuunnaass__SSppeecc @@ -283,8 +287,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) specified, the command may be run as any user in the list but no --gg flag may be specified. If the first Runas_List is empty but the second is specified, the command may be run as the invoking user with the - group set to any listed in the Runas_List. If no Runas_Spec is speci- - fied the command may be run as rroooott and no group may be specified. + group set to any listed in the Runas_List. If no Runas_Spec is + specified the command may be run as rroooott and no group may be specified. A Runas_Spec sets the default for the commands that follow it. What this means is that for the entry: @@ -317,15 +321,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu, \ /usr/local/bin/minicom - TTaagg__SSppeecc - A command may have zero or more tags associated with it. There are - eight possible tag values, NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV and - NOSETENV. Once a tag is set on a Cmnd, subsequent Cmnds in the -1.7.0 May 2, 2008 5 +1.7.0 October 24, 2008 5 @@ -334,6 +334,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + TTaagg__SSppeecc + + A command may have zero or more tags associated with it. There are + eight possible tag values, NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV and + NOSETENV. Once a tag is set on a Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit the tag unless it is overridden by the opposite tag (i.e.: PASSWD overrides NOPASSWD and NOEXEC overrides EXEC). @@ -348,9 +353,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm would allow the user rraayy to run _/_b_i_n_/_k_i_l_l, _/_b_i_n_/_l_s, and _/_u_s_r_/_b_i_n_/_l_p_r_m - as root on the machine rushmore as rroooott without authenticating himself. - If we only want rraayy to be able to run _/_b_i_n_/_k_i_l_l without a password the - entry would be: + as rroooott on the machine rushmore without authenticating himself. If we + only want rraayy to be able to run _/_b_i_n_/_k_i_l_l without a password the entry + would be: ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm @@ -359,15 +364,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) By default, if the NOPASSWD tag is applied to any of the entries for a user on the current host, he or she will be able to run sudo -l without - a password. Additionally, a user may only run sudo -v without a pass- - word if the NOPASSWD tag is present for all a user's entries that per- - tain to the current host. This behavior may be overridden via the ver- - ifypw and listpw options. + a password. Additionally, a user may only run sudo -v without a + password if the NOPASSWD tag is present for all a user's entries that + pertain to the current host. This behavior may be overridden via the + verifypw and listpw options. _N_O_E_X_E_C _a_n_d _E_X_E_C - If ssuuddoo has been compiled with _n_o_e_x_e_c support and the underlying oper- - ating system supports it, the NOEXEC tag can be used to prevent a + If ssuuddoo has been compiled with _n_o_e_x_e_c support and the underlying + operating system supports it, the NOEXEC tag can be used to prevent a dynamically-linked executable from running further commands itself. In the following example, user aaaarroonn may run _/_u_s_r_/_b_i_n_/_m_o_r_e and @@ -382,16 +387,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) These tags override the value of the _s_e_t_e_n_v option on a per-command basis. Note that if SETENV has been set for a command, any environment - variables set on the command line way are not subject to the restric- - tions imposed by _e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or _e_n_v___k_e_e_p. As such, only - trusted users should be allowed to set variables in this manner. If - the command matched is AALLLL, the SETENV tag is implied for that command; - this default may be overridden by use of the UNSETENV tag. + variables set on the command line way are not subject to the - -1.7.0 May 2, 2008 6 +1.7.0 October 24, 2008 6 @@ -400,6 +400,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + restrictions imposed by _e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or _e_n_v___k_e_e_p. As such, + only trusted users should be allowed to set variables in this manner. + If the command matched is AALLLL, the SETENV tag is implied for that + command; this default may be overridden by use of the UNSETENV tag. + WWiillddccaarrddss ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s (aka meta or glob characters) to be @@ -418,6 +423,14 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) \x For any character "x", evaluates to "x". This is used to escape special characters such as: "*", "?", "[", and "}". + POSIX character classes may also be used if your system's _f_n_m_a_t_c_h(3) + function supports them. However, because the ':' character has special + meaning in _s_u_d_o_e_r_s, it must be escaped. For example: + + /bin/ls [[\:alpha\:]]* + + Would match any filename beginning with a letter. + Note that a forward slash ('/') will nnoott be matched by wildcards used in the pathname. When matching the command line arguments, however, a slash ddooeess get matched by wildcards. This is to make a path like: @@ -441,30 +454,30 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) the one used by the C preprocessor. This is useful, for example, for keeping a site-wide _s_u_d_o_e_r_s file in addition to a per-machine local one. For the sake of this example the site-wide _s_u_d_o_e_r_s will be - _/_e_t_c_/_s_u_d_o_e_r_s and the per-machine one will be _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l. To - include _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l from _/_e_t_c_/_s_u_d_o_e_r_s we would use the following - line in _/_e_t_c_/_s_u_d_o_e_r_s: - #include /etc/sudoers.local - When ssuuddoo reaches this line it will suspend processing of the current - file (_/_e_t_c_/_s_u_d_o_e_r_s) and switch to _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l. Upon reaching - the end of _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l, the rest of _/_e_t_c_/_s_u_d_o_e_r_s will be pro- - cessed. Files that are included may themselves include other files. A - hard limit of 128 nested include files is enforced to prevent include - file loops. +1.7.0 October 24, 2008 7 -1.7.0 May 2, 2008 7 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + _/_e_t_c_/_s_u_d_o_e_r_s and the per-machine one will be _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l. To + include _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l from _/_e_t_c_/_s_u_d_o_e_r_s we would use the following + line in _/_e_t_c_/_s_u_d_o_e_r_s: -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + #include /etc/sudoers.local + When ssuuddoo reaches this line it will suspend processing of the current + file (_/_e_t_c_/_s_u_d_o_e_r_s) and switch to _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l. Upon reaching + the end of _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l, the rest of _/_e_t_c_/_s_u_d_o_e_r_s will be + processed. Files that are included may themselves include other files. + A hard limit of 128 nested include files is enforced to prevent include + file loops. OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss @@ -477,9 +490,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The reserved word AALLLL is a built-in _a_l_i_a_s that always causes a match to succeed. It can be used wherever one might otherwise use a Cmnd_Alias, User_Alias, Runas_Alias, or Host_Alias. You should not try to define - your own _a_l_i_a_s called AALLLL as the built-in alias will be used in prefer- - ence to your own. Please note that using AALLLL can be dangerous since in - a command context, it allows the user to run aannyy command on the system. + your own _a_l_i_a_s called AALLLL as the built-in alias will be used in + preference to your own. Please note that using AALLLL can be dangerous + since in a command context, it allows the user to run aannyy command on + the system. An exclamation point ('!') can be used as a logical _n_o_t operator both in an _a_l_i_a_s and in front of a Cmnd. This allows one to exclude certain @@ -487,8 +501,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) ALL alias to allow a user to run "all but a few" commands rarely works as intended (see SECURITY NOTES below). - Long lines can be continued with a backslash ('\') as the last charac- - ter on the line. + Long lines can be continued with a backslash ('\') as the last + character on the line. Whitespace between elements in a list as well as special syntactic characters in a _U_s_e_r _S_p_e_c_i_f_i_c_a_t_i_o_n ('=', ':', '(', ')') is optional. @@ -506,104 +520,107 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS always_set_home If set, ssuuddoo will set the HOME environment variable to the home directory of the target user (which is root - unless the --uu option is used). This effectively means - that the --HH flag is always implied. This flag is _o_f_f - by default. - authenticate If set, users must authenticate themselves via a pass- - word (or other means of authentication) before they may - run commands. This default may be overridden via the - PASSWD and NOPASSWD tags. This flag is _o_n by default. - closefrom_override - If set, the user may use ssuuddoo's --CC option which over- - rides the default starting point at which ssuuddoo begins - closing open file descriptors. This flag is _o_f_f by - default. +1.7.0 October 24, 2008 8 -1.7.0 May 2, 2008 8 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + unless the --uu option is used). This effectively means + that the --HH flag is always implied. This flag is _o_f_f + by default. + authenticate If set, users must authenticate themselves via a + password (or other means of authentication) before they + may run commands. This default may be overridden via + the PASSWD and NOPASSWD tags. This flag is _o_n by + default. + + closefrom_override + If set, the user may use ssuuddoo's --CC option which + overrides the default starting point at which ssuuddoo + begins closing open file descriptors. This flag is _o_f_f + by default. env_editor If set, vviissuuddoo will use the value of the EDITOR or VISUAL environment variables before falling back on the - default editor list. Note that this may create a secu- - rity hole as it allows the user to run any arbitrary - command as root without logging. A safer alternative - is to place a colon-separated list of editors in the - editor variable. vviissuuddoo will then only use the EDITOR - or VISUAL if they match a value specified in editor. - This flag is _o_f_f by default. + default editor list. Note that this may create a + security hole as it allows the user to run any + arbitrary command as root without logging. A safer + alternative is to place a colon-separated list of + editors in the editor variable. vviissuuddoo will then only + use the EDITOR or VISUAL if they match a value + specified in editor. This flag is _o_f_f by default. env_reset If set, ssuuddoo will reset the environment to only contain - the LOGNAME, SHELL, USER, USERNAME and the SUDO_* vari- - ables. Any variables in the caller's environment that - match the env_keep and env_check lists are then added. - The default contents of the env_keep and env_check - lists are displayed when ssuuddoo is run by root with the - _-_V option. If the _s_e_c_u_r_e___p_a_t_h option is set, its value - will be used for the PATH environment variable. This - flag is _o_n by default. - - fqdn Set this flag if you want to put fully qualified host- - names in the _s_u_d_o_e_r_s file. I.e., instead of myhost you - would use myhost.mydomain.edu. You may still use the - short form if you wish (and even mix the two). Beware - that turning on _f_q_d_n requires ssuuddoo to make DNS lookups - which may make ssuuddoo unusable if DNS stops working (for - example if the machine is not plugged into the net- - work). Also note that you must use the host's official - name as DNS knows it. That is, you may not use a host - alias (CNAME entry) due to performance issues and the - fact that there is no way to get all aliases from DNS. - If your machine's hostname (as returned by the hostname - command) is already fully qualified you shouldn't need - to set _f_q_d_n. This flag is _o_f_f by default. + the LOGNAME, SHELL, USER, USERNAME and the SUDO_* + variables. Any variables in the caller's environment + that match the env_keep and env_check lists are then + added. The default contents of the env_keep and + env_check lists are displayed when ssuuddoo is run by root + with the _-_V option. If the _s_e_c_u_r_e___p_a_t_h option is set, + its value will be used for the PATH environment + variable. This flag is _o_n by default. + + fqdn Set this flag if you want to put fully qualified + hostnames in the _s_u_d_o_e_r_s file. I.e., instead of myhost + you would use myhost.mydomain.edu. You may still use + the short form if you wish (and even mix the two). + Beware that turning on _f_q_d_n requires ssuuddoo to make DNS + lookups which may make ssuuddoo unusable if DNS