From 2a154e4ff8567efa5667f4a9db9132c101cc7a27 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 23 Mar 2000 00:16:46 +0000 Subject: [PATCH] These files now get generated from *.man.in at configure time. --- sudo.man | 514 ------------------------ sudoers.man | 1104 --------------------------------------------------- visudo.man | 321 --------------- 3 files changed, 1939 deletions(-) delete mode 100644 sudo.man delete mode 100644 sudoers.man delete mode 100644 visudo.man diff --git a/sudo.man b/sudo.man deleted file mode 100644 index 81f6bfdb3..000000000 --- a/sudo.man +++ /dev/null @@ -1,514 +0,0 @@ -.rn '' }` -''' $RCSfile$$Revision$$Date$ -''' -''' $Log$ -''' Revision 1.45 2000/02/27 03:56:40 millert -''' document -S flag -''' -''' -.de Sh -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp -.if t .sp .5v -.if n .sp -.. -.de Ip -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb -.ft CW -.nf -.ne \\$1 -.. -.de Ve -.ft R - -.fi -.. -''' -''' -''' Set up \*(-- to give an unbreakable dash; -''' string Tr holds user defined translation string. -''' Bell System Logo is used as a dummy character. -''' -.tr \(*W-|\(bv\*(Tr -.ie n \{\ -.ds -- \(*W- -.ds PI pi -.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -.ds L" "" -.ds R" "" -''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of -''' \*(L" and \*(R", except that they are used on ".xx" lines, -''' such as .IP and .SH, which do another additional levels of -''' double-quote interpretation -.ds M" """ -.ds S" """ -.ds N" """"" -.ds T" """"" -.ds L' ' -.ds R' ' -.ds M' ' -.ds S' ' -.ds N' ' -.ds T' ' -'br\} -.el\{\ -.ds -- \(em\| -.tr \*(Tr -.ds L" `` -.ds R" '' -.ds M" `` -.ds S" '' -.ds N" `` -.ds T" '' -.ds L' ` -.ds R' ' -.ds M' ` -.ds S' ' -.ds N' ` -.ds T' ' -.ds PI \(*p -'br\} -.\" If the F register is turned on, we'll generate -.\" index entries out stderr for the following things: -.\" TH Title -.\" SH Header -.\" Sh Subsection -.\" Ip Item -.\" X<> Xref (embedded -.\" Of course, you have to process the output yourself -.\" in some meaninful fashion. -.if \nF \{ -.de IX -.tm Index:\\$1\t\\n%\t"\\$2" -.. -.nr % 0 -.rr F -.\} -.TH sudo 8 "1.6.3" "26/Feb/2000" "MAINTENANCE COMMANDS" -.UC -.if n .hy 0 -.if n .na -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.de CQ \" put $1 in typewriter font -.ft CW -'if n "\c -'if t \\&\\$1\c -'if n \\&\\$1\c -'if n \&" -\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 -'.ft R -.. -.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 -. \" AM - accent mark definitions -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds ? ? -. ds ! ! -. ds / -. ds q -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' -. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] -.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' -.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' -.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -.ds oe o\h'-(\w'o'u*4/10)'e -.ds Oe O\h'-(\w'O'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds v \h'-1'\o'\(aa\(ga' -. ds _ \h'-1'^ -. ds . \h'-1'. -. ds 3 3 -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -. ds oe oe -. ds Oe OE -.\} -.rm #[ #] #H #V #F C -.SH "NAME" -sudo \- execute a command as another user -.SH "SYNOPSIS" -\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | -[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] -[ \fB\-u\fR username/#uid ] \fIcommand\fR -.SH "DESCRIPTION" -\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the -superuser or another user, as specified in the sudoers file. The -real and effective uid and gid are set to match those of the target -user as specified in the passwd file (the group vector is also -initialized when the target user is not root). By default, \fBsudo\fR -requires that users authenticate themselves with a password -(NOTE: this is the user's password, not the root password). Once -a user has been authenticated, a timestamp is updated and the -user may then use sudo without a password for a short period of time -(five minutes by default). -.PP -\fBsudo\fR determines who is an authorized user by consulting the -file \fI/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user -can update the time stamp without running a \fIcommand.\fR -The password prompt itself will also time out if the user's password is -not entered with N minutes (again, this is defined at configure -time and defaults to 5 minutes). -.PP -If a user that is not listed in the \fIsudoers\fR file tries to run -a command via \fBsudo\fR, mail is sent to the proper authorities, -as defined at configure time (defaults to root). Note that the -mail will not be sent if an unauthorized user tries to run sudo -with the \f(CW-l\fR or \f(CW-v\fR flags. This allows users to determine -for themselves whether or not they are allowed to use \fBsudo\fR. -.PP -\fBsudo\fR can log both successful an unsuccessful attempts (as well -as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR -will log via \fIsyslog\fR\|(3) but this is changeable at configure time. -.SH "OPTIONS" -\fBsudo\fR accepts the following command line options: -.Ip "-V" 4 -The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the -version number and exit. -.Ip "-l" 4 -The \f(CW-l\fR (\fIlist\fR) option will list out the allowed (and -forbidden) commands for the user on the current host. -.Ip "-L" 4 -The \f(CW-L\fR (\fIlist\fR defaults) option will list out the parameters -that may be set in a \fIDefaults\fR line along with a short description -for each. This option is useful in conjunction with \fIgrep\fR\|(1). -.Ip "-h" 4 -The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. -.Ip "-v" 4 -If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the -user's timestamp, prompting for the user's password if necessary. -This extends the \fBsudo\fR timeout to for another N minutes -(where N is defined at installation time and defaults to 5 -minutes) but does not run a command. -.Ip "-k" 4 -The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp -by setting the time on it to the epoch. The next time \fBsudo\fR is -run a password will be required. This option does not require a password -and was added to allow a user to revoke \fBsudo\fR permissions from a .logout -file. -.Ip "-K" 4 -The \f(CW-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp -entirely. This option does not require a password. -.Ip "-b" 4 -The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given -command in the background. Note that if you use the \f(CW-b\fR -option you cannot use shell job control to manipulate the command. -.Ip "-p" 4 -The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default -password prompt and use a custom one. If the password prompt -contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced with the user's -login name. Similarly, \f(CW%h\fR will be replaced with the local -hostname. -.Ip "-u" 4 -The \f(CW-u\fR (\fIuser\fR) option causes sudo to run the specified command -as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a -\fIusername\fR, use \*(L"#uid\*(R". -.Ip "-s" 4 -The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR -environment variable if it is set or the shell as specified -in \fIpasswd\fR\|(5). -.Ip "-H" 4 -The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable -to the homedir of the target user (root by default) as specified -in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR. -.Ip "-S" 4 -The \f(CW-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from -standard input instead of the terminal device. -.Ip "--" 4 -The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command -line arguments. It is most useful in conjunction with the \f(CW-s\fR flag. -.SH "RETURN VALUES" -\fBsudo\fR quits with an exit value of 1 if there is a -configuration/permission problem or if \fBsudo\fR cannot execute the -given command. In the latter case the error string is printed to -stderr. If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's -\f(CWPATH\fR an error is printed on stderr. (If the directory does not -exist or if it is not really a directory, the entry is ignored and -no error is printed.) This should not happen under normal -circumstances. The most common reason for \fIstat\fR\|(2) to return -\*(L"permission denied\*(R" is if you are running an automounter and one -of the directories in your \f(CWPATH\fR is on a machine that is currently -unreachable. -.SH "SECURITY NOTES" -\fBsudo\fR tries to be safe when executing external commands. Variables -that control how dynamic loading and binding is done can be used -to subvert the program that \fBsudo\fR runs. To combat this the -\f(CWLD_*\fR, \f(CW_RLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), and \f(CWLIBPATH\fR (AIX -only) environment variables are removed from the environment passed -on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR, -\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR, \f(CWKRB5_CONFIG\fR, \f(CWLOCALDOMAIN\fR, -\f(CWRES_OPTIONS\fR and \f(CWHOSTALIASES\fR variables as they too can pose a -threat. -.PP -To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting -current directory) last when searching for a command in the user's -PATH (if one or both are in the PATH). Note, however, that the -actual \f(CWPATH\fR environment variable is \fInot\fR modified and is passed -unchanged to the program that \fBsudo\fR executes. -.PP -For security reasons, if your OS supports shared libraries and does -not disable user-defined library search paths for setuid programs -(most do), you should either use a linker option that disables this -behavior or link \fBsudo\fR statically. -.PP -\fBsudo\fR will check the ownership of its timestamp directory -(\fI/var/run/sudo\fR or \fI/tmp/.odus\fR by default) and ignore the -directory's contents if it is not owned by root and only writable -by root. On systems that allow non-root users to give away files -via \fIchown\fR\|(2), if the timestamp directory is located in a directory -writable by anyone (ie: \fI/tmp\fR), it is possible for a user to -create the timestamp directory before \fBsudo\fR is run. However, -because \fBsudo\fR checks the ownership and mode of the directory and -its contents, the only damage that can be done is to \*(L"hide\*(R" files -by putting them in the timestamp dir. This is unlikely to happen -since once the timestamp dir is owned by root and inaccessible by -any other user the user placing files there would be unable to get -them back out. To get around this issue you can use a directory -that is not world-writable for the timestamps (\fI/var/adm/sudo\fR for -instance) or create /tmp/.odus with the appropriate owner (root) -and permissions (0700) in the system startup files. -.PP -\fBsudo\fR will not honor timestamps set far in the future. -Timestamps with a date greater than current_time + 2 * \f(CWTIMEOUT\fR -will be ignored and sudo will log and complain. This is done to -keep a user from creating his/her own timestamp with a bogus -date on system that allow users to give away files. -.SH "EXAMPLES" -Note: the following examples assume suitable \fIsudoers\fR\|(5) entries. -.PP -To get a file listing of an unreadable directory: -.PP -.Vb 1 -\& % sudo ls /usr/local/protected -.Ve -To list the home directory of user yazza on a machine where the -filesystem holding ~yazza is not exported as root: -.PP -.Vb 1 -\& % sudo -u yazza ls ~yazza -.Ve -To edit the \fIindex.html\fR file as user www: -.PP -.Vb 1 -\& % sudo -u www vi ~www/htdocs/index.html -.Ve -To shutdown a machine: -.PP -.Vb 1 -\& % sudo shutdown -r +15 "quick reboot" -.Ve -To make a usage listing of the directories in the /home -partition. Note that this runs the commands in a sub-shell -to make the \f(CWcd\fR and file redirection work. -.PP -.Vb 1 -\& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" -.Ve -.SH "ENVIRONMENT" -\fBsudo\fR utilizes the following environment variables: -.PP -.Vb 13 -\& PATH Set to a sane value if SECURE_PATH is set -\& SHELL Used to determine shell to run with -s option -\& USER Set to the target user (root unless the -u option -\& is specified) -\& HOME In -s or -H mode (or if sudo was configured with -\& the --enable-shell-sets-home option), set to -\& homedir of the target user. -\& SUDO_PROMPT Used as the default password prompt -\& SUDO_COMMAND Set to the command run by sudo -\& SUDO_USER Set to the login of the user who invoked sudo -\& SUDO_UID Set to the uid of the user who invoked sudo -\& SUDO_GID Set to the gid of the user who invoked sudo -\& SUDO_PS1 If set, PS1 will be set to its value -.Ve -.SH "FILES" -.PP -.Vb 2 -\& /etc/sudoers List of who can run what -\& /var/run/sudo Directory containing timestamps -.Ve -\fBsudo\fR utilizes the following environment variables: -.PP -.Vb 13 -\& PATH Set to a sane value if SECURE_PATH is set -\& SHELL Used to determine shell to run with -s option -\& USER Set to the target user (root unless the -u option -\& is specified) -\& HOME In -s or -H mode (or if sudo was configured with -\& the --enable-shell-sets-home option), set to -\& homedir of the target user. -\& SUDO_PROMPT Used as the default password prompt -\& SUDO_COMMAND Set to the command run by sudo -\& SUDO_USER Set to the login of the user who invoked sudo -\& SUDO_UID Set to the uid of the user who invoked sudo -\& SUDO_GID Set to the gid of the user who invoked sudo -\& SUDO_PS1 If set, PS1 will be set to its value -.Ve -.SH "FILES" -.PP -.Vb 3 -\& /etc/sudoers List of who can run what -\& /var/run/sudo Directory containing timestamps -\& /tmp/.odus Same as above if no /var/run exists -.Ve -.SH "AUTHORS" -Many people have worked on \fBsudo\fR over the years, this -version consists of code written primarily by: -.PP -.Vb 2 -\& Todd Miller -\& Chris Jepeway -.Ve -See the HISTORY file in the \fBsudo\fR distribution for a short history -of \fBsudo\fR. -.SH "BUGS" -If you feel you have found a bug in sudo, please submit a bug report -at http://www.courtesan.com/sudo/bugs/ -.SH "DISCLAIMER" -\fBSudo\fR is provided ``AS IS'\*(R' and any express or implied warranties, -including, but not limited to, the implied warranties of merchantability -and fitness for a particular purpose are disclaimed. -See the LICENSE file distributed with \fBsudo\fR for complete details. -.SH "CAVEATS" -There is no easy way to prevent a user from gaining a root shell if -that user has access to commands allowing shell escapes. -.PP -If users have sudo \f(CWALL\fR there is nothing to prevent them from creating -their own program that gives them a root shell regardless of any \*(L'!