From 8204723c874703bd9c0fad36f1689b7d40448c3d Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 26 Oct 2004 20:09:14 +0000 Subject: [PATCH] regen --- sudo.cat | 126 +++++------------- sudo.man.in | 22 ++-- sudoers.cat | 348 ++++++++++++++++++++++++------------------------- sudoers.man.in | 18 +-- visudo.cat | 46 +++---- visudo.man.in | 33 ++--- 6 files changed, 254 insertions(+), 339 deletions(-) diff --git a/sudo.cat b/sudo.cat index 7c281520f..548e5a9db 100644 --- a/sudo.cat +++ b/sudo.cat @@ -8,7 +8,7 @@ NNAAMMEE sudo, sudoedit - execute a command as another user SSYYNNOOPPSSIISS - ssuuddoo --KK | --LL | --VV | --hh | --kk | --ll | --vv + ssuuddoo --KK | --LL | --VV | --hh | --kk | --ll [_u_s_e_r_n_a_m_e] | --vv ssuuddoo [--HHPPSSbb] [--aa _a_u_t_h___t_y_p_e] [--cc _c_l_a_s_s|_-] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] {--ee file [...] | --ii | --ss | _c_o_m_m_a_n_d} @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.6.9 September 30, 2004 1 +1.6.9 October 26, 2004 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.6.9 September 30, 2004 2 +1.6.9 October 26, 2004 2 @@ -184,7 +184,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -i The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell specified in the passwd(4) entry of the user that the command is being run as. The command name argument - given to the shell begins with a - to tell the shell + given to the shell begins with a `-' to tell the shell to run as a login shell. ssuuddoo attempts to change to that user's home directory before running the shell. It also initializes the environment, leaving _T_E_R_M @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.6.9 September 30, 2004 3 +1.6.9 October 26, 2004 3 @@ -202,12 +202,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - Note that because the shell to use is determined - before the _s_u_d_o_e_r_s file is parsed, a _r_u_n_a_s___d_e_f_a_u_l_t - setting in _s_u_d_o_e_r_s will specify the user to run the - shell as but will not affect which shell is actually - run. - -k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's timestamp by setting the time on it to the epoch. The next time ssuuddoo is run a password will be required. @@ -215,8 +209,12 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) to allow a user to revoke ssuuddoo permissions from a .logout file. - -l The --ll (_l_i_s_t) option will list out the allowed (and - forbidden) commands for the user on the current host. + -l [_u_s_e_r_n_a_m_e] + The --ll (_l_i_s_t) option will list out the allowed (and + forbidden) commands for _u_s_e_r_n_a_m_e on the current host. + If _u_s_e_r_n_a_m_e is ommitted, the information listed will + be for the invoking user. Only the superuser may list + other user's commands. -p The --pp (_p_r_o_m_p_t) option allows you to override the default password prompt and use a custom one. The @@ -256,10 +254,12 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) in _s_u_d_o_e_r_s) but does not run a command. -- The ---- flag indicates that ssuuddoo should stop processing + command line arguments. It is most useful in conjunc­ + tion with the --ss flag. -1.6.9 September 30, 2004 4 +1.6.9 October 26, 2004 4 @@ -268,9 +268,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - command line arguments. It is most useful in conjunc­ - tion with the --ss flag. - RREETTUURRNN VVAALLUUEESS Upon successful execution of a program, the return value from ssuuddoo will simply be the return value of the program @@ -322,10 +319,13 @@ SSEECCUURRIITTYY NNOOTTEESS cally. ssuuddoo will check the ownership of its timestamp directory + (_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's con­ + tents if it is not owned by root and only writable by + root. On systems that allow non-root users to give away -1.6.9 September 30, 2004 5 +1.6.9 October 26, 2004 5 @@ -334,9 +334,6 @@ SSEECCUURRIITTYY NNOOTTEESS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - (_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's con­ - tents if it is not owned by root and only writable by - root. On systems that allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp directory is located in a directory writable by anyone (e.g.: _/_t_m_p), it is pos­ sible for a user to create the timestamp directory before @@ -388,21 +385,20 @@ EENNVVIIRROONNMMEENNTT SUDO_PROMPT Used as the default password prompt + SUDO_COMMAND Set to the command run by sudo + SUDO_USER Set to the login of the user who invoked sudo -1.6.9 September 30, 2004 6 - +1.6.9 October 26, 2004 