stops + working (for example if the machine is not plugged into + the network). Also note that you must use the host's + official name as DNS knows it. That is, you may not + use a host alias (CNAME entry) due to performance + issues and the fact that there is no way to get all + aliases from DNS. If your machine's hostname (as + returned by the hostname command) is already fully + qualified you shouldn't need to set _f_q_d_n. This flag is + _o_f_f by default. ignore_dot If set, ssuuddoo will ignore '.' or '' (current dir) in the - PATH environment variable; the PATH itself is not modi- - fied. This flag is _o_f_f by default. + PATH environment variable; the PATH itself is not - ignore_local_sudoers - If set via LDAP, parsing of _/_e_t_c_/_s_u_d_o_e_r_s will be - skipped. This is intended for Enterprises that wish to - prevent the usage of local sudoers files so that only - LDAP is used. This thwarts the efforts of rogue opera- - tors who would attempt to add roles to _/_e_t_c_/_s_u_d_o_e_r_s. - When this option is present, _/_e_t_c_/_s_u_d_o_e_r_s does not even - need to exist. Since this option tells ssuuddoo how to - behave when no specific LDAP entries have been matched, - this sudoOption is only meaningful for the cn=defaults - section. This flag is _o_f_f by default. - insults If set, ssuuddoo will insult users when they enter an - incorrect password. This flag is _o_f_f by default. +1.7.0 October 24, 2008 9 -1.7.0 May 2, 2008 9 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + modified. This flag is _o_f_f by default. -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + ignore_local_sudoers + If set via LDAP, parsing of _/_e_t_c_/_s_u_d_o_e_r_s will be + skipped. This is intended for Enterprises that wish to + prevent the usage of local sudoers files so that only + LDAP is used. This thwarts the efforts of rogue + operators who would attempt to add roles to + _/_e_t_c_/_s_u_d_o_e_r_s. When this option is present, + _/_e_t_c_/_s_u_d_o_e_r_s does not even need to exist. Since this + option tells ssuuddoo how to behave when no specific LDAP + entries have been matched, this sudoOption is only + meaningful for the cn=defaults section. This flag is + _o_f_f by default. + insults If set, ssuuddoo will insult users when they enter an + incorrect password. This flag is _o_f_f by default. log_host If set, the hostname will be logged in the (non-syslog) ssuuddoo log file. This flag is _o_f_f by default. - log_year If set, the four-digit year will be logged in the - (non-syslog) ssuuddoo log file. This flag is _o_f_f by - default. + log_year If set, the four-digit year will be logged in the (non- + syslog) ssuuddoo log file. This flag is _o_f_f by default. long_otp_prompt When validating with a One Time Password (OPT) scheme such as SS//KKeeyy or OOPPIIEE, a two-line prompt is used to @@ -635,46 +652,46 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) _o_n by default. noexec If set, all commands run via ssuuddoo will behave as if the - NOEXEC tag has been set, unless overridden by a EXEC - tag. See the description of _N_O_E_X_E_C _a_n_d _E_X_E_C below as - well as the "PREVENTING SHELL ESCAPES" section at the - end of this manual. This flag is _o_f_f by default. - path_info Normally, ssuuddoo will tell the user when a command could - not be found in their PATH environment variable. Some - sites may wish to disable this as it could be used to - gather information on the location of executables that - the normal user does not have access to. The disadvan- - tage is that if the executable is simply not in the - user's PATH, ssuuddoo will tell the user that they are not - allowed to run it, which can be confusing. This flag - is _o_n by default. - passprompt_override - The password prompt specified by _p_a_s_s_p_r_o_m_p_t will +1.7.0 October 24, 2008 10 -1.7.0 May 2, 2008 10 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + NOEXEC tag has been set, unless overridden by a EXEC + tag. See the description of _N_O_E_X_E_C _a_n_d _E_X_E_C below as + well as the "PREVENTING SHELL ESCAPES" section at the + end of this manual. This flag is _o_f_f by default. + path_info Normally, ssuuddoo will tell the user when a command could + not be found in their PATH environment variable. Some + sites may wish to disable this as it could be used to + gather information on the location of executables that + the normal user does not have access to. The + disadvantage is that if the executable is simply not in + the user's PATH, ssuuddoo will tell the user that they are + not allowed to run it, which can be confusing. This + flag is _o_n by default. + passprompt_override + The password prompt specified by _p_a_s_s_p_r_o_m_p_t will normally only be used if the passwod prompt provided by systems such as PAM matches the string "Password:". If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always be used. This flag is _o_f_f by default. preserve_groups By default ssuuddoo will initialize the group vector to the - list of groups the target user is in. When _p_r_e_- - _s_e_r_v_e___g_r_o_u_p_s is set, the user's existing group vector - is left unaltered. The real and effective group IDs, - however, are still set to match the target user. This - flag is _o_f_f by default. + list of groups the target user is in. When + _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's existing group + vector is left unaltered. The real and effective group + IDs, however, are still set to match the target user. + This flag is _o_f_f by default. requiretty If set, ssuuddoo will only run when the user is logged in to a real tty. This will disallow things like "rsh @@ -688,10 +705,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) this prevents users from "chaining" ssuuddoo commands to get a root shell by doing something like "sudo sudo /bin/sh". Note, however, that turning off _r_o_o_t___s_u_d_o - will also prevent root and from running ssuuddooeeddiitt. Dis- - abling _r_o_o_t___s_u_d_o provides no real additional security; - it exists purely for historical reasons. This flag is - _o_n by default. + will also prevent root and from running ssuuddooeeddiitt. + Disabling _r_o_o_t___s_u_d_o provides no real additional + security; it exists purely for historical reasons. + This flag is _o_n by default. rootpw If set, ssuuddoo will prompt for the root password instead of the password of the invoking user. This flag is _o_f_f @@ -702,6 +719,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) instead of the password of the invoking user. This flag is _o_f_f by default. + + +1.7.0 October 24, 2008 11 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + set_home If set and ssuuddoo is invoked with the --ss flag the HOME environment variable will be set to the home directory of the target user (which is root unless the --uu option @@ -715,27 +743,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) system) use LOGNAME to determine the real identity of the user, it may be desirable to change this behavior. This can be done by negating the set_logname option. - Note that if the _e_n_v___r_e_s_e_t option has not been dis- - abled, entries in the _e_n_v___k_e_e_p list will override the - value of _s_e_t___l_o_g_n_a_m_e. This flag is _o_f_f by default. - - - -1.7.0 May 2, 2008 11 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - + Note that if the _e_n_v___r_e_s_e_t option has not been + disabled, entries in the _e_n_v___k_e_e_p list will override + the value of _s_e_t___l_o_g_n_a_m_e. This flag is _o_f_f by default. setenv Allow the user to disable the _e_n_v___r_e_s_e_t option from the command line. Additionally, environment variables set - via the command line are not subject to the restric- - tions imposed by _e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or _e_n_v___k_e_e_p. - As such, only trusted users should be allowed to set - variables in this manner. This flag is _o_f_f by default. + via the command line are not subject to the + restrictions imposed by _e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or + _e_n_v___k_e_e_p. As such, only trusted users should be + allowed to set variables in this manner. This flag is + _o_f_f by default. shell_noargs If set and ssuuddoo is invoked with no arguments it acts as if the --ss flag had been given. That is, it runs a @@ -749,16 +767,16 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) default). This option changes that behavior such that the real UID is left as the invoking user's UID. In other words, this makes ssuuddoo act as a setuid wrapper. - This can be useful on systems that disable some poten- - tially dangerous functionality when a program is run - setuid. This option is only effective on systems with - either the _s_e_t_r_e_u_i_d_(_) or _s_e_t_r_e_s_u_i_d_(_) function. This - flag is _o_f_f by default. + This can be useful on systems that disable some + potentially dangerous functionality when a program is + run setuid. This option is only effective on systems + with either the _s_e_t_r_e_u_i_d_(_) or _s_e_t_r_e_s_u_i_d_(_) function. + This flag is _o_f_f by default. targetpw If set, ssuuddoo will prompt for the password of the user specified by the --uu flag (defaults to root) instead of - the password of the invoking user. Note that this pre- - cludes the use of a uid not listed in the passwd + the password of the invoking user. Note that this + precludes the use of a uid not listed in the passwd database as an argument to the --uu flag. This flag is _o_f_f by default. @@ -766,13 +784,25 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Normally, ssuuddoo uses a directory in the ticket dir with the same name as the user running it. With this flag enabled, ssuuddoo will use a file named for the tty the + + + +1.7.0 October 24, 2008 12 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + user is logged in on in that directory. This flag is _o_f_f by default. use_loginclass If set, ssuuddoo will apply the defaults specified for the - target user's login class if one exists. Only avail- - able if ssuuddoo is configured with the --with-logincap - option. This flag is _o_f_f by default. + target user's login class if one exists. Only + available if ssuuddoo is configured with the + --with-logincap option. This flag is _o_f_f by default. IInntteeggeerrss: @@ -784,18 +814,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) is 3. passwd_tries The number of tries a user gets to enter his/her - - - -1.7.0 May 2, 2008 12 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - password before ssuuddoo logs the failure and exits. The default is 3. @@ -817,8 +835,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) to always prompt for a password. If set to a value less than 0 the user's timestamp will never expire. This can be used to allow users to create or delete - their own timestamps via sudo -v and sudo -k respec- - tively. + their own timestamps via sudo -v and sudo -k + respectively. umask Umask to use when running the command. Negate this option or set it to 0777 to preserve the user's umask. @@ -832,10 +850,22 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) editor A colon (':') separated list of editors allowed to be used with vviissuuddoo. vviissuuddoo will choose the editor that - matches the user's EDITOR environment variable if pos- - sible, or the first editor in the list that exists and - is executable. The default is the path to vi on your - system. + + + +1.7.0 October 24, 2008 13 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + + matches the user's EDITOR environment variable if + possible, or the first editor in the list that exists + and is executable. The default is the path to vi on + your system. mailsub Subject of the mail sent to the _m_a_i_l_t_o user. The escape %h will expand to the hostname of the machine. Default @@ -850,24 +880,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) passprompt The default prompt to use when asking for a password; can be overridden via the --pp option or the SUDO_PROMPT - - - -1.7.0 May 2, 2008 13 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - environment variable. The following percent (`%') escapes are supported: %H expanded to the local hostname including the domain - name (on if the machine's hostname is fully quali- - fied or the _f_q_d_n option is set) + name (on if the machine's hostname is fully + qualified or the _f_q_d_n option is set) %h expanded to the local hostname without the domain name @@ -891,11 +909,27 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) root. Note that if _r_u_n_a_s___d_e_f_a_u_l_t is set it mmuusstt occur before any Runas_Alias specifications. - syslog_badpri Syslog priority to use when user authenticates unsuc- - cessfully. Defaults to alert. + syslog_badpri Syslog priority to use when user authenticates + unsuccessfully. Defaults to alert. + + syslog_goodpri Syslog priority to use when user authenticates + successfully. Defaults to notice. + + sudoers_locale Locale to use when parsing the sudoers file. Note that + + + +1.7.0 October 24, 2008 14 + + + - syslog_goodpri Syslog priority to use when