\*(R' -elements in the user specification. -.PP -Running shell scripts via \fBsudo\fR can expose the same kernel bugs -that make setuid shell scripts unsafe on some operating systems -(if your OS supports the /dev/fd/ directory, setuid shell scripts -are generally safe). -.SH "SEE ALSO" -\fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1). - -.rn }` '' -.IX Title "sudo 8" -.IX Name "sudo - execute a command as another user" - -.IX Header "NAME" - -.IX Header "SYNOPSIS" - -.IX Header "DESCRIPTION" - -.IX Header "OPTIONS" - -.IX Item "-V" - -.IX Item "-l" - -.IX Item "-L" - -.IX Item "-h" - -.IX Item "-v" - -.IX Item "-k" - -.IX Item "-K" - -.IX Item "-b" - -.IX Item "-p" - -.IX Item "-u" - -.IX Item "-s" - -.IX Item "-H" - -.IX Item "-S" - -.IX Item "--" - -.IX Header "RETURN VALUES" - -.IX Header "SECURITY NOTES" - -.IX Header "EXAMPLES" - -.IX Header "ENVIRONMENT" - -.IX Header "FILES" - -.IX Header "FILES" - -.IX Header "AUTHORS" - -.IX Header "BUGS" - -.IX Header "DISCLAIMER" - -.IX Header "CAVEATS" - -.IX Header "SEE ALSO" - diff --git a/sudoers.man b/sudoers.man deleted file mode 100644 index 705ca8ebb..000000000 --- a/sudoers.man +++ /dev/null @@ -1,1104 +0,0 @@ -.rn '' }` -''' $RCSfile$$Revision$$Date$ -''' -''' $Log$ -''' Revision 1.27 2000/02/18 17:56:27 millert -''' Add rootpw, runaspw, and targetpw options. -''' -''' -.de Sh -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp -.if t .sp .5v -.if n .sp -.. -.de Ip -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb -.ft CW -.nf -.ne \\$1 -.. -.de Ve -.ft R - -.fi -.. -''' -''' -''' Set up \*(-- to give an unbreakable dash; -''' string Tr holds user defined translation string. -''' Bell System Logo is used as a dummy character. -''' -.tr \(*W-|\(bv\*(Tr -.ie n \{\ -.ds -- \(*W- -.ds PI pi -.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -.ds L" "" -.ds R" "" -''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of -''' \*(L" and \*(R", except that they are used on ".xx" lines, -''' such as .IP and .SH, which do another additional levels of -''' double-quote interpretation -.ds M" """ -.ds S" """ -.ds N" """"" -.ds T" """"" -.ds L' ' -.ds R' ' -.ds M' ' -.ds S' ' -.ds N' ' -.ds T' ' -'br\} -.el\{\ -.ds -- \(em\| -.tr \*(Tr -.ds L" `` -.ds R" '' -.ds M" `` -.ds S" '' -.ds N" `` -.ds T" '' -.ds L' ` -.ds R' ' -.ds M' ` -.ds S' ' -.ds N' ` -.ds T' ' -.ds PI \(*p -'br\} -.\" If the F register is turned on, we'll generate -.\" index entries out stderr for the following things: -.\" TH Title -.\" SH Header -.\" Sh Subsection -.\" Ip Item -.\" X<> Xref (embedded -.\" Of course, you have to process the output yourself -.\" in some meaninful fashion. -.if \nF \{ -.de IX -.tm Index:\\$1\t\\n%\t"\\$2" -.. -.nr % 0 -.rr F -.\} -.TH sudoers 5 "1.6.3" "18/Feb/2000" "FILE FORMATS" -.UC -.if n .hy 0 -.if n .na -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.de CQ \" put $1 in typewriter font -.ft CW -'if n "\c -'if t \\&\\$1\c -'if n \\&\\$1\c -'if n \&" -\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 -'.ft R -.. -.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 -. \" AM - accent mark definitions -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds ? ? -. ds ! ! -. ds / -. ds q -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' -. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] -.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' -.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' -.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -.ds oe o\h'-(\w'o'u*4/10)'e -.ds Oe O\h'-(\w'O'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds v \h'-1'\o'\(aa\(ga' -. ds _ \h'-1'^ -. ds . \h'-1'. -. ds 3 3 -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -. ds oe oe -. ds Oe OE -.\} -.rm #[ #] #H #V #F C -.SH "NAME" -sudoers \- list of which users may execute what -.SH "DESCRIPTION" -The \fIsudoers\fR file is composed two types of entries: -aliases (basically variables) and user specifications -(which specify who may run what). The grammar of \fIsudoers\fR -will be described below in Extended Backus-Naur Form (EBNF). -Don't despair if you don't know what EBNF is, it is fairly -simple and the definitions below are annotated. -.Sh "Quick guide to \s-1EBNF\s0" -\s-1EBNF\s0 is a concise and exact way of describing the grammar of a language. -Each \s-1EBNF\s0 definition is made up of \fIproduction rules\fR. Eg. -.PP -.Vb 1 -\& symbol ::= definition | alternate1 | alternate2 ... -.Ve -Each \fIproduction rule\fR references others and thus makes up a -grammar for the language. \s-1EBNF\s0 also contains the following -operators, which many readers will recognize from regular -expressions. Do not, however, confuse them with \*(L"wildcard\*(R" -characters, which have different meanings. -.Ip "\f(CW?\fR" 8 -Means that the preceding symbol (or group of symbols) is optional. -That is, it may appear once or not at all. -.Ip "\f(CW*\fR" 8 -Means that the preceding symbol (or group of symbols) may appear -zero or more times. -.Ip "\f(CW+\fR" 8 -Means that the preceding symbol (or group of symbols) may appear -one or more times. -.PP -Parentheses may be used to group symbols together. For clarity, -we will use single quotes ('') to designate what is a verbatim character -string (as opposed to a symbol name). -.Sh "Aliases" -There are four kinds of aliases: the \f(CWUser_Alias\fR, \f(CWRunas_Alias\fR, -\f(CWHost_Alias\fR and \f(CWCmnd_Alias\fR. -.PP -.Vb 4 -\& Alias ::= 'User_Alias' = User_Alias (':' User_Alias)* | -\& 'Runas_Alias' = Runas_Alias (':' Runas_Alias)* | -\& 'Host_Alias' = Host_Alias (':' Host_Alias)* | -\& 'Cmnd_Alias' = Cmnd_Alias (':' Cmnd_Alias)* -.Ve -.Vb 1 -\& User_Alias ::= NAME '=' User_List -.Ve -.Vb 1 -\& Runas_Alias ::= NAME '=' Runas_User_List -.Ve -.Vb 1 -\& Host_Alias ::= NAME '=' Host_List -.Ve -.Vb 1 -\& Cmnd_Alias ::= NAME '=' Cmnd_List -.Ve -.Vb 1 -\& NAME ::= [A-Z]([A-Z][0-9]_)* -.Ve -Each \fIalias\fR definition is of the form -.PP -.Vb 1 -\& Alias_Type NAME = item1, item2, ... -.Ve -where \fIAlias_Type\fR is one of \f(CWUser_Alias\fR, \f(CWRunas_Alias\fR, \f(CWHost_Alias\fR, -or \f(CWCmnd_Alias\fR. A \f(CWNAME\fR is a string of upper case letters, numbers, -and the underscore characters ('_'). A \f(CWNAME\fR \fBmust\fR start with an -upper case letter. It is possible to put several alias definitions -of the same type on a single line, joined by a semicolon (':'). Eg. -.PP -.Vb 1 -\& Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 -.Ve -The definitions of what constitutes a valid \fIalias\fR member follow. -.PP -.Vb 2 -\& User_List ::= User | -\& User ',' User_List -.Ve -.Vb 5 -\& User ::= '!'* username | -\& '!'* '#'uid | -\& '!'* '%'group | -\& '!'* '+'netgroup | -\& '!'* User_Alias -.Ve -A \f(CWUser_List\fR is made up of one or more usernames, uids -(prefixed with \*(L'#'), System groups (prefixed with \*(L'%'), -netgroups (prefixed with \*(L'+') and other aliases. Each list -item may be prefixed with one or more \*(L'!\*(R' operators. An odd number -of \*(L'!\*(R' operators negates the value of the item; an even number -just cancel each other out. -.PP -.Vb 2 -\& Runas_List ::= Runas_User | -\& Runas_User ',' Runas_List -.Ve -.Vb 5 -\& Runas_User ::= '!'* username | -\& '!'* '#'uid | -\& '!'* '%'group | -\& '!'* +netgroup | -\& '!'* Runas_Alias -.Ve -Likewise, a \f(CWRunas_List\fR has the same possible elements -as a \f(CWUser_List\fR, except that it can include a \f(CWRunas_Alias\fR, -instead of a \f(CWUser_Alias\fR. -.PP -.Vb 2 -\& Host_List ::= Host | -\& Host ',' Host_List -.Ve -.Vb 5 -\& Host ::= '!'