From 3dc5439c2c873fcdb6f615306a932251e6844660 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 15 Dec 2001 00:28:34 +0000 Subject: [PATCH] Regenerate after pod file changes --- sudo.cat | 130 ++++++++++++++++++------- sudo.man.in | 13 ++- sudoers.cat | 256 ++++++++++++++++++++++++------------------------- sudoers.man.in | 13 ++- 4 files changed, 246 insertions(+), 166 deletions(-) diff --git a/sudo.cat b/sudo.cat index 2b54f81d9..abf79b8a1 100644 --- a/sudo.cat +++ b/sudo.cat @@ -8,9 +8,9 @@ NNNNAAAAMMMMEEEE sudo - execute a command as another user SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS - ssssuuuuddddoooo ----VVVV | ----hhhh | ----llll | ----LLLL | ----vvvv | ----kkkk | ----KKKK | ----ssss | [ ----HHHH ] [----SSSS ] - [ ----bbbb ] | [ ----pppp _p_r_o_m_p_t ] [ ----cccc _c_l_a_s_s|_- ] [ ----aaaa _a_u_t_h___t_y_p_e ] [ - ----uuuu _u_s_e_r_n_a_m_e|_#_u_i_d ] _c_o_m_m_a_n_d + ssssuuuuddddoooo ----VVVV | ----hhhh | ----llll | ----LLLL | ----vvvv | ----kkkk | ----KKKK | ----ssss | [ ----HHHH ] [----PPPP ] + [----SSSS ] [ ----bbbb ] | [ ----pppp _p_r_o_m_p_t ] [ ----cccc _c_l_a_s_s|_- ] [ ----aaaa _a_u_t_h___t_y_p_e + ] [ ----uuuu _u_s_e_r_n_a_m_e|_#_u_i_d ] _c_o_m_m_a_n_d DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN ssssuuuuddddoooo allows a permitted user to execute a _c_o_m_m_a_n_d as the @@ -154,6 +154,13 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m) default) as specified in _p_a_s_s_w_d(4). By default, ssssuuuuddddoooo does not modify HOME. + -P The ----PPPP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssssuuuuddddoooo to + preserve the user's group vector unaltered. By + default, ssssuuuuddddoooo will initialize the group vector to the + list of groups the target user is in. The real and + effective group IDs, however, are still set to match + the target user. + -S The ----SSSS (_s_t_d_i_n) option causes ssssuuuuddddoooo to read the password from standard input instead of the terminal device. @@ -183,13 +190,6 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE ssssuuuuddddoooo tries to be safe when executing external commands. Variables that control how dynamic loading and binding is done can be used to subvert the program that ssssuuuuddddoooo runs. - To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), - and LIBPATH (AIX only) environment variables are removed - from the environment passed on to all commands executed. - ssssuuuuddddoooo will also remove the IFS, ENV, BASH_ENV, KRB_CONF, - KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, - RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO, - TERMINFO_DIRS and TERMPATH variables as they too can pose @@ -202,6 +202,13 @@ December 14, 2001 1.6.4 3 sudo(1m) MAINTENANCE COMMANDS sudo(1m) + To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), + and LIBPATH (AIX only) environment variables are removed + from the environment passed on to all commands executed. + ssssuuuuddddoooo will also remove the IFS, ENV, BASH_ENV, KRB_CONF, + KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, + RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO, + TERMINFO_DIRS and TERMPATH variables as they too can pose a threat. If the TERMCAP variable is set and is a path­ name, it too is ignored. Additionally, if the LC_* or LANGUAGE variables contain the / or % characters, they are @@ -249,13 +256,6 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m) timestamp with a bogus date on systems that allow users to give away files. - Please note that ssssuuuuddddoooo will only log the command it explic­ - itly runs. If a user runs a command such as sudo su or - sudo sh, subsequent commands run from that shell will _n_o_t - be logged, nor will ssssuuuuddddoooo's access control affect them. - The same is true for commands that offer shell escapes - (including most editors). Because of this, care must be - taken when giving users access to commands via ssssuuuuddddoooo to @@ -268,6 +268,13 @@ December 14, 2001 1.6.4 4 sudo(1m) MAINTENANCE COMMANDS sudo(1m) + Please note that ssssuuuuddddoooo will only log the command it explic­ + itly runs. If a user runs a command such as