From: Todd C. Miller Date: Thu, 26 Aug 1999 09:10:12 +0000 (+0000) Subject: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more standard and add... X-Git-Tag: SUDO_1_6_0~97 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e50798ff5b68645d20e85524ff24a456cc2491df;p=sudo rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more standard and add "EXAMPLES" section --- diff --git a/sudo.cat b/sudo.cat index d4c5a3f49..8929dac4d 100644 --- a/sudo.cat +++ b/sudo.cat @@ -45,11 +45,11 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS -V The -V (_v_e_r_s_i_o_n) option causes ssssuuuuddddoooo to print the version number and exit. - -l The -l (_l_i_s_t) option will list out the allowed and - forbidden commands for the user on the current host. + -l The -l (_l_i_s_t) option will list out the allowed (and + forbidden) commands for the user on the current host. - -h The -h (_h_e_l_p) option causes ssssuuuuddddoooo to print the version - of ssssuuuuddddoooo and a usage message before exiting. + -h The -h (_h_e_l_p) option causes ssssuuuuddddoooo to print a usage + message and exit. -v If given the -v (_v_a_l_i_d_a_t_e) option, ssssuuuuddddoooo will update the user's timestamp, prompting for the user's @@ -61,7 +61,7 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS -17/Aug/1999 1.6 1 +25/Aug/1999 1.6 1 @@ -71,15 +71,15 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8) -k The -k (_k_i_l_l) option to ssssuuuuddddoooo invalidates the user's - timestamp file by setting the time on it to the epoch. - The next time ssssuuuuddddoooo is run a password will be required. + timestamp by setting the time on it to the epoch. The + next time ssssuuuuddddoooo is run a password will be required. This option does not require a password and was added to allow a user to revoke ssssuuuuddddoooo permissions from a .logout file. -K The -K (sure _k_i_l_l) option to ssssuuuuddddoooo removes the user's - timestamp file entirely. This option does not require - a password. + timestamp entirely. This option does not require a + password. -b The -b (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the given command in the background. Note that if you use the @@ -127,7 +127,7 @@ RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEES -17/Aug/1999 1.6 2 +25/Aug/1999 1.6 2 @@ -184,7 +184,7 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE instance) or create /tmp/.odus with the appropriate owner (root) and permissions (0700) in the system startup files. - sudo will not honor timestamps set far in the future. + ssssuuuuddddoooo will not honor timestamps set far in the future. Timestamps with a date greater than current_time + 2 * TIMEOUT will be ignored and sudo will log and complain. This is done to keep a user from creating his/her own @@ -193,7 +193,7 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE -17/Aug/1999 1.6 3 +25/Aug/1999 1.6 3 @@ -202,13 +202,72 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE SUDO(8) MAINTENANCE COMMANDS SUDO(8) +EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS + Note: the following examples assume suitable _s_u_d_o_e_r_s(5) + entries. + + To get a file listing of an unreadable directory: + + % sudo ls /usr/local/protected + + To list the home directory of user yazza on a machine + where the filesystem holding ~yazza is not exported as + root: + + % sudo -u yazza ls ~yazza + + To edit the _i_n_d_e_x_._h_t_m_l file as user www: + + % sudo -u www vi ~www/htdocs/index.html + + To shutdown a machine: + + % sudo shutdown -r +15 "quick reboot" + + To make a usage listing of the directories in the /home + partition. Note that this runs the commands in a sub- + shell to make the cd and file redirection work. + + % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" + + +EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT + ssssuuuuddddoooo utilizes the following environment variables: + + PATH Set to a sane value if SECURE_PATH is set + SHELL Used to determine shell to run with -s option + USER Set to the target user (root unless the -u option + is specified) + HOME In -s or -H mode (or if sudo was configured with + the --enable-shell-sets-home option), set to + homedir of the target user. + SUDO_PROMPT Used as the default password prompt + SUDO_COMMAND Set to the command run by sudo + SUDO_USER Set to the login of the user who invoked sudo + SUDO_UID Set to the uid of the user who invoked sudo + SUDO_GID Set to the gid of the user who invoked sudo + SUDO_PS1 If set, PS1 will be set to its value + + FFFFIIIILLLLEEEESSSS /etc/sudoers List of who can run what /var/run/sudo Directory containing timestamps - /tmp/.odus Same as above if no /var/run exists + + ssssuuuuddddoooo utilizes the following environment variables: + + + + + +25/Aug/1999 1.6 4 + + + + + +SUDO(8) MAINTENANCE COMMANDS SUDO(8) -EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT VVVVAAAARRRRIIIIAAAABBBBLLLLEEEESSSS PATH Set to a sane value if SECURE_PATH is set SHELL Used to determine shell to run with -s option USER Set to the target user (root unless the -u option @@ -224,6 +283,12 @@ EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT V SUDO_PS1 If set, PS1 will be set to its value +FFFFIIIILLLLEEEESSSS + /etc/sudoers List of who can run what + /var/run/sudo Directory containing timestamps + /tmp/.odus Same as above if no /var/run exists + + AAAAUUUUTTTTHHHHOOOORRRRSSSS Many people have worked on ssssuuuuddddoooo over the years, this version consists of code written primarily by: @@ -256,10 +321,11 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS shell regardless of any '!' elements in the user specification. + Running shell scripts via ssssuuuuddddoooo can expose the same kernel -17/Aug/1999 1.6 4 +25/Aug/1999 1.6 5 @@ -268,9 +334,9 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS SUDO(8) MAINTENANCE COMMANDS SUDO(8) - Running shell scripts via ssssuuuuddddoooo can expose the same kernel bugs that make setuid shell scripts unsafe on some - operating systems. + operating systems (if your OS supports the /dev/fd/ + directory, setuid shell scripts are generally safe). SSSSEEEEEEEE AAAALLLLSSSSOOOO _s_u_d_o_e_r_s(5), _v_i_s_u_d_o(8), _s_u(1). @@ -325,6 +391,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -17/Aug/1999 1.6 5 +25/Aug/1999 1.6 6 diff --git a/sudo.html b/sudo.html index 7204aa2f0..38ba8a4ed 100644 --- a/sudo.html +++ b/sudo.html @@ -16,8 +16,10 @@
  • OPTIONS
  • RETURN VALUES
  • SECURITY NOTES +
  • EXAMPLES +
  • ENVIRONMENT +
  • FILES
  • FILES -
  • ENVIRONMENT VARIABLES
  • AUTHORS
  • BUGS
  • DISCLAIMER @@ -81,12 +83,12 @@ The -V (version) option causes sudo to pr
    -l

