version 1.6, 2001/09/17 23:49:21 |
version 1.7, 2002/01/03 03:49:16 |
|
|
.rn '' }` |
.\" Automatically generated by Pod::Man version 1.15 |
''' $RCSfile$$Revision$$Date$ |
.\" Fri Dec 14 17:27:57 2001 |
''' |
.\" |
''' $Log$ |
.\" Standard preamble: |
''' Revision 1.6 2001/09/17 23:49:21 pjanzen |
.\" ====================================================================== |
''' Typo and grammar fixes, one from PR/2058 (Dennis Schwarz); ok millert@ |
.de Sh \" Subsection heading |
''' |
|
''' Revision 1.5 2000/11/21 17:58:44 millert |
|
''' A few updates from the sudo developement tree: |
|
''' - Add bsd authentication support (currently disabled) |
|
''' - Always check setenv() return value |
|
''' - Fix umask disabling |
|
''' |
|
''' Revision 1.4 2000/04/10 02:28:36 millert |
|
''' Remove extra backslash, noted by marc@snafu.org |
|
''' |
|
''' Revision 1.3 2000/03/27 03:44:38 millert |
|
''' sudo 1.6.3; see http://www.courtesan.com/sudo/current.html for a list |
|
''' of changes. |
|
''' |
|
''' Revision 1.3 2000/03/27 03:26:23 millert |
|
''' Use 8 and 5 in the man page bodies as well. |
|
''' |
|
''' |
|
.de Sh |
|
.br |
.br |
.if t .Sp |
.if t .Sp |
.ne 5 |
.ne 5 |
|
|
\fB\\$1\fR |
\fB\\$1\fR |
.PP |
.PP |
.. |
.. |
.de Sp |
.de Sp \" Vertical space (when we can't use .PP) |
.if t .sp .5v |
.if t .sp .5v |
.if n .sp |
.if n .sp |
.. |
.. |
.de Ip |
.de Ip \" List item |
.br |
.br |
.ie \\n(.$>=3 .ne \\$3 |
.ie \\n(.$>=3 .ne \\$3 |
.el .ne 3 |
.el .ne 3 |
.IP "\\$1" \\$2 |
.IP "\\$1" \\$2 |
.. |
.. |
.de Vb |
.de Vb \" Begin verbatim text |
.ft CW |
.ft CW |
.nf |
.nf |
.ne \\$1 |
.ne \\$1 |
.. |
.. |
.de Ve |
.de Ve \" End verbatim text |
.ft R |
.ft R |
|
|
.fi |
.fi |
.. |
.. |
''' |
.\" Set up some character translations and predefined strings. \*(-- will |
''' |
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left |
''' Set up \*(-- to give an unbreakable dash; |
.\" double quote, and \*(R" will give a right double quote. | will give a |
''' string Tr holds user defined translation string. |
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used |
''' Bell System Logo is used as a dummy character. |
.\" to do unbreakable dashes and therefore won't be available. \*(C` and |
''' |
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> |
.tr \(*W-|\(bv\*(Tr |
.tr \(*W-|\(bv\*(Tr |
|
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' |
.ie n \{\ |
.ie n \{\ |
.ds -- \(*W- |
. ds -- \(*W- |
.ds PI pi |
. ds PI pi |
.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch |
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch |
.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch |
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch |
.ds L" "" |
. ds L" "" |
.ds R" "" |
. ds R" "" |
''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of |
. ds C` |
''' \*(L" and \*(R", except that they are used on ".xx" lines, |
. ds C' |
''' such as .IP and .SH, which do another additional levels of |
|
''' double-quote interpretation |
|
.ds M" """ |
|
.ds S" """ |
|
.ds N" """"" |
|
.ds T" """"" |
|
.ds L' ' |
|
.ds R' ' |
|
.ds M' ' |
|
.ds S' ' |
|
.ds N' ' |
|
.ds T' ' |
|
'br\} |
'br\} |
.el\{\ |
.el\{\ |
.ds -- \(em\| |
. ds -- \|\(em\| |
.tr \*(Tr |
. ds PI \(*p |
.ds L" `` |
. ds L" `` |
.ds R" '' |
. ds R" '' |
.ds M" `` |
|
.ds S" '' |
|
.ds N" `` |
|
.ds T" '' |
|
.ds L' ` |
|
.ds R' ' |
|
.ds M' ` |
|
.ds S' ' |
|
.ds N' ` |
|
.ds T' ' |
|
.ds PI \(*p |
|
'br\} |
'br\} |
.\" If the F register is turned on, we'll generate |
.\" |
.\" index entries out stderr for the following things: |
.\" If the F register is turned on, we'll generate index entries on stderr |
.\" TH Title |
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and |
.\" SH Header |
.\" index entries marked with X<> in POD. Of course, you'll have to process |
.\" Sh Subsection |
.\" the output yourself in some meaningful fashion. |
.\" Ip Item |
.if \nF \{\ |
.\" X<> Xref (embedded |
. de IX |
.\" Of course, you have to process the output yourself |
. tm Index:\\$1\t\\n%\t"\\$2" |
.\" in some meaningful fashion. |
|
.if \nF \{ |
|
.de IX |
|