sudo su or + sudo sh, subsequent commands run from that shell will _n_o_t + be logged, nor will ssssuuuuddddoooo's access control affect them. + The same is true for commands that offer shell escapes + (including most editors). Because of this, care must be + taken when giving users access to commands via ssssuuuuddddoooo to verify that the command does not inadvertantly give the user an effective root shell. @@ -303,6 +310,30 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT ssssuuuuddddoooo utilizes the following environment variables: + + + + + + + + + + + + + + + +December 14, 2001 1.6.4 5 + + + + + +sudo(1m) MAINTENANCE COMMANDS sudo(1m) + + PATH Set to a sane value if SECURE_PATH is set SHELL Used to determine shell to run with -s option USER Set to the target user (root unless the -u option @@ -323,17 +354,6 @@ FFFFIIIILLLLEEEESSSS /var/run/sudo Directory containing timestamps - - -December 14, 2001 1.6.4 5 - - - - - -sudo(1m) MAINTENANCE COMMANDS sudo(1m) - - AAAAUUUUTTTTHHHHOOOORRRRSSSS Many people have worked on ssssuuuuddddoooo over the years; this ver­ sion consists of code written primarily by: @@ -367,9 +387,21 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS cation. Running shell scripts via ssssuuuuddddoooo can expose the same kernel - bugs that make setuid shell scripts unsafe on some operat­ - ing systems (if your OS supports the /dev/fd/ directory, - setuid shell scripts are generally safe). + bugs that make setuid shell scripts unsafe on some + + + +December 14, 2001 1.6.4 6 + + + + + +sudo(1m) MAINTENANCE COMMANDS sudo(1m) + + + operating systems (if your OS supports the /dev/fd/ direc­ + tory, setuid shell scripts are generally safe). SSSSEEEEEEEE AAAALLLLSSSSOOOO _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _s_u_d_o_e_r_s(4), _p_a_s_s_w_d(5), _v_i_s_u_d_o(1m), @@ -391,6 +423,40 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -December 14, 2001 1.6.4 6 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +December 14, 2001 1.6.4 7 diff --git a/sudo.man.in b/sudo.man.in index 973788cb9..17c240420 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Fri Dec 14 13:00:22 2001 +.\" Fri Dec 14 17:27:57 2001 .\" .\" Standard preamble: .\" ====================================================================== @@ -145,8 +145,8 @@ sudo \- execute a command as another user .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | -[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ] [ \fB\-c\fR \fIclass\fR|\fI-\fR ] -[ \fB\-a\fR \fIauth_type\fR ] +[ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ] +[ \fB\-c\fR \fIclass\fR|\fI-\fR ] [ \fB\-a\fR \fIauth_type\fR ] [ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -267,6 +267,13 @@ in \fIpasswd\fR\|(@mansectform@). The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable to the homedir of the target user (root by default) as specified in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR. +.Ip "\-P" 4 +.IX Item "-P" +The \fB\-P\fR (\fIpreserve group vector\fR) option causes \fBsudo\fR to preserve +the user's group vector unaltered. By default, \fBsudo\fR will initialize +the group vector to the list of groups the target user is in. +The real and effective group IDs, however, are still set to match +the target user. .Ip "\-S" 4 .IX Item "-S" The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from diff --git a/sudoers.cat b/sudoers.cat index bba3493f2..329083cf4 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN -December 13, 2001 1.6.4 1 +December 14, 2001 1.6.4 1 @@ -127,7 +127,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -December 13, 2001 1.6.4 2 +December 14, 2001 1.6.4 2 @@ -193,7 +193,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -December 13, 2001 1.6.4 3 +December 14, 2001 1.6.4 3 @@ -259,7 +259,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -December 13, 2001 1.6.4 4 +December 14, 2001 1.6.4 4 @@ -325,7 +325,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -December 13, 2001 1.6.4 5 +December 14, 2001 1.6.4 5 @@ -367,7 +367,16 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) tage is that if the executable is simply not in the