    -The -l (list) option will list out the allowed and forbidden commands for the user on +The -l (list) option will list out the allowed (and forbidden) commands for the user on the current host.

    -h

    -The -h (help) option causes sudo to print the version of sudo and a usage message before exiting. +The -h (help) option causes sudo to print a usage message and exit.

    -v

    @@ -96,13 +98,13 @@ and defaults to 5 minutes) but does not run a command.

    -k

    -The -k (kill) option to sudo invalidates the user's timestamp file by setting the time on it to the -epoch. The next time sudo is run a password will be required. This option does not require a password +The -k (kill) option to sudo invalidates the user's timestamp by setting the time on it to the epoch. +The next time sudo is run a password will be required. This option does not require a password and was added to allow a user to revoke sudo permissions from a .logout file.

    -K

    -The -K (sure kill) option to sudo removes the user's timestamp file entirely. This option does not require a +The -K (sure kill) option to sudo removes the user's timestamp entirely. This option does not require a password.

    -b
    @@ -190,23 +192,82 @@ can use a directory that is not world-writable for the timestamps (/var/adm/ permissions (0700) in the system startup files.

    -sudo will not honor timestamps set far in the future. Timestamps with a date +sudo will not honor timestamps set far in the future. Timestamps with a date greater than current_time + 2 * TIMEOUT will be ignored and sudo will log and complain. This is done to keep a user from creating his/her own timestamp with a bogus date on system that allow users to give away files. +

    +

    +

    EXAMPLES

    +

    +Note: the following examples assume suitable sudoers(5) +entries. + +

    +To get a file listing of an unreadable directory: + +

    +

     % sudo ls /usr/local/protected
+
    +

    +To list the home directory of user yazza on a machine where the filesystem +holding ~yazza is not exported as root: + +

    +

     % sudo -u yazza ls ~yazza
+
    +

    +To edit the index.html file as user www: + +

    +

     % sudo -u www vi ~www/htdocs/index.html
+
    +

    +To shutdown a machine: + +

    +

     % sudo shutdown -r +15 "quick reboot"
+
    +

    +To make a usage listing of the directories in the /home partition. Note +that this runs the commands in a sub-shell to make the cd and file redirection work. + +