.tm Index:\\$1\t\\n%\t"\\$2" |
|
.. |
.. |
.nr % 0 |
. nr % 0 |
.rr F |
. rr F |
.\} |
.\} |
.TH sudo 8 "1.6.3" "26/Mar/2000" "MAINTENANCE COMMANDS" |
.\" |
.UC |
.\" For nroff, turn off justification. Always turn off hyphenation; it |
.if n .hy 0 |
.\" makes way too many mistakes in technical documents. |
|
.hy 0 |
.if n .na |
.if n .na |
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' |
.\" |
.de CQ \" put $1 in typewriter font |
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
.ft CW |
.\" Fear. Run. Save yourself. No user-serviceable parts. |
'if n "\c |
|
'if t \\&\\$1\c |
|
'if n \\&\\$1\c |
|
'if n \&" |
|
\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 |
|
'.ft R |
|
.. |
|
.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 |
|
. \" AM - accent mark definitions |
|
.bd B 3 |
.bd B 3 |
. \" fudge factors for nroff and troff |
. \" fudge factors for nroff and troff |
.if n \{\ |
.if n \{\ |
. ds #H 0 |
. ds #H 0 |
. ds #V .8m |
. ds #V .8m |
. ds #F .3m |
. ds #F .3m |
. ds #[ \f1 |
. ds #[ \f1 |
. ds #] \fP |
. ds #] \fP |
.\} |
.\} |
.if t \{\ |
.if t \{\ |
. ds #H ((1u-(\\\\n(.fu%2u))*.13m) |
. ds #H ((1u-(\\\\n(.fu%2u))*.13m) |
. ds #V .6m |
. ds #V .6m |
. ds #F 0 |
. ds #F 0 |
. ds #[ \& |
. ds #[ \& |
. ds #] \& |
. ds #] \& |
.\} |
.\} |
. \" simple accents for nroff and troff |
. \" simple accents for nroff and troff |
.if n \{\ |
.if n \{\ |
. ds ' \& |
. ds ' \& |
. ds ` \& |
. ds ` \& |
. ds ^ \& |
. ds ^ \& |
. ds , \& |
. ds , \& |
. ds ~ ~ |
. ds ~ ~ |
. ds ? ? |
. ds / |
. ds ! ! |
|
. ds / |
|
. ds q |
|
.\} |
.\} |
.if t \{\ |
.if t \{\ |
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" |
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" |
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' |
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' |
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' |
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' |
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' |
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' |
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' |
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' |
. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' |
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' |
. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' |
|
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' |
|
. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' |
|
.\} |
.\} |
. \" troff and (daisy-wheel) nroff accents |
. \" troff and (daisy-wheel) nroff accents |
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' |
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' |
.ds 8 \h'\*(#H'\(*b\h'-\*(#H' |
.ds 8 \h'\*(#H'\(*b\h'-\*(#H' |
.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] |
|
.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' |
|
.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' |
|
.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] |
|
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] |
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] |
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' |
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' |
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' |
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' |
|
|
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] |
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] |
.ds ae a\h'-(\w'a'u*4/10)'e |
.ds ae a\h'-(\w'a'u*4/10)'e |
.ds Ae A\h'-(\w'A'u*4/10)'E |
.ds Ae A\h'-(\w'A'u*4/10)'E |
.ds oe o\h'-(\w'o'u*4/10)'e |
. \" corrections for vroff |
.ds Oe O\h'-(\w'O'u*4/10)'E |
|
. \" corrections for vroff |
|
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' |
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' |
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' |
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' |
. \" for low resolution devices (crt and lpr) |
. \" for low resolution devices (crt and lpr) |
.if \n(.H>23 .if \n(.V>19 \ |
.if \n(.H>23 .if \n(.V>19 \ |
\{\ |
\{\ |
. ds : e |
. ds : e |
. ds 8 ss |