user's PATH, ssssuuuuddddoooo will tell the user that they are not allowed to run it, which can - be confusing. This flag is off by default. + be confusing. This flag is _o_f_f by default. + + preserve_groups + By default ssssuuuuddddoooo will initialize the group vec­ + tor to the list of groups the target user is + in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's + existing group vector is left unaltered. The + real and effective group IDs, however, are + still set to match the target user. This flag + is _o_f_f by default. fqdn Set this flag if you want to put fully quali­ fied hostnames in the _s_u_d_o_e_r_s file. I.e.: @@ -379,19 +388,10 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) stops working (for example if the machine is not plugged into the network). Also note that you must use the host's official name as DNS - knows it. That is, you may not use a host - alias (CNAME entry) due to performance issues - and the fact that there is no way to get all - aliases from DNS. If your machine's hostname - (as returned by the hostname command) is - already fully qualified you shouldn't need to - set _f_q_d_n. This flag is _o_f_f by default. - - -December 13, 2001 1.6.4 6 +December 14, 2001 1.6.4 6 @@ -400,6 +400,14 @@ December 13, 2001 1.6.4 6 sudoers(4) MAINTENANCE COMMANDS sudoers(4) + knows it. That is, you may not use a host + alias (CNAME entry) due to performance issues + and the fact that there is no way to get all + aliases from DNS. If your machine's hostname + (as returned by the hostname command) is + already fully qualified you shouldn't need to + set _f_q_d_n. This flag is _o_f_f by default. + insults If set, ssssuuuuddddoooo will insult users when they enter an incorrect password. This flag is _o_f_f by default. @@ -446,18 +454,10 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) given). However, since some programs (includ­ ing the RCS revision control system) use LOG­ NAME to determine the real identity of the - user, it may be desirable to change this - behavior. This can be done by negating the - set_logname option. - - stay_setuid Normally, when ssssuuuuddddoooo executes a command the - real and effective UIDs are set to the target - user (root by default). This option changes - that behavior such that the real UID is left -December 13, 2001 1.6.4 7 +December 14, 2001 1.6.4 7 @@ -466,6 +466,14 @@ December 13, 2001 1.6.4 7 sudoers(4) MAINTENANCE COMMANDS sudoers(4) + user, it may be desirable to change this + behavior. This can be done by negating the + set_logname option. + + stay_setuid Normally, when ssssuuuuddddoooo executes a command the + real and effective UIDs are set to the target + user (root by default). This option changes + that behavior such that the real UID is left as the invoking user's UID. In other words, this makes ssssuuuuddddoooo act as a setuid wrapper. This can be useful on systems that disable some @@ -511,19 +519,11 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) timestamp_timeout Number of minutes that can elapse before ssssuuuuddddoooo will ask for a passwd again. The default is - 5. Set this to 0 to always prompt for a pass­ - word. If set to a value less than 0 the - user's timestamp will never expire. This can - be used to allow users to create or delete - their own timestamps via sudo -v and sudo -k - respectively. - - passwd_timeout - Number of minutes before the ssssuuuuddddoooo password + 5. Set this to 0 to always prompt for a -December 13, 2001 1.6.4 8 +December 14, 2001 1.6.4 8 @@ -532,6 +532,14 @@ December 13, 2001 1.6.4 8 sudoers(4) MAINTENANCE COMMANDS sudoers(4) + password. If set to a value less than 0 the + user's timestamp will never expire. This can + be used to allow users to create or delete + their own timestamps via sudo -v and sudo -k + respectively. + + passwd_timeout + Number of minutes before the ssssuuuuddddoooo password prompt times out. The default is 5, set this to 0 for no password timeout. @@ -578,25 +586,24 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) editor A colon (':') separated list of editors allowed to be used with vvvviiiissssuuuuddddoooo. vvvviiiissssuuuuddddoooo