Annotation of src/usr.bin/sudo/sudo.8, Revision 1.6
1.1 millert 1: .rn '' }`
1.6 ! pjanzen 2: ''' $RCSfile: sudo.8,v $$Revision: 1.5 $$Date: 2000/11/21 17:58:44 $
1.4 millert 3: '''
4: ''' $Log: sudo.8,v $
1.6 ! pjanzen 5: ''' Revision 1.5 2000/11/21 17:58:44 millert
! 6: ''' A few updates from the sudo developement tree:
! 7: ''' - Add bsd authentication support (currently disabled)
! 8: ''' - Always check setenv() return value
! 9: ''' - Fix umask disabling
! 10: '''
1.5 millert 11: ''' Revision 1.4 2000/04/10 02:28:36 millert
12: ''' Remove extra backslash, noted by marc@snafu.org
13: '''
1.4 millert 14: ''' Revision 1.3 2000/03/27 03:44:38 millert
15: ''' sudo 1.6.3; see http://www.courtesan.com/sudo/current.html for a list
16: ''' of changes.
1.1 millert 17: '''
1.3 millert 18: ''' Revision 1.3 2000/03/27 03:26:23 millert
19: ''' Use 8 and 5 in the man page bodies as well.
1.1 millert 20: '''
21: '''
22: .de Sh
23: .br
24: .if t .Sp
25: .ne 5
26: .PP
27: \fB\\$1\fR
28: .PP
29: ..
30: .de Sp
31: .if t .sp .5v
32: .if n .sp
33: ..
34: .de Ip
35: .br
36: .ie \\n(.$>=3 .ne \\$3
37: .el .ne 3
38: .IP "\\$1" \\$2
39: ..
40: .de Vb
41: .ft CW
42: .nf
43: .ne \\$1
44: ..
45: .de Ve
46: .ft R
47:
48: .fi
49: ..
50: '''
51: '''
52: ''' Set up \*(-- to give an unbreakable dash;
53: ''' string Tr holds user defined translation string.
54: ''' Bell System Logo is used as a dummy character.
55: '''
56: .tr \(*W-|\(bv\*(Tr
57: .ie n \{\
58: .ds -- \(*W-
59: .ds PI pi
60: .if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
61: .if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
62: .ds L" ""
63: .ds R" ""
64: ''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
65: ''' \*(L" and \*(R", except that they are used on ".xx" lines,
66: ''' such as .IP and .SH, which do another additional levels of
67: ''' double-quote interpretation
68: .ds M" """
69: .ds S" """
70: .ds N" """""
71: .ds T" """""
72: .ds L' '
73: .ds R' '
74: .ds M' '
75: .ds S' '
76: .ds N' '
77: .ds T' '
78: 'br\}
79: .el\{\
80: .ds -- \(em\|
81: .tr \*(Tr
82: .ds L" ``
83: .ds R" ''
84: .ds M" ``
85: .ds S" ''
86: .ds N" ``
87: .ds T" ''
88: .ds L' `
89: .ds R' '
90: .ds M' `
91: .ds S' '
92: .ds N' `
93: .ds T' '
94: .ds PI \(*p
95: 'br\}
96: .\" If the F register is turned on, we'll generate
97: .\" index entries out stderr for the following things:
98: .\" TH Title
99: .\" SH Header
100: .\" Sh Subsection
101: .\" Ip Item
102: .\" X<> Xref (embedded
103: .\" Of course, you have to process the output yourself
1.6 ! pjanzen 104: .\" in some meaningful fashion.
1.1 millert 105: .if \nF \{
106: .de IX
107: .tm Index:\\$1\t\\n%\t"\\$2"
108: ..
109: .nr % 0
110: .rr F
111: .\}
1.3 millert 112: .TH sudo 8 "1.6.3" "26/Mar/2000" "MAINTENANCE COMMANDS"
1.1 millert 113: .UC
114: .if n .hy 0
115: .if n .na
116: .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
117: .de CQ \" put $1 in typewriter font
118: .ft CW
119: 'if n "\c
120: 'if t \\&\\$1\c
121: 'if n \\&\\$1\c
122: 'if n \&"
123: \\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
124: '.ft R
125: ..
