version 1.13, 2003/03/15 21:23:54 |
version 1.14, 2004/09/28 15:10:51 |
|
|
.\" Copyright (c) 1994-1996,1998-2003 Todd C. Miller <Todd.Miller@courtesan.com> |
.\" Copyright (c) 1994-1996,1998-2003 Todd C. Miller <Todd.Miller@courtesan.com> |
.\" All rights reserved. |
|
.\" |
.\" |
.\" Redistribution and use in source and binary forms, with or without |
.\" Permission to use, copy, modify, and distribute this software for any |
.\" modification, are permitted provided that the following conditions |
.\" purpose with or without fee is hereby granted, provided that the above |
.\" are met: |
.\" copyright notice and this permission notice appear in all copies. |
.\" |
.\" |
.\" 1. Redistributions of source code must retain the above copyright |
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
.\" notice, this list of conditions and the following disclaimer. |
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
.\" |
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
.\" 2. Redistributions in binary form must reproduce the above copyright |
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
.\" notice, this list of conditions and the following disclaimer in the |
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
.\" documentation and/or other materials provided with the distribution. |
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
.\" |
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" 3. The name of the author may not be used to endorse or promote products |
|
.\" derived from this software without specific prior written permission |
|
.\" from the author. |
|
.\" |
|
.\" 4. Products derived from this software may not be called "Sudo" nor |
|
.\" may "Sudo" appear in their names without specific prior written |
|
.\" permission from the author. |
|
.\" |
|
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, |
|
.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY |
|
.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL |
|
.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
|
.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
|
.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
|
.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
|
.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
|
.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
|
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" |
.\" |
.\" $Sudo: sudo.man.in,v 1.16 2003/03/15 20:33:31 millert Exp $ |
.\" Sponsored in part by the Defense Advanced Research Projects |
.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13 |
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force |
|
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. |
|
.\" |
|
.\" $Sudo: sudo.man.in,v 1.31 2004/09/08 18:35:53 millert Exp $ |
|
.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 |
.\" |
.\" |
.\" Standard preamble: |
.\" Standard preamble: |
.\" ======================================================================== |
.\" ======================================================================== |
|
|
.\" ======================================================================== |
.\" ======================================================================== |
.\" |
.\" |
.IX Title "SUDO 8" |
.IX Title "SUDO 8" |
.TH SUDO 8 "March 13, 2003" "1.6.7" "MAINTENANCE COMMANDS" |
.TH SUDO 8 "September 8, 2004" "1.6.8" "MAINTENANCE COMMANDS" |
.SH "NAME" |
.SH "NAME" |
sudo \- execute a command as another user |
sudo, sudoedit \- execute a command as another user |
.SH "SYNOPSIS" |
.SH "SYNOPSIS" |
.IX Header "SYNOPSIS" |
.IX Header "SYNOPSIS" |
\&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | |
\&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR |
[ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ] |
.PP |
[ \fB\-c\fR \fIclass\fR|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ] |
\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] |
[ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR |
[\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] |
|
{\fB\-e\fR\ file\ [...]\ |\ \fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR} |