. ds 8 ss |
. ds v \h'-1'\o'\(aa\(ga' |
. ds o a |
. ds _ \h'-1'^ |
. ds d- d\h'-1'\(ga |
. ds . \h'-1'. |
. ds D- D\h'-1'\(hy |
. ds 3 3 |
. ds th \o'bp' |
. ds o a |
. ds Th \o'LP' |
. ds d- d\h'-1'\(ga |
. ds ae ae |
. ds D- D\h'-1'\(hy |
. ds Ae AE |
. ds th \o'bp' |
|
. ds Th \o'LP' |
|
. ds ae ae |
|
. ds Ae AE |
|
. ds oe oe |
|
. ds Oe OE |
|
.\} |
.\} |
.rm #[ #] #H #V #F C |
.rm #[ #] #H #V #F C |
|
.\" ====================================================================== |
|
.\" |
|
.IX Title "sudo 8" |
|
.TH sudo 8 "1.6.4" "December 14, 2001" "MAINTENANCE COMMANDS" |
|
.UC |
.SH "NAME" |
.SH "NAME" |
sudo \- execute a command as another user |
sudo \- execute a command as another user |
.SH "SYNOPSIS" |
.SH "SYNOPSIS" |
\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | |
.IX Header "SYNOPSIS" |
[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-c\fR \fIclass\fR|\fI-\fR ] |
\&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | |
[ \fB\-a\fR \fIauth_type\fR ] |
[ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ] |
[ \fB\-u\fR username/#uid ] \fIcommand\fR |
[ \fB\-c\fR \fIclass\fR|\fI-\fR ] [ \fB\-a\fR \fIauth_type\fR ] |
|
[ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR |
.SH "DESCRIPTION" |
.SH "DESCRIPTION" |
\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the |
.IX Header "DESCRIPTION" |
superuser or another user, as specified in the sudoers file. The |
\&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the |
real and effective uid and gid are set to match those of the target |
superuser or another user, as specified in the \fIsudoers\fR file. |
user as specified in the passwd file (the group vector is also |
The real and effective uid and gid are set to match those of the |
initialized when the target user is not root). By default, \fBsudo\fR |
target user as specified in the passwd file (the group vector is |
requires that users authenticate themselves with a password |
also initialized when the target user is not root). By default, |
(NOTE: this is the user's password, not the root password). Once |
\&\fBsudo\fR requires that users authenticate themselves with a password |
a user has been authenticated, a timestamp is updated and the |
(\s-1NOTE:\s0 by default this is the user's password, not the root password). |
user may then use sudo without a password for a short period of time |
Once a user has been authenticated, a timestamp is updated and the |
(five minutes by default). |
user may then use sudo without a password for a short period of |
|
time (\f(CW\*(C`5\*(C'\fR minutes unless overridden in \fIsudoers\fR). |
.PP |
.PP |
\fBsudo\fR determines who is an authorized user by consulting the |
\&\fBsudo\fR determines who is an authorized user by consulting the file |
file \fI/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user |
\&\fI/etc/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user |
can update the time stamp without running a \fIcommand.\fR |
can update the time stamp without running a \fIcommand.\fR The password |
The password prompt itself will also time out if the user's password is |
prompt itself will also time out if the user's password is not |
not entered with N minutes (again, this is defined at configure |
entered within \f(CW\*(C`5\*(C'\fR minutes (unless overridden via |
time and defaults to 5 minutes). |
\&\fIsudoers\fR). |
.PP |
.PP |
If a user that is not listed in the \fIsudoers\fR file tries to run |
If a user who is not listed in the \fIsudoers\fR file tries to run a |
a command via \fBsudo\fR, mail is sent to the proper authorities, |
command via \fBsudo\fR, mail is sent to the proper authorities, as |
as defined at configure time (defaults to root). Note that the |
defined at configure time or the \fIsudoers\fR file (defaults to root). |
mail will not be sent if an unauthorized user tries to run sudo |
Note that the mail will not be sent if an unauthorized user tries |
with the \f(CW-l\fR or \f(CW-v\fR flags. This allows users to determine |
to run sudo with the \fB\-l\fR or \fB\-v\fR flags. This allows users to |
for themselves whether or not they are allowed to use \fBsudo\fR. |
