From 51d8416545eb8d86981c6102cfdd2d68767bf53e Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 10 Dec 2007 15:56:23 +0000 Subject: [PATCH] regen --- sudo.cat | 188 ++++++++++++++++---------------- sudo.man.in | 38 ++++--- sudoers.cat | 288 ++++++++++++++++++++++++------------------------- sudoers.man.in | 8 +- 4 files changed, 267 insertions(+), 255 deletions(-) diff --git a/sudo.cat b/sudo.cat index 00f026b67..f8709305a 100644 --- a/sudo.cat +++ b/sudo.cat @@ -15,7 +15,7 @@ SSYYNNOOPPSSIISS ssuuddoo [--bbEEHHPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] - [VVAARR=_v_a_l_u_e] {--ii | --ss | _c_o_m_m_a_n_d} + [VVAARR=_v_a_l_u_e] [{--ii | --ss] [<_c_o_m_m_a_n_d}] ssuuddooeeddiitt [--SS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] file @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7 November 21, 2007 1 +1.7 December 10, 2007 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.7 November 21, 2007 2 +1.7 December 10, 2007 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7 November 21, 2007 3 +1.7 December 10, 2007 3 @@ -208,17 +208,21 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -h The --hh (_h_e_l_p) option causes ssuuddoo to print a usage message and exit. - -i The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs + -i [command] + The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell specified in the _p_a_s_s_w_d(4) entry of - the user that the command is being run as. - The command name argument given to the shell - begins with a `-' to tell the shell to run as - a login shell. ssuuddoo attempts to change to - that user's home directory before running the - shell. It also initializes the environment, - leaving _D_I_S_P_L_A_Y and _T_E_R_M unchanged, setting - _H_O_M_E, _S_H_E_L_L, _U_S_E_R, _L_O_G_N_A_M_E, and _P_A_T_H, and - unsetting all other environment variables. + the target user as a login shell. This means + that login-specific resource files such as + .profile or .login will be read by the shell. + If a command is specified, it is passed to the + shell for execution. Otherwise, an interac- + tive shell is executed. ssuuddoo attempts to + change to that user's home directory before + running the shell. It also initializes the + environment, leaving _D_I_S_P_L_A_Y and _T_E_R_M + unchanged, setting _H_O_M_E, _S_H_E_L_L, _U_S_E_R, _L_O_G_N_A_M_E, + and _P_A_T_H, and unsetting all other environment + variables. -K The --KK (sure _k_i_l_l) option is like --kk except that it removes the user's timestamp entirely. @@ -252,14 +256,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) 1. -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes - ssuuddoo to preserve the invoking user's group - vector unaltered. By default, ssuuddoo will ini- - tialize the group vector to the list of groups - the target user is in. The real and effective -1.7 November 21, 2007 4 +1.7 December 10, 2007 4 @@ -268,6 +268,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + ssuuddoo to preserve the invoking user's group + vector unaltered. By default, ssuuddoo will ini- + tialize the group vector to the list of groups + the target user is in. The real and effective group IDs, however, are still set to match the target user. @@ -292,13 +296,22 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) %% two consecutive % characters are collapsed into a single % character + The prompt specified by the --pp option will + override the system password prompt on systems + that support PAM unless the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_- + _r_i_d_e flag is disabled in _s_u_d_o_e_r_s. + -S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from the standard input instead of the terminal device. - -s The --ss (_s_h_e_l_l) option runs the shell specified + -s [command] + The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L environment variable if it is set - or the shell as specified in _p_a_s_s_w_d(4). + or the shell as specified in _p_a_s_s_w_d(4). If a + command is specified, it is passed to the + shell for execution. Otherwise, an interac- + tive shell is executed. -U _u_s_e_r The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunc- tion with the --ll option to specify the user @@ -309,6 +322,18 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -u _u_s_e_r The --uu (_u_s_e_r) option causes ssuuddoo to run the specified command as a user other than _r_o_o_t. To specify a _u_i_d instead of a _u_s_e_r _n_a_m_e, use + + + +1.7 December 10, 2007 5 + + + + + +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + + _#_u_i_d. When running commands as a _u_i_d, many shells require that the '#' be escaped with a backslash ('\'). Note that if the _t_a_r_g_e_t_p_w @@ -323,17 +348,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) with as well as the machine's local network addresses. - - -1.7 