126: .\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
127: . \" AM - accent mark definitions
128: .bd B 3
129: . \" fudge factors for nroff and troff
130: .if n \{\
131: . ds #H 0
132: . ds #V .8m
133: . ds #F .3m
134: . ds #[ \f1
135: . ds #] \fP
136: .\}
137: .if t \{\
138: . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
139: . ds #V .6m
140: . ds #F 0
141: . ds #[ \&
142: . ds #] \&
143: .\}
144: . \" simple accents for nroff and troff
145: .if n \{\
146: . ds ' \&
147: . ds ` \&
148: . ds ^ \&
149: . ds , \&
150: . ds ~ ~
151: . ds ? ?
152: . ds ! !
153: . ds /
154: . ds q
155: .\}
156: .if t \{\
157: . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
158: . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
159: . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
160: . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
161: . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
162: . ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
163: . ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
164: . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
165: . ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
166: .\}
167: . \" troff and (daisy-wheel) nroff accents
168: .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
169: .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
170: .ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
171: .ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
172: .ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
173: .ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
174: .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
175: .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
176: .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
177: .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
178: .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
179: .ds ae a\h'-(\w'a'u*4/10)'e
180: .ds Ae A\h'-(\w'A'u*4/10)'E
181: .ds oe o\h'-(\w'o'u*4/10)'e
182: .ds Oe O\h'-(\w'O'u*4/10)'E
183: . \" corrections for vroff
184: .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
185: .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
186: . \" for low resolution devices (crt and lpr)
187: .if \n(.H>23 .if \n(.V>19 \
188: \{\
189: . ds : e
190: . ds 8 ss
191: . ds v \h'-1'\o'\(aa\(ga'
192: . ds _ \h'-1'^
193: . ds . \h'-1'.
194: . ds 3 3
195: . ds o a
196: . ds d- d\h'-1'\(ga
197: . ds D- D\h'-1'\(hy
198: . ds th \o'bp'
199: . ds Th \o'LP'
200: . ds ae ae
201: . ds Ae AE
202: . ds oe oe
203: . ds Oe OE
204: .\}
205: .rm #[ #] #H #V #F C
206: .SH "NAME"
207: sudo \- execute a command as another user
208: .SH "SYNOPSIS"
1.3 millert 209: \fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR |
1.5 millert 210: [ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-c\fR \fIclass\fR|\fI-\fR ]
211: [ \fB\-a\fR \fIauth_type\fR ]
1.3 millert 212: [ \fB\-u\fR username/#uid ] \fIcommand\fR
1.1 millert 213: .SH "DESCRIPTION"
214: \fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
215: superuser or another user, as specified in the sudoers file. The
216: real and effective uid and gid are set to match those of the target
217: user as specified in the passwd file (the group vector is also
1.2 millert 218: initialized when the target user is not root). By default, \fBsudo\fR
219: requires that users authenticate themselves with a password
220: (NOTE: this is the user's password, not the root password). Once
221: a user has been authenticated, a timestamp is updated and the
222: user may then use sudo without a password for a short period of time
223: (five minutes by default).
1.1 millert 224: .PP
225: \fBsudo\fR determines who is an authorized user by consulting the
226: file \fI/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user
227: can update the time stamp without running a \fIcommand.\fR
228: The password prompt itself will also time out if the user's password is
229: not entered with N minutes (again, this is defined at configure
230: time and defaults to 5 minutes).
231: .PP
232: If a user that is not listed in the \fIsudoers\fR file tries to run
233: a command via \fBsudo\fR, mail is sent to the proper authorities,
234: as defined at configure time (defaults to root). Note that the
235: mail will not be sent if an unauthorized user tries to run sudo
236: with the \f(CW-l\fR or \f(CW-v\fR flags. This allows users to determine
237: for themselves whether or not they are allowed to use \fBsudo\fR.