    +

     % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
+
    +

    +

    +

    ENVIRONMENT

    +

    +sudo utilizes the following environment variables: + +

    +

     PATH                   Set to a sane value if SECURE_PATH is set
+ SHELL                  Used to determine shell to run with -s option
+ USER                   Set to the target user (root unless the -u option
+                        is specified)
+ HOME                   In -s or -H mode (or if sudo was configured with
+                        the --enable-shell-sets-home option), set to
+                        homedir of the target user.
+ SUDO_PROMPT            Used as the default password prompt
+ SUDO_COMMAND           Set to the command run by sudo
+ SUDO_USER              Set to the login of the user who invoked sudo
+ SUDO_UID               Set to the uid of the user who invoked sudo
+ SUDO_GID               Set to the gid of the user who invoked sudo
+ SUDO_PS1               If set, PS1 will be set to its value
+

    FILES

     /etc/sudoers           List of who can run what
  /var/run/sudo          Directory containing timestamps
- /tmp/.odus             Same as above if no /var/run exists

    -

    -

    ENVIRONMENT VARIABLES

    +sudo utilizes the following environment variables: + 

     PATH                   Set to a sane value if SECURE_PATH is set
  SHELL                  Used to determine shell to run with -s option
@@ -224,6 +285,14 @@ users to give away files.

    +

    FILES

    +

    +

     /etc/sudoers           List of who can run what
+ /var/run/sudo          Directory containing timestamps
+ /tmp/.odus             Same as above if no /var/run exists
+
    +

    +

    AUTHORS

    Many people have worked on sudo over the years, this version consists of code written primarily by: @@ -259,13 +328,13 @@ There is no easy way to prevent a user from gaining a root shell if that user has access to commands allowing shell escapes.

    -If users have sudo ALL there is nothing to prevent them from creating their -own program that gives them a root shell regardless of any '!' elements in -the user specification. +If users have sudo ALL there is nothing to prevent them from creating their own program that gives +them a root shell regardless of any '!' elements in the user specification.

    Running shell scripts via sudo can expose the same kernel bugs that make setuid shell scripts unsafe on -some operating systems. +some operating systems (if your OS supports the /dev/fd/ directory, setuid +shell scripts are generally safe).