determine for themselves whether or not they are allowed to use |
|
\&\fBsudo\fR. |
.PP |
.PP |
\fBsudo\fR can log both successful and unsuccessful attempts (as well |
\&\fBsudo\fR can log both successful and unsuccessful attempts (as well |
as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR |
as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR |
will log via \fIsyslog\fR\|(3) but this is changeable at configure time. |
will log via \fIsyslog\fR\|(3) but this is changeable at configure time |
|
or via the \fIsudoers\fR file. |
.SH "OPTIONS" |
.SH "OPTIONS" |
\fBsudo\fR accepts the following command line options: |
.IX Header "OPTIONS" |
.Ip "-V" 4 |
\&\fBsudo\fR accepts the following command line options: |
The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the |
.Ip "\-V" 4 |
version number and exit. |
.IX Item "-V" |
.Ip "-l" 4 |
The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the |
The \f(CW-l\fR (\fIlist\fR) option will list out the allowed (and |
version number and exit. If the invoking user is already root |
|
the \fB\-V\fR option will print out a list of the defaults \fBsudo\fR |
|
was compiled with as well as the machine's local network addresses. |
|
.Ip "\-l" 4 |
|
.IX Item "-l" |
|
The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and |
forbidden) commands for the user on the current host. |
forbidden) commands for the user on the current host. |
.Ip "-L" 4 |
.Ip "\-L" 4 |
The \f(CW-L\fR (\fIlist\fR defaults) option will list out the parameters |
.IX Item "-L" |
|
The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters |
that may be set in a \fIDefaults\fR line along with a short description |
that may be set in a \fIDefaults\fR line along with a short description |
for each. This option is useful in conjunction with \fIgrep\fR\|(1). |
for each. This option is useful in conjunction with \fIgrep\fR\|(1). |
.Ip "-h" 4 |
.Ip "\-h" 4 |
The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. |
.IX Item "-h" |
.Ip "-v" 4 |
The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. |
If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the |
.Ip "\-v" 4 |
|
.IX Item "-v" |
|
If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the |
user's timestamp, prompting for the user's password if necessary. |
user's timestamp, prompting for the user's password if necessary. |
This extends the \fBsudo\fR timeout to for another N minutes |
This extends the \fBsudo\fR timeout for another \f(CW\*(C`5\*(C'\fR minutes |
(where N is defined at installation time and defaults to 5 |
(or whatever the timeout is set to in \fIsudoers\fR) but does not run |
minutes) but does not run a command. |
a command. |
.Ip "-k" 4 |
.Ip "\-k" 4 |
The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp |
.IX Item "-k" |
|
The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp |
by setting the time on it to the epoch. The next time \fBsudo\fR is |
by setting the time on it to the epoch. The next time \fBsudo\fR is |
run a password will be required. This option does not require a password |
run a password will be required. This option does not require a password |
and was added to allow a user to revoke \fBsudo\fR permissions from a .logout |
and was added to allow a user to revoke \fBsudo\fR permissions from a .logout |
file. |
file. |
.Ip "-K" 4 |
.Ip "\-K" 4 |
The \f(CW-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp |
.IX Item "-K" |
entirely. This option does not require a password. |
The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp |
.Ip "-b" 4 |
entirely. Likewise, this option does not require a password. |
The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given |
.Ip "\-b" 4 |
command in the background. Note that if you use the \f(CW-b\fR |
.IX Item "-b" |
option you cannot use shell job control to manipulate the command. |
The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given |
.Ip "-p" 4 |
command in the background. Note that if you use the \fB\-b\fR |
The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default |
option you cannot use shell job control to manipulate the process. |