will choose the editor that matches the user's USER - environment variable if possible, or the first - editor in the list that exists and is exe­ - cutable. The default is the path to vi on - your system. - - SSSSttttrrrriiiinnnnggggssss tttthhhhaaaatttt ccccaaaannnn bbbbeeee uuuusssseeeedddd iiiinnnn aaaa bbbboooooooolllleeeeaaaannnn ccccoooonnnntttteeeexxxxtttt: +December 14, 2001 1.6.4 9 -December 13, 2001 1.6.4 9 +sudoers(4) MAINTENANCE COMMANDS sudoers(4) -sudoers(4) MAINTENANCE COMMANDS sudoers(4) + environment variable if possible, or the first + editor in the list that exists and is exe­ + cutable. The default is the path to vi on + your system. + SSSSttttrrrriiiinnnnggggssss tttthhhhaaaatttt ccccaaaannnn bbbbeeee uuuusssseeeedddd iiiinnnn aaaa bbbboooooooolllleeeeaaaannnn ccccoooonnnntttteeeexxxxtttt: logfile Path to the ssssuuuuddddoooo log file (not the syslog log file). Setting a path turns on logging to a @@ -644,18 +651,11 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) The default value is `all'. - listpw This option controls when a password will be - required when a user runs ssssuuuuddddoooo with the ----llll. - It has the following possible values: - - all All the user's I entries for the - current host must have the C - flag set to avoid entering a password. -December 13, 2001 1.6.4 10 +December 14, 2001 1.6.4 10 @@ -664,6 +664,14 @@ December 13, 2001 1.6.4 10 sudoers(4) MAINTENANCE COMMANDS sudoers(4) + listpw This option controls when a password will be + required when a user runs ssssuuuuddddoooo with the ----llll. + It has the following possible values: + + all All the user's I entries for the + current host must have the C + flag set to avoid entering a password. + any At least one of the user's I entries for the current host must have the C flag set to avoid entering a @@ -710,18 +718,10 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) the =, +=, -=, and operators respectively. This list has no default members. - When logging via _s_y_s_l_o_g(3), ssssuuuuddddoooo accepts the following - values for the syslog facility (the value of the ssssyyyysssslllloooogggg - Parameter): aaaauuuutttthhhhpppprrrriiiivvvv (if your OS supports it), aaaauuuutttthhhh, ddddaaaaeeee­­­­ - mmmmoooonnnn, uuuusssseeeerrrr, llllooooccccaaaallll0000, llllooooccccaaaallll1111, llllooooccccaaaallll2222, llllooooccccaaaallll3333, llllooooccccaaaallll4444, llllooooccccaaaallll5555, - llllooooccccaaaallll6666, and llllooooccccaaaallll7777. The following syslog priorities are - supported: aaaalllleeeerrrrtttt, ccccrrrriiiitttt, ddddeeeebbbbuuuugggg, eeeemmmmeeeerrrrgggg, eeeerrrrrrrr, iiiinnnnffffoooo, nnnnoooottttiiiicccceeee, - and wwwwaaaarrrrnnnniiiinnnngggg. - -December 13, 2001 1.6.4 11 +December 14, 2001 1.6.4 11 @@ -730,6 +730,14 @@ December 13, 2001 1.6.4 11 sudoers(4) MAINTENANCE COMMANDS sudoers(4) + When logging via _s_y_s_l_o_g(3), ssssuuuuddddoooo accepts the following + values for the syslog facility (the value of the ssssyyyysssslllloooogggg + Parameter): aaaauuuutttthhhhpppprrrriiiivvvv (if your OS supports it), aaaauuuutttthhhh, ddddaaaaeeee­­­­ + mmmmoooonnnn, uuuusssseeeerrrr, llllooooccccaaaallll0000, llllooooccccaaaallll1111, llllooooccccaaaallll2222, llllooooccccaaaallll3333, llllooooccccaaaallll4444, llllooooccccaaaallll5555, + llllooooccccaaaallll6666, and llllooooccccaaaallll7777. The following syslog priorities are + supported: aaaalllleeeerrrrtttt, ccccrrrriiiitttt, ddddeeeebbbbuuuugggg, eeeemmmmeeeerrrrgggg, eeeerrrrrrrr, iiiinnnnffffoooo, nnnnoooottttiiiicccceeee, + and wwwwaaaarrrrnnnniiiinnnngggg. + UUUUsssseeeerrrr SSSSppppeeeecccciiiiffffiiiiccccaaaattttiiiioooonnnn User_Spec ::= User_list Host_List '=' Cmnd_Spec_List \ @@ -773,21 +781,13 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) Then user ddddggggbbbb is now allowed to run _/_b_i_n_/_l_s as ooooppppeeeerrrraaaattttoooorrrr, but _/_b_i_n_/_k_i_l_l and _/_u_s_r_/_b_i_n_/_l_p_r_m as rrrrooooooootttt. - NNNNOOOOPPPPAAAASSSSSSSSWWWWDDDD aaaannnndddd PPPPAAAASSSSSSSSWWWWDDDD - By default, ssssuuuuddddoooo requires that a user authenticate him or - herself