6 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - SUDO_COMMAND Set to the command run by sudo +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - SUDO_USER Set to the login of the user who invoked sudo SUDO_UID Set to the uid of the user who invoked sudo @@ -455,19 +451,20 @@ AAUUTTHHOORRSS Many people have worked on ssuuddoo over the years; this ver­ sion consists of code written primarily by: + Todd Miller + Chris Jepeway -1.6.9 September 30, 2004 7 +1.6.9 October 26, 2004 7 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - Todd Miller - Chris Jepeway +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + See the HISTORY file in the ssuuddoo distribution or visit http://www.sudo.ws/sudo/history.html for a short history @@ -519,76 +516,13 @@ DDIISSCCLLAAIIMMEERR ranties, including, but not limited to, the implied war­ ranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed - with ssuuddoo or http://www.sudo.ws/sudo/license.html for - - - -1.6.9 September 30, 2004 8 - - - - - -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - - - complete details. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + with ssuuddoo or http://www.sudo.ws/sudo/license.html for com­ + plete details. -1.6.9 September 30, 2004 9 +1.6.9 October 26, 2004 8 diff --git a/sudo.man.in b/sudo.man.in index 3a48b99b9..19c3879ec 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -149,12 +149,12 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "September 30, 2004" "1.6.9" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "October 26, 2004" "1.6.9" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR +\&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR [\fIusername\fR] | \fB\-v\fR .PP \&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] @@ -308,15 +308,11 @@ The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and The \fB\-i\fR (\fIsimulate initial login\fR) option runs the shell specified in the passwd(@mansectform@) entry of the user that the command is being run as. The command name argument given to the shell begins -with a \f(CW\*(C`\-\*(C'\fR to tell the shell to run as a login shell. \fBsudo\fR +with a `\f(CW\*(C`\-\*(C'\fR' to tell the shell to run as a login shell. \fBsudo\fR attempts to change to that user's home directory before running the shell. It also initializes the environment, leaving \fI\s-1TERM\s0\fR unchanged, setting \fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, \fI\s-1LOGNAME\s0\fR, and -\&\fI\s-1PATH\s0\fR, and unsetting all other environment variables. Note that -because the shell to use is determined before the \fIsudoers\fR file -is parsed, a \fIrunas_default\fR setting in \fIsudoers\fR will specify -the user to run the shell as but will not affect which shell is -actually run. +\&\fI\s-1PATH\s0\fR, and unsetting all other environment variables. .IP "\-k" 4 .IX Item "-k" The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp @@ -324,10 +320,12 @@ by setting the time on it to the epoch. The next time \fBsudo\fR is run a password will be required. This option does not require a password and was added to allow a user to revoke \fBsudo\fR permissions from a .logout file. -.IP "\-l" 4 -.IX Item "-l" -The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and -forbidden) commands for the user on the current host. +.IP "\-l [\fIusername\fR]" 4 +.IX Item "-l [username]" +The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and forbidden) +commands for \fIusername\fR on the current host. If \fIusername\fR is +ommitted, the information listed will be for the invoking user. +Only the superuser may list other user's commands. .IP "\-p" 4 .IX Item "-p" The \fB\-p\fR (\fIprompt\fR) option allows you to override the default diff --git a/sudoers.cat b/sudoers.cat index 321f3051e..dcef4048f 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -13,7 +13,7 @@ DDEESSCCRRIIPPTTIIOONN (which specify who may run what). When multiple entries match for a user, they are applied - in order. Where there are conflicting values, the last + in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match). @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.6.9 October 13, 2004 1 +1.6.9 October 26, 2004 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 13, 2004 2 +1.6.9 October 26, 2004 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 13, 2004 3 +1.6.9 October 26, 2004 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 13, 2004 4 +1.6.9 October 26, 2004 4 @@ -277,11 +277,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) ignore_dot