    diff --git a/sudo.man b/sudo.man index c071564f1..a1b65b21d 100644 --- a/sudo.man +++ b/sudo.man @@ -2,8 +2,8 @@ ''' $RCSfile$$Revision$$Date$ ''' ''' $Log$ -''' Revision 1.35 1999/08/17 15:20:48 millert -''' Add BUGS section +''' Revision 1.36 1999/08/26 09:10:11 millert +''' rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more standard and add "EXAMPLES" section ''' ''' .de Sh @@ -96,7 +96,7 @@ .nr % 0 .rr F .\} -.TH SUDO 8 "1.6" "17/Aug/1999" "MAINTENANCE COMMANDS" +.TH SUDO 8 "1.6" "25/Aug/1999" "MAINTENANCE COMMANDS" .UC .if n .hy 0 .if n .na @@ -225,11 +225,10 @@ will log via \fIsyslog\fR\|(3) but this is changeable at configure time. The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the version number and exit. .Ip "-l" 4 -The \f(CW-l\fR (\fIlist\fR) option will list out the allowed and -forbidden commands for the user on the current host. +The \f(CW-l\fR (\fIlist\fR) option will list out the allowed (and +forbidden) commands for the user on the current host. .Ip "-h" 4 -The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print the version -of \fBsudo\fR and a usage message before exiting. +The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. .Ip "-v" 4 If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the user's timestamp, prompting for the user's password if necessary. @@ -238,13 +237,13 @@ This extends the \fBsudo\fR timeout to for another N minutes minutes) but does not run a command. .Ip "-k" 4 The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp -file by setting the time on it to the epoch. The next time \fBsudo\fR is +by setting the time on it to the epoch. The next time \fBsudo\fR is run a password will be required. This option does not require a password and was added to allow a user to revoke \fBsudo\fR permissions from a .logout file. .Ip "-K" 4 The \f(CW-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp -file entirely. This option does not require a password. +entirely. This option does not require a password. .Ip "-b" 4 The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given command in the background. Note that if you use the \f(CW-b\fR @@ -326,19 +325,67 @@ that is not world-writable for the timestamps (\fI/var/adm/sudo\fR for instance) or create /tmp/.odus with the appropriate owner (root) and permissions (0700) in the system startup files. .PP -\f(CWsudo\fR will not honor timestamps set far in the future. +\fBsudo\fR will not honor timestamps set far in the future. Timestamps with a date greater than current_time + 2 * \f(CWTIMEOUT\fR will be ignored and sudo will log and complain. This is done to keep a user from creating his/her own timestamp with a bogus date on system that allow users to give away files. +.SH "EXAMPLES" +Note: the following examples assume suitable \fIsudoers\fR\|(5) entries. +.PP +To get a file listing of an unreadable directory: +.PP +.Vb 1 +\& % sudo ls /usr/local/protected +.Ve +To list the home directory of user yazza on a machine where the +filesystem holding ~yazza is not exported as root: +.PP +.Vb 1 +\& % sudo -u yazza ls ~yazza +.Ve +To edit the \fIindex.html\fR file as user www: +.PP +.Vb 1 +\& % sudo -u www vi ~www/htdocs/index.html +.Ve +To shutdown a machine: +.PP +.Vb 1 +\& % sudo shutdown -r +15 "quick reboot" +.Ve +To make a usage listing of the directories in the /home +partition. Note that this runs the commands in a sub-shell +to make the \f(CWcd\fR and file redirection work. +.PP +.Vb 1 +\& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" +.Ve +.SH "ENVIRONMENT" +\fBsudo\fR utilizes the following environment variables: +.PP +.Vb 13 +\& PATH Set to a sane value if SECURE_PATH is set +\& SHELL Used to determine shell to run with -s option +\& USER Set to the target user (root unless the -u option +\& is specified) +\& HOME In -s or -H mode (or if sudo was configured with +\& the --enable-shell-sets-home option), set to +\& homedir of the target user. +\& SUDO_PROMPT Used as the default password prompt +\& SUDO_COMMAND Set to the command run by sudo +\& SUDO_USER Set to the login of the user who invoked sudo +\& SUDO_UID Set to the uid of the user who invoked sudo +\& SUDO_GID Set to the gid of the user who invoked sudo +\& SUDO_PS1 If set, PS1 will be set to its value +.Ve .SH "FILES" .PP -.Vb 3 +.Vb 2 \& /etc/sudoers List of who can run what \& /var/run/sudo Directory containing timestamps -\& /tmp/.odus Same as above if no /var/run exists .Ve -.SH "ENVIRONMENT VARIABLES" +\fBsudo\fR utilizes the following environment variables: .PP .Vb 13 \& PATH Set to a sane value if SECURE_PATH is set @@ -355,6 +402,13 @@ date on system that allow users to give away files. \& SUDO_GID Set to the gid of the user who invoked sudo \& SUDO_PS1 If set, PS1 will be set to its value .Ve +.SH "FILES" +.PP +.Vb 3 +\& /etc/sudoers List of who can run what +\& /var/run/sudo Directory containing timestamps +\& /tmp/.odus Same as above if no /var/run exists +.Ve .SH "AUTHORS" Many people have worked on \fBsudo\fR over the years, this version consists of code written primarily by: @@ -378,12 +432,14 @@ See the LICENSE file distributed with \fBsudo\fR for complete details. There is no easy way to prevent a user from gaining a root shell if that user has access to commands allowing shell escapes. .PP -If users have sudo ALL there is nothing to prevent them from creating +If users have sudo \f(CWALL\fR there is nothing to prevent them from creating their own program that gives them a root shell regardless of any \*(L'!