* hostname | -\& '!'* ip_addr | -\& '!'* network(/netmask)? | -\& '!'* '+'netgroup | -\& '!'* Host_Alias -.Ve -A \f(CWHost_List\fR is made up of one or more hostnames, \s-1IP\s0 addresses, -network numbers, netgroups (prefixed with \*(L'+') and other aliases. -Again, the value of an item may be negated with the \*(L'!\*(R' operator. -If you do not specify a netmask with a network number, the netmask -of the host's ethernet \fIinterface\fR\|(s) will be used when matching. -The netmask may be specified either in dotted quad notation (eg. -255.255.255.0) or \s-1CIDR\s0 notation (number of bits, eg. 24). -.PP -.Vb 2 -\& Cmnd_List ::= Cmnd | -\& Cmnd ',' Cmnd_List -.Ve -.Vb 3 -\& commandname ::= filename | -\& filename args | -\& filename '""' -.Ve -.Vb 3 -\& Cmnd ::= '!'* commandname | -\& '!'* directory | -\& '!'* Cmnd_Alias -.Ve -A \f(CWCmnd_List\fR is a list of one or more commandnames, directories, and other -aliases. A commandname is a fully-qualified filename which may include -shell-style wildcards (see `Wildcards\*(R' section below). A simple -filename allows the user to run the command with any arguments he/she -wishes. However, you may also command line arguments (including wildcards). -Alternately, you can specify \f(CW""\fR to indicate that the command -may only be run \fBwithout\fR command line arguments. A directory is a -fully qualified pathname ending in a \*(L'/\*(R'. When you specify a directory -in a \f(CWCmnd_List\fR, the user will be able to run any file within that directory -(but not in any subdirectories therein). -.PP -If a \f(CWCmnd\fR has associated command line arguments, then the arguments -in the \f(CWCmnd\fR must match exactly those given by the user on the command line -(or match the wildcards if there are any). Note that the following -characters must be escaped with a \*(L'\e\*(R' if they are used in command -arguments: \*(L',\*(R', \*(L':\*(R', \*(L'=\*(R', \*(L'\e\*(R'. -.Sh "Defaults" -Certain configuration options may be changed from their default -values at runtime via one or more \f(CWDefault_Entry\fR lines. These -may affect all users on any host, all users on a specific host, -or just a specific user. When multiple entries match, they are -applied in order. Where there are conflicting values, the last -value on a matching line takes effect. -.PP -.Vb 3 -\& Default_Type ::= 'Defaults' || -\& 'Defaults' ':' User || -\& 'Defaults' '@' Host -.Ve -.Vb 1 -\& Default_Entry ::= Default_Type Parameter_List -.Ve -.Vb 2 -\& Parameter ::= Parameter '=' Value || -\& '!'* Parameter || -.Ve -Parameters may be \fBflags\fR, \fBinteger\fR values, or \fBstrings\fR. Flags -are implicitly boolean and can be turned off via the \*(L'!\*(R' operator. -Some integer and string parameters may also be used in a boolean -context to disable them. Values may be enclosed in double quotes -(\f(CW"\fR) when they contain multiple words. Special characters may -be escaped with a backslash (\f(CW\e\fR). -.PP -\fBFlags\fR: -.Ip "long_otp_prompt" 12 -When validating with a One Time Password scheme (\fBS/Key\fR or \fB\s-1OPIE\s0\fR), -a two-line prompt is used to make it easier to cut and paste the -challenge to a local window. It's not as pretty as the default but -some people find it more convenient. This flag is off by default. -.Ip "ignore_dot" 12 -If set, \fBsudo\fR will ignore \*(L'.\*(R' or \*(L'\*(R' (current dir) in \f(CW$PATH\fR; -the \f(CW$PATH\fR itself is not modified. This flag is off by default. -.Ip "mail_always" 12 -Send mail to the \fImailto\fR user every time a users runs sudo. -This flag is off by default. -.Ip "mail_no_user" 12 -If set, mail will be sent to the \fImailto\fR user if the invoking -user is not in the \fIsudoers\fR file. This flag is on by default. -.Ip "mail_no_host" 12 -If set, mail will be sent to the \fImailto\fR user if the invoking -user exists in the \fIsudoers\fR file, but is not allowed to run -commands on the current host. This flag is off by default. -.Ip "mail_no_perms" 12 -If set, mail will be sent to the \fImailto\fR user if the invoking -user allowed to use sudo but the command they are trying is not -listed in their \fIsudoers\fR file entry. This flag is off by default. -.Ip "tty_tickets" 12 -If set, users must authenticate on a per-tty basis. Normally, -\fBsudo\fR uses a directory in the ticket dir with the same name as -the user running it. With this flag enabled, \fBsudo\fR will use a -file named for the tty the user is logged in on in that directory. -This flag is off by default. -.Ip "lecture" 12 -If set, a user will receive a short lecture the first time he/she -runs \fBsudo\fR. This flag is on by default. -.Ip "authenticate" 12 -If set, users must authenticate themselves via a password (or other -means of authentication) before they may run commands. This default -may be overridden via the \f(CWPASSWD\fR and \f(CWNOPASSWD\fR tags. -This flag is on by default. -.Ip "root_sudo" 12 -If set, root is allowed to run sudo too. Disabling this prevents users -from \*(L"chaining\*(R" sudo commands to get a root shell by doing something -like \f(CW"sudo sudo /bin/sh"\fR. -This flag is on by default. -.Ip "log_host" 12 -If set, the hostname will be logged in the (non-syslog) \fBsudo\fR log file. -This flag is off by default. -.Ip "log_year" 12 -If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR log file. -This flag is off by default. -.Ip "shell_noargs" 12 -If set and \fBsudo\fR is invoked with no arguments it acts as if the -\f(CW-s\fR flag had been given. That is, it runs a shell as root (the -shell is determined by the \f(CWSHELL\fR environment variable if it is -set, falling back on the shell listed in the invoking user's -/etc/passwd entry if not). This flag is off by default. -.Ip "set_home" 12 -If set and \fBsudo\fR is invoked with the \f(CW-s\fR flag the \f(CWHOME\fR -environment variable will be set to the home directory of the target -user (which is root unless the \f(CW-u\fR option is used). This effectively -makes the \f(CW-s\fR flag imply \f(CW-H\fR. This flag is off by default. -.Ip "path_info" 12 -Normally, \fBsudo\fR will tell the user when a command could not be -found in their \f(CW$PATH\fR. Some sites may wish to disable this as -it could be used to gather information on the location of executables -that the normal user does not have access to. The disadvantage is -that if the executable is simply not in the user's \f(CW$PATH\fR, \fBsudo\fR -will tell the user that they are not allowed to run it, which can -be confusing. This flag is off by default. -.Ip "fqdn" 12 -Set this flag if you want to put fully qualified hostnames in the -\fIsudoers\fR file. Ie: instead of myhost you would use myhost.mydomain.edu. -You may still use the short form if you wish (and even mix the two). -Beware that turning on \fIfqdn\fR requires sudo to make \s-1DNS\s0 lookups -which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example -if the machine is not plugged into the network). Also note that -you must use the host's official name as \s-1DNS\s0 knows it. That is, -you may not use a host alias (\f(CWCNAME\fR entry) due to performance -issues and the fact that there is no way to get all aliases from -\s-1DNS\s0. If your machine's hostname (as returned by the \f(CWhostname\fR -command) is already fully qualified you shouldn't need to set -\fIfqfn\fR. This flag is off by default. -.Ip "insults" 12 -If set, sudo will insult users when they enter an incorrect -password. This flag is off by default. -.Ip "requiretty" 12 -If set, sudo will only run when the user is logged in to a real -tty. This will disallow things like \f(CW"rsh somehost sudo ls"\fR since -\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn -of echo when there is no tty present, some sites may with to set -this flag to prevent a user from entering a visible password. This -flag is off by default. -.Ip "env_editor" 12 -If set, visudo will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 environment -falling back on the default editor. Note that this may create a -security hole as most editors allow a user to get a shell (which -would be a root shell and not be logged). -.Ip "rootpw" 12 -If set, sudo will prompt for the root password instead of the password -of the invoking user. -.Ip "runaspw" 12 -If set, sudo will prompt for the password of the user defined by the -\fIrunas_default\fR option (defaults to root) instead of the password -of the invoking user. -.Ip "targetpw" 12 -If set, sudo will prompt for the password of the user specified by -the \f(CW-u\fR flag (defaults to root) instead of the password of the -invoking user. -.PP -\fBIntegers\fR: -.Ip "passwd_tries" 12 -The number of tries a user gets to enter his/her password before -sudo logs the failure and exits. The default is 3. -.PP -\fBIntegers that can be used in a boolean context\fR: -.Ip "loglinelen" 12 -Number of characters per line for the file log. This value is used -to decide when to wrap lines for nicer log files. This has no -effect on the syslog log file, only the file log. The default is -80 (use 0 or negate to disable word wrap). -.Ip "timestamp_timeout" 12 -Number of minutes that can elapse before \fBsudo\fR will ask for a passwd -again. The default is 5, set this to 0 to always prompt for a password. -.Ip "passwd_timeout" 12 -Number of minutes before the sudo password prompt times out. -The default is 5, set this to 0 for no password timeout. -.Ip "umask" 12 -Umask to use when running the root command. Set this to 0777 to -not override the user's umask. The default is 0022. -.PP -\fBStrings\fR: -.Ip "mailsub" 12 -Subject of the mail sent to the \fImailto\fR user. The escape \f(CW%h\fR -will expand to the hostname of the machine. -Default is \*(L"*** \s-1SECURITY\s0 information for \f(CW%h\fR ***\*(R". -.Ip "badpass_message" 12 -Message that is displayed if a user enters an incorrect password. -The default is \*(L"Sorry, try again.\*(R" unless insults are enabled. -.Ip "timestampdir" 12 -The directory in which \fBsudo\fR stores its timestamp files. -The default is either \f(CW/var/run/sudo\fR or \f(CW/tmp/sudo\fR. -.Ip "passprompt" 12 -The default prompt to use when asking for a password; can be overridden -via the \f(CW-p\fR option or the \f(CWSUDO_PROMPT\fR environment variable. Supports -two escapes: \*(L"%u\*(R" expands to the user's login name and \*(L"%h\*(R" expands -to the local hostname. The default value is \*(L"Password:\*(R". -.Ip "runas_default" 12 -The default user to run commands as if the \f(CW-u\fR flag is not specified -on the command line. This defaults to \*(L"root\*(R". -.Ip "syslog_goodpri" 12 -Syslog priority to use when user authenticates successfully. -Defaults to \*(L"notice\*(R". -.Ip "syslog_badpri" 12 -Syslog priority to use when user authenticates unsuccessfully. -Defaults to \*(L"alert\*(R". -.Ip "editor" 12 -Path to the editor to be used by visudo. The default is the path -to vi on your system. -.PP -\fBStrings that can be used in a boolean context\fR: -.Ip "syslog" 12 -Syslog facility if syslog is being used for logging (negate to -disable syslog logging). Defaults to \*(L"local2\*(R". -.Ip "mailerpath" 12 -Path to mail program used to send warning mail. -Defaults to the path to sendmail found at configure time. -.Ip "mailerflags" 12 -Flags to use when invoking mailer. Defaults to \f(CW-t\fR. -.Ip "mailto" 12 -Address to send warning and erorr mail to. Defaults to \*(L"root\*(R". -.Ip "exempt_group" 12 -Users in this group are exempt from password and \s-1PATH\s0 requirements. -This is not set by default. -.Ip "secure_path" 12 -Path used for every command run from \fBsudo\fR. If you don't trust the -people running sudo to have a sane \f(CWPATH\fR environment variable you may -want to use this. Another use is if you want to have the \*(L"root path\*(R" -be separate from the \*(L"user path.\*(R" This is not set by default. -.Ip "verifypw" 12 -This option controls when a password will be required when a -user runs sudo with the \fB\-v\fR. It has the following possible values: -.Sp -.Vb 3 -\& all All the user's I entries for the -\& current host must have the C -\& flag set to avoid entering a password. -.Ve -.Vb 4 -\& any At least one of the user's I entries -\& for the current host must have the -\& C flag set to avoid entering a -\& password. -.Ve -.Vb 2 -\& never The user need never enter a password to use -\& the B<-v> flag. -.Ve -.Vb 2 -\& always The user must always enter a password to use -\& the B<-v> flag. -.Ve -The default value is `all\*(R'. -.Ip "listpw" 12 -This option controls when a password will be required when a -user runs sudo with the \fB\-l\fR. It has the following possible values: -.Sp -.Vb 3 -\& all All the user's I entries for the -\& current host must have the C -\& flag set to avoid entering a password. -.Ve -.Vb 4 -\& any At least one of the user's I entries -\& for the current host must have the -\& C flag set to avoid entering a -\& password. -.Ve -.Vb 2 -\& never The user need never enter a password to use -\& the B<-l> flag. -.Ve -.Vb 2 -\& always The user must always enter a password to use -\& the B<-l> flag. -.Ve -The default value is `any\*(R'. -.PP -When logging via \fIsyslog\fR\|(3), sudo accepts the following values for the syslog -facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your \s-1OS\s0 -supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR, -\fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. The following -syslog priorities are supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, -\fBerr\fR, \fBinfo\fR, \fBnotice\fR, and \fBwarning\fR. -.Sh "User Specification" -.PP -.Vb 2 -\& User_Spec ::= User_list Host_List '=' User_List Cmnd_Spec_List \e -\& (':' User_Spec)* -.Ve -.Vb 2 -\& Cmnd_Spec_List ::= Cmnd_Spec | -\& Cmnd_Spec ',' Cmnd_Spec_List -.Ve -.Vb 1 -\& Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd -.Ve -.Vb 1 -\& Runas_Spec ::= '(' Runas_List ')' -.Ve -A \fBuser specification\fR determines which commands a user may run -(and as what user) on specified hosts. By default, commands are -run as \fBroot\fR but this can be changed on a per-command basis. -.PP -Let's break that down into its constituent parts: -.Sh "Runas_Spec" -A \f(CWRunas_Spec\fR is simply a \f(CWRunas_List\fR (as defined above) -enclosed in a set of parentheses. If you do not specify a -\f(CWRunas_Spec\fR in the user specification, a default \f(CWRunas_Spec\fR -of \fBroot\fR will be used. A \f(CWRunas_Spec\fR sets the default for -commands that follow it. What this means is that for the entry: -.PP -.Vb 1 -\& dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who -.Ve -The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and -\fI/usr/bin/lprm\fR -- but only as \fBoperator\fR. Eg. -.PP -.Vb 1 -\& sudo -u operator /bin/ls. -.Ve -It is also possible to override a \f(CWRunas_Spec\fR later on in an -entry. If we modify the entry like so: -.PP -.Vb 1 -\& dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm -.Ve -Then user \fBdgb\fR is now allowed to run \fI/bin/ls\fR as \fBoperator\fR, -but \fI/bin/kill\fR and \fI/usr/bin/lprm\fR as \fBroot\fR. -.Sh "\s-1NOPASSWD\s0 and \s-1PASSWD\s0" -By default, \fBsudo\fR requires that a user authenticate him or herself -before running a command. This behavior can be modified via the -\f(CWNOPASSWD\fR tag. Like a \f(CWRunas_Spec\fR, the \f(CWNOPASSWD\fR tag sets -a default for the commands that follow it in the \f(CWCmnd_Spec_List\fR. -Conversely, the \f(CWPASSWD\fR tag can be used to reverse things. -For example: -.PP -.Vb 1 -\& ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm -.Ve -would allow the user \fBray\fR to run \fI/bin/kill\fR, \fI/bin/ls\fR, and -\fI/usr/bin/lprm\fR as root on the machine rushmore as \fBroot\fR without -authenticating himself. If we only want \fBray\fR to be able to -run \fI/bin/kill\fR without a password the entry would be: -.PP -.Vb 1 -\& ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm -.Ve -Note however, that the \f(CWPASSWD\fR tag has no effect on users who are -in the group specified by the exempt_group option. -.PP -By default, if the \f(CWNOPASSWD\fR tag is applied to any of the entries -for a user on the current host, he or she will be able to run -\f(CWsudo -l\fR without a password. Additionally, a user may only run -\f(CWsudo -v\fR without a password if the \f(CWNOPASSWD\fR tag is present -for all a user's entries that pertain to the current host. -This behavior may be overridden via the verifypw and listpw options. -.Sh "Wildcards (aka meta characters):" -\fBsudo\fR allows shell-style \fIwildcards\fR to be used in pathnames -as well as command line arguments in the \fIsudoers\fR file. Wildcard -matching is done via the \fB\s-1POSIX\s0\fR \f(CWfnmatch(3)\fR routine. Note that -these are \fInot\fR regular expressions. -.Ip "\f(CW*\fR" 8 -Matches any set of zero or more characters. -.Ip "\f(CW?\fR" 8 -Matches any single character. -.Ip "\f(CW[...]\fR" 8 -Matches any character in the specified range. -.Ip "\f(CW[!...]\fR" 8 -Matches any character \fBnot\fR in the specified range. -.Ip "\f(CW\ex\fR" 8 -For any character \*(L"x\*(R", evaluates to \*(L"x\*(R". This is used to -escape special characters such as: \*(L"*\*(R", \*(L"?\*(R", \*(L"[\*(R", and \*(L"}\*(R". -.PP -Note that a forward slash ('/') will \fBnot\fR be matched by -wildcards used in the pathname. When matching the command -line arguments, however, as slash \fBdoes\fR get matched by -wildcards. This is to make a path like: -.PP -.Vb 1 -\& /usr/bin/* -.Ve -match \f(CW/usr/bin/who\fR but not \f(CW/usr/bin/X11/xterm\fR. -.Sh "Exceptions to wildcard rules:" -The following exceptions apply to the above rules: -.Ip \f(CW""\fR 8 -If the empty string \f(CW""\fR is the only command line argument in the -\fIsudoers\fR entry it means that command is not allowed to be run -with \fBany\fR arguments. -.Sh "Other special characters and reserved words:" -The pound sign ('#') is used to indicate a comment (unless it -occurs in the context of a user name and is followed by one or -more digits, in which case it is treated as a uid). Both the -comment character and any text after it, up to the end of the line, -are ignored. -.PP -The reserved word \fB\s-1ALL\s0\fR is a built in \fIalias\fR that always causes -a match to succeed. It can be used wherever one might otherwise -use a \f(CWCmnd_Alias\fR, \f(CWUser_Alias\fR, \f(CWRunas_Alias\fR, or \f(CWHost_Alias\fR. -You should not try to define your own \fIalias\fR called \fB\s-1ALL\s0\fR as the -built in alias will be used in preference to your own. Please note -that using \fB\s-1ALL\s0\fR can be dangerous since in a command context, it -allows the user to run \fBany\fR command on the system. -.PP -An exclamation point (\*(R'!') can be used as a logical \fInot\fR operator -both in an \fIalias\fR and in front of a \f(CWCmnd\fR. This allows one to -exclude certain values. Note, however, that using a \f(CW!\fR in -conjunction with the built in \f(CWALL\fR alias to allow a user to -run \*(L"all but a few\*(R" commands rarely works as intended (see \s-1SECURITY\s0 -\s-1NOTES\s0 below). -.PP -Long lines can be continued with a backslash (\*(R'\e') as the last -character on the line. -.PP -Whitespace between elements in a list as well as specicial syntactic -characters in a \fIUser Specification\fR ('=\*(R', \*(L':\*(R', \*(L'(\*(R', \*(L')') is optional. -.PP -The following characters must be escaped with a backslash (\*(R'\e') when -used as part of a word (eg. a username or hostname): -\&'@\*(R', \*(L'!\*(R', \*(L'=\*(R', \*(L':\*(R', \*(L',\*(R', \*(L'(\*(R', \*(L')\*(R', \*(L'\e\*(R'. -.SH "EXAMPLES" -Below are example \fIsudoers\fR entries. Admittedly, some of -these are a bit contrived. First, we define our \fIaliases\fR: -.PP -.Vb 4 -\& # User alias specification -\& User_Alias FULLTIMERS = millert, mikef, dowdy -\& User_Alias PARTTIMERS = bostley, jwfox, crawl -\& User_Alias WEBMASTERS = will, wendy, wim -.Ve -.Vb 3 -\& # Runas alias specification -\& Runas_Alias OP = root, operator -\& Runas_Alias DB = oracle, sybase -.Ve -.Vb 9 -\& # Host alias specification -\& Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e -\& SGI = grolsch, dandelion, black :\e -\& ALPHA = widget, thalamus, foobar :\e -\& HPPA = boa, nag, python -\& Host_Alias CUNETS = 128.138.0.0/255.255.0.0 -\& Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 -\& Host_Alias SERVERS = master, mail, www, ns -\& Host_Alias CDROM = orion, perseus, hercules -.Ve -.Vb 12 -\& # Cmnd alias specification -\& Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e -\& /usr/sbin/restore, /usr/sbin/rrestore -\& Cmnd_Alias KILL = /usr/bin/kill -\& Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm -\& Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown -\& Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt -\& Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot -\& Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \e -\& /usr/local/bin/tcsh, /usr/bin/rsh, \e -\& /usr/local/bin/zsh -\& Cmnd_Alias SU = /usr/bin/su -.Ve -Here we override some of the compiled in default values. We want -sudo to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all cases. -We don't want to subject the full time staff to the \fBsudo\fR lecture, -and user \fBmillert\fR need not give a password. In addition, on the -machines in the \fISERVERS\fR \f(CWHost_Alias\fR, we keep an additional -local log file and make sure we log the year in each log line since -the log entries will be kept around for several years. -.PP -.Vb 5 -\& # Override builtin defaults -\& Defaults syslog=auth -\& Defaults:FULLTIMERS !lecture -\& Defaults:millert !authenticate -\& Defaults@SERVERS log_year, logfile=/var/log/sudo.log -.Ve -The \fIUser specification\fR is the part that actually determines who may -run what. -.PP -.Vb 2 -\& root ALL = (ALL) ALL -\& %wheel ALL = (ALL) ALL -.Ve -We let \fBroot\fR and any user in group \fBwheel\fR run any command on any -host as any user. -.PP -.Vb 1 -\& FULLTIMERS ALL = NOPASSWD: ALL -.Ve -Full time sysadmins (\fBmillert\fR, \fBmikef\fR, and \fBdowdy\fR) may run any -command on any host without