before running a command. This behavior can be - modified via the NOPASSWD tag. Like a Runas_Spec, the - NOPASSWD tag sets a default for the commands that follow - it in the Cmnd_Spec_List. Conversely, the PASSWD tag can - be used to reverse things. For example: - ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm -December 13, 2001 1.6.4 12 +December 14, 2001 1.6.4 12 @@ -796,6 +796,17 @@ December 13, 2001 1.6.4 12 sudoers(4) MAINTENANCE COMMANDS sudoers(4) + NNNNOOOOPPPPAAAASSSSSSSSWWWWDDDD aaaannnndddd PPPPAAAASSSSSSSSWWWWDDDD + + By default, ssssuuuuddddoooo requires that a user authenticate him or + herself before running a command. This behavior can be + modified via the NOPASSWD tag. Like a Runas_Spec, the + NOPASSWD tag sets a default for the commands that follow + it in the Cmnd_Spec_List. Conversely, the PASSWD tag can + be used to reverse things. For example: + + ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm + would allow the user rrrraaaayyyy to run _/_b_i_n_/_k_i_l_l, _/_b_i_n_/_l_s, and _/_u_s_r_/_b_i_n_/_l_p_r_m as root on the machine rushmore as rrrrooooooootttt without authenticating himself. If we only want rrrraaaayyyy to be @@ -839,28 +850,29 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) line arguments, however, as slash ddddooooeeeessss get matched by wildcards. This is to make a path like: - /usr/bin/* - match /usr/bin/who but not /usr/bin/X11/xterm. - EEEExxxxcccceeeeppppttttiiiioooonnnnssss ttttoooo wwwwiiiillllddddccccaaaarrrrdddd rrrruuuulllleeeessss:::: - The following exceptions apply to the above rules: +December 14, 2001 1.6.4 13 - """" If the empty string "" is the only command line - argument in the _s_u_d_o_e_r_s entry it means that com­ - mand is not allowed to be run with aaaannnnyyyy arguments. -December 13, 2001 1.6.4 13 +sudoers(4) MAINTENANCE COMMANDS sudoers(4) + /usr/bin/* + match /usr/bin/who but not /usr/bin/X11/xterm. -sudoers(4) MAINTENANCE COMMANDS sudoers(4) + EEEExxxxcccceeeeppppttttiiiioooonnnnssss ttttoooo wwwwiiiillllddddccccaaaarrrrdddd rrrruuuulllleeeessss:::: + The following exceptions apply to the above rules: + + """" If the empty string "" is the only command line + argument in the _s_u_d_o_e_r_s entry it means that com­ + mand is not allowed to be run with aaaannnnyyyy arguments. OOOOtttthhhheeeerrrr ssssppppeeeecccciiiiaaaallll cccchhhhaaaarrrraaaacccctttteeeerrrrssss aaaannnndddd rrrreeeesssseeeerrrrvvvveeeedddd wwwwoooorrrrddddssss:::: @@ -901,32 +913,29 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit contrived. First, we define our _a_l_i_a_s_e_s: - # User alias specification - User_Alias FULLTIMERS = millert, mikef, dowdy - User_Alias PARTTIMERS = bostley, jwfox, crawl - User_Alias WEBMASTERS = will, wendy, wim - - # Runas alias specification - Runas_Alias OP = root, operator - Runas_Alias DB = oracle, sybase +December 14, 2001 1.6.4 14 -December 13, 2001 1.6.4 14 - - +sudoers(4) MAINTENANCE COMMANDS sudoers(4) -sudoers(4) MAINTENANCE COMMANDS sudoers(4) + # User alias specification + User_Alias FULLTIMERS = millert, mikef, dowdy + User_Alias PARTTIMERS = bostley, jwfox, crawl + User_Alias WEBMASTERS = will, wendy, wim + # Runas alias specification + Runas_Alias OP = root, operator + Runas_Alias DB = oracle, sybase # Host alias specification Host_Alias SPARC = bigtime, eclipse, moet, anchor :\ @@ -973,26 +982,26 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) %wheel ALL = (ALL) ALL We let rrrrooooooootttt and any user in group wwwwhhhheeeeeeeellll run any command on - any host as any user. - FULLTIMERS ALL = NOPASSWD: ALL - Full time sysadmins (mmmmiiiilllllllleeeerrrrtttt, mmmmiiiikkkkeeeeffff, and ddddoooowwwwddddyyyy) may run - any command on any host without authenticating themselves. - PARTTIMERS ALL = ALL +December 14, 2001 1.6.4 15 -December 13, 2001 1.6.4 15 +sudoers(4) MAINTENANCE COMMANDS sudoers(4) + any host as any user. + FULLTIMERS ALL = NOPASSWD: ALL -sudoers(4) MAINTENANCE COMMANDS sudoers(4) + Full time sysadmins (mmmmiiiilllllllleeeerrrrtttt, mmmmiiiikkkkeeeeffff, and ddddoooowwwwddddyyyy) may run + any command on any host without authenticating