|
.PP |
|
\&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] |
|
[\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] |
|
file [...] |
.SH "DESCRIPTION" |
.SH "DESCRIPTION" |
.IX Header "DESCRIPTION" |
.IX Header "DESCRIPTION" |
\&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the |
\&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the |
superuser or another user, as specified in the \fIsudoers\fR file. |
superuser or another user, as specified in the \fIsudoers\fR file. |
The real and effective uid and gid are set to match those of the |
The real and effective uid and gid are set to match those of the |
target user as specified in the passwd file (the group vector is |
target user as specified in the passwd file and the group vector |
also initialized when the target user is not root). By default, |
is initialized based on the group file (unless the \fB\-P\fR option was |
|
specified). If the invoking user is root or if the target user is |
|
the same as the invoking user, no password is required. Otherwise, |
\&\fBsudo\fR requires that users authenticate themselves with a password |
\&\fBsudo\fR requires that users authenticate themselves with a password |
(\s-1NOTE:\s0 by default this is the user's password, not the root password). |
by default (\s-1NOTE:\s0 in the default configuration this is the user's |
Once a user has been authenticated, a timestamp is updated and the |
password, not the root password). Once a user has been authenticated, |
user may then use sudo without a password for a short period of |
a timestamp is updated and the user may then use sudo without a |
time (\f(CW\*(C`5\*(C'\fR minutes unless overridden in \fIsudoers\fR). |
password for a short period of time (\f(CW\*(C`5\*(C'\fR minutes unless |
|
overridden in \fIsudoers\fR). |
.PP |
.PP |
|
When invoked as \fBsudoedit\fR, the \fB\-e\fR option (described below), |
|
is implied. |
|
.PP |
\&\fBsudo\fR determines who is an authorized user by consulting the file |
\&\fBsudo\fR determines who is an authorized user by consulting the file |
\&\fI/etc/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user |
\&\fI/etc/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user |
can update the time stamp without running a \fIcommand.\fR The password |
can update the time stamp without running a \fIcommand.\fR The password |
|
|
.PP |
.PP |
If a user who is not listed in the \fIsudoers\fR file tries to run a |
If a user who is not listed in the \fIsudoers\fR file tries to run a |
command via \fBsudo\fR, mail is sent to the proper authorities, as |
command via \fBsudo\fR, mail is sent to the proper authorities, as |
defined at configure time or the \fIsudoers\fR file (defaults to root). |
defined at configure time or in the \fIsudoers\fR file (defaults to |
Note that the mail will not be sent if an unauthorized user tries |
\&\f(CW\*(C`root\*(C'\fR). Note that the mail will not be sent if an unauthorized |
to run sudo with the \fB\-l\fR or \fB\-v\fR flags. This allows users to |
user tries to run sudo with the \fB\-l\fR or \fB\-v\fR flags. This allows |
determine for themselves whether or not they are allowed to use |
users to determine for themselves whether or not they are allowed |
\&\fBsudo\fR. |
to use \fBsudo\fR. |
.PP |
.PP |
|
If \fBsudo\fR is run by root and the \f(CW\*(C`SUDO_USER\*(C'\fR environment variable |
|
is set, \fBsudo\fR will use this value to determine who the actual |
|
user is. This can be used by a user to log commands through sudo |
|
even when a root shell has been invoked. It also allows the \fB\-e\fR |
|
flag to remain useful even when being run via a sudo-run script or |
|
program. Note however, that the sudoers lookup is still done for |
|
root, not the user specified by \f(CW\*(C`SUDO_USER\*(C'\fR. |
|
.PP |
\&\fBsudo\fR can log both successful and unsuccessful attempts (as well |
\&\fBsudo\fR can log both successful and unsuccessful attempts (as well |
as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR |
as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR |
will log via \fIsyslog\fR\|(3) but this is changeable at configure time |
will log via \fIsyslog\fR\|(3) but this is changeable at configure time |
|
|
.SH "OPTIONS" |
.SH "OPTIONS" |
.IX Header "OPTIONS" |
.IX Header "OPTIONS" |
\&\fBsudo\fR accepts the following command line options: |
\&\fBsudo\fR accepts the following command line options: |
.IP "\-V" 4 |
.IP "\-H" 4 |
.IX Item "-V" |
.IX Item "-H" |
The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the |
The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable |
version number and exit. If the invoking user is already root |
to the homedir of the target user (root by default) as specified |
the \fB\-V\fR option will print out a list of the defaults \fBsudo\fR |
in passwd(5). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR |
was compiled with as well as the machine's local network addresses. |
(see \fIset_home\fR and \fIalways_set_home\fR in sudoers(5)). |
.IP "\-l" 4 |
.IP "\-K" 4 |
.IX Item "-l" |
.IX Item "-K" |
The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and |
The \fB\-K\fR (sure \fIkill\fR) option is like \fB\-k\fR except that it removes |
forbidden) commands for the user on the current host. |
the user's timestamp entirely. Like \fB\-k\fR, this option does not |
|
require a password. |
.IP "\-L" 4 |
.IP "\-L" 4 |
.IX Item "-L" |
.IX Item "-L" |
The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters |
The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters |
that may be set in a \fIDefaults\fR line along with a short description |
that may be set in a \fIDefaults\fR line along with a short description |
for each. This option is useful in conjunction with \fIgrep\fR\|(1). |
for each. This option is useful in conjunction with \fIgrep\fR\|(1). |
|
.IP "\-P" 4 |
|
.IX Item "-P" |
|
The \fB\-P\fR (\fIpreserve group vector\fR) option causes \fBsudo\fR to |
|
preserve the invoking user's group vector unaltered. By default, |
|
\&\fBsudo\fR will initialize the group vector to the list of groups the |
|
target user is in. The real and effective group IDs, however, are |
|
still set to match the target user. |
|
.IP "\-S" 4 |
|
.IX Item "-S" |
|
The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from |
|
the standard input instead of the terminal device. |
|
.IP "\-V" 4 |
|
.IX Item "-V" |
|
The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the version |
|
number and exit. If the invoking user is already root the \fB\-V\fR |
|
option will print out a list of the defaults \fBsudo\fR was compiled |
|
with as well as the machine's local network addresses. |
|
.IP "\-a" 4 |
|
.IX Item "-a" |
|
The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the |
|
specified authentication type when validating the user, as allowed |
|
by /etc/login.conf. The system administrator may specify a list |
|
of sudo-specific authentication methods by adding an \*(L"auth\-sudo\*(R" |
|
entry in /etc/login.conf. This option is only available on systems |
|
that support \s-1BSD\s0 authentication where \fBsudo\fR has been configured |
|
with the \-\-with\-bsdauth option. |
|
.IP "\-b" 4 |
|
.IX Item "-b" |
|
The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given |
|
command in the background. Note that if you use the \fB\-b\fR |
|
option you cannot use shell job control to manipulate the process. |
|
.IP "\-c" 4 |
|
.IX Item "-c" |
|
The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command |
|
with resources limited by the specified login class. The \fIclass\fR |
|
argument can be either a class name as defined in /etc/login.conf, |
|
or a single '\-' character. Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates |
|
that the command should be run restricted by the default login |
|
capabilities for the user the command is run as. If the \fIclass\fR |
|
argument specifies an existing user class, the command must be run |
|
as root, or the \fBsudo\fR command must be run from a shell that is already |
|
root. This option is only available on systems with \s-1BSD\s0 login classes |
|
where \fBsudo\fR has been configured with the \-\-with\-logincap option. |