user authenticates success- - fully. Defaults to notice. + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + + changing the locale may affect how sudoers is + interpreted. Defaults to "C". timestampdir The directory in which ssuuddoo stores its timestamp files. The default is _/_v_a_r_/_r_u_n_/_s_u_d_o. @@ -908,30 +942,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) askpass The _a_s_k_p_a_s_s option specifies the fully-qualilfy path to a helper program used to read the user's password when no terminal is available. This may be the case when ssuuddoo is - executed from a graphical (as opposed to text-based) appli- - cation. The program specified by _a_s_k_p_a_s_s should display - the argument passed to it as the prompt and write the - user's password to the standard output. The value of + executed from a graphical (as opposed to text-based) + application. The program specified by _a_s_k_p_a_s_s should + display the argument passed to it as the prompt and write + the user's password to the standard output. The value of _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment variable. env_file The _e_n_v___f_i_l_e options specifies the fully-qualilfy path to a - - - -1.7.0 May 2, 2008 14 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - file containing variables to be set in the environment of the program being run. Entries in this file should be of - the form VARIABLE=value. Variables in this file are sub- - ject to other ssuuddoo environment settings such as _e_n_v___k_e_e_p + the form VARIABLE=value. Variables in this file are + subject to other ssuuddoo environment settings such as _e_n_v___k_e_e_p and _e_n_v___c_h_e_c_k. exempt_group @@ -939,8 +961,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) requirements. This is not set by default. lecture This option controls when a short lecture will be printed - along with the password prompt. It has the following pos- - sible values: + along with the password prompt. It has the following + possible values: always Always lecture the user. @@ -961,6 +983,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) a user runs ssuuddoo with the --ll flag. It has the following possible values: + + +1.7.0 October 24, 2008 15 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + all All the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid entering a password. @@ -979,21 +1012,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Negating the option results in a value of _n_e_v_e_r being used. The default value is _a_n_y. - logfile Path to the ssuuddoo log file (not the syslog log file). Set- - ting a path turns on logging to a file; negating this + logfile Path to the ssuuddoo log file (not the syslog log file). + Setting a path turns on logging to a file; negating this option turns it off. By default, ssuuddoo logs via syslog. - - -1.7.0 May 2, 2008 15 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - mailerflags Flags to use when invoking mailer. Defaults to --tt. mailerpath Path to mail program used to send warning mail. Defaults @@ -1009,12 +1031,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) ssuuddoo interpreting the @ sign. Defaults to root. secure_path Path used for every command run from ssuuddoo. If you don't - trust the people running ssuuddoo to have a sane PATH environ- - ment variable you may want to use this. Another use is if - you want to have the "root path" be separate from the "user - path." Users in the group specified by the _e_x_e_m_p_t___g_r_o_u_p - option are not affected by _s_e_c_u_r_e___p_a_t_h. This is not set by - default. + trust the people running ssuuddoo to have a sane PATH + environment variable you may want to use this. Another use + is if you want to have the "root path" be separate from the + "user path." Users in the group specified by the + _e_x_e_m_p_t___g_r_o_u_p option are not affected by _s_e_c_u_r_e___p_a_t_h. This + is not set by default. syslog Syslog facility if syslog is being used for logging (negate to disable syslog logging). Defaults to local2. @@ -1027,6 +1049,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) must have the NOPASSWD flag set to avoid entering a password. + + +1.7.0 October 24, 2008 16 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + always The user must always enter a password to use the --vv flag. @@ -1046,20 +1079,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) env_check Environment variables to be removed from the user's environment if the variable's value contains % or / characters. This can be used to guard against printf- - style format vulnerabilities in poorly-written pro- - grams. The argument may be a double-quoted, space- - - - -1.7.0 May 2, 2008 16 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - + style format vulnerabilities in poorly-written + programs. The argument may be a double-quoted, space- separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the =, +=, -=, and ! operators @@ -1072,15 +1093,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) env_delete Environment variables to be removed from the user's environment. The argument may be a double-quoted, - space-separated list or a single value without dou- - ble-quotes. The list can be replaced, added to, - deleted from, or disabled by using the =, +=, -=, and ! - operators respectively. The default list of environ- - ment variables to remove is displayed when ssuuddoo is run - by root with the _-_V option. Note that many operating - systems will remove potentially dangerous variables - from the environment of any setuid process (such as - ssuuddoo). + space-separated list or a single value without double- + quotes. The list can be replaced, added to, deleted + from, or disabled by using the =, +=, -=, and ! + operators respectively. The default list of + environment variables to remove is displayed when ssuuddoo + is run by root with the _-_V option. Note that many + operating systems will remove potentially dangerous + variables from the environment of any setuid process + (such as ssuuddoo). env_keep Environment variables to be preserved in the user's environment when the _e_n_v___r_e_s_e_t option is in effect. @@ -1093,12 +1114,24 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) variables to keep is displayed when ssuuddoo is run by root with the _-_V option. + + + +1.7.0 October 24, 2008 17 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + When logging via _s_y_s_l_o_g(3), ssuuddoo accepts the following values for the syslog facility (the value of the ssyysslloogg Parameter): aauutthhpprriivv (if your OS supports it), aauutthh, ddaaeemmoonn, uusseerr, llooccaall00, llooccaall11, llooccaall22, llooccaall33, llooccaall44, llooccaall55, llooccaall66, and llooccaall77. The following syslog priorities - are supported: aalleerrtt, ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee, and wwaarrnn-- - iinngg. + are supported: aalleerrtt, ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee, and + wwaarrnniinngg. FFIILLEESS _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what @@ -1111,21 +1144,6 @@ EEXXAAMMPPLLEESS Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit contrived. First, we define our _a_l_i_a_s_e_s: - - - - - - -1.7.0 May 2, 2008 17 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - # User alias specification User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl @@ -1162,13 +1180,25 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Here we override some of the compiled in default values. We want ssuuddoo to log via _s_y_s_l_o_g(3) using the _a_u_t_h facility in all cases. We don't want to subject the full time staff to the ssuuddoo lecture, user mmiilllleerrtt + + + +1.7.0 October 24, 2008 18 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + need not give a password, and we don't want to reset the LOGNAME, USER - or USERNAME environment variables when running commands as root. Addi- - tionally, on the machines in the _S_E_R_V_E_R_S Host_Alias, we keep an addi- - tional local log file and make sure we log the year in each log line - since the log entries will be kept around for several years. Lastly, - we disable shell escapes for the commands in the PAGERS Cmnd_Alias - (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and _/_u_s_r_/_b_i_n_/_l_e_s_s). + or USERNAME environment variables when running commands as root. + Additionally, on the machines in the _S_E_R_V_E_R_S Host_Alias, we keep an + additional local log file and make sure we log the year in each log + line since the log entries will be kept around for several years. + Lastly, we disable shell escapes for the commands in the PAGERS + Cmnd_Alias (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and _/_u_s_r_/_b_i_n_/_l_e_s_s). # Override built-in defaults Defaults syslog=auth @@ -1181,17 +1211,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually determines who may run what. - - -1.7.0 May 2, 2008 18 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - root ALL = (ALL) ALL %wheel ALL = (ALL) ALL @@ -1227,36 +1246,37 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The ooppeerraattoorr user may run commands limited to simple maintenance. Here, those are commands related to backups, killing processes, the - printing system, shutting down the system, and any commands in the - directory _/_u_s_r_/_o_p_e_r_/_b_i_n_/. - joe ALL = /usr/bin/su operator - The user jjooee may only _s_u(1) to operator. - pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root +1.7.0 October 24, 2008 19 - The user ppeettee is allowed to change anyone's password except for root on - the _H_P_P_A machines. Note that this assumes _p_a_s_s_w_d(1) does not take mul- - tiple usernames on the command line. - bob SPARC = (OP) ALL : SGI = (OP) ALL - The user bboobb may run anything on the _S_P_A_R_C and _S_G_I machines as any user - listed in the _O_P Runas_Alias (rroooott and ooppeerraattoorr). - jim +biglab = ALL +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 May 2, 2008 19 + printing system, shutting down the system, and any commands in the + directory _/_u_s_r_/_o_p_e_r_/_b_i_n_/. + joe ALL = /usr/bin/su operator + The user jjooee may only _s_u(1) to operator. + pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root + The user ppeettee is allowed to change anyone's password except for root on + the _H_P_P_A machines. Note that this assumes _p_a_s_s_w_d(1) does not take + multiple usernames on the command line. -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + bob SPARC = (OP) ALL : SGI = (OP) ALL + The user bboobb may run anything on the _S_P_A_R_C and _S_G_I machines as any user + listed in the _O_P Runas_Alias (rroooott and ooppeerraattoorr). + + jim +biglab = ALL The user jjiimm may run any command on machines in the _b_i_g_l_a_b netgroup. ssuuddoo knows that "biglab" is a netgroup due to the '+' prefix. @@ -1269,8 +1289,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) fred ALL = (DB) NOPASSWD: ALL - The user ffrreedd can run commands as any user in the _D_B Runas_Alias (oorraa-- - ccllee or ssyybbaassee) without giving a password. + The user ffrreedd can run commands as any user in the _D_B Runas_Alias + (oorraaccllee or ssyybbaassee) without giving a password. john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* @@ -1290,8 +1310,19 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) steve CSNETS = (operator) /usr/local/op_commands/ - The user sstteevvee may run any command in the directory /usr/local/op_com- - mands/ but only as user operator. + The user sstteevvee may run any command in the directory + /usr/local/op_commands/ but only as user operator. + + + +1.7.0 October 24, 2008 20 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + matt valkyrie = KILL @@ -1312,95 +1343,83 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) This is a bit tedious for users to type, so it is a prime candidate for encapsulating in a shell script. - - - -1.7.0 May 2, 2008 20 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - SSEECCUURRIITTYY NNOOTTEESS It is generally not effective to "subtract" commands from ALL using the '!' operator. A user can trivially circumvent this by copying the - desired command to a different name and then executing that. For exam- - ple: + desired command to a different name and then executing that. For + example: bill ALL = ALL, !SU, !SHELLS Doesn't really prevent bbiillll from running the commands listed in _S_U or _S_H_E_L_L_S since he can simply copy those commands to a different name, or use a shell escape from an editor or other program. Therefore, these - kind of restrictions should be considered advisory at best (and rein- - forced by policy). + kind of restrictions should be considered advisory at best (and + reinforced by policy). PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS Once ssuuddoo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass ssuuddoo's access control and logging. Common programs - that permit shell escapes include shells (obviously), editors, pagina- - tors, mail and terminal programs. + that permit shell escapes include