November 21, 2007 5 - - - - - -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - - -v If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the user's timestamp, prompting for the user's password if necessary. This extends @@ -374,6 +388,18 @@ RREETTUURRNN VVAALLUUEESS and one of the directories in your PATH is on a machine that is currently unreachable. + + + +1.7 December 10, 2007 6 + + + + + +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + + SSEECCUURRIITTYY NNOOTTEESS ssuuddoo tries to be safe when executing external commands. @@ -388,18 +414,6 @@ SSEECCUURRIITTYY NNOOTTEESS If, however, the _e_n_v___r_e_s_e_t option is disabled in _s_u_d_o_e_r_s, any variables not explicitly denied by the _e_n_v___c_h_e_c_k and - - - -1.7 November 21, 2007 6 - - - - - -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - - _e_n_v___d_e_l_e_t_e options are inherited from the invoking pro- cess. In this case, _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e behave like a blacklist. Since it is not possible to blacklist all @@ -440,6 +454,18 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) its contents, the only damage that can be done is to "hide" files by putting them in the timestamp dir. This is unlikely to happen since once the timestamp dir is + + + +1.7 December 10, 2007 7 + + + + + +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + + owned by root and inaccessible by any other user, the user placing files there would be unable to get them back out. To get around this issue you can use a directory that is @@ -455,17 +481,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) timestamp with a bogus date on systems that allow users to give away files. - - -1.7 November 21, 2007 7 - - - - - -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - - Please note that ssuuddoo will normally only log the command it explicitly runs. If a user runs a command such as sudo su or sudo sh, subsequent commands run from that shell @@ -505,32 +520,31 @@ EENNVVIIRROONNMMEENNTT sudo SUDO_GID Set to the gid of the user who invoked - sudo - SUDO_PS1 If set, PS1 will be set to its value - USER Set to the target user (root unless the --uu - option is specified) - VISUAL Default editor to use in --ee (sudoedit) - mode +1.7 December 10, 2007 8 -FFIILLEESS - _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what - _/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing timestamps - -1.7 November 21, 2007 8 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + sudo + SUDO_PS1 If set, PS1 will be set to its value + USER Set to the target user (root unless the --uu + option is specified) -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + VISUAL Default editor to use in --ee (sudoedit) + mode +FFIILLEESS + _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what + _/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing timestamps EEXXAAMMPPLLEESS Note: the following examples assume suitable _s_u_d_o_e_r_s(4) @@ -572,6 +586,18 @@ AAUUTTHHOORRSS See the HISTORY file in the ssuuddoo distribution or visit http://www.sudo.ws/sudo/history.html for a short history + + + +1.7 December 10, 2007 9 + + + + + +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + + of ssuuddoo. CCAAVVEEAATTSS @@ -586,18 +612,6 @@ CCAAVVEEAATTSS It is not meaningful to run the cd command directly via sudo, e.g., - - - -1.7 November 21, 2007 9 - - - - - -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - - $ sudo cd /usr/local/protected since when the command exits the parent process (your @@ -641,20 +655,6 @@ DDIISSCCLLAAIIMMEERR - - - - - - - - - - - - - - -1.7 November 21, 2007 10 +1.7 December 10, 2007 10 diff --git a/sudo.man.in b/sudo.man.in index 77b3c80cc..b4847bc23 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -150,7 +150,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "November 21, 2007" "1.7" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "December 10, 2007" "1.7" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" @@ -162,8 +162,7 @@ sudo, sudoedit \- execute a command as another user .PP \&\fBsudo\fR [\fB\-bEHPS\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR] -[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fB\s-1VAR\s0\fR=\fIvalue\fR] -{\fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR} +[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fB\s-1VAR\s0\fR=\fIvalue\fR] [{\fB\-i\fR\ |\ \fB\-s\fR]\ [<\fIcommand\fR}] .PP \&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR] @@ -305,16 +304,18 @@ in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\ .IP "\-h" 12 .IX Item "-h" The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. -.IP "\-i" 12 -.IX Item "-i" +.IP "\-i [command]" 12 +.IX Item "-i [command]" The \fB\-i\fR (\fIsimulate initial login\fR) option runs the shell specified -in the \fIpasswd\fR\|(@mansectform@) entry of the user that the command is -being run as. The command name argument given to the shell begins -with a `\f(CW\*(C`\-\*(C'\fR' to tell the shell to run as a login shell. \fBsudo\fR -attempts to change to that user's home directory before running the -shell. It also initializes the environment, leaving \fI\s-1DISPLAY\s0\fR -and \fI\s-1TERM\s0\fR unchanged, setting \fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, \fI\s-1LOGNAME\s0\fR, and -\&\fI\s-1PATH\s0\fR, and unsetting all other environment variables. +in the \fIpasswd\fR\|(@mansectform@) entry of the target user as a login shell. This +means that login-specific resource files such as \f(CW\*(C`.profile\*(C'\fR or +\&\f(CW\*(C`.login\*(C'\fR will be read by the shell. If a command is specified, +it is passed to the shell for execution. Otherwise, an interactive +shell is executed. \fBsudo\fR attempts to change to that user's home +directory before running the shell. It also initializes the +environment, leaving \fI\s-1DISPLAY\s0\fR and \fI\s-1TERM\s0\fR unchanged, setting +\&\fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, \fI\s-1LOGNAME\s0\fR, and \fI\s-1PATH\s0\fR, and unsetting +all other environment variables. .IP "\-K" 12 .IX Item "-K" The \fB\-K\fR (sure \fIkill\fR) option is like \fB\-k\fR except that it removes @@ -379,16 +380,21 @@ expanded to the invoking user's login name two consecutive \f(CW\*(C`%\*(C'\fR characters are collapsed into a single \f(CW\*(C`%\*(C'\fR character .RE .RS 12 +.Sp +The prompt specified by the \fB\-p\fR option will override the system +password prompt on systems that support \s-1PAM\s0 unless the +\&\fIpassprompt_override\fR flag is disabled in \fIsudoers\fR. .RE .IP "\-S" 12 .IX Item "-S" The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from the standard input instead of the terminal device. -.IP "\-s" 12 -.IX Item "-s" +.IP "\-s [command]" 12 +.IX Item "-s [command]" The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR -environment variable if it is set or the shell as specified -in \fIpasswd\fR\|(@mansectform@). +environment variable if it is set or the shell as specified in +\&\fIpasswd\fR\|(@mansectform@). If a command is specified, it is passed to the shell +for execution. Otherwise, an interactive shell is executed. .IP "\-U \fIuser\fR" 12 .IX Item "-U user" The \fB\-U\fR (\fIother user\fR) option is used in conjunction with the \fB\-l\fR diff --git a/sudoers.cat b/sudoers.cat index 3bf1024eb..41fc4fe8d 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7 November 21, 2007 1 +1.7 December 10, 2007 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 November 21, 2007 2 +1.7 December 10, 2007 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 November 21, 2007 3 +1.7 December 10, 2007 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 November 21, 2007 4 +1.7 December 10, 2007 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 November 21, 2007 5 +1.7 December 10, 2007 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 November 21, 2007 6 +1.7 December 10, 2007 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 November 21, 2007 7 +1.7 December 10, 2007 7 @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 November 21, 2007 8 +1.7 December 10, 2007 8 @@ -589,7 +589,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.7 November 21, 2007 9 +1.7 December 10, 2007 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 November 21, 2007 10 +1.7 December 10, 2007 10 @@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 November 21, 2007 11 +1.7 December 10, 2007 11 @@ -754,6 +754,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) they are not allowed to run it, which can be confusing. This flag is _o_n by default. + passprompt_override + The password prompt specified by + _p_a_s_s_p_r_o_m_p_t will normally only be used if + the passwod prompt provided by systems + such as PAM matches the string "Pass- + word:". If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, + _p_a_s_s_p_r_o_m_p_t will always be used. This flag + is _o_f_f by default. + preserve_groups By default ssuuddoo will initialize the group vector to the list of groups the target user is in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, @@ -775,19 +784,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) root_sudo If set, root is allowed to run ssuuddoo too. Disabling this prevents users from "chain- ing" ssuuddoo commands to get a root shell by - doing something like "sudo sudo /bin/sh". - Note, however, that turning off _r_o_o_t___s_u_d_o - will also prevent root and from running - ssuuddooeeddiitt. Disabling _r_o_o_t___s_u_d_o provides no - real additional security; it exists purely - for historical reasons. This flag is _o_n - by default. - - rootpw If set, ssuuddoo