|
.IP "\-e" 4 |
|
.IX Item "-e" |
|
The \fB\-e\fR (\fIedit\fR) option indicates that, instead of running |
|
a command, the user wishes to edit one or more files. In lieu |
|
of a command, the string \*(L"sudoedit\*(R" is used when consulting |
|
the \fIsudoers\fR file. If the user is authorized by \fIsudoers\fR |
|
the following steps are taken: |
|
.RS 4 |
|
.IP "1." 8 |
|
Temporary copies are made of the files to be edited with the owner |
|
set to the invoking user. |
|
.IP "2." 8 |
|
The editor specified by the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment |
|
variables is run to edit the temporary files. If neither \f(CW\*(C`VISUAL\*(C'\fR |
|
nor \f(CW\*(C`EDITOR\*(C'\fR are set, the program listed in the \fIeditor\fR \fIsudoers\fR |
|
variable is used. |
|
.IP "3." 8 |
|
If they have been modified, the temporary files are copied back to |
|
their original location and the temporary versions are removed. |
|
.RE |
|
.RS 4 |
|
.Sp |
|
If the specified file does not exist, it will be created. Note |
|
that unlike most commands run by \fBsudo\fR, the editor is run with |
|
the invoking user's environment unmodified. If, for some reason, |
|
\&\fBsudo\fR is unable to update a file with its edited version, the |
|
user will receive a warning and the edited copy will remain in a |
|
temporary file. |
|
.RE |
.IP "\-h" 4 |
.IP "\-h" 4 |
.IX Item "-h" |
.IX Item "-h" |
The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. |
The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. |
.IP "\-v" 4 |
.IP "\-i" 4 |
.IX Item "-v" |
.IX Item "-i" |
If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the |
The \fB\-i\fR (\fIsimulate initial login\fR) option runs the shell specified |
user's timestamp, prompting for the user's password if necessary. |
in the passwd(5) entry of the user that the command is |
This extends the \fBsudo\fR timeout for another \f(CW\*(C`5\*(C'\fR minutes |
being run as. The command name argument given to the shell begins |
(or whatever the timeout is set to in \fIsudoers\fR) but does not run |
with a \f(CW\*(C`\-\*(C'\fR to tell the shell to run as a login shell. \fBsudo\fR |
a command. |
attempts to change to that user's home directory before running the |
|
shell. It also initializes the environment, leaving \fI\s-1TERM\s0\fR |
|
unchanged, setting \fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, \fI\s-1LOGNAME\s0\fR, and |
|
\&\fI\s-1PATH\s0\fR, and unsetting all other environment variables. Note that |
|
because the shell to use is determined before the \fIsudoers\fR file |
|
is parsed, a \fIrunas_default\fR setting in \fIsudoers\fR will specify |
|
the user to run the shell as but will not affect which shell is |
|
actually run. |
.IP "\-k" 4 |
.IP "\-k" 4 |
.IX Item "-k" |
.IX Item "-k" |
The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp |
The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp |
|
|
run a password will be required. This option does not require a password |
run a password will be required. This option does not require a password |
and was added to allow a user to revoke \fBsudo\fR permissions from a .logout |
and was added to allow a user to revoke \fBsudo\fR permissions from a .logout |
file. |
file. |
.IP "\-K" 4 |
.IP "\-l" 4 |
.IX Item "-K" |
.IX Item "-l" |
The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp |
The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and |
entirely. Likewise, this option does not require a password. |
forbidden) commands for the user on the current host. |
.IP "\-b" 4 |
|
.IX Item "-b" |
|
The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given |
|
command in the background. Note that if you use the \fB\-b\fR |
|
option you cannot use shell job control to manipulate the process. |
|
.IP "\-p" 4 |
.IP "\-p" 4 |
.IX Item "-p" |
.IX Item "-p" |
The \fB\-p\fR (\fIprompt\fR) option allows you to override the default |
The \fB\-p\fR (\fIprompt\fR) option allows you to override the default |
|
|
.ie n .IP "\*(C`%%\*(C'" 8 |
.ie n .IP "\*(C`%%\*(C'" 8 |
.el .IP "\f(CW\*(C`%%\*(C'\fR" 8 |