shells (obviously), editors, + paginators, mail and terminal programs. There are two basic approaches to this problem: restrict Avoid giving users access to commands that allow the user to run arbitrary commands. Many editors have a restricted mode where shell escapes are disabled, though ssuuddooeeddiitt is a better - solution to running editors via ssuuddoo. Due to the large num- - ber of programs that offer shell escapes, restricting users - to the set of programs that do not if often unworkable. + solution to running editors via ssuuddoo. Due to the large + number of programs that offer shell escapes, restricting + users to the set of programs that do not if often unworkable. noexec Many systems that support shared libraries have the ability - to override default library functions by pointing an environ- - ment variable (usually LD_PRELOAD) to an alternate shared - library. On such systems, ssuuddoo's _n_o_e_x_e_c functionality can be - used to prevent a program run by ssuuddoo from executing any - other programs. Note, however, that this applies only to - native dynamically-linked executables. Statically-linked - executables and foreign executables running under binary emu- - lation are not affected. + to override default library functions by pointing an + environment variable (usually LD_PRELOAD) to an alternate + shared library. On such systems, ssuuddoo's _n_o_e_x_e_c functionality - To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you can run the - following as root: - sudo -V | grep "dummy exec" - If the resulting output contains a line that begins with: +1.7.0 October 24, 2008 21 - File containing dummy exec functions: - then ssuuddoo may be able to replace the exec family of functions - in the standard library with its own that simply return an - error. Unfortunately, there is no foolproof way to know - whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c -1.7.0 May 2, 2008 21 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + can be used to prevent a program run by ssuuddoo from executing + any other programs. Note, however, that this applies only to + native dynamically-linked executables. Statically-linked + executables and foreign executables running under binary + emulation are not affected. + To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you can run the + following as root: + sudo -V | grep "dummy exec" -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + If the resulting output contains a line that begins with: + File containing dummy exec functions: + then ssuuddoo may be able to replace the exec family of functions + in the standard library with its own that simply return an + error. Unfortunately, there is no foolproof way to know + whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and - UnixWare. _n_o_e_x_e_c is expected to work on most operating sys- - tems that support the LD_PRELOAD environment variable. Check - your operating system's manual pages for the dynamic linker - (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see - if LD_PRELOAD is supported. + UnixWare. _n_o_e_x_e_c is expected to work on most operating + systems that support the LD_PRELOAD environment variable. + Check your operating system's manual pages for the dynamic + linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) + to see if LD_PRELOAD is supported. - To enable _n_o_e_x_e_c for a command, use the NOEXEC tag as docu- - mented in the User Specification section above. Here is that - example again: + To enable _n_o_e_x_e_c for a command, use the NOEXEC tag as + documented in the User Specification section above. Here is + that example again: aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi @@ -1422,8 +1441,20 @@ SSEEEE AALLSSOO CCAAVVEEAATTSS The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which locks the file and does grammatical checking. It is imperative that - _s_u_d_o_e_r_s be free of syntax errors since ssuuddoo will not run with a syntac- - tically incorrect _s_u_d_o_e_r_s file. + _s_u_d_o_e_r_s be free of syntax errors since ssuuddoo will not run with a + syntactically incorrect _s_u_d_o_e_r_s file. + + + + +1.7.0 October 24, 2008 22 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + When using netgroups of machines (as opposed to users), if you store fully qualified hostnames in the netgroup (as is usually the case), you @@ -1441,21 +1472,9 @@ SSUUPPPPOORRTT DDIISSCCLLAAIIMMEERR ssuuddoo is provided ``AS IS'' and any express or implied warranties, - including, but not limited to, the implied warranties of merchantabil- - ity and fitness for a particular purpose are disclaimed. See the - LICENSE file distributed with ssuuddoo or - - - -1.7.0 May 2, 2008 22 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - + including, but not limited to, the implied warranties of + merchantability and fitness for a particular purpose are disclaimed. + See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. @@ -1494,25 +1513,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - - - - - - - - - - - - - - - - - - -1.7.0 May 2, 2008 23 +1.7.0 October 24, 2008 23 diff --git a/sudoers.ldap.cat b/sudoers.ldap.cat index 95e8edd25..8b581ffd4 100644 --- a/sudoers.ldap.cat +++ b/sudoers.ldap.cat @@ -16,26 +16,27 @@ DDEESSCCRRIIPPTTIIOONN +o ssuuddoo no longer needs to read _s_u_d_o_e_r_s in its entirety. When LDAP is used, there are only two or three LDAP queries per invocation. - This makes it especially fast and particularly usable in LDAP envi- - ronments. + This makes it especially fast and particularly usable in LDAP + environments. - +o ssuuddoo no longer exits if there is a typo in _s_u_d_o_e_r_s. It is not pos- - sible to load LDAP data into the server that does not conform to + +o ssuuddoo no longer exits if there is a typo in _s_u_d_o_e_r_s. It is not + possible to load LDAP data into the server that does not conform to the sudoers schema, so proper syntax is guaranteed. It is still possible to have typos in a user or host name, but this will not prevent ssuuddoo from running. +o It is possible to specify per-entry options that override the - global default options. _/_e_t_c_/_s_u_d_o_e_r_s only supports default options - and limited options associated with user/host/commands/aliases. - The syntax is complicated and can be difficult for users to under- - stand. Placing the options directly in the entry is more natural. + global default options. _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s only supports default + options and limited options associated with + user/host/commands/aliases. The syntax is complicated and can be + difficult for users to understand. Placing the options directly in + the entry is more natural. +o The vviissuuddoo program is no longer needed. vviissuuddoo provides locking - and syntax checking of the _/_e_t_c_/_s_u_d_o_e_r_s file. Since LDAP updates - are atomic, locking is no longer necessary. Because syntax is - checked when the data is inserted into LDAP, there is no need for a - specialized tool to check syntax. + and syntax checking of the _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s file. Since LDAP + updates are atomic, locking is no longer necessary. Because syntax + is checked when the data is inserted into LDAP, there is no need + for a specialized tool to check syntax. Another major difference between LDAP and file-based _s_u_d_o_e_r_s is that in LDAP, ssuuddoo-specific Aliases are not supported. @@ -48,20 +49,19 @@ DDEESSCCRRIIPPTTIIOONN Cmnd_Aliases are not really required either since it is possible to have multiple users listed in a sudoRole. Instead of defining a - Cmnd_Alias that is referenced by multiple users, one can create a sudo- - Role that contains the commands and assign multiple users to it. + Cmnd_Alias that is referenced by multiple users, one can create a + sudoRole that contains the commands and assign multiple users to it. SSUUDDOOeerrss LLDDAAPP ccoonnttaaiinneerr - The _s_u_d_o_e_r_s configuration is contained in the ou=SUDOers LDAP con- - tainer. + The _s_u_d_o_e_r_s configuration is contained in the ou=SUDOers LDAP + container. Sudo first looks for the cn=default entry in the SUDOers container. If - found, the multi-valued sudoOption attribute is parsed in the same -1.7.0 May 10, 2008 1 +1.7.0 October 24, 2008 1 @@ -70,9 +70,10 @@ DDEESSCCRRIIPPTTIIOONN SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - manner as a global Defaults line in _/_e_t_c_/_s_u_d_o_e_r_s. In the following - example, the SSH_AUTH_SOCK variable will be preserved in the environ- - ment for all users. + found, the multi-valued sudoOption attribute is parsed in the same + manner as a global Defaults line in _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s. In the + following example, the SSH_AUTH_SOCK variable will be preserved in the + environment for all users. dn: cn=defaults,ou=SUDOers,dc=example,dc=com objectClass: top @@ -114,8 +115,8 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) as. The special value ALL will match any group. Each component listed above should contain a single value, but there - may be multiple instances of each component type. A sudoRole must con- - tain at least one sudoUser, sudoHost and sudoCommand. + may be multiple instances of each component type. A sudoRole must + contain at least one sudoUser, sudoHost and sudoCommand. The following example allows users in group wheel to run any command on any host via ssuuddoo: @@ -126,8 +127,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - -1.7.0 May 10, 2008 2 +1.7.0 October 24, 2008 2 @@ -182,18 +182,18 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) sudoCommand: ALL sudoCommand: !/bin/sh + # LDAP equivalent of puddles + # Notice that even though ALL comes last, it still behaves like + # role1 since the LDAP code assumes the more paranoid configuration + dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com + objectClass: sudoRole + objectClass: top + cn: role2 + sudoUser: puddles - - - - - - - - -1.7.0 May 10, 2008 3 +1.7.0 October 24, 2008 3 @@ -202,14 +202,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - # LDAP equivalent of puddles - # Notice that even though ALL comes last, it still behaves like - # role1 since the LDAP code assumes the more paranoid configuration - dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com - objectClass: sudoRole - objectClass: top - cn: role2 - sudoUser: puddles sudoHost: ALL sudoCommand: !/bin/sh sudoCommand: ALL @@ -238,48 +230,48 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) on your LDAP server. In addition, be sure to index the 'sudoUser' attribute. - Three versions of the schema: one for OpenLDAP servers (_s_c_h_e_m_a_._O_p_e_n_L_- - _D_A_P), one for Netscape-derived servers (_s_c_h_e_m_a_._i_P_l_a_n_e_t), and one for - Microsoft Active Directory (_s_c_h_e_m_a_._A_c_t_i_v_e_D_i_r_e_c_t_o_r_y) may be found in the - ssuuddoo distribution. + Three versions of the schema: one for OpenLDAP servers + (_s_c_h_e_m_a_._O_p_e_n_L_D_A_P), one for Netscape-derived servers (_s_c_h_e_m_a_._i_P_l_a_n_e_t), + and one for Microsoft Active Directory (_s_c_h_e_m_a_._A_c_t_i_v_e_D_i_r_e_c_t_o_r_y) may be + found in the ssuuddoo distribution. - The schema for ssuuddoo in OpenLDAP form is included in the EXAMPLES sec- - tion. + The schema for ssuuddoo in OpenLDAP form is included in the EXAMPLES + section. CCoonnffiigguurriinngg llddaapp..ccoonnff - Sudo reads the _/_e_t_c_/_l_d_a_p_._c_o_n_f file for LDAP-specific configuration. + Sudo reads the _@_l_d_a_p___c_o_n_f_@ file for LDAP-specific configuration. Typically, this file is shared amongst different LDAP-aware clients. As such, most of the settings are not ssuuddoo-specific. Note that ssuuddoo - parses _/_e_t_c_/_l_d_a_p_._c_o_n_f itself and may support options that differ from + parses _@_l_d_a_p___c_o_n_f_@ itself and may support options that differ from those described in the _l_d_a_p_._c_o_n_f(4) manual. Also note that on systems using the OpenLDAP libraries, default values specified in _/_e_t_c_/_o_p_e_n_l_d_a_p_/_l_d_a_p_._c_o_n_f or the user's _._l_d_a_p_r_c files are + not used. + Only those options explicitly listed in _@_l_d_a_p___c_o_n_f_@ that are supported + by ssuuddoo are honored. Configuration options are listed below in upper + case but are parsed in a case-independent manner. + UURRII ldap[s]://[hostname[:port]] ... + Specifies a whitespace-delimited list of one or more URIs -1.7.0 May 10, 2008 4 +1.7.0 October 24, 2008 4 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - not used. +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - Only those options explicitly listed in _/_e_t_c_/_l_d_a_p_._c_o_n_f that are sup- - ported by ssuuddoo are honored. Configuration options are listed below in - upper case but are parsed in a case-independent manner. - UURRII ldap[s]://[hostname[:port]] ... - Specifies a whitespace-delimited list of one or more URIs describ- - ing the LDAP server(s) to connect to. The _p_r_o_t_o_c_o_l may be either - llddaapp or llddaappss, the latter being for servers that support TLS (SSL) - encryption. If no _p_o_r_t is specified, the