themselves. + PARTTIMERS ALL = ALL Part time sysadmins (bbbboooossssttttlllleeeeyyyy, jjjjwwwwffffooooxxxx, and ccccrrrraaaawwwwllll) may run any command on any host but they must authenticate them­ @@ -1039,26 +1048,27 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) jim +biglab = ALL - The user jjjjiiiimmmm may run any command on machines in the _b_i_g_l_a_b - netgroup. SSSSuuuuddddoooo knows that "biglab" is a netgroup due to - the '+' prefix. - +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser - Users in the sssseeeeccccrrrreeeettttaaaarrrriiiieeeessss netgroup need to help manage the - printers as well as add and remove users, so they are - allowed to run those commands on all machines. +December 14, 2001 1.6.4 16 -December 13, 2001 1.6.4 16 +sudoers(4) MAINTENANCE COMMANDS sudoers(4) -sudoers(4) MAINTENANCE COMMANDS sudoers(4) + The user jjjjiiiimmmm may run any command on machines in the _b_i_g_l_a_b + netgroup. SSSSuuuuddddoooo knows that "biglab" is a netgroup due to + the '+' prefix. + +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser + + Users in the sssseeeeccccrrrreeeettttaaaarrrriiiieeeessss netgroup need to help manage the + printers as well as add and remove users, so they are + allowed to run those commands on all machines. fred ALL = (DB) NOPASSWD: ALL @@ -1104,27 +1114,28 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) Any user may mount or unmount a CD-ROM on the machines in the CDROM Host_Alias (orion, perseus, hercules) without entering a password. This is a bit tedious for users to - type, so it is a prime candidate for encapsulating in a - shell script. -SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTEEEESSSS - It is generally not effective to "subtract" commands from - ALL using the '!' operator. A user can trivially circum­ - vent this by copying the desired command to a different - name and then executing that. For example: - bill ALL = ALL, !SU, !SHELLS +December 14, 2001 1.6.4 17 -December 13, 2001 1.6.4 17 +sudoers(4) MAINTENANCE COMMANDS sudoers(4) -sudoers(4) MAINTENANCE COMMANDS sudoers(4) + type, so it is a prime candidate for encapsulating in a + shell script. +SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTEEEESSSS + It is generally not effective to "subtract" commands from + ALL using the '!' operator. A user can trivially circum­ + vent this by copying the desired command to a different + name and then executing that. For example: + + bill ALL = ALL, !SU, !SHELLS Doesn't really prevent bbbbiiiillllllll from running the commands listed in _S_U or _S_H_E_L_L_S since he can simply copy those com­ @@ -1172,17 +1183,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO - - - - - - - - - - - -December 13, 2001 1.6.4 18 +December 14, 2001 1.6.4 18 diff --git a/sudoers.man.in b/sudoers.man.in index 4c0d69f85..14159e271 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Thu Dec 13 23:43:32 2001 +.\" Fri Dec 14 17:27:57 2001 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "sudoers @mansectform@" -.TH sudoers @mansectform@ "1.6.4" "December 13, 2001" "MAINTENANCE COMMANDS" +.TH sudoers @mansectform@ "1.6.4" "December 14, 2001" "MAINTENANCE COMMANDS" .UC .SH "NAME" sudoers \- list of which users may execute what @@ -437,8 +437,15 @@ to disable this as it could be used to gather information on the location of executables that the normal user does not have access to. The disadvantage is that if the executable is simply not in the user's \f(CW\*(C`PATH\*(C'\fR, \fBsudo\fR will tell the user that they are not -allowed to run it, which can be confusing. This flag is off by +allowed to run it, which can be confusing. This flag is \fIoff\fR by default. +.Ip "preserve_groups" 12 +.IX Item "preserve_groups" +By default \fBsudo\fR will initialize the group vector to the list of +groups the target user is in. When \fIpreserve_groups\fR is set, the +user's existing group vector is left unaltered. The real and +effective group IDs, however, are still set to match the target +user. This flag is \fIoff\fR by default. .Ip "fqdn" 12 .IX Item "fqdn" Set this flag if you want to put fully qualified hostnames in the -- 2.40.0