.el .IP "\f(CW\*(C`%%\*(C'\fR" 8 |
.IX Item "%%" |
.IX Item "%%" |
two consecutive \f(CW\*(C`%\*(C'\fR characters are collaped into a single \f(CW\*(C`%\*(C'\fR character |
two consecutive \f(CW\*(C`%\*(C'\fR characters are collapsed into a single \f(CW\*(C`%\*(C'\fR character |
.RE |
.RE |
.RS 4 |
.RS 4 |
.RE |
.RE |
.IP "\-c" 4 |
|
.IX Item "-c" |
|
The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command |
|
with resources limited by the specified login class. The \fIclass\fR |
|
argument can be either a class name as defined in /etc/login.conf, |
|
or a single '\-' character. Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates |
|
that the command should be run restricted by the default login |
|
capabilities for the user the command is run as. If the \fIclass\fR |
|
argument specifies an existing user class, the command must be run |
|
as root, or the \fBsudo\fR command must be run from a shell that is already |
|
root. This option is only available on systems with \s-1BSD\s0 login classes |
|
where \fBsudo\fR has been configured with the \-\-with\-logincap option. |
|
.IP "\-a" 4 |
|
.IX Item "-a" |
|
The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the |
|
specified authentication type when validating the user, as allowed |
|
by /etc/login.conf. The system administrator may specify a list |
|
of sudo-specific authentication methods by adding an \*(L"auth\-sudo\*(R" |
|
entry in /etc/login.conf. This option is only available on systems |
|
that support \s-1BSD\s0 authentication where \fBsudo\fR has been configured |
|
with the \-\-with\-bsdauth option. |
|
.IP "\-u" 4 |
|
.IX Item "-u" |
|
The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command |
|
as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a |
|
\&\fIusername\fR, use \fI#uid\fR. |
|
.IP "\-s" 4 |
.IP "\-s" 4 |
.IX Item "-s" |
.IX Item "-s" |
The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR |
The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR |
environment variable if it is set or the shell as specified |
environment variable if it is set or the shell as specified |
in \fIpasswd\fR\|(5). |
in passwd(5). |
.IP "\-H" 4 |
.IP "\-u" 4 |
.IX Item "-H" |
.IX Item "-u" |
The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable |
The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command |
to the homedir of the target user (root by default) as specified |
as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a |
in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR. |
\&\fIusername\fR, use \fI#uid\fR. Note that if the \fItargetpw\fR Defaults |
.IP "\-P" 4 |
option is set (see sudoers(5)) it is not possible |
.IX Item "-P" |
to run commands with a uid not listed in the password database. |
The \fB\-P\fR (\fIpreserve group vector\fR) option causes \fBsudo\fR to preserve |
.IP "\-v" 4 |
the user's group vector unaltered. By default, \fBsudo\fR will initialize |
.IX Item "-v" |
the group vector to the list of groups the target user is in. |
If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the |
The real and effective group IDs, however, are still set to match |
user's timestamp, prompting for the user's password if necessary. |
the target user. |
This extends the \fBsudo\fR timeout for another \f(CW\*(C`5\*(C'\fR minutes |
.IP "\-S" 4 |
(or whatever the timeout is set to in \fIsudoers\fR) but does not run |
.IX Item "-S" |
a command. |
The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from |
|
standard input instead of the terminal device. |
|
.IP "\-\-" 4 |
.IP "\-\-" 4 |
The \fB\-\-\fR flag indicates that \fBsudo\fR should stop processing command |
The \fB\-\-\fR flag indicates that \fBsudo\fR should stop processing command |
line arguments. It is most useful in conjunction with the \fB\-s\fR flag. |
line arguments. It is most useful in conjunction with the \fB\-s\fR flag. |
|
|
of this, care must be taken when giving users access to commands |
of this, care must be taken when giving users access to commands |
via \fBsudo\fR to verify that the command does not inadvertently give |
via \fBsudo\fR to verify that the command does not inadvertently give |