will prompt for the root -1.7 November 21, 2007 12 +1.7 December 10, 2007 12 @@ -796,6 +796,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + doing something like "sudo sudo /bin/sh". + Note, however, that turning off _r_o_o_t___s_u_d_o + will also prevent root and from running + ssuuddooeeddiitt. Disabling _r_o_o_t___s_u_d_o provides no + real additional security; it exists purely + for historical reasons. This flag is _o_n + by default. + + rootpw If set, ssuuddoo will prompt for the root password instead of the password of the invoking user. This flag is _o_f_f by default. @@ -841,19 +850,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) shell_noargs If set and ssuuddoo is invoked with no argu- ments it acts as if the --ss flag had been - given. That is, it runs a shell as root - (the shell is determined by the SHELL - environment variable if it is set, falling - back on the shell listed in the invoking - user's /etc/passwd entry if not). This - flag is _o_f_f by default. - - stay_setuid Normally, when ssuuddoo executes a command the - real and effective UIDs are set to the -1.7 November 21, 2007 13 +1.7 December 10, 2007 13 @@ -862,6 +862,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + given. That is, it runs a shell as root + (the shell is determined by the SHELL + environment variable if it is set, falling + back on the shell listed in the invoking + user's /etc/passwd entry if not). This + flag is _o_f_f by default. + + stay_setuid Normally, when ssuuddoo executes a command the + real and effective UIDs are set to the target user (root by default). This option changes that behavior such that the real UID is left as the invoking user's @@ -907,27 +916,27 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) to start closing. The default is 3. passwd_tries The number of tries a user gets to enter - his/her password before ssuuddoo logs the - failure and exits. The default is 3. - IInntteeggeerrss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: - loglinelen Number of characters per line for the file - log. This value is used to decide when to - wrap lines for nicer log files. This has - no effect on the syslog log file, only the +1.7 December 10, 2007 14 -1.7 November 21, 2007 14 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + his/her password before ssuuddoo logs the + failure and exits. The default is 3. + IInntteeggeerrss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: + loglinelen Number of characters per line for the file + log. This value is used to decide when to + wrap lines for nicer log files. This has + no effect on the syslog log file, only the file log. The default is 80 (use 0 or negate the option to disable word wrap). @@ -972,20 +981,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SECURITY information for %h ***. noexec_file Path to a shared library containing dummy - versions of the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and _f_e_x_- - _e_c_v_e_(_) library functions that just return - an error. This is used to implement the - _n_o_e_x_e_c functionality on systems that sup- - port LD_PRELOAD or its equivalent. - Defaults to - _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o. - - passprompt The default prompt to use when asking for - a password; can be overridden via the --pp + versions of the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and -1.7 November 21, 2007 15 +1.7 December 10, 2007 15 @@ -994,6 +994,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + _f_e_x_e_c_v_e_(_) library functions that just + return an error. This is used to imple- + ment the _n_o_e_x_e_c functionality on systems + that support LD_PRELOAD or its equivalent. + Defaults to + _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o. + + passprompt The default prompt to use when asking for + a password; can be overridden via the --pp option or the SUDO_PROMPT environment variable. The following percent (`%') escapes are supported: @@ -1040,25 +1049,25 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SSttrriinnggss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: - exempt_group - Users in this group are exempt from password - and PATH requirements. This is not set by - default. - lecture This option controls when a short lecture will - be printed along with the password prompt. It - has the following possible values: +1.7 December 10, 2007 16 -1.7 November 21, 2007 16 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + exempt_group + Users in this group are exempt from password + and PATH requirements. This is not set by + default. + lecture This option controls when a short lecture will + be printed along with the password prompt. It + has the following possible values: always Always lecture the user. @@ -1105,26 +1114,26 