If set, ssuuddoo will ignore '.' or '' (current dir) in the PATH environment variable; the PATH itself is not modified. This flag is _o_f_f - by default. Currently, while it is possible - to set _i_g_n_o_r_e___d_o_t in _s_u_d_o_e_r_s, its value is not - used. This option should be considered read- - only (it will be fixed in a future version of - ssuuddoo). + by default. mail_always Send mail to the _m_a_i_l_t_o user every time a users runs ssuuddoo. This flag is _o_f_f by default. @@ -322,23 +318,23 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) If set, users must authenticate themselves via a password (or other means of authentication) before they may run commands. This default + may be overridden via the PASSWD and NOPASSWD + tags. This flag is _o_n by default. + root_sudo If set, root is allowed to run ssuuddoo too. -1.6.9 October 13, 2004 5 +1.6.9 October 26, 2004 5 -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - may be overridden via the PASSWD and NOPASSWD - tags. This flag is _o_n by default. - root_sudo If set, root is allowed to run ssuuddoo too. Dis­ - abling this prevents users from "chaining" + Disabling this prevents users from "chaining" ssuuddoo commands to get a root shell by doing something like "sudo sudo /bin/sh". Note, however, that turning off _r_o_o_t___s_u_d_o will also @@ -388,28 +384,28 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) tage is that if the executable is simply not in the user's PATH, ssuuddoo will tell the user that they are not allowed to run it, which can + be confusing. This flag is _o_f_f by default. + preserve_groups + By default ssuuddoo will initialize the group -1.6.9 October 13, 2004 6 +1.6.9 October 26, 2004 6 -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - be confusing. This flag is _o_f_f by default. - preserve_groups - By default ssuuddoo will initialize the group vec­ - tor to the list of groups the target user is - in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's - existing group vector is left unaltered. The - real and effective group IDs, however, are - still set to match the target user. This flag - is _o_f_f by default. + vector to the list of groups the target user + is in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the + user's existing group vector is left unal­ + tered. The real and effective group IDs, how­ + ever, are still set to match the target user. + This flag is _o_f_f by default. fqdn Set this flag if you want to put fully quali­ fied hostnames in the _s_u_d_o_e_r_s file. I.e., @@ -454,10 +450,14 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) specified in editor. This flag is off by default. + rootpw If set, ssuuddoo will prompt for the root password + instead of the password of the invoking user. + This flag is _o_f_f by default. + -1.6.9 October 13, 2004 7 +1.6.9 October 26, 2004 7 @@ -466,10 +466,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - rootpw If set, ssuuddoo will prompt for the root password - instead of the password of the invoking user. - This flag is _o_f_f by default. - runaspw If set, ssuuddoo will prompt for the password of the user defined by the _r_u_n_a_s___d_e_f_a_u_l_t option (defaults to root) instead of the password of @@ -519,11 +515,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) variables may be preserved with the _e_n_v___k_e_e_p option. + use_loginclass + If set, ssuuddoo will apply the defaults specified + for the target user's login class if one + exists. Only available if ssuuddoo is configured + with the --with-logincap option. This flag is - -1.6.9 October 13, 2004 8 +1.6.9 October 26, 2004 8 @@ -532,11 +532,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - use_loginclass - If set, ssuuddoo will apply the defaults specified - for the target user's login class if one - exists. Only available if ssuuddoo is configured - with the --with-logincap option. This flag is _o_f_f by default. noexec If set, all commands run via ssuuddoo will behave @@ -586,10 +581,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) wrap lines for nicer log files. This has no effect on the syslog log file, only the file log. The default is 80 (use 0 or negate the + option to disable word wrap). + + timestamp_timeout + Number of minutes that can elapse before ssuuddoo + will ask for a passwd again. The default is -1.6.9 October 13, 2004 9 +1.6.9 October 26, 2004 9 @@ -598,11 +598,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - option to disable word wrap). - - timestamp_timeout - Number of minutes that can elapse before ssuuddoo - will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a pass­ word. If set to a value less than 0 the user's timestamp will never expire. This can @@ -652,23 +647,23 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) the command will be run as (defaults to root) + %h expanded to the local hostname without + the domain name + %H expanded to the local hostname includ­ + ing the domain name (on if the -1.6.9 October 13, 2004 10 +1.6.9 October 26, 2004 10 -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - %h expanded to the local hostname without - the domain name - %H expanded to the local hostname includ­ - ing the domain name (on if the machine's hostname is fully qualified or the _f_q_d_n option is set) @@ -719,20 +714,21 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) once Only lecture the user the first time they run ssuuddoo. + always Always lecture the user. + The default value is _o_n_c_e. -1.6.9 October 13, 2004 11 +1.6.9 October 26, 2004 11 -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - always Always lecture the user. - The default value is _o_n_c_e. +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + lecture_file Path to a file containing an alternate ssuuddoo @@ -785,9 +781,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The default value is `all'. + listpw This option controls when a password will be + required when a user runs ssuuddoo with the --ll + flag. It has the following possible values: + -1.6.9 October 13, 2004 12 +1.6.9 October 26, 2004 12 @@ -796,10 +796,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - listpw This option controls when a password will be - required when a user runs ssuuddoo with the --ll - flag. It has the following possible values: - all All the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid entering a password. @@ -849,11 +845,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) env_keep Environment variables to be preserved in the user's environment when the _e_n_v___r_e_s_e_t option is in effect. This allows fine-grained con­ - trol over the environment ssuuddoo-spawned + trol over the environment ssuuddoo-spawned pro­ + cesses will receive. The argument may be a + double-quoted, space-separated list or a sin­ + gle value without double-quotes. The list can + be replaced, added to, deleted from, or -1.6.9 October 13, 2004 13 +1.6.9 October 26, 2004 13 @@ -862,13 +862,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - processes will receive. The argument may be a - double-quoted, space-separated list or a sin­ - gle value without double-quotes. The list can - be replaced, added to, deleted from, or dis­ - abled by using the =, +=, -=, and ! operators - respectively. This list has no default mem­ - bers. + disabled by using the =, +=, -=, and ! opera­ + tors respectively. This list has no default + members. When logging via _s_y_s_l_o_g(3), ssuuddoo accepts the following values for the syslog facility (the value of the ssyysslloogg @@ -916,22 +912,21 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) $ sudo -u operator /bin/ls. + It is also possible to override a Runas_Spec later on in + an entry. If we modify the entry like so: + dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm -1.6.9 October 13, 2004 14 - +1.6.9 October 26, 2004 14 -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - It is also possible to override a Runas_Spec later on in - an entry. If we modify the entry like so: +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm Then user ddggbb is now allowed to run _/_b_i_n_/_l_s as ooppeerraattoorr, but _/_b_i_n_/_k_i_l_l and _/_u_s_r_/_b_i_n_/_l_p_r_m as rroooott. @@ -983,21 +978,21 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) can be used to prevent a dynamically-linked executable from running further commands itself. + In the following example, user aaaarroonn may run _/_u_s_r_/_b_i_n_/_m_o_r_e + and _/_u_s_r_/_b_i_n_/_v_i but shell escapes will be disabled. + aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi -1.6.9 October 13, 2004 15 +1.6.9 October 26, 2004 15 -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - In the following example, user aaaarroonn may run _/_u_s_r_/_b_i_n_/_m_o_r_e - and _/_u_s_r_/_b_i_n_/_v_i but shell escapes will be disabled. +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi See the "PREVENTING SHELL ESCAPES" section below for more details on how NOEXEC works and whether or not it will @@ -1049,18 +1044,21 