the user an effective root shell. |
the user an effective root shell. |
.SH "EXAMPLES" |
.SH "ENVIRONMENT" |
.IX Header "EXAMPLES" |
.IX Header "ENVIRONMENT" |
Note: the following examples assume suitable \fIsudoers\fR\|(5) entries. |
\&\fBsudo\fR utilizes the following environment variables: |
.PP |
.PP |
To get a file listing of an unreadable directory: |
.Vb 2 |
|
\& EDITOR Default editor to use in -e (sudoedit) mode if |
|
\& VISUAL is not set |
|
.Ve |
.PP |
.PP |
.Vb 1 |
.Vb 3 |
\& % sudo ls /usr/local/protected |
\& HOME In -s or -H mode (or if sudo was configured with |
|
\& the --enable-shell-sets-home option), set to |
|
\& homedir of the target user |
.Ve |
.Ve |
.PP |
.PP |
To list the home directory of user yazza on a machine where the |
.Vb 2 |
filesystem holding ~yazza is not exported as root: |
\& PATH Set to a sane value if sudo was configured with |
|
\& the --with-secure-path option |
|
.Ve |
.PP |
.PP |
.Vb 1 |
.Vb 1 |
\& % sudo -u yazza ls ~yazza |
\& SHELL Used to determine shell to run with -s option |
.Ve |
.Ve |
.PP |
.PP |
To edit the \fIindex.html\fR file as user www: |
.Vb 1 |
|
\& SUDO_PROMPT Used as the default password prompt |
|
.Ve |
.PP |
.PP |
.Vb 1 |
.Vb 1 |
\& % sudo -u www vi ~www/htdocs/index.html |
\& SUDO_COMMAND Set to the command run by sudo |
.Ve |
.Ve |
.PP |
.PP |
To shutdown a machine: |
.Vb 1 |
|
\& SUDO_USER Set to the login of the user who invoked sudo |
|
.Ve |
.PP |
.PP |
.Vb 1 |
.Vb 1 |
\& % sudo shutdown -r +15 "quick reboot" |
\& SUDO_UID Set to the uid of the user who invoked sudo |
.Ve |
.Ve |
.PP |
.PP |
To make a usage listing of the directories in the /home |
.Vb 1 |
partition. Note that this runs the commands in a sub-shell |
\& SUDO_GID Set to the gid of the user who invoked sudo |
to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. |
.Ve |
.PP |
.PP |
.Vb 1 |
.Vb 1 |
\& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" |
\& SUDO_PS1 If set, PS1 will be set to its value |
.Ve |
.Ve |
.SH "ENVIRONMENT" |
|
.IX Header "ENVIRONMENT" |
|
\&\fBsudo\fR utilizes the following environment variables: |
|
.PP |
.PP |
.Vb 13 |
.Vb 2 |
\& PATH Set to a sane value if SECURE_PATH is set |
|
\& SHELL Used to determine shell to run with -s option |
|
\& USER Set to the target user (root unless the -u option |
\& USER Set to the target user (root unless the -u option |
\& is specified) |
\& is specified) |
\& HOME In -s or -H mode (or if sudo was configured with |
|
\& the --enable-shell-sets-home option), set to |
|
\& homedir of the target user. |
|
\& SUDO_PROMPT Used as the default password prompt |
|
\& SUDO_COMMAND Set to the command run by sudo |
|
\& SUDO_USER Set to the login of the user who invoked sudo |
|
\& SUDO_UID Set to the uid of the user who invoked sudo |
|
\& SUDO_GID Set to the gid of the user who invoked sudo |
|
\& SUDO_PS1 If set, PS1 will be set to its value |
|
.Ve |
.Ve |
|
.PP |
|
.Vb 1 |
|
\& VISUAL Default editor to use in -e (sudoedit) mode |
|
.Ve |
.SH "FILES" |
.SH "FILES" |
.IX Header "FILES" |
.IX Header "FILES" |
.Vb 2 |
.Vb 2 |
\& /etc/sudoers List of who can run what |
\& /etc/sudoers List of who can run what |
\& /var/run/sudo Directory containing timestamps |
\& /var/run/sudo Directory containing timestamps |
.Ve |
.Ve |
|
.SH "EXAMPLES" |
|
.IX Header "EXAMPLES" |
|
Note: the following examples assume suitable sudoers(5) entries. |
|
.PP |
|
To get a file listing of an unreadable directory: |
|
.PP |
|
.Vb 1 |
|
\& $ sudo ls /usr/local/protected |
|
.Ve |
|
.PP |
|
To list the home directory of user yazza on a machine where the |
|
file system holding ~yazza is not exported as root: |
|
.PP |
|
.Vb 1 |
|
\& $ sudo -u yazza ls ~yazza |
|
.Ve |
|
.PP |
|
To edit the \fIindex.html\fR file as user www: |
|
.PP |
|
.Vb 1 |
|
\& $ sudo -u www vi ~www/htdocs/index.html |
|
.Ve |
|
.PP |
|
To shutdown a machine: |
|
.PP |
|
.Vb 1 |
|
\& $ sudo shutdown -r +15 "quick reboot" |
|
.Ve |
|
.PP |
|
To make a usage listing of the directories in the /home |
|
partition. Note that this runs the commands in a sub-shell |
|