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) logfile Path to the ssuuddoo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. By - default, ssuuddoo logs via syslog. - mailerflags Flags to use when invoking mailer. Defaults to - --tt. - mailerpath Path to mail program used to send warning - mail. Defaults to the path to sendmail found - at configure time. +1.7 December 10, 2007 17 -1.7 November 21, 2007 17 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + default, ssuuddoo logs via syslog. -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + mailerflags Flags to use when invoking mailer. Defaults to + --tt. + mailerpath Path to mail program used to send warning + mail. Defaults to the path to sendmail found + at configure time. mailto Address to send warning and error mail to. The address should be enclosed in double @@ -1171,19 +1180,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) LLiissttss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: env_check Environment variables to be removed from - the user's environment if the variable's - value contains % or / characters. This - can be used to guard against printf-style - format vulnerabilities in poorly-written - programs. The argument may be a dou- - ble-quoted, space-separated list or a sin- - gle value without double-quotes. The list - can be replaced, added to, deleted from, - or disabled by using the =, +=, -=, and ! -1.7 November 21, 2007 18 +1.7 December 10, 2007 18 @@ -1192,6 +1192,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + the user's environment if the variable's + value contains % or / characters. This + can be used to guard against printf-style + format vulnerabilities in poorly-written + programs. The argument may be a dou- + ble-quoted, space-separated list or a sin- + gle value without double-quotes. The list + can be replaced, added to, deleted from, + or disabled by using the =, +=, -=, and ! operators respectively. Regardless of whether the env_reset option is enabled or disabled, variables specified by env_check @@ -1237,26 +1246,26 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) supported: aalleerrtt, ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee, and wwaarrnniinngg. -FFIILLEESS - _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what - _/_e_t_c_/_g_r_o_u_p Local groups file - _/_e_t_c_/_n_e_t_g_r_o_u_p List of network groups -EEXXAAMMPPLLEESS - Below are example _s_u_d_o_e_r_s entries. Admittedly, some of - these are a bit contrived. First, we define our _a_l_i_a_s_e_s: +1.7 December 10, 2007 19 -1.7 November 21, 2007 19 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) +FFIILLEESS + _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what + _/_e_t_c_/_g_r_o_u_p Local groups file + _/_e_t_c_/_n_e_t_g_r_o_u_p List of network groups +EEXXAAMMPPLLEESS + Below are example _s_u_d_o_e_r_s entries. Admittedly, some of + these are a bit contrived. First, we define our _a_l_i_a_s_e_s: # User alias specification User_Alias FULLTIMERS = millert, mikef, dowdy @@ -1304,18 +1313,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) disable shell escapes for the commands in the PAGERS Cmnd_Alias (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and _/_u_s_r_/_b_i_n_/_l_e_s_s). - # Override built-in defaults - Defaults syslog=auth - Defaults>root !set_logname - Defaults:FULLTIMERS !lecture - Defaults:millert !authenticate - Defaults@SERVERS log_year, logfile=/var/log/sudo.log - Defaults!PAGERS noexec - - -1.7 November 21, 2007 20 +1.7 December 10, 2007 20 @@ -1324,6 +1324,14 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + # Override built-in defaults + Defaults syslog=auth + Defaults>root !set_logname + Defaults:FULLTIMERS !lecture + Defaults:millert !authenticate + Defaults@SERVERS log_year, logfile=/var/log/sudo.log + Defaults!PAGERS noexec + The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually deter- mines who may run what. @@ -1370,25 +1378,26 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The user jjooee may only _s_u(1) to operator. - pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root - The user ppeettee is allowed to change anyone's password - except for root on the _H_P_P_A machines. Note that this - assumes _p_a_s_s_w_d(1) does not take multiple usernames on the - command line. - bob SPARC = (OP) ALL : SGI = (OP) ALL +1.7 December 10, 2007 21 -1.7 November 21, 2007 21 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root + The user ppeettee is allowed to change anyone's password + except for root on the _H_P_P_A machines. Note that this + assumes _p_a_s_s_w_d(1) does not take multiple usernames on the + command line. + + bob SPARC = (OP) ALL : SGI = (OP) ALL The user bboobb may run anything on the _S_P_A_R_C and _S_G_I machines as any user listed in the _O_P Runas_Alias (rroooott @@ -1435,26 +1444,26 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) matt valkyrie = KILL - On his personal workstation, valkyrie, mmaatttt needs to be - able to kill hung processes. - WEBMASTERS www = (www) ALL, (root) /usr/bin/su www - On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias - (will, wendy, and wim), may run any command as user www - (which owns the web pages) or simply _s_u(1) to www. +1.7 December 10, 2007 22 -1.7 November 21, 2007 22 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + On his personal workstation, valkyrie, mmaatttt needs to be + able to kill hung processes. -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + WEBMASTERS www = (www) ALL, (root) /usr/bin/su www + On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias + (will, wendy, and wim), may run any command as user www + (which owns the web pages) or simply _s_u(1) to www. ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM @@ -1501,19 +1510,10 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS grams that do not if often unworkable. noexec Many systems that support shared libraries have - the ability to override default library func- - tions by pointing an environment variable (usu- - ally LD_PRELOAD) to an alternate shared library. - On such systems, ssuuddoo's _n_o_e_x_e_c functionality can - be used to prevent a program run by ssuuddoo from - executing any other programs. Note, however, - that this applies only to native dynamically- - linked executables. Statically-linked executa- - bles and foreign executables running under -1.7 November 21, 2007 23 +1.7 December 10, 2007 23 @@ -1522,6 +1522,15 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + the ability to override default library func- + tions by pointing an environment variable (usu- + ally LD_PRELOAD) to an alternate shared library. + On such systems, ssuuddoo's _n_o_e_x_e_c functionality can + be used to prevent a program run by ssuuddoo from + executing any other programs. Note, however, + that this applies only to native dynamically- + linked executables. Statically-linked executa- + bles and foreign executables running under binary emulation are not affected. To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you @@ -1566,29 +1575,29 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Note that restricting shell escapes is not a panacea. Programs running as root are still capable of many poten- tially hazardous operations (such as changing or overwrit- - ing files) that could lead to unintended privilege escala- - tion. In the specific case of an editor, a safer approach - is to give the user permission to run ssuuddooeeddiitt. + ing files) that could lead to unintended privilege -SSEEEE AALLSSOO - _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _s_u_d_o(1m), _v_i_s_u_d_o(8) -CCAAVVEEAATTSS - The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo - command which locks the file and does grammatical +1.7 December 10, 2007 24 -1.7 November 21, 2007 24 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + escalation. In the specific case of an editor, a safer + approach is to give the user permission to run ssuuddooeeddiitt. +SSEEEE AALLSSOO + _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _s_u_d_o(1m), _v_i_s_u_d_o(8) - checking. It is imperative that _s_u_d_o_e_r_s be free of syntax +CCAAVVEEAATTSS + The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo + command which locks the file and does grammatical check- + ing. It is imperative that _s_u_d_o_e_r_s be free of syntax errors since ssuuddoo will not run with a syntactically incor- rect _s_u_d_o_e_r_s file. @@ -1636,15 +1645,6 @@ DDIISSCCLLAAIIMMEERR - - - - - - - - - -1.7 November 21, 2007 25 +1.7 December 10, 2007 25 diff --git a/sudoers.man.in b/sudoers.man.in index cba921204..09e040c4c 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -150,7 +150,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "November 21, 2007" "1.7" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "December 10, 2007" "1.7" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -790,6 +790,12 @@ to. The disadvantage is that if the executable is simply not in the user's \f(CW\*(C`PATH\*(C'\fR, \fBsudo\fR will tell the user that they are not allowed to run it, which can be confusing. This flag is \fI@path_info@\fR by default. +.IP "passprompt_override" 16 +.IX Item "passprompt_override" +The password prompt specified by \fIpassprompt\fR will normally only +be used if the passwod prompt provided by systems such as \s-1PAM\s0 matches +the string \*(L"Password:\*(R". If \fIpassprompt_override\fR is set, \fIpassprompt\fR +will always be used. This flag is \fIoff\fR by default. .IP "preserve_groups" 16 .IX Item "preserve_groups" By default \fBsudo\fR will initialize the group vector to the list of -- 2.40.0