default is port 389 for - ldap:// or port 636 for ldaps://. If no _h_o_s_t_n_a_m_e is specified, + describing the LDAP server(s) to connect to. The _p_r_o_t_o_c_o_l may be + either llddaapp or llddaappss, the latter being for servers that support TLS + (SSL) encryption. If no _p_o_r_t is specified, the default is port 389 + for ldap:// or port 636 for ldaps://. If no _h_o_s_t_n_a_m_e is specified, ssuuddoo will connect to llooccaallhhoosstt. Only systems using the OpenSSL libraries support the mixing of ldap:// and ldaps:// URIs. The Netscape-derived libraries used on most commercial versions of Unix @@ -301,10 +293,10 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) is included for backwards compatibility. BBIINNDD__TTIIMMEELLIIMMIITT seconds - The BBIINNDD__TTIIMMEELLIIMMIITT parameter specifies the amount of time, in sec- - onds, to wait while trying to connect to an LDAP server. If multi- - ple UURRIIs or HHOOSSTTs are specified, this is the amount of time to wait - before trying the next one in the list. + The BBIINNDD__TTIIMMEELLIIMMIITT parameter specifies the amount of time, in + seconds, to wait while trying to connect to an LDAP server. If + multiple UURRIIs or HHOOSSTTs are specified, this is the amount of time to + wait before trying the next one in the list. TTIIMMEELLIIMMIITT seconds The TTIIMMEELLIIMMIITT parameter specifies the amount of time, in seconds, @@ -316,30 +308,31 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) example.com. SSUUDDOOEERRSS__DDEEBBUUGG debug_level - This sets the debug level for ssuuddoo LDAP queries. Debugging infor- - mation is printed to the standard error. A value of 1 results in a - moderate amount of debugging information. A value of 2 shows the - results of the matches themselves. This parameter should not be - set in a production environment as the extra information is likely - to confuse users. + This sets the debug level for ssuuddoo LDAP queries. Debugging + information is printed to the standard error. A value of 1 results + in a moderate amount of debugging information. A value of 2 shows + the results of the matches themselves. This parameter should not + be set in a production environment as the extra information is + likely to confuse users. + BBIINNDDDDNN DN + The BBIINNDDDDNN parameter specifies the identity, in the form of a + Distinguished Name (DN), to use when performing LDAP operations. + If not specified, LDAP operations are performed with an anonymous + identity. By default, most LDAP servers will allow anonymous + access. -1.7.0 May 10, 2008 5 +1.7.0 October 24, 2008 5 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - BBIINNDDDDNN DN - The BBIINNDDDDNN parameter specifies the identity, in the form of a Dis- - tinguished Name (DN), to use when performing LDAP operations. If - not specified, LDAP operations are performed with an anonymous - identity. By default, most LDAP servers will allow anonymous - access. +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) + BBIINNDDPPWW secret The BBIINNDDPPWW parameter specifies the password to use when performing @@ -350,62 +343,62 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) The RROOOOTTBBIINNDDDDNN parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing privileged LDAP operations, such as _s_u_d_o_e_r_s queries. The password corresponding to - the identity should be stored in _/_e_t_c_/_l_d_a_p_._s_e_c_r_e_t. If not speci- - fied, the BBIINNDDDDNN identity is used (if any). + the identity should be stored in _@_l_d_a_p___s_e_c_r_e_t_@. If not specified, + the BBIINNDDDDNN identity is used (if any). LLDDAAPP__VVEERRSSIIOONN number The version of the LDAP protocol to use when connecting to the server. The default value is protocol version 3. SSSSLL on/true/yes/off/false/no - If the SSSSLL parameter is set to on, true or yes, TLS (SSL) encryp- - tion is always used when communicating with the LDAP server. Typi- - cally, this involves connecting to the server on port 636 (ldaps). + If the SSSSLL parameter is set to on, true or yes, TLS (SSL) + encryption is always used when communicating with the LDAP server. + Typically, this involves connecting to the server on port 636 + (ldaps). SSSSLL start_tls - If the SSSSLL parameter is set to start_tls, the LDAP server connec- - tion is initiated normally and TLS encryption is begun before the - bind credentials are sent. This has the advantage of not requiring - a dedicated port for encrypted communications. This parameter is - only supported by LDAP servers that honor the start_tls extension, - such as the OpenLDAP server. + If the SSSSLL parameter is set to start_tls, the LDAP server + connection is initiated normally and TLS encryption is begun before + the bind credentials are sent. This has the advantage of not + requiring a dedicated port for encrypted communications. This + parameter is only supported by LDAP servers that honor the + start_tls extension, such as the OpenLDAP server. TTLLSS__CCHHEECCKKPPEEEERR on/true/yes/off/false/no - If enabled, TTLLSS__CCHHEECCKKPPEEEERR will cause the LDAP server's TLS certifi- - cated to be verified. If the server's TLS certificate cannot be - verified (usually because it is signed by an unknown certificate - authority), ssuuddoo will be unable to connect to it. If TTLLSS__CCHHEECCKKPPEEEERR - is disabled, no check is made. + If enabled, TTLLSS__CCHHEECCKKPPEEEERR will cause the LDAP server's TLS + certificated to be verified. If the server's TLS certificate + cannot be verified (usually because it is signed by an unknown + certificate authority), ssuuddoo will be unable to connect to it. If + TTLLSS__CCHHEECCKKPPEEEERR is disabled, no check is made. TTLLSS__CCAACCEERRTTFFIILLEE file name - The path to a certificate authority bundle which contains the cer- - tificates for all the Certificate Authorities the client knows to - be valid, e.g. _/_e_t_c_/_s_s_l_/_c_a_-_b_u_n_d_l_e_._p_e_m. This option is only sup- - ported by the OpenLDAP libraries. + The path to a certificate authority bundle which contains the + certificates for all the Certificate Authorities the client knows + to be valid, e.g. _/_e_t_c_/_s_s_l_/_c_a_-_b_u_n_d_l_e_._p_e_m. This option is only + supported by the OpenLDAP libraries. TTLLSS__CCAACCEERRTTDDIIRR directory Similar to TTLLSS__CCAACCEERRTTFFIILLEE but instead of a file, it is a directory containing individual Certificate Authority certificates, e.g. _/_e_t_c_/_s_s_l_/_c_e_r_t_s. The directory specified by TTLLSS__CCAACCEERRTTDDIIRR is checked after TTLLSS__CCAACCEERRTTFFIILLEE. This option is only supported by the + OpenLDAP libraries. + TTLLSS__CCEERRTT file name + The path to a file containing the client certificate which can be + used to authenticate the client to the LDAP server. The + certificate type depends on the LDAP libraries used. -1.7.0 May 10, 2008 6 - +1.7.0 October 24, 2008 6 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - OpenLDAP libraries. +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - TTLLSS__CCEERRTT file name - The path to a file containing the client certificate which can be - used to authenticate the client to the LDAP server. The certifi- - cate type depends on the LDAP libraries used. OpenLDAP: tls_cert /etc/ssl/client_cert.pem @@ -454,35 +447,35 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) RROOOOTTSSAASSLL__AAUUTTHH__IIDD identity The SASL user name to use when RROOOOTTUUSSEE__SSAASSLL is enabled. + SSAASSLL__SSEECCPPRROOPPSS none/properties + SASL security properties or _n_o_n_e for no properties. See the SASL + programmer's manual for details. + KKRRBB55__CCCCNNAAMMEE file name + The path to the Kerberos 5 credential cache to use when + authenticating with the remote server. -1.7.0 May 10, 2008 7 - +1.7.0 October 24, 2008 7 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - SSAASSLL__SSEECCPPRROOPPSS none/properties - SASL security properties or _n_o_n_e for no properties. See the SASL - programmer's manual for details. +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - KKRRBB55__CCCCNNAAMMEE file name - The path to the Kerberos 5 credential cache to use when authenti- - cating with the remote server. See the ldap.conf entry in the EXAMPLES section. CCoonnffiigguurriinngg nnsssswwiittcchh..ccoonnff Unless it is disabled at build time, ssuuddoo consults the Name Service - Switch file, _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f, to specify the _s_u_d_o_e_r_s search order. - Sudo looks for a line beginning with sudoers: and uses this to deter- - mine the search order. Note that ssuuddoo does not stop searching after - the first match and later matches take precedence over earlier ones. + Switch file, _@_n_s_s_w_i_t_c_h___c_o_n_f_@, to specify the _s_u_d_o_e_r_s search order. + Sudo looks for a line beginning with sudoers: and uses this to + determine the search order. Note that ssuuddoo does not stop searching + after the first match and later matches take precedence over earlier + ones. The following sources are recognized: @@ -501,29 +494,36 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) sudoers: ldap - If the _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f file is not present or there is no sudoers - line, the following default is assumed: + If the _@_n_s_s_w_i_t_c_h___c_o_n_f_@ file is not present or there is no sudoers line, + the following default is assumed: sudoers: files - Note that _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f is supported even when the underlying + Note that _@_n_s_s_w_i_t_c_h___c_o_n_f_@ is supported even when the underlying operating system does not use an nsswitch.conf file. FFIILLEESS - _/_e_t_c_/_l_d_a_p_._c_o_n_f LDAP configuration file + _@_l_d_a_p___c_o_n_f_@ LDAP configuration file - _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f determines sudoers source order + _@_n_s_s_w_i_t_c_h___c_o_n_f_@ determines sudoers source order EEXXAAMMPPLLEESS EExxaammppllee llddaapp..ccoonnff + # Either specify one or more URIs or one or more host:port pairs. + # If neither is specified sudo will default to localhost, port 389. + # + #host ldapserver + #host ldapserver1 ldapserver2:390 + # + # Default port if host is specified without one, defaults to 389. + #port 389 + # + # URI will override the host and port settings. - - - -1.7.0 May 10, 2008 8 +1.7.0 October 24, 2008 8 @@ -532,16 +532,6 @@ EEXXAAMMPPLLEESS SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - # Either specify one or more URIs or one or more host:port pairs. - # If neither is specified sudo will default to localhost, port 389. - # - #host ldapserver - #host ldapserver1 ldapserver2:390 - # - # Default port if host is specified without one, defaults to 389. - #port 389 - # - # URI will override the host and port settings. uri ldap://ldapserver #uri ldaps://secureldapserver #uri ldaps://secureldapserver ldap://ldapserver @@ -586,10 +576,20 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) # If you enable tls_checkpeer, specify either tls_cacertfile # or tls_cacertdir. Only supported when using OpenLDAP. # + #tls_cacertfile /etc/certs/trusted_signers.pem + #tls_cacertdir /etc/certs + # + # For systems that don't have /dev/random + # use this along with PRNGD or EGD.pl to seed the + # random number pool to generate cryptographic session keys. + # Only supported when using OpenLDAP. + # + #tls_randfile /etc/egd-pool + # -1.7.0 May 10, 2008 9 +1.7.0 October 24, 2008 9 @@ -598,16 +598,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - #tls_cacertfile /etc/certs/trusted_signers.pem - #tls_cacertdir /etc/certs - # - # For systems that don't have /dev/random - # use this along with PRNGD or EGD.pl to seed the - # random number pool to generate cryptographic session keys. - # Only supported when using OpenLDAP. - # - #tls_randfile /etc/egd-pool - # # You may restrict which ciphers are used. Consult your SSL # documentation for which options go here. # Only supported when using OpenLDAP. @@ -653,26 +643,27 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + attributetype ( 1.3.6.1.4.1.15953.9.1.2 + NAME 'sudoHost' + DESC 'Host(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.15953.9.1.3 + NAME 'sudoCommand' -1.7.0 May 10, 2008 10 +1.7.0 October 24, 2008 10 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - attributetype ( 1.3.6.1.4.1.15953.9.1.2 - NAME 'sudoHost' - DESC 'Host(s) who may run sudo' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - attributetype ( 1.3.6.1.4.1.15953.9.1.3 - NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) @@ -714,36 +705,36 @@ SSEEEE AALLSSOO _l_d_a_p_._c_o_n_f(4), _s_u_d_o_e_r_s(5) CCAAVVEEAATTSS - The way that _s_u_d_o_e_r_s is parsed differs between Note that there are dif- - ferences in the way that LDAP-based _s_u_d_o_e_r_s is parsed compared to file- - based _s_u_d_o_e_r_s. See the "Differences between LDAP and non-LDAP sudoers" - section for more information. + The way that _s_u_d_o_e_r_s is parsed differs between Note that there are + differences in the way that LDAP-based _s_u_d_o_e_r_s is parsed compared to + file-based _s_u_d_o_e_r_s. See the "Differences between LDAP and non-LDAP + sudoers" section for more information. +BBUUGGSS + If you feel you have found a bug in ssuuddoo, please submit a bug report at + http://www.sudo.ws/sudo/bugs/ +SSUUPPPPOORRTT + Limited free support is available via the sudo-users mailing list, see + http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search + the archives. -1.7.0 May 10, 2008 11 +1.7.0 October 24, 2008 11 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -BBUUGGSS - If you feel you have found a bug in ssuuddoo, please submit a bug report at - http://www.sudo.ws/sudo/bugs/ +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -SSUUPPPPOORRTT - Limited free support is available via the sudo-users mailing list, see - http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search - the archives. DDIISSCCLLAAIIMMEERR ssuuddoo is provided ``AS IS'' and any express or implied warranties, - including, but not limited to, the implied warranties of merchantabil- - ity and fitness for a particular purpose are disclaimed. See the - LICENSE file distributed with ssuuddoo or + including, but not limited to, the implied warranties of + merchantability and fitness for a particular purpose are disclaimed. + See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. @@ -787,6 +778,15 @@ DDIISSCCLLAAIIMMEERR -1.7.0 May 10, 2008 12 + + + + + + + + + +1.7.0 October 24, 2008 12 diff --git a/sudoers.ldap.man.in b/sudoers.ldap.man.in index 0de7e1a51..561df3abc 100644 --- a/sudoers.ldap.man.in +++ b/sudoers.ldap.man.in @@ -15,7 +15,7 @@ .