to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. |
|
.PP |
|
.Vb 1 |
|
\& $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" |
|
.Ve |
|
.SH "SEE ALSO" |
|
.IX Header "SEE ALSO" |
|
\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \fIlogin_cap\fR\|(3), sudoers(5), |
|
passwd(5), visudo(8) |
.SH "AUTHORS" |
.SH "AUTHORS" |
.IX Header "AUTHORS" |
.IX Header "AUTHORS" |
Many people have worked on \fBsudo\fR over the years; this |
Many people have worked on \fBsudo\fR over the years; this |
|
|
See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution or visit |
See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution or visit |
http://www.sudo.ws/sudo/history.html for a short history |
http://www.sudo.ws/sudo/history.html for a short history |
of \fBsudo\fR. |
of \fBsudo\fR. |
|
.SH "CAVEATS" |
|
.IX Header "CAVEATS" |
|
There is no easy way to prevent a user from gaining a root shell |
|
if that user is allowed to run arbitrary commands via \fBsudo\fR. |
|
Also, many programs (such as editors) allow the user to run commands |
|
via shell escapes, thus avoiding \fBsudo\fR's checks. However, on |
|
most systems it is possible to prevent shell escapes with \fBsudo\fR's |
|
\&\fInoexec\fR functionality. See the sudoers(5) manual |
|
for details. |
|
.PP |
|
It is not meaningful to run the \f(CW\*(C`cd\*(C'\fR command directly via sudo, e.g. |
|
.PP |
|
.Vb 1 |
|
\& $ sudo cd /usr/local/protected |
|
.Ve |
|
.PP |
|
since when whe command exits the parent process (your shell) will |
|
still be the same. Please see the \s-1EXAMPLES\s0 section for more information. |
|
.PP |
|
If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from |
|
creating their own program that gives them a root shell regardless |
|
of any '!' elements in the user specification. |
|
.PP |
|
Running shell scripts via \fBsudo\fR can expose the same kernel bugs that |
|
make setuid shell scripts unsafe on some operating systems (if your \s-1OS\s0 |
|
has a /dev/fd/ directory, setuid shell scripts are generally safe). |
.SH "BUGS" |
.SH "BUGS" |
.IX Header "BUGS" |
.IX Header "BUGS" |
If you feel you have found a bug in sudo, please submit a bug report |
If you feel you have found a bug in \fBsudo\fR, please submit a bug report |
at http://www.sudo.ws/sudo/bugs/ |
at http://www.sudo.ws/sudo/bugs/ |
|
.SH "SUPPORT" |
|
.IX Header "SUPPORT" |
|
Commercial support is available for \fBsudo\fR, see |
|
http://www.sudo.ws/sudo/support.html for details. |
|
.PP |
|
Limited free support is available via the sudo-users mailing list, |
|
see http://www.sudo.ws/mailman/listinfo/sudo\-users to subscribe or |
|
search the archives. |
.SH "DISCLAIMER" |
.SH "DISCLAIMER" |
.IX Header "DISCLAIMER" |
.IX Header "DISCLAIMER" |
\&\fBSudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, |
\&\fBSudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, |
including, but not limited to, the implied warranties of merchantability |
including, but not limited to, the implied warranties of merchantability |
and fitness for a particular purpose are disclaimed. |
and fitness for a particular purpose are disclaimed. See the \s-1LICENSE\s0 |
See the \s-1LICENSE\s0 file distributed with \fBsudo\fR for complete details. |
file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html |
.SH "CAVEATS" |
for complete details. |
.IX Header "CAVEATS" |
|
There is no easy way to prevent a user from gaining a root shell if |
|
that user has access to commands allowing shell escapes. |
|
.PP |
|
If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from creating |
|
their own program that gives them a root shell regardless of any '!' |
|
elements in the user specification. |
|
.PP |
|
Running shell scripts via \fBsudo\fR can expose the same kernel bugs |
|
that make setuid shell scripts unsafe on some operating systems |
|
(if your \s-1OS\s0 supports the /dev/fd/ directory, setuid shell scripts |
|
are generally safe). |
|
.SH "SEE ALSO" |
|
.IX Header "SEE ALSO" |
|
\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIsudoers\fR\|(5), \fIpasswd\fR\|(5), \fIvisudo\fR\|(8) |
|