238: .PP
1.6 ! pjanzen 239: \fBsudo\fR can log both successful and unsuccessful attempts (as well
1.1 millert 240: as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR
241: will log via \fIsyslog\fR\|(3) but this is changeable at configure time.
242: .SH "OPTIONS"
243: \fBsudo\fR accepts the following command line options:
244: .Ip "-V" 4
245: The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the
246: version number and exit.
247: .Ip "-l" 4
248: The \f(CW-l\fR (\fIlist\fR) option will list out the allowed (and
249: forbidden) commands for the user on the current host.
250: .Ip "-L" 4
251: The \f(CW-L\fR (\fIlist\fR defaults) option will list out the parameters
252: that may be set in a \fIDefaults\fR line along with a short description
253: for each. This option is useful in conjunction with \fIgrep\fR\|(1).
254: .Ip "-h" 4
255: The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
256: .Ip "-v" 4
257: If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
258: user's timestamp, prompting for the user's password if necessary.
259: This extends the \fBsudo\fR timeout to for another N minutes
260: (where N is defined at installation time and defaults to 5
261: minutes) but does not run a command.
262: .Ip "-k" 4
263: The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
264: by setting the time on it to the epoch. The next time \fBsudo\fR is
265: run a password will be required. This option does not require a password
266: and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
267: file.
268: .Ip "-K" 4
269: The \f(CW-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
270: entirely. This option does not require a password.
271: .Ip "-b" 4
272: The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
273: command in the background. Note that if you use the \f(CW-b\fR
274: option you cannot use shell job control to manipulate the command.
275: .Ip "-p" 4
276: The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default
277: password prompt and use a custom one. If the password prompt
278: contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced with the user's
279: login name. Similarly, \f(CW%h\fR will be replaced with the local
280: hostname.
1.5 millert 281: .Ip "\-c" 4
282: .IX Item "-c"
283: The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
284: with resources limited by the specified login class. The \fIclass\fR
285: argument can be either a class name as defined in /etc/login.conf,
286: or a single '\-' character. Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates
287: that the command should be run restricted by the default login
1.6 ! pjanzen 288: capabilities for the user the command is run as. If the \fIclass\fR
1.5 millert 289: argument specifies an existing user class, the command must be run
290: as root, or the \fBsudo\fR command must be run from a shell that is already
291: root. This option is only available on systems with \s-1BSD\s0 login classes
292: where \fBsudo\fR has been configured with the \-\-with-logincap option.
293: .Ip "\-a" 4
294: .IX Item "-a"
295: The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
296: specified authentication type when validating the user, as allowed
297: by /etc/login.conf. The system administrator may specify a list
298: of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R"
299: entry in /etc/login.conf. This option is only available on systems
300: that support \s-1BSD\s0 authentication where \fBsudo\fR has been configured
301: with the \-\-with-bsdauth option.
1.1 millert 302: .Ip "-u" 4
1.3 millert 303: The \f(CW-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
1.1 millert 304: as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a
305: \fIusername\fR, use \*(L"#uid\*(R".
306: .Ip "-s" 4
307: The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
308: environment variable if it is set or the shell as specified
309: in \fIpasswd\fR\|(5).
310: .Ip "-H" 4
311: The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable
312: to the homedir of the target user (root by default) as specified
313: in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR.
1.3 millert 314: .Ip "-S" 4
315: The \f(CW-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
316: standard input instead of the terminal device.
1.1 millert 317: .Ip "--" 4
318: The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command
319: line arguments. It is most useful in conjunction with the \f(CW-s\fR flag.
320: .SH "RETURN VALUES"
321: \fBsudo\fR quits with an exit value of 1 if there is a
322: configuration/permission problem or if \fBsudo\fR cannot execute the
323: given command. In the latter case the error string is printed to
324: stderr. If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's
325: \f(CWPATH\fR an error is printed on stderr. (If the directory does not
326: exist or if it is not really a directory, the entry is ignored and
327: no error is printed.) This should not happen under normal
328: circumstances. The most common reason for \fIstat\fR\|(2) to return
329: \*(L"permission denied\*(R" is if you are running an automounter and one
330: of the directories in your \f(CWPATH\fR is on a machine that is currently
331: unreachable.