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" $Sudo$ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: .\" ======================================================================== @@ -42,11 +42,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -65,22 +65,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -146,7 +149,11 @@ .\" ======================================================================== .\" .IX Title "SUDOERS.LDAP @mansectform@" -.TH SUDOERS.LDAP @mansectform@ "May 10, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.TH SUDOERS.LDAP @mansectform@ "October 24, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" sudoers.ldap \- sudo LDAP configuration .SH "DESCRIPTION" @@ -169,13 +176,13 @@ It is still possible to have typos in a user or host name, but this will not prevent \fBsudo\fR from running. .IP "\(bu" 4 It is possible to specify per-entry options that override the global -default options. \fI@sysconfdir@/sudoers\fR only supports default options and +default options. \fI\f(CI@sysconfdir\fI@/sudoers\fR only supports default options and limited options associated with user/host/commands/aliases. The syntax is complicated and can be difficult for users to understand. Placing the options directly in the entry is more natural. .IP "\(bu" 4 The \fBvisudo\fR program is no longer needed. \fBvisudo\fR provides -locking and syntax checking of the \fI@sysconfdir@/sudoers\fR file. +locking and syntax checking of the \fI\f(CI@sysconfdir\fI@/sudoers\fR file. Since \s-1LDAP\s0 updates are atomic, locking is no longer necessary. Because syntax is checked when the data is inserted into \s-1LDAP\s0, there is no need for a specialized tool to check syntax. @@ -201,7 +208,7 @@ container. .PP Sudo first looks for the \f(CW\*(C`cn=default\*(C'\fR entry in the SUDOers container. If found, the multi-valued \f(CW\*(C`sudoOption\*(C'\fR attribute is parsed in the -same manner as a global \f(CW\*(C`Defaults\*(C'\fR line in \fI@sysconfdir@/sudoers\fR. In +same manner as a global \f(CW\*(C`Defaults\*(C'\fR line in \fI\f(CI@sysconfdir\fI@/sudoers\fR. In the following example, the \f(CW\*(C`SSH_AUTH_SOCK\*(C'\fR variable will be preserved in the environment for all users. .PP @@ -210,7 +217,7 @@ in the environment for all users. \& objectClass: top \& objectClass: sudoRole \& cn: defaults -\& description: Default sudoOption's go here +\& description: Default sudoOption\*(Aqs go here \& sudoOption: env_keep+=SSH_AUTH_SOCK .Ve .PP @@ -218,19 +225,19 @@ The equivalent of a sudoer in \s-1LDAP\s0 is a \f(CW\*(C`sudoRole\*(C'\fR. It c the following components: .IP "\fBsudoUser\fR" 4 .IX Item "sudoUser" -A user name, uid (prefixed with \f(CW'#'\fR), Unix group (prefixed with -a \f(CW'%'\fR) or user netgroup (prefixed with a \f(CW'+'\fR). +A user name, uid (prefixed with \f(CW\*(Aq#\*(Aq\fR), Unix group (prefixed with +a \f(CW\*(Aq%\*(Aq\fR) or user netgroup (prefixed with a \f(CW\*(Aq+\*(Aq\fR). .IP "\fBsudoHost\fR" 4 .IX Item "sudoHost" A host name, \s-1IP\s0 address, \s-1IP\s0 network, or host netgroup (prefixed -with a \f(CW'+'\fR). +with a \f(CW\*(Aq+\*(Aq\fR). The special value \f(CW\*(C`ALL\*(C'\fR will match any host. .IP "\fBsudoCommand\fR" 4 .IX Item "sudoCommand" A Unix command with optional command line arguments, potentially including globbing characters (aka wild cards). The special value \f(CW\*(C`ALL\*(C'\fR will match any command. -If a command is prefixed with an exclamation point \f(CW'!'\fR, the +If a command is prefixed with an exclamation point \f(CW\*(Aq!\*(Aq\fR, the user will be prohibited from running that command. .IP "\fBsudoOption\fR" 4 .IX Item "sudoOption" @@ -238,14 +245,14 @@ Identical in function to the global options described above, but specific to the \f(CW\*(C`sudoRole\*(C'\fR in which it resides. .IP "\fBsudoRunAsUser\fR" 4 .IX Item "sudoRunAsUser" -A user name or uid (prefixed with \f(CW'#'\fR) that commands may be run -as or a Unix group (prefixed with a \f(CW'%'\fR) or user netgroup (prefixed -with a \f(CW'+'\fR) that contains a list of users that commands may be +A user name or uid (prefixed with \f(CW\*(Aq#\*(Aq\fR) that commands may be run +as or a Unix group (prefixed with a \f(CW\*(Aq%\*(Aq\fR) or user netgroup (prefixed +with a \f(CW\*(Aq+\*(Aq\fR) that contains a list of users that commands may be run as. The special value \f(CW\*(C`ALL\*(C'\fR will match any user. .IP "\fBsudoRunAsGroup\fR" 4 .IX Item "sudoRunAsGroup" -A Unix group or gid (prefixed with \f(CW'#'\fR) that commands may be run as. +A Unix group or gid (prefixed with \f(CW\*(Aq#\*(Aq\fR) that commands may be run as. The special value \f(CW\*(C`ALL\*(C'\fR will match any group. .PP Each component listed above should contain a single value, but there @@ -291,12 +298,10 @@ Here is an example: \& johnny ALL=(root) ALL,!/bin/sh \& # Always allows all commands because ALL is matched last \& puddles ALL=(root) !/bin/sh,ALL -.Ve -.PP -.Vb 10 +\& \& # LDAP equivalent of johnny \& # Allows all commands except shell -\& dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com +\& dn: cn=role1,ou=Sudoers,dc=my\-domain,dc=com \& objectClass: sudoRole \& objectClass: top \& cn: role1 @@ -304,13 +309,11 @@ Here is an example: \& sudoHost: ALL \& sudoCommand: ALL \& sudoCommand: !/bin/sh -.Ve -.PP -.Vb 11 +\& \& # LDAP equivalent of puddles \& # Notice that even though ALL comes last, it still behaves like \& # role1 since the LDAP code assumes the more paranoid configuration -\& dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com +\& dn: cn=role2,ou=Sudoers,dc=my\-domain,dc=com \& objectClass: sudoRole \& objectClass: top \& cn: role2 @@ -328,16 +331,12 @@ behave the way one might expect. \& # does not match all but joe \& # rather, does not match anyone \& sudoUser: !joe -.Ve -.PP -.Vb 4 +\& \& # does not match all but joe \& # rather, matches everyone including Joe \& sudoUser: ALL \& sudoUser: !joe -.Ve -.PP -.Vb 4 +\& \& # does not match all but web01 \& # rather, matches all hosts including web01 \& sudoHost: ALL @@ -358,17 +357,17 @@ The schema for \fBsudo\fR in OpenLDAP form is included in the \s-1EXAMPLES\s0 section. .Sh "Configuring ldap.conf" .IX Subsection "Configuring ldap.conf" -Sudo reads the \fI@ldap_conf@\fR file for LDAP-specific configuration. +Sudo reads the \fI\f(CI@ldap_conf\fI@\fR file for LDAP-specific configuration. Typically, this file is shared amongst different LDAP-aware clients. As such, most of the settings are not \fBsudo\fR\-specific. Note that -\&\fBsudo\fR parses \fI@ldap_conf@\fR itself and may support options +\&\fBsudo\fR parses \fI\f(CI@ldap_conf\fI@\fR itself and may support options that differ from those described in the \fIldap.conf\fR\|(@mansectform@) manual. .PP Also note that on systems using the OpenLDAP libraries, default values specified in \fI/etc/openldap/ldap.conf\fR or the user's \&\fI.ldaprc\fR files are not used. .PP -Only those options explicitly listed in \fI@ldap_conf@\fR that are +Only those options explicitly listed in \fI\f(CI@ldap_conf\fI@\fR that are supported by \fBsudo\fR are honored. Configuration options are listed below in upper case but are parsed in a case-independent manner. .IP "\fB\s-1URI\s0\fR ldap[s]://[hostname[:port]] ..." 4 @@ -436,7 +435,7 @@ The \fB\s-1BINDPW\s0\fR parameter specifies the password to use when performing The \fB\s-1ROOTBINDDN\s0\fR parameter specifies the identity, in the form of a Distinguished Name (\s-1DN\s0), to use when performing privileged \s-1LDAP\s0 operations, such as \fIsudoers\fR queries. The password corresponding -to the identity should be stored in \fI@ldap_secret@\fR. +to the identity should be stored in \fI\f(CI@ldap_secret\fI@\fR. If not specified, the \fB\s-1BINDDN\s0\fR identity is used (if any). .IP "\fB\s-1LDAP_VERSION\s0\fR number" 4 .IX Item "LDAP_VERSION number" @@ -486,7 +485,7 @@ The certificate type depends on the \s-1LDAP\s0 libraries used. OpenLDAP: \f(CW\*(C`tls_cert /etc/ssl/client_cert.pem\*(C'\fR .Sp -Netscape\-derived: +Netscape-derived: \f(CW\*(C`tls_cert /var/ldap/cert7.db\*(C'\fR .Sp When using Netscape-derived libraries, this file may also contain @@ -495,13 +494,13 @@ Certificate Authority certificates. .IX Item "TLS_KEY file name" The path to a file containing the private key which matches the certificate specified by \fB\s-1TLS_CERT\s0\fR. The private key must not be -password\-protected. The key type depends on the \s-1LDAP\s0 libraries +password-protected. The key type depends on the \s-1LDAP\s0 libraries used. .Sp OpenLDAP: \f(CW\*(C`tls_key /etc/ssl/client_key.pem\*(C'\fR .Sp -Netscape\-derived: +Netscape-derived: \f(CW\*(C`tls_key /var/ldap/key3.db\*(C'\fR .IP "\fB\s-1TLS_RANDFILE\s0\fR file name" 4 .IX Item "TLS_RANDFILE file name" @@ -542,7 +541,7 @@ See the \f(CW\*(C`ldap.conf\*(C'\fR entry in the \s-1EXAMPLES\s0 section. .Sh "Configuring nsswitch.conf" .IX Subsection "Configuring nsswitch.conf" Unless it is disabled at build time, \fBsudo\fR consults the Name -Service Switch file, \fI@nsswitch_conf@\fR, to specify the \fIsudoers\fR +Service Switch file, \fI\f(CI@nsswitch_conf\fI@\fR, to specify the \fIsudoers\fR search order. Sudo looks for a line beginning with \f(CW\*(C`sudoers:\*(C'\fR and uses this to determine the search order. Note that \fBsudo\fR does not stop searching after the first match and later matches take @@ -571,28 +570,30 @@ The local \fIsudoers\fR file can be ignored completely by using: \& sudoers: ldap .Ve .PP -If the \fI@nsswitch_conf@\fR file is not present or there is no +If the \fI\f(CI@nsswitch_conf\fI@\fR file is not present or there is no sudoers line, the following default is assumed: .PP .Vb 1 \& sudoers: files .Ve .PP -Note that \fI@nsswitch_conf@\fR is supported even when the underlying +Note that \fI\f(CI@nsswitch_conf\fI@\fR is supported even when the underlying operating system does not use an nsswitch.conf file. .SH "FILES" .IX Header "FILES" -.IP "\fI@ldap_conf@\fR" 24 +.ie n .IP "\fI\fI@ldap_conf\fI@\fR" 24 +.el .IP "\fI\f(CI@ldap_conf\fI@\fR" 24 .IX Item "@ldap_conf@" \&\s-1LDAP\s0 configuration file -.IP "\fI@nsswitch_conf@\fR" 24 +.ie n .IP "\fI\fI@nsswitch_conf\fI@\fR" 24 +.el .IP "\fI\f(CI@nsswitch_conf\fI@\fR" 24 .IX Item "@nsswitch_conf@" determines sudoers source order .SH "EXAMPLES" .IX Header "EXAMPLES" .Sh "Example ldap.conf" .IX Subsection "Example ldap.conf" -.Vb 95 +.Vb 10 \& # Either specify one or more URIs or one or more host:port pairs. \& # If neither is specified sudo will default to localhost, port 389. \& # @@ -650,18 +651,18 @@ determines sudoers source order \& #tls_cacertfile /etc/certs/trusted_signers.pem \& #tls_cacertdir /etc/certs \& # -\& # For systems that don't have /dev/random +\& # For systems that don\*(Aqt have /dev/random \& # use this along with PRNGD or EGD.pl to seed the \& # random number pool to generate cryptographic session keys. \& # Only supported when using OpenLDAP. \& # -\& #tls_randfile /etc/egd-pool +\& #tls_randfile /etc/egd\-pool \& # \& # You may restrict which ciphers are used. Consult your SSL \& # documentation for which options go here. \& # Only supported when using OpenLDAP. \& # -\& #tls_ciphers +\& #tls_ciphers \& # \& # Sudo can provide a client certificate when communicating to \& # the LDAP server. @@ -675,7 +676,7 @@ determines sudoers source order \& #tls_key /etc/certs/client_key.pem \& # \& # For SunONE or iPlanet LDAP, the file specified by tls_cert may -\& # contain CA certs and/or the client's cert. If the client's +\& # contain CA certs and/or the client\*(Aqs cert. If the client\*(Aqs \& # cert is