authenticating themselves. -.PP -.Vb 1 -\& PARTTIMERS ALL = ALL -.Ve -Part time sysadmins (\fBbostley\fR, \fBjwfox\fR, and \fBcrawl\fR) may run any -command on any host but they must authenticate themselves first -(since the entry lacks the \f(CWNOPASSWD\fR tag). -.PP -.Vb 1 -\& jack CSNETS = ALL -.Ve -The user \fBjack\fR may run any command on the machines in the \fICSNETS\fR alias -(the networks \f(CW128.138.243.0\fR, \f(CW128.138.204.0\fR, and \f(CW128.138.242.0\fR). -Of those networks, only <128.138.204.0> has an explicit netmask (in -CIDR notation) indicating it is a class C network. For the other -networks in \fICSNETS\fR, the local machine's netmask will be used -during matching. -.PP -.Vb 1 -\& lisa CUNETS = ALL -.Ve -The user \fBlisa\fR may run any command on any host in the \fICUNETS\fR alias -(the class B network \f(CW128.138.0.0\fR). -.PP -.Vb 2 -\& operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\e -\& /usr/oper/bin/ -.Ve -The \fBoperator\fR user may run commands limited to simple maintenance. -Here, those are commands related to backups, killing processes, the -printing system, shutting down the system, and any commands in the -directory \fI/usr/oper/bin/\fR. -.PP -.Vb 1 -\& joe ALL = /usr/bin/su operator -.Ve -The user \fBjoe\fR may only \fIsu\fR\|(1) to operator. -.PP -.Vb 1 -\& pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root -.Ve -The user \fBpete\fR is allowed to change anyone's password except for -root on the \fIHPPA\fR machines. Note that this assumes \fIpasswd\fR\|(1) -does not take multiple usernames on the command line. -.PP -.Vb 1 -\& bob SPARC = (OP) ALL : SGI = (OP) ALL -.Ve -The user \fBbob\fR may run anything on the \fISPARC\fR and \fISGI\fR machines -as any user listed in the \fIOP\fR \f(CWRunas_Alias\fR (\fBroot\fR and \fBoperator\fR). -.PP -.Vb 1 -\& jim +biglab = ALL -.Ve -The user \fBjim\fR may run any command on machines in the \fIbiglab\fR netgroup. -\fBSudo\fR knows that \*(L"biglab\*(R" is a netgroup due to the \*(L'+\*(R' prefix. -.PP -.Vb 1 -\& +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser -.Ve -Users in the \fBsecretaries\fR netgroup need to help manage the printers -as well as add and remove users, so they are allowed to run those -commands on all machines. -.PP -.Vb 1 -\& fred ALL = (DB) NOPASSWD: ALL -.Ve -The user \fBfred\fR can run commands as any user in the \fIDB\fR \f(CWRunas_Alias\fR -(\fBoracle\fR or \fBsybase\fR) without giving a password. -.PP -.Vb 1 -\& john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* -.Ve -On the \fIALPHA\fR machines, user \fBjohn\fR may su to anyone except root -but he is not allowed to give \fIsu\fR\|(1) any flags. -.PP -.Vb 1 -\& jen ALL, !SERVERS = ALL -.Ve -The user \fBjen\fR may run any command on any machine except for those -in the \fISERVERS\fR \f(CWHost_Alias\fR (master, mail, www and ns). -.PP -.Vb 1 -\& jill SERVERS = /usr/bin/, !SU, !SHELLS -.Ve -For any machine in the \fISERVERS\fR \f(CWHost_Alias\fR, \fBjill\fR may run -any commands in the directory /usr/bin/ except for those commands -belonging to the \fISU\fR and \fISHELLS\fR \f(CWCmnd_Aliases\fR. -.PP -.Vb 1 -\& steve CSNETS = (operator) /usr/local/op_commands/ -.Ve -The user \fBsteve\fR may run any command in the directory /usr/local/op_commands/ -but only as user operator. -.PP -.Vb 1 -\& matt valkyrie = KILL -.Ve -On his personal workstation, valkyrie, \fBmatt\fR needs to be able to -kill hung processes. -.PP -.Vb 1 -\& WEBMASTERS www = (www) ALL, (root) /usr/bin/su www -.Ve -On the host www, any user in the \fIWEBMASTERS\fR \f(CWUser_Alias\fR (will, -wendy, and wim), may run any command as user www (which owns the -web pages) or simply \fIsu\fR\|(1) to www. -.PP -.Vb 2 -\& ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e -\& /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM -.Ve -Any user may mount or unmount a CD\-ROM on the machines in the CDROM -\f(CWHost_Alias\fR (orion, perseus, hercules) without entering a password. -This is a bit tedious for users to type, so it is a prime candiate -for encapsulating in a shell script. -.SH "SECURITY NOTES" -It is generally not effective to \*(L"subtract\*(R" commands from \f(CWALL\fR -using the \*(L'!\*(R' operator. A user can trivially circumvent this -by copying the desired command to a different name and then -executing that. For example: -.PP -.Vb 1 -\& bill ALL = ALL, !SU, !SHELLS -.Ve -Doesn't really prevent \fBbill\fR from running the commands listed in -\fISU\fR or \fISHELLS\fR since he can simply copy those commands to a -different name, or use a shell escape from an editor or other -program. Therefore, these kind of restrictions should be considered -advisory at best (and reinforced by policy). -.SH "CAVEATS" -The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR -command which locks the file and does grammatical checking. It is -imperative that \fIsudoers\fR be free of syntax errors since \fBsudo\fR -will not run with a syntactically incorrect \fIsudoers\fR file. -.PP -When using netgroups of machines (as opposed to users), if you -store fully-qualified hostnames in the netgroup (as is usually the -case), you either need to have the machine's hostname be fully-qualified -as returned by the \f(CWhostname\fR command or use the \fIfqdn\fR option in -\fIsudoers\fR. -.SH "FILES" -.PP -.Vb 3 -\& /etc/sudoers List of who can run what -\& /etc/group Local groups file -\& /etc/netgroup List of network groups -.Ve -.SH "SEE ALSO" -\fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3). - -.rn }` '' -.IX Title "sudoers 5" -.IX Name "sudoers - list of which users may execute what" - -.IX Header "NAME" - -.IX Header "DESCRIPTION" - -.IX Subsection "Quick guide to \s-1EBNF\s0" - -.IX Item "\f(CW?\fR" - -.IX Item "\f(CW*\fR" - -.IX Item "\f(CW+\fR" - -.IX Subsection "Aliases" - -.IX Subsection "Defaults" - -.IX Item "long_otp_prompt" - -.IX Item "ignore_dot" - -.IX Item "mail_always" - -.IX Item "mail_no_user" - -.IX Item "mail_no_host" - -.IX Item "mail_no_perms" - -.IX Item "tty_tickets" - -.IX Item "lecture" - -.IX Item "authenticate" - -.IX Item "root_sudo" - -.IX Item "log_host" - -.IX Item "log_year" - -.IX Item "shell_noargs" - -.IX Item "set_home" - -.IX Item "path_info" - -.IX Item "fqdn" - -.IX Item "insults" - -.IX Item "requiretty" - -.IX Item "env_editor" - -.IX Item "rootpw" - -.IX Item "runaspw" - -.IX Item "targetpw" - -.IX Item "passwd_tries" - -.IX Item "loglinelen" - -.IX Item "timestamp_timeout" - -.IX Item "passwd_timeout" - -.IX Item "umask" - -.IX Item "mailsub" - -.IX Item "badpass_message" - -.IX Item "timestampdir" - -.IX Item "passprompt" - -.IX Item "runas_default" - -.IX Item "syslog_goodpri" - -.IX Item "syslog_badpri" - -.IX Item "editor" - -.IX Item "syslog" - -.IX Item "mailerpath" - -.IX Item "mailerflags" - -.IX Item "mailto" - -.IX Item "exempt_group" - -.IX Item "secure_path" - -.IX Item "verifypw" - -.IX Item "listpw" - -.IX Subsection "User Specification" - -.IX Subsection "Runas_Spec" - -.IX Subsection "\s-1NOPASSWD\s0 and \s-1PASSWD\s0" - -.IX Subsection "Wildcards (aka meta characters):" - -.IX Item "\f(CW*\fR" - -.IX Item "\f(CW?\fR" - -.IX Item "\f(CW[...]\fR" - -.IX Item "\f(CW[!...]\fR" - -.IX Item "\f(CW\ex\fR" - -.IX Subsection "Exceptions to wildcard rules:" - -.IX Item \f(CW""\fR - -.IX Subsection "Other special characters and reserved words:" - -.IX Header "EXAMPLES" - -.IX Header "SECURITY NOTES" - -.IX Header "CAVEATS" - -.IX Header "FILES" - -.IX Header "SEE ALSO" - diff --git a/visudo.man b/visudo.man deleted file mode 100644 index 60ec0ebc3..000000000 --- a/visudo.man +++ /dev/null @@ -1,321 +0,0 @@ -.rn '' }` -''' $RCSfile$$Revision$$Date$ -''' -''' $Log$ -''' Revision 1.16 2000/02/16 00:07:28 millert -''' crank versino to 1.6.3 -''' -''' -.de Sh -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp -.if t .sp .5v -.if n .sp -.. -.de Ip -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb -.ft CW -.nf -.ne \\$1 -.. -.de Ve -.ft R - -.fi -.. -''' -''' -''' Set up \*(-- to give an unbreakable dash; -''' string Tr holds user defined translation string. -''' Bell System Logo is used as a dummy character. -''' -.tr \(*W-|\(bv\*(Tr -.ie n \{\ -.ds -- \(*W- -.ds PI pi -.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -.ds L" "" -.ds R" "" -''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of -''' \*(L" and \*(R", except that they are used on ".xx" lines, -''' such as .IP and .SH, which do another additional levels of -''' double-quote interpretation -.ds M" """ -.ds S" """ -.ds N" """"" -.ds T" """"" -.ds L' ' -.ds R' ' -.ds M' ' -.ds S' ' -.ds N' ' -.ds T' ' -'br\} -.el\{\ -.ds -- \(em\| -.tr \*(Tr -.ds L" `` -.ds R" '' -.ds M" `` -.ds S" '' -.ds N" `` -.ds T" '' -.ds L' ` -.ds R' ' -.ds M' ` -.ds S' ' -.ds N' ` -.ds T' ' -.ds PI \(*p -'br\} -.\" If the F register is turned on, we'll generate -.\" index entries out stderr for the following things: -.\" TH Title -.\" SH Header -.\" Sh Subsection -.\" Ip Item -.\" X<> Xref (embedded -.\" Of course, you have to process the output yourself -.\" in some meaninful fashion. -.if \nF \{ -.de IX -.tm Index:\\$1\t\\n%\t"\\$2" -.. -.nr % 0 -.rr F -.\} -.TH visudo 8 "1.6.3" "15/Feb/2000" "MAINTENANCE COMMANDS" -.UC -.if n .hy 0 -.if n .na -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.de CQ \" put $1 in typewriter font -.ft CW -'if n "\c -'if t \\&\\$1\c -'if n \\&\\$1\c -'if n \&" -\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 -'.ft R -.. -.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 -. \" AM - accent mark definitions -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds ? ? -. ds ! ! -. ds / -. ds q -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' -. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] -.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' -.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' -.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -.ds oe o\h'-(\w'o'u*4/10)'e -.ds Oe O\h'-(\w'O'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds v \h'-1'\o'\(aa\(ga' -. ds _ \h'-1'^ -. ds . \h'-1'. -. ds 3 3 -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -. ds oe oe -. ds Oe OE -.\} -.rm #[ #] #H #V #F C -.SH "NAME" -visudo \- edit the sudoers file -.SH "SYNOPSIS" -\fBvisudo\fR [ \fB\-s\fR ] [ \fB\-V\fR ] -.SH "DESCRIPTION" -\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to -\fIvipw\fR\|(8). \fBvisudo\fR locks the \fIsudoers\fR file against multiple -simultaneous edits, provides basic sanity checks, and checks -for parse errors. If the \fIsudoers\fR file is currently being -edited you will receive a message to try again later. In the -default configuration, the \fIvi\fR\|(1) editor is used, but there is -a compile time option to allow use of whatever editor the -environment variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to. -.PP -\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will -not save the changes if there is a syntax error. Upon finding -an error, a message will be printed stating the line \fInumber\fR\|(s) -that the error occurred on and the user will receive the -\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R" -to re-edit the \fIsudoers\fR file, enter \*(L"x\*(R" to exit without -saving the changes, or \*(L"Q\*(R" to quit and save changes. The -\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR -believes there to be a parse error, so will \fBsudo\fR and no one -will be able to execute \fBsudo\fR again until the error is fixed. -Any other command at this prompt will print a short help message. -When editing the \fIsudoers\fR file after a parse error has been -detected the cursor will be placed on the line where the error -occurred (if the editor supports this feature). -.SH "OPTIONS" -\fBvisudo\fR accepts the following command line option: -.Ip "-s" 4 -Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is -used before it is defined, \fBvisudo\fR will consider this a parse -error. Note that it is not possible to differentiate between an -alias and a hostname or username that consists solely of upper case -letters, digits, and the underscore ('_') character. -.Ip "-V" 4 -The \f(CW-V\fR (version) option causes \fBvisudo\fR to print the version number -and exit. -.SH "ERRORS" -.Ip "sudoers file busy, try again later." 4 -Someone else is currently editing the \fIsudoers\fR file. -.Ip "/etc/sudoers.tmp: Permission denied" 4 -You didn't run \fBvisudo\fR as root. -.Ip "Can't find you in the passwd database" 4 -Your userid does not appear in the system passwd file. -.Ip "Warning: undeclared Alias referenced near ..." 4 -Either you are using a {User,Runas,Host,Cmnd}_Alias before -defining it or you have a user or hostname listed that -consists solely of upper case letters, digits, and the -underscore ('_') character. If the latter, you can ignore -the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict) -mode these are errors not warnings. -.SH "ENVIRONMENT" -The following environment variables are used only if \fBvisudo\fR -was configured with the \fI--with-env-editor\fR option: -.PP -.Vb 2 -\& EDITOR Used by visudo as the editor to use -\& VISUAL Used by visudo if EDITOR is not set -.Ve -.SH "FILES" -.PP -.Vb 2 -\& /etc/sudoers List of who can run what -\& /etc/sudoers.tmp Lock file for visudo -.Ve -.SH "AUTHOR" -Many people have worked on \fIsudo\fR over the years, this version of -\fBvisudo\fR was written by: -.PP -.Vb 1 -\& Todd Miller -.Ve -See the HISTORY file in the sudo distribution for more details. -.SH "BUGS" -If you feel you have found a bug in sudo, please submit a bug report -at http://www.courtesan.com/sudo/bugs/ -.SH "DISCLAIMER" -\fBVisudo\fR is provided ``AS IS'\*(R' and any express or implied warranties, -including, but not limited to, the implied warranties of merchantability -and fitness for a particular purpose are disclaimed. -See the LICENSE file distributed with \fBsudo\fR for complete details. -.SH "CAVEATS" -There is no easy way to prevent a user from gaining a root shell if -the editor used by \fBvisudo\fR allows shell escapes. -.SH "SEE ALSO" -\fIsudo\fR\|(8), \fIvipw\fR\|(8). - -.rn }` '' -.IX Title "visudo 8" -.IX Name "visudo - edit the sudoers file" - -.IX Header "NAME" - -.IX Header "SYNOPSIS" - -.IX Header "DESCRIPTION" - -.IX Header "OPTIONS" - -.IX Item "-s" - -.IX Item "-V" - -.IX Header "ERRORS" - -.IX Item "sudoers file busy, try again later." - -.IX Item "/etc/sudoers.tmp: Permission denied" - -.IX Item "Can't find you in the passwd database" - -.IX Item "Warning: undeclared Alias referenced near ..." - -.IX Header "ENVIRONMENT" - -.IX Header "FILES" - -.IX Header "AUTHOR" - -.IX Header "BUGS" - -.IX Header "DISCLAIMER" - -.IX Header "CAVEATS" - -.IX Header "SEE ALSO" - -- 2.50.1