332: .SH "SECURITY NOTES"
333: \fBsudo\fR tries to be safe when executing external commands. Variables
334: that control how dynamic loading and binding is done can be used
335: to subvert the program that \fBsudo\fR runs. To combat this the
336: \f(CWLD_*\fR, \f(CW_RLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), and \f(CWLIBPATH\fR (AIX
337: only) environment variables are removed from the environment passed
338: on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR,
339: \f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR, \f(CWKRB5_CONFIG\fR, \f(CWLOCALDOMAIN\fR,
340: \f(CWRES_OPTIONS\fR and \f(CWHOSTALIASES\fR variables as they too can pose a
341: threat.
342: .PP
343: To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting
344: current directory) last when searching for a command in the user's
345: PATH (if one or both are in the PATH). Note, however, that the
346: actual \f(CWPATH\fR environment variable is \fInot\fR modified and is passed
347: unchanged to the program that \fBsudo\fR executes.
348: .PP
349: For security reasons, if your OS supports shared libraries and does
350: not disable user-defined library search paths for setuid programs
351: (most do), you should either use a linker option that disables this
352: behavior or link \fBsudo\fR statically.
353: .PP
354: \fBsudo\fR will check the ownership of its timestamp directory
1.3 millert 355: (\fI/var/run/sudo\fR by default) and ignore the directory's contents if
356: it is not owned by root and only writable by root. On systems that
357: allow non-root users to give away files via \fIchown\fR\|(2), if the timestamp
1.6 ! pjanzen 358: directory is located in a directory writable by anyone (e.g.: \fI/tmp\fR),
1.3 millert 359: it is possible for a user to create the timestamp directory before
360: \fBsudo\fR is run. However, because \fBsudo\fR checks the ownership and
361: mode of the directory and its contents, the only damage that can
362: be done is to \*(L"hide\*(R" files by putting them in the timestamp dir.
363: This is unlikely to happen since once the timestamp dir is owned
364: by root and inaccessible by any other user the user placing files
365: there would be unable to get them back out. To get around this
366: issue you can use a directory that is not world-writable for the
367: timestamps (\fI/var/adm/sudo\fR for instance) or create \fI/var/run/sudo\fR
368: with the appropriate owner (root) and permissions (0700) in the
369: system startup files.
1.1 millert 370: .PP
371: \fBsudo\fR will not honor timestamps set far in the future.
372: Timestamps with a date greater than current_time + 2 * \f(CWTIMEOUT\fR
373: will be ignored and sudo will log and complain. This is done to
374: keep a user from creating his/her own timestamp with a bogus
375: date on system that allow users to give away files.
376: .SH "EXAMPLES"
377: Note: the following examples assume suitable \fIsudoers\fR\|(5) entries.
378: .PP
379: To get a file listing of an unreadable directory:
380: .PP
381: .Vb 1
382: \& % sudo ls /usr/local/protected
383: .Ve
384: To list the home directory of user yazza on a machine where the
385: filesystem holding ~yazza is not exported as root:
386: .PP
387: .Vb 1
388: \& % sudo -u yazza ls ~yazza
389: .Ve
390: To edit the \fIindex.html\fR file as user www:
391: .PP
392: .Vb 1
393: \& % sudo -u www vi ~www/htdocs/index.html
394: .Ve
395: To shutdown a machine:
396: .PP
397: .Vb 1
398: \& % sudo shutdown -r +15 "quick reboot"
399: .Ve
400: To make a usage listing of the directories in the /home
401: partition. Note that this runs the commands in a sub-shell
402: to make the \f(CWcd\fR and file redirection work.