included, tls_key should be specified as well. \& # For backward compatibility, sslpath may be used in place of tls_cert. \& #tls_cert /var/ldap/cert7.db @@ -697,65 +698,51 @@ schema directory (e.g. \fI/etc/openldap/schema\fR), add the proper .PP .Vb 6 \& attributetype ( 1.3.6.1.4.1.15953.9.1.1 -\& NAME 'sudoUser' -\& DESC 'User(s) who may run sudo' +\& NAME \*(AqsudoUser\*(Aq +\& DESC \*(AqUser(s) who may run sudo\*(Aq \& EQUALITY caseExactIA5Match \& SUBSTR caseExactIA5SubstringsMatch \& SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -.Ve -.PP -.Vb 6 +\& \& attributetype ( 1.3.6.1.4.1.15953.9.1.2 -\& NAME 'sudoHost' -\& DESC 'Host(s) who may run sudo' +\& NAME \*(AqsudoHost\*(Aq +\& DESC \*(AqHost(s) who may run sudo\*(Aq \& EQUALITY caseExactIA5Match \& SUBSTR caseExactIA5SubstringsMatch \& SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -.Ve -.PP -.Vb 5 +\& \& attributetype ( 1.3.6.1.4.1.15953.9.1.3 -\& NAME 'sudoCommand' -\& DESC 'Command(s) to be executed by sudo' +\& NAME \*(AqsudoCommand\*(Aq +\& DESC \*(AqCommand(s) to be executed by sudo\*(Aq \& EQUALITY caseExactIA5Match \& SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -.Ve -.PP -.Vb 5 +\& \& attributetype ( 1.3.6.1.4.1.15953.9.1.4 -\& NAME 'sudoRunAs' -\& DESC 'User(s) impersonated by sudo' +\& NAME \*(AqsudoRunAs\*(Aq +\& DESC \*(AqUser(s) impersonated by sudo\*(Aq \& EQUALITY caseExactIA5Match \& SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -.Ve -.PP -.Vb 5 +\& \& attributetype ( 1.3.6.1.4.1.15953.9.1.5 -\& NAME 'sudoOption' -\& DESC 'Options(s) followed by sudo' +\& NAME \*(AqsudoOption\*(Aq +\& DESC \*(AqOptions(s) followed by sudo\*(Aq \& EQUALITY caseExactIA5Match \& SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -.Ve -.PP -.Vb 5 +\& \& attributetype ( 1.3.6.1.4.1.15953.9.1.6 -\& NAME 'sudoRunAsUser' -\& DESC 'User(s) impersonated by sudo' +\& NAME \*(AqsudoRunAsUser\*(Aq +\& DESC \*(AqUser(s) impersonated by sudo\*(Aq \& EQUALITY caseExactIA5Match \& SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -.Ve -.PP -.Vb 5 +\& \& attributetype ( 1.3.6.1.4.1.15953.9.1.7 -\& NAME 'sudoRunAsGroup' -\& DESC 'Group(s) impersonated by sudo' +\& NAME \*(AqsudoRunAsGroup\*(Aq +\& DESC \*(AqGroup(s) impersonated by sudo\*(Aq \& EQUALITY caseExactIA5Match \& SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -.Ve -.PP -.Vb 6 -\& objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL -\& DESC 'Sudoer Entries' +\& +\& objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME \*(AqsudoRole\*(Aq SUP top STRUCTURAL +\& DESC \*(AqSudoer Entries\*(Aq \& MUST ( cn ) \& MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ \& sudoRunAsGroup $ sudoOption $ description ) @@ -771,7 +758,8 @@ Add more exhaustive sudoers ldif example? .IX Header "CAVEATS" The way that \fIsudoers\fR is parsed differs between Note that there are differences in the way that LDAP-based \fIsudoers\fR is parsed -compared to file-based \fIsudoers\fR. See the \*(L"Differences between \s-1LDAP\s0 and non-LDAP sudoers\*(R" section for more information. +compared to file-based \fIsudoers\fR. See the \*(L"Differences between +\&\s-1LDAP\s0 and non-LDAP sudoers\*(R" section for more information. .SH "BUGS" .IX Header "BUGS" If you feel you have found a bug in \fBsudo\fR, please submit a bug report diff --git a/sudoers.man.in b/sudoers.man.in index b0dae49ab..8e667d08d 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -19,7 +19,7 @@ .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .\" $Sudo$ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,11 +46,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -69,22 +69,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -150,7 +153,11 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "May 2, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "October 24, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -205,30 +212,20 @@ There are four kinds of aliases: \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_A \&\f(CW\*(C`Host_Alias\*(C'\fR and \f(CW\*(C`Cmnd_Alias\*(C'\fR. .PP .Vb 4 -\& Alias ::= 'User_Alias' User_Alias (':' User_Alias)* | -\& 'Runas_Alias' Runas_Alias (':' Runas_Alias)* | -\& 'Host_Alias' Host_Alias (':' Host_Alias)* | -\& 'Cmnd_Alias' Cmnd_Alias (':' Cmnd_Alias)* -.Ve -.PP -.Vb 1 -\& User_Alias ::= NAME '=' User_List -.Ve -.PP -.Vb 1 -\& Runas_Alias ::= NAME '=' Runas_List -.Ve -.PP -.Vb 1 -\& Host_Alias ::= NAME '=' Host_List -.Ve -.PP -.Vb 1 -\& Cmnd_Alias ::= NAME '=' Cmnd_List -.Ve -.PP -.Vb 1 -\& NAME ::= [A-Z]([A-Z][0-9]_)* +\& Alias ::= \*(AqUser_Alias\*(Aq User_Alias (\*(Aq:\*(Aq User_Alias)* | +\& \*(AqRunas_Alias\*(Aq Runas_Alias (\*(Aq:\*(Aq Runas_Alias)* | +\& \*(AqHost_Alias\*(Aq Host_Alias (\*(Aq:\*(Aq Host_Alias)* | +\& \*(AqCmnd_Alias\*(Aq Cmnd_Alias (\*(Aq:\*(Aq Cmnd_Alias)* +\& +\& User_Alias ::= NAME \*(Aq=\*(Aq User_List +\& +\& Runas_Alias ::= NAME \*(Aq=\*(Aq Runas_List +\& +\& Host_Alias ::= NAME \*(Aq=\*(Aq Host_List +\& +\& Cmnd_Alias ::= NAME \*(Aq=\*(Aq Cmnd_List +\& +\& NAME ::= [A\-Z]([A\-Z][0\-9]_)* .Ve .PP Each \fIalias\fR definition is of the form @@ -251,15 +248,13 @@ The definitions of what constitutes a valid \fIalias\fR member follow. .PP .Vb 2 \& User_List ::= User | -\& User ',' User_List -.Ve -.PP -.Vb 5 -\& User ::= '!'* username | -\& '!'* '#'uid | -\& '!'* '%'group | -\& '!'* '+'netgroup | -\& '!'* User_Alias +\& User \*(Aq,\*(Aq User_List +\& +\& User ::= \*(Aq!\*(Aq* username | +\& \*(Aq!\*(Aq* \*(Aq#\*(Aquid | +\& \*(Aq!\*(Aq* \*(Aq%\*(Aqgroup | +\& \*(Aq!\*(Aq* \*(Aq+\*(Aqnetgroup | +\& \*(Aq!\*(Aq* User_Alias .Ve .PP A \f(CW\*(C`User_List\*(C'\fR is made up of one or more usernames, uids (prefixed @@ -270,15 +265,13 @@ the value of the item; an even number just cancel each other out. .PP .Vb 2 \& Runas_List ::= Runas_Member | -\& Runas_Member ',' Runas_List -.Ve -.PP -.Vb 5 -\& Runas_Member ::= '!'* username | -\& '!'* '#'uid | -\& '!'* '%'group | -\& '!'* +netgroup | -\& '!'* Runas_Alias +\& Runas_Member \*(Aq,\*(Aq Runas_List +\& +\& Runas_Member ::= \*(Aq!\*(Aq* username | +\& \*(Aq!\*(Aq* \*(Aq#\*(Aquid | +\& \*(Aq!\*(Aq* \*(Aq%\*(Aqgroup | +\& \*(Aq!\*(Aq* +netgroup | +\& \*(Aq!\*(Aq* Runas_Alias .Ve .PP A \f(CW\*(C`Runas_List\*(C'\fR is similar to a \f(CW\*(C`User_List\*(C'\fR except that instead @@ -290,15 +283,13 @@ and toor), you can use a uid instead (#0 in the example given). .PP .Vb 2 \& Host_List ::= Host | -\& Host ',' Host_List -.Ve -.PP -.Vb 5 -\& Host ::= '!'* hostname | -\& '!'* ip_addr | -\& '!'* network(/netmask)? | -\& '!'* '+'netgroup | -\& '!'* Host_Alias +\& Host \*(Aq,\*(Aq Host_List +\& +\& Host ::= \*(Aq!\*(Aq* hostname | +\& \*(Aq!\*(Aq* ip_addr | +\& \*(Aq!\*(Aq* network(/netmask)? | +\& \*(Aq!\*(Aq* \*(Aq+\*(Aqnetgroup | +\& \*(Aq!\*(Aq* Host_Alias .Ve .PP A \f(CW\*(C`Host_List\*(C'\fR is made up of one or more hostnames, \s-1IP\s0 addresses, @@ -318,20 +309,16 @@ wildcards to be useful. .PP .Vb 2 \& Cmnd_List ::= Cmnd | -\& Cmnd ',' Cmnd_List -.Ve -.PP -.Vb 3 +\& Cmnd \*(Aq,\*(Aq Cmnd_List +\& \& commandname ::= filename | \& filename args | -\& filename '""' -.Ve -.PP -.Vb 4 -\& Cmnd ::= '!'* commandname | -\& '!'* directory | -\& '!'* "sudoedit" | -\& '!'* Cmnd_Alias +\& filename \*(Aq""\*(Aq +\& +\& Cmnd ::= \*(Aq!\*(Aq* commandname | +\& \*(Aq!\*(Aq* directory | +\& \*(Aq!\*(Aq* "sudoedit" | +\& \*(Aq!\*(Aq* Cmnd_Alias .Ve .PP A \f(CW\*(C`Cmnd_List\*(C'\fR is a list of one or more commandnames, directories, and other @@ -364,27 +351,21 @@ If you need to specify arguments, define a \f(CW\*(C`Cmnd_Alias\*(C'\fR and refe that instead. .PP .Vb 5 -\& Default_Type ::= 'Defaults' | -\& 'Defaults' '@' Host_List | -\& 'Defaults' ':' User_List | -\& 'Defaults' '!' Cmnd_List | -\& 'Defaults' '>' Runas_List -.Ve -.PP -.Vb 1 +\& Default_Type ::= \*(AqDefaults\*(Aq | +\& \*(AqDefaults\*(Aq \*(Aq@\*(Aq Host_List | +\& \*(AqDefaults\*(Aq \*(Aq:\*(Aq User_List | +\& \*(AqDefaults\*(Aq \*(Aq!\*(Aq Cmnd_List | +\& \*(AqDefaults\*(Aq \*(Aq>\*(Aq Runas_List +\& \& Default_Entry ::= Default_Type Parameter_List -.Ve -.PP -.Vb 2 +\& \& Parameter_List ::= Parameter | -\& Parameter ',' Parameter_List -.Ve -.PP -.Vb 4 -\& Parameter ::= Parameter '=' Value | -\& Parameter '+=' Value | -\& Parameter '-=' Value | -\& '!'* Parameter +\& Parameter \*(Aq,\*(Aq Parameter_List +\& +\& Parameter ::= Parameter \*(Aq=\*(Aq Value | +\& Parameter \*(Aq+=\*(Aq Value | +\& Parameter \*(Aq\-=\*(Aq Value | +\& \*(Aq!\*(Aq* Parameter .Ve .PP Parameters may be \fBflags\fR, \fBinteger\fR values, \fBstrings\fR, or \fBlists\fR. @@ -403,26 +384,18 @@ See \*(L"\s-1SUDOERS\s0 \s-1OPTIONS\s0\*(R" for a list of supported Defaults par .Sh "User Specification" .IX Subsection "User Specification" .Vb 2 -\& User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e -\& (':' Host_List '=' Cmnd_Spec_List)* -.Ve -.PP -.Vb 2 +\& User_Spec ::= User_List Host_List \*(Aq=\*(Aq Cmnd_Spec_List \e +\& (\*(Aq:\*(Aq Host_List \*(Aq=\*(Aq Cmnd_Spec_List)* +\& \& Cmnd_Spec_List ::= Cmnd_Spec | -\& Cmnd_Spec ',' Cmnd_Spec_List -.Ve -.PP -.Vb 1 +\& Cmnd_Spec \*(Aq,\*(Aq Cmnd_Spec_List +\& \& Cmnd_Spec ::= Runas_Spec? Tag_Spec* Cmnd -.Ve -.PP -.Vb 1 -\& Runas_Spec ::= '(' Runas_List? (: Runas_List)? ')' -.Ve -.PP -.Vb 2 -\& Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' | -\& 'SETENV:' | 'NOSETENV:' ) +\& +\& Runas_Spec ::= \*(Aq(\*(Aq Runas_List? (: Runas_List)? \*(Aq)\*(Aq +\& +\& Tag_Spec ::= (\*(AqNOPASSWD:\*(Aq | \*(AqPASSWD:\*(Aq | \*(AqNOEXEC:\*(Aq | \*(AqEXEC:\*(Aq | +\& \*(AqSETENV:\*(Aq | \*(AqNOSETENV:\*(Aq ) .Ve .PP A \fBuser specification\fR determines which commands a user may run @@ -459,7 +432,7 @@ The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and \&\fI/usr/bin/lprm\fR \*(-- but only as \fBoperator\fR. E.g., .PP .Vb 1 -\& $ sudo -u operator /bin/ls. +\& $ sudo \-u operator /bin/ls. .Ve .PP It is also possible to override a \f(CW\*(C`Runas_Spec\*(C'\fR later on in an @@ -513,7 +486,7 @@ For example: .Ve .PP would allow the user \fBray\fR to run \fI/bin/kill\fR, \fI/bin/ls\fR, and -\&\fI/usr/bin/lprm\fR as root on the machine rushmore as \fBroot\fR without +\&\fI/usr/bin/lprm\fR as \fBroot\fR on the machine rushmore without authenticating himself. If we only want \fBray\fR to be able to run \fI/bin/kill\fR without a password the entry would be: .PP @@ -587,6 +560,17 @@ Matches any character \fBnot\fR in the specified range. For any character \*(L"x\*(R", evaluates to \*(L"x\*(R". This is used to escape special characters such as: \*(L"*\*(R", \*(L"?\*(R", \*(L"[\*(R", and \*(L"}\*(R". .PP +\&\s-1POSIX\s0 character classes may also be used if your system's +\&\fIfnmatch\fR\|(3) function supports them. However, because the +\&\f(CW\*(Aq:\*(Aq\fR character has special meaning in \fIsudoers\fR, it must +be escaped. For example: +.PP +.Vb 1 +\& /bin/ls [[\e:alpha\e:]]* +.Ve +.PP +Would match any filename beginning with a letter. +.PP Note that a forward slash ('/') will \fBnot\fR be matched by wildcards used in the pathname. When matching the command line arguments, however, a slash \fBdoes\fR get matched by @@ -738,11 +722,11 @@ If set, \fBsudo\fR will insult users when they enter an incorrect password. This flag is \fI@insults@\fR by default. .IP "log_host" 16 .IX Item "log_host" -If set, the hostname will be logged in the (non\-syslog) \fBsudo\fR log file. +If set, the hostname will be logged in the (non-syslog) \fBsudo\fR log file. This flag is \fIoff\fR by default. .IP "log_year" 16 .IX Item "log_year" -If set, the four-digit year will be logged in the (non\-syslog) \fBsudo\fR log file. +If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR log file. This flag is \fIoff\fR by default. .IP "long_otp_prompt" 16 .IX Item "long_otp_prompt" @@ -779,7 +763,8 @@ by default. .IX Item "noexec" If set, all commands run via \fBsudo\fR will behave as if the \f(CW\*(C`NOEXEC\*(C'\fR tag has been set, unless overridden by a \f(CW\*(C`EXEC\*(C'\fR tag. See the -description of \fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR below as well as the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section at the end of this manual. This flag is \fIoff\fR by default. +description of \fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR below as well as the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 +\&\s-1ESCAPES\s0\*(R" section at the end of this manual. This flag is \fIoff\fR by default. .IP "path_info" 16 .IX Item "path_info" Normally, \fBsudo\fR will tell the user when a command could not be @@ -1010,6 +995,11 @@ Defaults to \f(CW\*(C`@badpri@\*(C'\fR. .IX Item "syslog_goodpri" Syslog priority to use when user authenticates successfully. Defaults to \f(CW\*(C`@goodpri@\*(C'\fR. +.IP "sudoers_locale" 16 +.IX Item "sudoers_locale" +Locale to use when parsing the sudoers file. Note that changing +the locale may affect how sudoers is interpreted. +Defaults to \f(CW"C"\fR. .IP "timestampdir" 16 .IX Item "timestampdir" The directory in which \fBsudo\fR stores its timestamp files. @@ -1031,7 +1021,7 @@ The default is \f(CW\*(C`root\*(C'\fR. The \fIaskpass\fR option specifies the fully-qualilfy