\*(R' elements in the user specification. .PP Running shell scripts via \fBsudo\fR can expose the same kernel bugs -that make setuid shell scripts unsafe on some operating systems. +that make setuid shell scripts unsafe on some operating systems +(if your OS supports the /dev/fd/ directory, setuid shell scripts +are generally safe). .SH "SEE ALSO" \fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1). @@ -429,9 +485,13 @@ that make setuid shell scripts unsafe on some operating systems. .IX Header "SECURITY NOTES" +.IX Header "EXAMPLES" + +.IX Header "ENVIRONMENT" + .IX Header "FILES" -.IX Header "ENVIRONMENT VARIABLES" +.IX Header "FILES" .IX Header "AUTHORS" diff --git a/sudo.pod b/sudo.pod index 9c0eaa9d5..9a522d8df 100644 --- a/sudo.pod +++ b/sudo.pod @@ -83,13 +83,12 @@ version number and exit. =item -l -The C<-l> (I) option will list out the allowed and -forbidden commands for the user on the current host. +The C<-l> (I) option will list out the allowed (and +forbidden) commands for the user on the current host. =item -h -The C<-h> (I) option causes B to print the version -of B and a usage message before exiting. +The C<-h> (I) option causes B to print a usage message and exit. =item -v @@ -102,7 +101,7 @@ minutes) but does not run a command. =item -k The C<-k> (I) option to B invalidates the user's timestamp -file by setting the time on it to the epoch. The next time B is +by setting the time on it to the epoch. The next time B is run a password will be required. This option does not require a password and was added to allow a user to revoke B permissions from a .logout file. @@ -110,7 +109,7 @@ file. =item -K The C<-K> (sure I) option to B removes the user's timestamp -file entirely. This option does not require a password. +entirely. This option does not require a password. =item -b @@ -212,19 +211,63 @@ that is not world-writable for the timestamps (F for instance) or create /tmp/.odus with the appropriate owner (root) and permissions (0700) in the system startup files. -C will not honor timestamps set far in the future. +B will not honor timestamps set far in the future. Timestamps with a date greater than current_time + 2 * C will be ignored and sudo will log and complain. This is done to keep a user from creating his/her own timestamp with a bogus date on system that allow users to give away files. +=head1 EXAMPLES + +Note: the following examples assume suitable sudoers(5) entries. + +To get a file listing of an unreadable directory: + + % sudo ls /usr/local/protected + +To list the home directory of user yazza on a machine where the +filesystem holding ~yazza is not exported as root: + + % sudo -u yazza ls ~yazza + +To edit the F file as user www: + + % sudo -u www vi ~www/htdocs/index.html + +To shutdown a machine: + + % sudo shutdown -r +15 "quick reboot" + +To make a usage listing of the directories in the /home +partition. Note that this runs the commands in a sub-shell +to make the C and file redirection work. + + % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" + +=head1 ENVIRONMENT + +B utilizes the following environment variables: + + PATH Set to a sane value if SECURE_PATH is set + SHELL Used to determine shell to run with -s option + USER Set to the target user (root unless the -u option + is specified) + HOME In -s or -H mode (or if sudo was configured with + the --enable-shell-sets-home option), set to + homedir of the target user. + SUDO_PROMPT Used as the default password prompt + SUDO_COMMAND Set to the command run by sudo + SUDO_USER Set to the login of the user who invoked sudo + SUDO_UID Set to the uid of the user who invoked sudo + SUDO_GID Set to the gid of the user who invoked sudo + SUDO_PS1 If set, PS1 will be set to its value + =head1 FILES /etc/sudoers List of who can run what /var/run/sudo Directory containing timestamps - /tmp/.odus Same as above if no /var/run exists -=head1 ENVIRONMENT VARIABLES +B utilizes the following environment variables: PATH Set to a sane value if SECURE_PATH is set SHELL Used to determine shell to run with -s option @@ -240,6 +283,12 @@ date on system that allow users to give away files. SUDO_GID Set to the gid of the user who invoked sudo SUDO_PS1 If set, PS1 will be set to its value +=head1 FILES + + /etc/sudoers List of who can run what + /var/run/sudo Directory containing timestamps + /tmp/.odus Same as above if no /var/run exists + =head1 AUTHORS Many people have worked on B over the years, this @@ -269,12 +318,14 @@ See the LICENSE file distributed with B for complete details. There is no easy way to prevent a user from gaining a root shell if that user has access to commands allowing shell escapes. -If users have sudo ALL there is nothing to prevent them from creating +If users have sudo C there is nothing to prevent them from creating their own program that gives them a root shell regardless of any '!' elements in the user specification. Running shell scripts via B can expose the same kernel bugs -that make setuid shell scripts unsafe on some operating systems. +that make setuid shell scripts unsafe on some operating systems +(if your OS supports the /dev/fd/ directory, setuid shell scripts +are generally safe). =head1 SEE ALSO