|
.Ip "\-p" 4 |
|
.IX Item "-p" |
|
The \fB\-p\fR (\fIprompt\fR) option allows you to override the default |
password prompt and use a custom one. If the password prompt |
password prompt and use a custom one. If the password prompt |
contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced with the user's |
contains the \f(CW\*(C`%u\*(C'\fR escape, \f(CW\*(C`%u\*(C'\fR will be replaced with the user's |
login name. Similarly, \f(CW%h\fR will be replaced with the local |
login name. Similarly, \f(CW\*(C`%h\*(C'\fR will be replaced with the local |
hostname. |
hostname. |
.Ip "\-c" 4 |
.Ip "\-c" 4 |
.IX Item "-c" |
.IX Item "-c" |
|
|
entry in /etc/login.conf. This option is only available on systems |
entry in /etc/login.conf. This option is only available on systems |
that support \s-1BSD\s0 authentication where \fBsudo\fR has been configured |
that support \s-1BSD\s0 authentication where \fBsudo\fR has been configured |
with the \-\-with-bsdauth option. |
with the \-\-with-bsdauth option. |
.Ip "-u" 4 |
.Ip "\-u" 4 |
The \f(CW-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command |
.IX Item "-u" |
|
The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command |
as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a |
as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a |
\fIusername\fR, use \*(L"#uid\*(R". |
\&\fIusername\fR, use \fI#uid\fR. |
.Ip "-s" 4 |
.Ip "\-s" 4 |
The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR |
.IX Item "-s" |
|
The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR |
environment variable if it is set or the shell as specified |
environment variable if it is set or the shell as specified |
in \fIpasswd\fR\|(5). |
in \fIpasswd\fR\|(5). |
.Ip "-H" 4 |
.Ip "\-H" 4 |
The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable |
.IX Item "-H" |
|
The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable |
to the homedir of the target user (root by default) as specified |
to the homedir of the target user (root by default) as specified |
in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR. |
in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR. |
.Ip "-S" 4 |
.Ip "\-P" 4 |
The \f(CW-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from |
.IX Item "-P" |
|
The \fB\-P\fR (\fIpreserve group vector\fR) option causes \fBsudo\fR to preserve |
|
the user's group vector unaltered. By default, \fBsudo\fR will initialize |
|
the group vector to the list of groups the target user is in. |
|
The real and effective group IDs, however, are still set to match |
|
the target user. |
|
.Ip "\-S" 4 |
|
.IX Item "-S" |
|
The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from |
standard input instead of the terminal device. |
standard input instead of the terminal device. |
.Ip "--" 4 |
.Ip "\-\-" 4 |
The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command |
The \fB\--\fR flag indicates that \fBsudo\fR should stop processing command |
line arguments. It is most useful in conjunction with the \f(CW-s\fR flag. |
line arguments. It is most useful in conjunction with the \fB\-s\fR flag. |
.SH "RETURN VALUES" |
.SH "RETURN VALUES" |
\fBsudo\fR quits with an exit value of 1 if there is a |
.IX Header "RETURN VALUES" |
|
Upon successful execution of a program, the return value from \fBsudo\fR |
|
will simply be the return value of the program that was executed. |
|
.PP |
|
Otherwise, \fBsudo\fR quits with an exit value of 1 if there is a |
configuration/permission problem or if \fBsudo\fR cannot execute the |
configuration/permission problem or if \fBsudo\fR cannot execute the |
given command. In the latter case the error string is printed to |
given command. In the latter case the error string is printed to |
stderr. If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's |
stderr. If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's |
\f(CWPATH\fR an error is printed on stderr. (If the directory does not |
\&\f(CW\*(C`PATH\*(C'\fR an error is printed on stderr. (If the directory does not |
exist or if it is not really a directory, the entry is ignored and |