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) /usr/bin/* + match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m. -1.6.9 October 13, 2004 16 +1.6.9 October 26, 2004 16 + -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m. + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess @@ -1114,10 +1112,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) operator both in an _a_l_i_a_s and in front of a Cmnd. This allows one to exclude certain values. Note, however, that using a ! in conjunction with the built-in ALL alias to + allow a user to run "all but a few" commands rarely works + as intended (see SECURITY NOTES below). -1.6.9 October 13, 2004 17 +1.6.9 October 26, 2004 17 @@ -1126,9 +1126,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - allow a user to run "all but a few" commands rarely works - as intended (see SECURITY NOTES below). - Long lines can be continued with a backslash ('\') as the last character on the line. @@ -1146,14 +1143,6 @@ FFIILLEESS /etc/netgroup List of network groups EEXXAAMMPPLLEESS - Since the _s_u_d_o_e_r_s file is parsed in a single pass, order - is important. In general, you should structure _s_u_d_o_e_r_s - such that the Host_Alias, User_Alias, and Cmnd_Alias spec­ - ifications come first, followed by any Default_Entry - lines, and finally the Runas_Alias and user specifica­ - tions. The basic rule of thumb is you cannot reference an - Alias that has not already been defined. - Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit contrived. First, we define our _a_l_i_a_s_e_s: @@ -1176,22 +1165,6 @@ EEXXAAMMPPLLEESS Host_Alias SERVERS = master, mail, www, ns Host_Alias CDROM = orion, perseus, hercules - - - - - - - -1.6.9 October 13, 2004 18 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - # Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\ /usr/sbin/restore, /usr/sbin/rrestore @@ -1207,6 +1180,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Here we override some of the compiled in default values. We want ssuuddoo to log via _s_y_s_l_o_g(3) using the _a_u_t_h facility + + + +1.6.9 October 26, 2004 18 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + in all cases. We don't want to subject the full time staff to the ssuuddoo lecture, user mmiilllleerrtt need not give a password, and we don't want to reset the LOGNAME or USER @@ -1246,18 +1231,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) jack CSNETS = ALL The user jjaacckk may run any command on the machines in the - - - -1.6.9 October 13, 2004 19 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - _C_S_N_E_T_S alias (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of those networks, only 128.138.204.0 has an explicit netmask (in CIDR notation) indicating it @@ -1272,8 +1245,20 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\ sudoedit /etc/printcap, /usr/oper/bin/ - The ooppeerraattoorr user may run commands limited to simple main­ - tenance. Here, those are commands related to backups, + The ooppeerraattoorr user may run commands limited to simple + + + +1.6.9 October 26, 2004 19 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + + maintenance. Here, those are commands related to backups, killing processes, the printing system, shutting down the system, and any commands in the directory _/_u_s_r_/_o_p_e_r_/_b_i_n_/. @@ -1313,17 +1298,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* - - -1.6.9 October 13, 2004 20 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is not allowed to give _s_u(1) any flags. @@ -1339,6 +1313,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) any commands in the directory /usr/bin/ except for those commands belonging to the _S_U and _S_H_E_L_L_S Cmnd_Aliases. + + +1.6.9 October 26, 2004 20 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + steve CSNETS = (operator) /usr/local/op_commands/ The user sstteevvee may run any command in the directory @@ -1379,17 +1364,6 @@ SSEECCUURRIITTYY NNOOTTEESS restrictions should be considered advisory at best (and reinforced by policy). - - -1.6.9 October 13, 2004 21 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS Once ssuuddoo executes a program, that program is free to do whatever it pleases, including run other programs. This @@ -1404,6 +1378,18 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS restrict Avoid giving users access to commands that allow the user to run arbitrary commands. Many edi­ tors have a restricted mode where shell escapes + + + +1.6.9 October 26, 2004 21 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + are disabled, though ssuuddooeeddiitt is a better solu­ tion to running editors via ssuuddoo. Due to the large number of programs that offer shell @@ -1444,18 +1430,6 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS the LD_PRELOAD environment variable. Check your operating system's manual pages for the dynamic linker (usually ld.so, ld.so.1, dyld, dld.sl, - - - -1.6.9 October 13, 2004 22 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - rld, or loader) to see if LD_PRELOAD is sup­ ported. @@ -1469,8 +1443,20 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) _/_u_s_r_/_b_i_n_/_v_i with _n_o_e_x_e_c enabled. This will pre­ vent those two commands from executing other commands (such as a shell). If you are unsure - whether or not your system is capable of sup­ - porting _n_o_e_x_e_c you can always just try it out + whether or not your system is capable of + + + +1.6.9 October 26, 2004 22 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + + supporting _n_o_e_x_e_c you can always just try it out and see if it works. monitor On operating systems that support the ssyyssttrraaccee @@ -1510,18 +1496,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SSEEEE AALLSSOO _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), sudo(1m), visudo(1m) - - - -1.6.9 October 13, 2004 23 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - CCAAVVEEAATTSS The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which locks the file and does grammatical check­ @@ -1535,6 +1509,19 @@ CCAAVVEEAATTSS hostname be fully qualified as returned by the hostname command or use the _f_q_d_n option in _s_u_d_o_e_r_s. + + + + +1.6.9 October 26, 2004 23 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + BBUUGGSS If you feel you have found a bug in ssuuddoo, please submit a bug report at http://www.sudo.ws/sudo/bugs/ @@ -1579,6 +1566,19 @@ DDIISSCCLLAAIIMMEERR -1.6.9 October 13, 2004 24 + + + + + + + + + + + + + +1.6.9 October 26, 2004 24 diff --git a/sudoers.man.in b/sudoers.man.in index 3f96a660f..aa47d0a6c 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "October 13, 2004" "1.6.9" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "October 26, 2004" "1.6.9" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -159,8 +159,8 @@ The \fIsudoers\fR file is composed of two types of entries: aliases may run what). .PP When multiple entries match for a user, they are applied in order. -Where there are conflicting values, the last match is used (which -is not necessarily the most specific match). +Where there are multiple matches, the last match is used (which is +not necessarily the most specific match). .PP The \fIsudoers\fR grammar will be described below in Extended Backus-Naur Form (\s-1EBNF\s0). Don't despair if you don't know what \s-1EBNF\s0 is; it is @@ -403,10 +403,7 @@ by default. .IX Item "ignore_dot" If set, \fBsudo\fR will ignore '.' or '' (current dir) in the \f(CW\*(C`PATH\*(C'\fR environment variable; the \f(CW\*(C`PATH\*(C'\fR itself is not modified. This -flag is \fI@ignore_dot@\fR by default. Currently, while it is possible -to set \fIignore_dot\fR in \fIsudoers\fR, its value is not used. This option -should be considered read-only (it will be fixed in a future version -of \fBsudo\fR). +flag is \fI@ignore_dot@\fR by default. .IP "mail_always" 12 .IX Item "mail_always" Send mail to the \fImailto\fR user every time a users runs \fBsudo\fR. @@ -1099,13 +1096,6 @@ used as part of a word (e.g. a username or hostname): .Ve .SH "EXAMPLES" .IX Header "EXAMPLES" -Since the \fIsudoers\fR file is parsed in a single pass, order is -important. In general, you should structure \fIsudoers\fR such that -the \f(CW\*(C`Host_Alias\*(C'\fR, \f(CW\*(C`User_Alias\*(C'\fR, and \f(CW\*(C`Cmnd_Alias\*(C'\fR specifications -come first, followed by any \f(CW\*(C`Default_Entry\*(C'\fR lines, and finally the -\&\f(CW\*(C`Runas_Alias\*(C'\fR and user specifications. The basic rule of thumb -is you cannot reference an Alias that has not already been defined. -.PP Below are example \fIsudoers\fR entries. Admittedly, some of these are a bit contrived. First, we define our \fIaliases\fR: .PP diff --git a/visudo.cat b/visudo.cat index a5e011073..24f6c4fc6 100644 --- a/visudo.cat +++ b/visudo.cat @@ -61,7 +61,7 @@ OOPPTTIIOONNSS -1.6.8p1 September 27, 2004 1 +1.6.9 October 26, 2004 1 @@ -109,25 +109,25 @@ DDIIAAGGNNOOSSTTIICCSS Can't find you in the passwd database Your userid does not appear in the system passwd file. - Warning: undeclared Alias referenced near ... - Either you are