403: .PP
404: .Vb 1
405: \& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
406: .Ve
407: .SH "ENVIRONMENT"
408: \fBsudo\fR utilizes the following environment variables:
409: .PP
410: .Vb 13
411: \& PATH Set to a sane value if SECURE_PATH is set
412: \& SHELL Used to determine shell to run with -s option
413: \& USER Set to the target user (root unless the -u option
414: \& is specified)
415: \& HOME In -s or -H mode (or if sudo was configured with
416: \& the --enable-shell-sets-home option), set to
417: \& homedir of the target user.
418: \& SUDO_PROMPT Used as the default password prompt
419: \& SUDO_COMMAND Set to the command run by sudo
420: \& SUDO_USER Set to the login of the user who invoked sudo
421: \& SUDO_UID Set to the uid of the user who invoked sudo
422: \& SUDO_GID Set to the gid of the user who invoked sudo
423: \& SUDO_PS1 If set, PS1 will be set to its value
424: .Ve
425: .SH "FILES"
426: .PP
427: .Vb 2
428: \& /etc/sudoers List of who can run what
1.3 millert 429: \& /var/run/sudo Directory containing timestamps
1.1 millert 430: .Ve
431: .SH "AUTHORS"
1.6 ! pjanzen 432: Many people have worked on \fBsudo\fR over the years. This
1.1 millert 433: version consists of code written primarily by:
434: .PP
435: .Vb 2
436: \& Todd Miller
437: \& Chris Jepeway
438: .Ve
439: See the HISTORY file in the \fBsudo\fR distribution for a short history
440: of \fBsudo\fR.
441: .SH "BUGS"
442: If you feel you have found a bug in sudo, please submit a bug report
1.2 millert 443: at http://www.courtesan.com/sudo/bugs/
1.1 millert 444: .SH "DISCLAIMER"
445: \fBSudo\fR is provided ``AS IS'\*(R' and any express or implied warranties,
446: including, but not limited to, the implied warranties of merchantability
447: and fitness for a particular purpose are disclaimed.
448: See the LICENSE file distributed with \fBsudo\fR for complete details.
449: .SH "CAVEATS"
450: There is no easy way to prevent a user from gaining a root shell if
451: that user has access to commands allowing shell escapes.
452: .PP
453: If users have sudo \f(CWALL\fR there is nothing to prevent them from creating
454: their own program that gives them a root shell regardless of any \*(L'!\*(R'
455: elements in the user specification.
456: .PP
457: Running shell scripts via \fBsudo\fR can expose the same kernel bugs
458: that make setuid shell scripts unsafe on some operating systems
459: (if your OS supports the /dev/fd/ directory, setuid shell scripts
460: are generally safe).
461: .SH "SEE ALSO"
1.4 millert 462: \fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1).
1.1 millert 463:
464: .rn }` ''
465: .IX Title "sudo 8"
466: .IX Name "sudo - execute a command as another user"
467:
468: .IX Header "NAME"
469:
470: .IX Header "SYNOPSIS"
471:
472: .IX Header "DESCRIPTION"
473:
474: .IX Header "OPTIONS"
475:
476: .IX Item "-V"
477:
478: .IX Item "-l"
479:
480: .IX Item "-L"
481:
482: .IX Item "-h"
483:
484: .IX Item "-v"
485:
486: .IX Item "-k"
487:
488: .IX Item "-K"
489:
490: .IX Item "-b"
491:
492: .IX Item "-p"
493:
494: .IX Item "-u"
495:
496: .IX Item "-s"
497:
498: .IX Item "-H"
499:
1.3 millert 500: .IX Item "-S"
501:
1.1 millert 502: .IX Item "--"
503:
504: .IX Header "RETURN VALUES"
505:
506: .IX Header "SECURITY NOTES"
507:
508: .IX Header "EXAMPLES"
509:
510: .IX Header "ENVIRONMENT"
511:
512: .IX Header "FILES"
513:
514: .IX Header "AUTHORS"
515:
516: .IX Header "BUGS"
517:
518: .IX Header "DISCLAIMER"
519:
520: .IX Header "CAVEATS"
521:
522: .IX Header "SEE ALSO"
523: