From: Todd C. Miller Date: Thu, 12 Oct 2017 16:07:46 +0000 (-0600) Subject: Add a warning that for "sudo -i command" and "sudo -s command" the X-Git-Tag: SUDO_1_8_22^2~78 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cece54ae8505953e21f108728c9d8bfd2a457684;p=sudo Add a warning that for "sudo -i command" and "sudo -s command" the shell is not run in interactive mode which may change its behavior. --- diff --git a/doc/sudo.cat b/doc/sudo.cat index a12f41e25..836b6d866 100644 --- a/doc/sudo.cat +++ b/doc/sudo.cat @@ -187,16 +187,19 @@ DDEESSCCRRIIPPTTIIOONN --ii, ----llooggiinn Run the shell specified by the target user's password database entry as a login shell. This means that login- - specific resource files such as _._p_r_o_f_i_l_e or _._l_o_g_i_n will be - read by the shell. If a command is specified, it is passed - to the shell for execution via the shell's --cc option. If no - command is specified, an interactive shell is executed. ssuuddoo - attempts to change to that user's home directory before - running the shell. The command is run with an environment - similar to the one a user would receive at log in. The - _C_o_m_m_a_n_d _e_n_v_i_r_o_n_m_e_n_t section in the sudoers(4) manual - documents how the --ii option affects the environment in which - a command is run when the _s_u_d_o_e_r_s policy is in use. + specific resource files such as _._p_r_o_f_i_l_e, _._b_a_s_h___p_r_o_f_i_l_e or + _._l_o_g_i_n will be read by the shell. If a command is specified, + it is passed to the shell for execution via the shell's --cc + option. If no command is specified, an interactive shell is + executed. ssuuddoo attempts to change to that user's home + directory before running the shell. The command is run with + an environment similar to the one a user would receive at log + in. Note that most shells behave differently when a command + is specified as compared to an interactive session; consult + the shell's manual for details. The _C_o_m_m_a_n_d _e_n_v_i_r_o_n_m_e_n_t + section in the sudoers(4) manual documents how the --ii option + affects the environment in which a command is run when the + _s_u_d_o_e_r_s policy is in use. --KK, ----rreemmoovvee--ttiimmeessttaammpp Similar to the --kk option, except that it removes the user's @@ -289,6 +292,9 @@ DDEESSCCRRIIPPTTIIOONN password database entry. If a command is specified, it is passed to the shell for execution via the shell's --cc option. If no command is specified, an interactive shell is executed. + Note that most shells behave differently when a command is + specified as compared to an interactive session; consult the + shell's manual for details. --tt _t_y_p_e, ----ttyyppee=_t_y_p_e Run the command with an SELinux security context that @@ -638,4 +644,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.21 August 2, 2017 Sudo 1.8.21 +Sudo 1.8.21 October 12, 2017 Sudo 1.8.21 diff --git a/doc/sudo.man.in b/doc/sudo.man.in index e227a1b7b..51428fa39 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "SUDO" "8" "August 2, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "SUDO" "8" "October 12, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -385,7 +385,8 @@ option to list a user's privileges for the remote host. Run the shell specified by the target user's password database entry as a login shell. This means that login-specific resource files such as -\fI.profile\fR +\fI.profile\fR, +\fI.bash_profile\fR or \fI.login\fR will be read by the shell. @@ -399,6 +400,9 @@ attempts to change to that user's home directory before running the shell. The command is run with an environment similar to the one a user would receive at log in. +Note that most shells behave differently when a command is specified +as compared to an interactive session; consult the shell's manual +for details. The \fICommand environment\fR section in the @@ -556,6 +560,9 @@ via the shell's \fB\-c\fR option. If no command is specified, an interactive shell is executed. +Note that most shells behave differently when a command is specified +as compared to an interactive session; consult the shell's manual +for details. .TP 12n \fB\-t\fR \fItype\fR, \fB\--type\fR=\fItype\fR Run the command with an SELinux security context that includes diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in index f13405c1c..afba9d6a2 100644 --- a/doc/sudo.mdoc.in +++ b/doc/sudo.mdoc.in @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd August 2, 2017 +.Dd October 12, 2017 .Dt SUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -347,7 +347,8 @@ option to list a user's privileges for the remote host. Run the shell specified by the target user's password database entry as a login shell. This means that login-specific resource files such as -.Pa .profile +.Pa .profile , +.Pa .bash_profile or .Pa .login will be read by the shell. @@ -361,6 +362,9 @@ attempts to change to that user's home directory before running the shell. The command is run with an environment similar to the one a user would receive at log in. +Note that most shells behave differently when a command is specified +as compared to an interactive session; consult the shell's manual +for details. The .Em Command environment section in the @@ -500,6 +504,9 @@ via the shell's .Fl c option. If no command is specified, an interactive shell is executed. +Note that most shells behave differently when a command is specified +as compared to an interactive session; consult the shell's manual +for details. .It Fl t Ar type , Fl -type Ns = Ns Ar type Run the command with an SELinux security context that includes the specified