using a {User,Runas,Host,Cmnd}_Alias - before defining it or you have a user or hostname - listed that consists solely of uppercase letters, dig­ - its, and the underscore ('_') character. If the lat­ - ter, you can ignore the warnings (ssuuddoo will not com­ - plain). In --ss (strict) mode these are errors, not - warnings. + Warning: {User,Runas,Host,Cmnd}_Alias referenced but not + defined + Either you are trying to use an undeclare + {User,Runas,Host,Cmnd}_Alias or you have a user or + hostname listed that consists solely of uppercase let­ + ters, digits, and the underscore ('_') character. In + the latter case, you can ignore the warnings (ssuuddoo + will not complain). In --ss (strict) mode these are + errors, not warnings. - Warning: runas_default set after old value is in use ... - You have a _r_u_n_a_s___d_e_f_a_u_l_t Defaults setting listed in - the _s_u_d_o_e_r_s file after its value has already been - used. This means that entries prior to the - _r_u_n_a_s___d_e_f_a_u_l_t setting will match based on the default - value of _r_u_n_a_s___d_e_f_a_u_l_t (root) whereas entries aafftteerr + Warning: unused {User,Runas,Host,Cmnd}_Alias + The specified {User,Runas,Host,Cmnd}_Alias was defined + but never used. You may wish to comment out or remove + the unused alias. In --ss (strict) mode this is an + error, not a warning. -1.6.8p1 September 27, 2004 2 +1.6.9 October 26, 2004 2 @@ -136,12 +136,6 @@ DDIIAAGGNNOOSSTTIICCSS VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) - the _r_u_n_a_s___d_e_f_a_u_l_t setting will match based on the new - value. This is usually unintentional and in most - cases the setting should be placed - before any Runas_Alias or User specifications. In --ss - (strict) mode this is an error, not a warning. - SSEEEE AALLSSOO _v_i(1), sudoers(4), sudo(1m), vipw(1m) @@ -193,6 +187,12 @@ DDIISSCCLLAAIIMMEERR -1.6.8p1 September 27, 2004 3 + + + + + + +1.6.9 October 26, 2004 3 diff --git a/visudo.man.in b/visudo.man.in index 05bc49235..7d5fb37ca 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "September 27, 2004" "1.6.8p1" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "October 26, 2004" "1.6.9" "MAINTENANCE COMMANDS" .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS" @@ -247,25 +247,18 @@ You didn't run \fBvisudo\fR as root. .IP "Can't find you in the passwd database" 4 .IX Item "Can't find you in the passwd database" Your userid does not appear in the system passwd file. -.IP "Warning: undeclared Alias referenced near ..." 4 -.IX Item "Warning: undeclared Alias referenced near ..." -Either you are using a {User,Runas,Host,Cmnd}_Alias before -defining it or you have a user or hostname listed that -consists solely of uppercase letters, digits, and the -underscore ('_') character. If the latter, you can ignore -the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict) -mode these are errors, not warnings. -.IP "Warning: runas_default set after old value is in use ..." 4 -.IX Item "Warning: runas_default set after old value is in use ..." -You have a \fIrunas_default\fR Defaults setting listed in the \fIsudoers\fR -file after its value has already been used. This means that entries -prior to the \fIrunas_default\fR setting will match based on the default -value of \fIrunas_default\fR (\f(CW\*(C`@runas_default@\*(C'\fR) whereas entries -\&\fBafter\fR the \fIrunas_default\fR setting will match based on the new -value. This is usually unintentional and in most cases the - setting should be placed before any \f(CW\*(C`Runas_Alias\*(C'\fR -or User specifications. In \fB\-s\fR (strict) mode this is an error, -not a warning. +.IP "Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined" 4 +.IX Item "Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined" +Either you are trying to use an undeclare {User,Runas,Host,Cmnd}_Alias +or you have a user or hostname listed that consists solely of +uppercase letters, digits, and the underscore ('_') character. In +the latter case, you can ignore the warnings (\fBsudo\fR will not +complain). In \fB\-s\fR (strict) mode these are errors, not warnings. +.IP "Warning: unused {User,Runas,Host,Cmnd}_Alias" 4 +.IX Item "Warning: unused {User,Runas,Host,Cmnd}_Alias" +The specified {User,Runas,Host,Cmnd}_Alias was defined but never +used. You may wish to comment out or remove the unused alias. In +\&\fB\-s\fR (strict) mode this is an error, not a warning. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIvi\fR\|(1), sudoers(@mansectform@), sudo(@mansectsu@), vipw(@mansectsu@) -- 2.40.0