exist or if it is not really a directory, the entry is ignored and |
no error is printed.) This should not happen under normal |
no error is printed.) This should not happen under normal |
circumstances. The most common reason for \fIstat\fR\|(2) to return |
circumstances. The most common reason for \fIstat\fR\|(2) to return |
\*(L"permission denied\*(R" is if you are running an automounter and one |
\&\*(L"permission denied\*(R" is if you are running an automounter and one |
of the directories in your \f(CWPATH\fR is on a machine that is currently |
of the directories in your \f(CW\*(C`PATH\*(C'\fR is on a machine that is currently |
unreachable. |
unreachable. |
.SH "SECURITY NOTES" |
.SH "SECURITY NOTES" |
\fBsudo\fR tries to be safe when executing external commands. Variables |
.IX Header "SECURITY NOTES" |
|
\&\fBsudo\fR tries to be safe when executing external commands. Variables |
that control how dynamic loading and binding is done can be used |
that control how dynamic loading and binding is done can be used |
to subvert the program that \fBsudo\fR runs. To combat this the |
to subvert the program that \fBsudo\fR runs. To combat this the |
\f(CWLD_*\fR, \f(CW_RLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), and \f(CWLIBPATH\fR (AIX |
\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (\s-1HP-UX\s0 only), and \f(CW\*(C`LIBPATH\*(C'\fR (\s-1AIX\s0 |
only) environment variables are removed from the environment passed |
only) environment variables are removed from the environment passed |
on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR, |
on to all commands executed. \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR, |
\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR, \f(CWKRB5_CONFIG\fR, \f(CWLOCALDOMAIN\fR, |
\&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRBCONFDIR\*(C'\fR, \f(CW\*(C`KRBTKFILE\*(C'\fR, |
\f(CWRES_OPTIONS\fR and \f(CWHOSTALIASES\fR variables as they too can pose a |
\&\f(CW\*(C`KRB5_CONFIG\*(C'\fR, \f(CW\*(C`LOCALDOMAIN\*(C'\fR, \f(CW\*(C`RES_OPTIONS\*(C'\fR, \f(CW\*(C`HOSTALIASES\*(C'\fR, |
threat. |
\&\f(CW\*(C`NLSPATH\*(C'\fR, \f(CW\*(C`PATH_LOCALE\*(C'\fR, \f(CW\*(C`TERMINFO\*(C'\fR, \f(CW\*(C`TERMINFO_DIRS\*(C'\fR and |
|
\&\f(CW\*(C`TERMPATH\*(C'\fR variables as they too can pose a threat. If the |
|
\&\f(CW\*(C`TERMCAP\*(C'\fR variable is set and is a pathname, it too is ignored. |
|
Additionally, if the \f(CW\*(C`LC_*\*(C'\fR or \f(CW\*(C`LANGUAGE\*(C'\fR variables contain the |
|
\&\f(CW\*(C`/\*(C'\fR or \f(CW\*(C`%\*(C'\fR characters, they are ignored. If \fBsudo\fR has been |
|
compiled with SecurID support, the \f(CW\*(C`VAR_ACE\*(C'\fR, \f(CW\*(C`USR_ACE\*(C'\fR and |
|
\&\f(CW\*(C`DLC_ACE\*(C'\fR variables are cleared as well. The list of environment |
|
variables that \fBsudo\fR clears is contained in the output of |
|
\&\f(CW\*(C`sudo \-V\*(C'\fR when run as root. |
.PP |
.PP |
To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting |
To prevent command spoofing, \fBsudo\fR checks \*(L".\*(R" and "" (both denoting |
current directory) last when searching for a command in the user's |
current directory) last when searching for a command in the user's |
PATH (if one or both are in the PATH). Note, however, that the |
\&\s-1PATH\s0 (if one or both are in the \s-1PATH\s0). Note, however, that the |
actual \f(CWPATH\fR environment variable is \fInot\fR modified and is passed |
actual \f(CW\*(C`PATH\*(C'\fR environment variable is \fInot\fR modified and is passed |
unchanged to the program that \fBsudo\fR executes. |
unchanged to the program that \fBsudo\fR executes. |
.PP |
.PP |
For security reasons, if your OS supports shared libraries and does |
For security reasons, if your \s-1OS\s0 supports shared libraries and does |
not disable user-defined library search paths for setuid programs |
not disable user-defined library search paths for setuid programs |
(most do), you should either use a linker option that disables this |
(most do), you should either use a linker option that disables this |
behavior or link \fBsudo\fR statically. |
behavior or link \fBsudo\fR statically. |