path to a helper program used to read the user's password when no terminal is available. This may be the case when \fBsudo\fR is executed from a -graphical (as opposed to text\-based) application. The program +graphical (as opposed to text-based) application. The program specified by \fIaskpass\fR should display the argument passed to it as the prompt and write the user's password to the standard output. The value of \fIaskpass\fR may be overridden by the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR @@ -1167,8 +1157,8 @@ The default value is \fIall\fR. Environment variables to be removed from the user's environment if the variable's value contains \f(CW\*(C`%\*(C'\fR or \f(CW\*(C`/\*(C'\fR characters. This can be used to guard against printf-style format vulnerabilities in -poorly-written programs. The argument may be a double\-quoted, -space-separated list or a single value without double\-quotes. The +poorly-written programs. The argument may be a double-quoted, +space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators respectively. Regardless of whether the \f(CW\*(C`env_reset\*(C'\fR option is enabled or disabled, variables @@ -1179,8 +1169,8 @@ the \fI\-V\fR option. .IP "env_delete" 16 .IX Item "env_delete" Environment variables to be removed from the user's environment. -The argument may be a double\-quoted, space-separated list or a -single value without double\-quotes. The list can be replaced, added +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of environment variables to remove is displayed when \fBsudo\fR is run by root with the @@ -1192,8 +1182,8 @@ as \fBsudo\fR). Environment variables to be preserved in the user's environment when the \fIenv_reset\fR option is in effect. This allows fine-grained control over the environment \fBsudo\fR\-spawned processes will receive. -The argument may be a double\-quoted, space-separated list or a -single value without double\-quotes. The list can be replaced, added +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of variables to keep is displayed when \fBsudo\fR is run by root with the \fI\-V\fR option. @@ -1207,7 +1197,8 @@ supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, \fBerr\fR, \fBinfo \&\fBnotice\fR, and \fBwarning\fR. .SH "FILES" .IX Header "FILES" -.IP "\fI@sysconfdir@/sudoers\fR" 24 +.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24 +.el .IP "\fI@sysconfdir@/sudoers\fR" 24 .IX Item "@sysconfdir@/sudoers" List of who can run what .IP "\fI/etc/group\fR" 24 @@ -1226,15 +1217,11 @@ these are a bit contrived. First, we define our \fIaliases\fR: \& User_Alias FULLTIMERS = millert, mikef, dowdy \& User_Alias PARTTIMERS = bostley, jwfox, crawl \& User_Alias WEBMASTERS = will, wendy, wim -.Ve -.PP -.Vb 3 +\& \& # Runas alias specification \& Runas_Alias OP = root, operator \& Runas_Alias DB = oracle, sybase -.Ve -.PP -.Vb 9 +\& \& # Host alias specification \& Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e \& SGI = grolsch, dandelion, black :\e @@ -1244,9 +1231,7 @@ these are a bit contrived. First, we define our \fIaliases\fR: \& Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 \& Host_Alias SERVERS = master, mail, www, ns \& Host_Alias CDROM = orion, perseus, hercules -.Ve -.PP -.Vb 13 +\& \& # Cmnd alias specification \& Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e \& /usr/sbin/restore, /usr/sbin/rrestore @@ -1275,7 +1260,7 @@ disable shell escapes for the commands in the \s-1PAGERS\s0 \f(CW\*(C`Cmnd_Alias (\fI/usr/bin/more\fR, \fI/usr/bin/pg\fR and \fI/usr/bin/less\fR). .PP .Vb 7 -\& # Override built-in defaults +\& # Override built\-in defaults \& Defaults syslog=auth \& Defaults>root !set_logname \& Defaults:FULLTIMERS !lecture @@ -1345,7 +1330,7 @@ directory \fI/usr/oper/bin/\fR. The user \fBjoe\fR may only \fIsu\fR\|(1) to operator. .PP .Vb 1 -\& pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root +\& pete HPPA = /usr/bin/passwd [A\-Za\-z]*, !/usr/bin/passwd root .Ve .PP The user \fBpete\fR is allowed to change anyone's password except for @@ -1382,7 +1367,7 @@ The user \fBfred\fR can run commands as any user in the \fI\s-1DB\s0\fR \f(CW\*( (\fBoracle\fR or \fBsybase\fR) without giving a password. .PP .Vb 1 -\& john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* +\& john ALPHA = /usr/bin/su [!\-]*, !/usr/bin/su *root* .Ve .PP On the \fI\s-1ALPHA\s0\fR machines, user \fBjohn\fR may su to anyone except root @@ -1427,7 +1412,7 @@ web pages) or simply \fIsu\fR\|(1) to www. .PP .Vb 2 \& ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e -\& /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM +\& /sbin/mount \-o nosuid\e,nodev /dev/cd0a /CDROM .Ve .PP Any user may mount or unmount a CD-ROM on the machines in the \s-1CDROM\s0 @@ -1483,7 +1468,7 @@ To tell whether or not \fBsudo\fR supports \fInoexec\fR, you can run the following as root: .Sp .Vb 1 -\& sudo -V | grep "dummy exec" +\& sudo \-V | grep "dummy exec" .Ve .Sp If the resulting output contains a line that begins with: @@ -1495,7 +1480,7 @@ If the resulting output contains a line that begins with: then \fBsudo\fR may be able to replace the exec family of functions in the standard library with its own that simply return an error. Unfortunately, there is no foolproof way to know whether or not -\&\fInoexec\fR will work at compile\-time. \fInoexec\fR should work on +\&\fInoexec\fR will work at compile-time. \fInoexec\fR should work on SunOS, Solaris, *BSD, Linux, \s-1IRIX\s0, Tru64 \s-1UNIX\s0, MacOS X, and HP-UX 11.x. It is known \fBnot\fR to work on \s-1AIX\s0 and UnixWare. \fInoexec\fR is expected to work on most operating systems that support the diff --git a/visudo.cat b/visudo.cat index e0a9464ac..75735da27 100644 --- a/visudo.cat +++ b/visudo.cat @@ -12,21 +12,22 @@ SSYYNNOOPPSSIISS DDEESSCCRRIIPPTTIIOONN vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(1m). - vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits, pro- - vides basic sanity checks, and checks for parse errors. If the _s_u_d_o_e_r_s - file is currently being edited you will receive a message to try again - later. - - There is a hard-coded list of editors that vviissuuddoo will use set at com- - pile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s Default vari- - able. This list defaults to the path to _v_i(1) on your system, as + vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits, + provides basic sanity checks, and checks for parse errors. If the + _s_u_d_o_e_r_s file is currently being edited you will receive a message to + try again later. + + There is a hard-coded list of editors that vviissuuddoo will use set at + compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s Default + variable. This list defaults to the path to _v_i(1) on your system, as determined by the _c_o_n_f_i_g_u_r_e script. Normally, vviissuuddoo does not honor - the VISUAL or EDITOR environment variables unless they contain an edi- - tor in the aforementioned editors list. However, if vviissuuddoo is config- - ured with the _-_-_w_i_t_h_-_e_n_v_e_d_i_t_o_r flag or the _e_n_v___e_d_i_t_o_r Default variable - is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by VISUAL or - EDITOR. Note that this can be a security hole since it allows the user - to execute any program they wish simply by setting VISUAL or EDITOR. + the VISUAL or EDITOR environment variables unless they contain an + editor in the aforementioned editors list. However, if vviissuuddoo is + configured with the _-_-_w_i_t_h_-_e_n_v_e_d_i_t_o_r flag or the _e_n_v___e_d_i_t_o_r Default + variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by + VISUAL or EDITOR. Note that this can be a security hole since it + allows the user to execute any program they wish simply by setting + VISUAL or EDITOR. vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the changes if there is a syntax error. Upon finding an error, vviissuuddoo will @@ -52,16 +53,15 @@ OOPPTTIIOONNSS -f _s_u_d_o_e_r_s Specify and alternate _s_u_d_o_e_r_s file location. With this option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your - choice, instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s. The lock - file used is the specified _s_u_d_o_e_r_s file with ".tmp" + choice, instead of the default, _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s. The + lock file used is the specified _s_u_d_o_e_r_s file with ".tmp" appended to it. -q Enable qquuiieett mode. In this mode details about syntax - errors are not printed. This option is only useful when -1.7.0 May 2, 2008 1 +1.7.0 October 24, 2008 1 @@ -70,6 +70,7 @@ OOPPTTIIOONNSS VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) + errors are not printed. This option is only useful when combined with the --cc flag. -s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an alias is @@ -91,9 +92,10 @@ EENNVVIIRROONNMMEENNTT EDITOR Used by visudo if VISUAL is not set FFIILLEESS - _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what + _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s List of who can run what - _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo + _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s_._t_m_p + Lock file for visudo DDIIAAGGNNOOSSTTIICCSS sudoers file busy, try again later. @@ -108,8 +110,8 @@ DDIIAAGGNNOOSSTTIICCSS Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined Either you are trying to use an undeclare {User,Runas,Host,Cmnd}_Alias or you have a user or hostname listed - that consists solely of uppercase letters, digits, and the under- - score ('_') character. In the latter case, you can ignore the + that consists solely of uppercase letters, digits, and the + underscore ('_') character. In the latter case, you can ignore the warnings (ssuuddoo will not complain). In --ss (strict) mode these are errors, not warnings. @@ -121,13 +123,11 @@ DDIIAAGGNNOOSSTTIICCSS SSEEEE AALLSSOO _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(8) -AAUUTTHHOORR - Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo - was written by: -1.7.0 May 2, 2008 2 + +1.7.0 October 24, 2008 2 @@ -136,6 +136,10 @@ AAUUTTHHOORR VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) +AAUUTTHHOORR + Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo + was written by: + Todd Miller See the HISTORY file in the sudo distribution or visit @@ -156,9 +160,9 @@ SSUUPPPPOORRTT DDIISSCCLLAAIIMMEERR vviissuuddoo is provided ``AS IS'' and any express or implied warranties, - including, but not limited to, the implied warranties of merchantabil- - ity and fitness for a particular purpose are disclaimed. See the - LICENSE file distributed with ssuuddoo or + including, but not limited to, the implied warranties of + merchantability and fitness for a particular purpose are disclaimed. + See the LICENSE file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. @@ -189,10 +193,6 @@ DDIISSCCLLAAIIMMEERR - - - - -1.7.0 May 2, 2008 3 +1.7.0 October 24, 2008 3 diff --git a/visudo.man.in b/visudo.man.in index 94a3a17b8..93a695d59 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -18,7 +18,7 @@ .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .\" $Sudo$ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: .\" ======================================================================== @@ -45,11 +45,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -68,22 +68,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -149,7 +152,11 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "May 2, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "October 24, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS" @@ -203,7 +210,7 @@ exit with a value of 0. If a syntax error is encountered, .IX Item "-f sudoers" Specify and alternate \fIsudoers\fR file location. With this option \&\fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice, -instead of the default, \fI@sysconfdir@/sudoers\fR. The lock file used +instead of the default, \fI\f(CI@sysconfdir\fI@/sudoers\fR. The lock file used is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it. .IP "\-q" 12 .IX Item "-q" @@ -235,10 +242,12 @@ Invoked by visudo as the editor to use Used by visudo if \s-1VISUAL\s0 is not set .SH "FILES" .IX Header "FILES" -.IP "\fI@sysconfdir@/sudoers\fR" 24 +.ie n .IP "\fI\fI@sysconfdir\fI@/sudoers\fR" 24 +.el .IP "\fI\f(CI@sysconfdir\fI@/sudoers\fR" 24 .IX Item "@sysconfdir@/sudoers" List of who can run what -.IP "\fI@sysconfdir@/sudoers.tmp\fR" 24 +.ie n .IP "\fI\fI@sysconfdir\fI@/sudoers.tmp\fR" 24 +.el .IP "\fI\f(CI@sysconfdir\fI@/sudoers.tmp\fR" 24 .IX Item "@sysconfdir@/sudoers.tmp" Lock file for visudo .SH "DIAGNOSTICS" @@ -246,7 +255,8 @@ Lock file for visudo .IP "sudoers file busy, try again later." 4 .IX Item "sudoers file busy, try again later." Someone else is currently editing the \fIsudoers\fR file. -.IP "@sysconfdir@/sudoers.tmp: Permission denied" 4 +.ie n .IP "@sysconfdir@/sudoers.tmp: Permission denied" 4 +.el .IP "\f(CW@sysconfdir\fR@/sudoers.tmp: Permission denied" 4 .IX Item "@sysconfdir@/sudoers.tmp: Permission denied" You didn't run \fBvisudo\fR as root. .IP "Can't find you in the passwd database" 4