.PP |
.PP |
\fBsudo\fR will check the ownership of its timestamp directory |
\&\fBsudo\fR will check the ownership of its timestamp directory |
(\fI/var/run/sudo\fR by default) and ignore the directory's contents if |
(\fI/var/run/sudo\fR by default) and ignore the directory's contents if |
it is not owned by root and only writable by root. On systems that |
it is not owned by root and only writable by root. On systems that |
allow non-root users to give away files via \fIchown\fR\|(2), if the timestamp |
allow non-root users to give away files via \fIchown\fR\|(2), if the timestamp |
directory is located in a directory writable by anyone (e.g.: \fI/tmp\fR), |
directory is located in a directory writable by anyone (e.g.: \fI/tmp\fR), |
it is possible for a user to create the timestamp directory before |
it is possible for a user to create the timestamp directory before |
\fBsudo\fR is run. However, because \fBsudo\fR checks the ownership and |
\&\fBsudo\fR is run. However, because \fBsudo\fR checks the ownership and |
mode of the directory and its contents, the only damage that can |
mode of the directory and its contents, the only damage that can |
be done is to \*(L"hide\*(R" files by putting them in the timestamp dir. |
be done is to \*(L"hide\*(R" files by putting them in the timestamp dir. |
This is unlikely to happen since once the timestamp dir is owned |
This is unlikely to happen since once the timestamp dir is owned |
|
|
with the appropriate owner (root) and permissions (0700) in the |
with the appropriate owner (root) and permissions (0700) in the |
system startup files. |
system startup files. |
.PP |
.PP |
\fBsudo\fR will not honor timestamps set far in the future. |
\&\fBsudo\fR will not honor timestamps set far in the future. |
Timestamps with a date greater than current_time + 2 * \f(CWTIMEOUT\fR |
Timestamps with a date greater than current_time + 2 * \f(CW\*(C`TIMEOUT\*(C'\fR |
will be ignored and sudo will log and complain. This is done to |
will be ignored and sudo will log and complain. This is done to |
keep a user from creating his/her own timestamp with a bogus |
keep a user from creating his/her own timestamp with a bogus |
date on system that allow users to give away files. |
date on systems that allow users to give away files. |
|
.PP |
|
Please note that \fBsudo\fR will only log the command it explicitly |
|
runs. If a user runs a command such as \f(CW\*(C`sudo su\*(C'\fR or \f(CW\*(C`sudo sh\*(C'\fR, |
|
subsequent commands run from that shell will \fInot\fR be logged, nor |
|
will \fBsudo\fR's access control affect them. The same is true for |
|
commands that offer shell escapes (including most editors). Because |
|
of this, care must be taken when giving users access to commands |
|
via \fBsudo\fR to verify that the command does not inadvertantly give |
|
the user an effective root shell. |
.SH "EXAMPLES" |
.SH "EXAMPLES" |
|
.IX Header "EXAMPLES" |
Note: the following examples assume suitable \fIsudoers\fR\|(5) entries. |
Note: the following examples assume suitable \fIsudoers\fR\|(5) entries. |
.PP |
.PP |
To get a file listing of an unreadable directory: |
To get a file listing of an unreadable directory: |
|
|
.Ve |
.Ve |
To make a usage listing of the directories in the /home |
To make a usage listing of the directories in the /home |
partition. Note that this runs the commands in a sub-shell |
partition. Note that this runs the commands in a sub-shell |
to make the \f(CWcd\fR and file redirection work. |
to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. |
.PP |
.PP |
.Vb 1 |
.Vb 1 |
\& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" |
\& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" |
.Ve |
.Ve |
.SH "ENVIRONMENT" |
.SH "ENVIRONMENT" |
\fBsudo\fR utilizes the following environment variables: |
.IX Header "ENVIRONMENT" |
|
\&\fBsudo\fR utilizes the following environment variables: |
.PP |
.PP |
.Vb 13 |
.Vb 13 |
\& PATH Set to a sane value if SECURE_PATH is set |
\& PATH Set to a sane value if SECURE_PATH is set |
|
|
\& SUDO_PS1 If set, PS1 will be set to its value |
\& SUDO_PS1 If set, PS1 will be set to its value |
.Ve |
.Ve |
.SH "FILES" |
.SH "FILES" |
.PP |
.IX Header "FILES" |
.Vb 2 |
.Vb 2 |
\& /etc/sudoers List of who can run what |
\& /etc/sudoers List of who can run what |
\& /var/run/sudo Directory containing timestamps |
\& /var/run/sudo Directory containing timestamps |
.Ve |
.Ve |
.SH "AUTHORS" |
.SH "AUTHORS" |
Many people have worked on \fBsudo\fR over the years. This |
.IX Header "AUTHORS" |
|
Many people have worked on \fBsudo\fR over the years; this |
version consists of code written primarily by: |
version consists of code written primarily by: |
.PP |
.PP |
.Vb 2 |
.Vb 2 |
\& Todd Miller |
\& Todd Miller |
\& Chris Jepeway |
\& Chris Jepeway |
.Ve |
.Ve |
See the HISTORY file in the \fBsudo\fR distribution for a short history |
See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution or visit |
|
http://www.courtesan.com/sudo/history.html for a short history |
of \fBsudo\fR. |
of \fBsudo\fR. |
.SH "BUGS" |
.SH "BUGS" |
|
.IX Header "BUGS" |
If you feel you have found a bug in sudo, please submit a bug report |
If you feel you have found a bug in sudo, please submit a bug report |
at http://www.courtesan.com/sudo/bugs/ |
at http://www.courtesan.com/sudo/bugs/ |
.SH "DISCLAIMER" |
.SH "DISCLAIMER" |
\fBSudo\fR is provided ``AS IS'\*(R' and any express or implied warranties, |
.IX Header "DISCLAIMER" |
|
\&\fBSudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, |
including, but not limited to, the implied warranties of merchantability |
including, but not limited to, the implied warranties of merchantability |
and fitness for a particular purpose are disclaimed. |
and fitness for a particular purpose are disclaimed. |
See the LICENSE file distributed with \fBsudo\fR for complete details. |
See the \s-1LICENSE\s0 file distributed with \fBsudo\fR for complete details. |
.SH "CAVEATS" |
.SH "CAVEATS" |
|
.IX Header "CAVEATS" |
There is no easy way to prevent a user from gaining a root shell if |
There is no easy way to prevent a user from gaining a root shell if |
that user has access to commands allowing shell escapes. |
that user has access to commands allowing shell escapes. |
.PP |
.PP |
If users have sudo \f(CWALL\fR there is nothing to prevent them from creating |
If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from creating |
their own program that gives them a root shell regardless of any \*(L'!\*(R' |
their own program that gives them a root shell regardless of any '!' |
elements in the user specification. |
elements in the user specification. |
.PP |
.PP |
Running shell scripts via \fBsudo\fR can expose the same kernel bugs |
Running shell scripts via \fBsudo\fR can expose the same kernel bugs |
that make setuid shell scripts unsafe on some operating systems |
that make setuid shell scripts unsafe on some operating systems |
(if your OS supports the /dev/fd/ directory, setuid shell scripts |
(if your \s-1OS\s0 supports the /dev/fd/ directory, setuid shell scripts |
are generally safe). |
are generally safe). |
.SH "SEE ALSO" |
.SH "SEE ALSO" |
\fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1). |
|
|
|
.rn }` '' |
|
.IX Title "sudo 8" |
|
.IX Name "sudo - execute a command as another user" |
|
|
|
.IX Header "NAME" |
|
|
|
.IX Header "SYNOPSIS" |
|
|
|
.IX Header "DESCRIPTION" |
|
|
|
.IX Header "OPTIONS" |
|
|
|
.IX Item "-V" |
|
|
|
.IX Item "-l" |
|
|
|
.IX Item "-L" |
|
|
|
.IX Item "-h" |
|
|
|
.IX Item "-v" |
|
|
|
.IX Item "-k" |
|
|
|
.IX Item "-K" |
|
|
|
.IX Item "-b" |
|
|
|
.IX Item "-p" |
|
|
|
.IX Item "-u" |
|
|
|
.IX Item "-s" |
|
|
|
.IX Item "-H" |
|
|
|
.IX Item "-S" |
|
|
|
.IX Item "--" |
|
|
|
.IX Header "RETURN VALUES" |
|
|
|
.IX Header "SECURITY NOTES" |
|
|
|
.IX Header "EXAMPLES" |
|
|
|
.IX Header "ENVIRONMENT" |
|
|
|
.IX Header "FILES" |
|
|
|
.IX Header "AUTHORS" |
|
|
|
.IX Header "BUGS" |
|
|
|
.IX Header "DISCLAIMER" |
|
|
|
.IX Header "CAVEATS" |
|
|
|
.IX Header "SEE ALSO" |
.IX Header "SEE ALSO" |
|
\&\fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIsudoers\fR\|(5), \fIpasswd\fR\|(5), \fIvisudo\fR\|(8), \fIgrep\fR\|(1), \fIsu\fR\|(1). |