Annotation of src/usr.bin/sudo/sudo.mdoc.in, Revision 1.1
1.1 ! millert 1: .\"
! 2: .\" Copyright (c) 1994-1996, 1998-2005, 2007-2012
! 3: .\" Todd C. Miller <Todd.Miller@courtesan.com>
! 4: .\"
! 5: .\" Permission to use, copy, modify, and distribute this software for any
! 6: .\" purpose with or without fee is hereby granted, provided that the above
! 7: .\" copyright notice and this permission notice appear in all copies.
! 8: .\"
! 9: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 16: .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 17: .\"
! 18: .\" Sponsored in part by the Defense Advanced Research Projects
! 19: .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
! 20: .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
! 21: .\"
! 22: .Dd $Mdocdate$
! 23: .Dt SUDO @mansectsu@
! 24: .Os
! 25: .Sh NAME
! 26: .Nm sudo ,
! 27: .Nm sudoedit
! 28: .Nd execute a command as another user
! 29: .Sh SYNOPSIS
! 30: .Nm sudo
! 31: .Fl h No | Fl K No | Fl k No | Fl L No | Fl V
! 32: .Nm sudo
! 33: .Fl v
! 34: .Op Fl AknS
! 35: .Bk -words
! 36: .Op Fl a Ar auth_type
! 37: .Ek
! 38: .Bk -words
! 39: .Op Fl g Ar group name No | Ar #gid
! 40: .Ek
! 41: .Bk -words
! 42: .Op Fl p Ar prompt
! 43: .Ek
! 44: .Bk -words
! 45: .Op Fl u Ar user name No | Ar #uid
! 46: .Ek
! 47: .Nm sudo
! 48: .Fl l Ns Op Ar l
! 49: .Op Fl AknS
! 50: .Bk -words
! 51: .Op Fl a Ar auth_type
! 52: .Ek
! 53: .Bk -words
! 54: .Op Fl g Ar group name No | Ar #gid
! 55: .Ek
! 56: .Bk -words
! 57: .Op Fl p Ar prompt
! 58: .Ek
! 59: .Bk -words
! 60: .Op Fl U Ar user name
! 61: .Ek
! 62: .Bk -words
! 63: .Op Fl u Ar user name No | Ar #uid
! 64: .Ek
! 65: .Op Ar command
! 66: .Nm sudo
! 67: .Op Fl AbEHnPS
! 68: .Bk -words
! 69: .Op Fl a Ar auth_type
! 70: .Ek
! 71: .Bk -words
! 72: .Op Fl C Ar fd
! 73: .Ek
! 74: .Bk -words
! 75: .Op Fl c Ar class No | Ar -
! 76: .Ek
! 77: .Bk -words
! 78: .Op Fl g Ar group name No | Ar #gid
! 79: .Ek
! 80: .Bk -words
! 81: .Op Fl p Ar prompt
! 82: .Ek
! 83: .Bk -words
! 84: .Op Fl u Ar user name No | Ar #uid
! 85: .Ek
! 86: .Bk -words
! 87: .Op Sy VAR Ns = Ns Ar value
! 88: .Ek
! 89: .Bk -words
! 90: .Fl i No | Fl s
! 91: .Ek
! 92: .Op Ar command
! 93: .Nm sudoedit
! 94: .Op Fl AnS
! 95: .Bk -words
! 96: .Op Fl a Ar auth_type
! 97: .Ek
! 98: .Bk -words
! 99: .Op Fl C Ar fd
! 100: .Ek
! 101: .Bk -words
! 102: .Op Fl c Ar class No | Ar -
! 103: .Ek
! 104: .Bk -words
! 105: .Op Fl g Ar group name No | Ar #gid
! 106: .Ek
! 107: .Bk -words
! 108: .Op Fl p Ar prompt
! 109: .Ek
! 110: .Bk -words
! 111: .Op Fl u Ar user name No | Ar #uid
! 112: .Ek
! 113: .Bk -words
! 114: file ...
! 115: .Ek
! 116: .Sh DESCRIPTION
! 117: .Nm sudo
! 118: allows a permitted user to execute a
! 119: .Ar command
! 120: as the superuser or another user, as specified by the
! 121: .Em sudoers
! 122: file.
! 123: The real and effective uid and gid are set to match those of the
! 124: target user, as specified in the password database, and the group
! 125: vector is initialized based on the group database (unless the
! 126: .Fl P
! 127: option was specified).
! 128: See the
! 129: .Sx Command Environment
! 130: section below for more details.
! 131: .Pp
! 132: .Nm sudo
! 133: determines who is an authorized user by consulting the file
! 134: .Pa @sysconfdir@/sudoers .
! 135: By running
! 136: .Nm sudo
! 137: with the
! 138: .Fl v
! 139: option, a user can update the time stamp without running a
! 140: .Ar command .
! 141: If authentication is required,
! 142: .Nm sudo
! 143: will exit if the user's password is not entered within a configurable
! 144: time limit.
! 145: The default password prompt timeout is
! 146: .Li @password_timeout@
! 147: minutes.
! 148: .Pp
! 149: When invoked as
! 150: .Nm sudoedit ,
! 151: the
! 152: .Fl e
! 153: option (described below), is implied.
! 154: .Pp
! 155: The options are as follows:
! 156: .Bl -tag -width Fl
! 157: .It Fl A
! 158: Normally, if
! 159: .Nm sudo
! 160: requires a password, it will read it from the user's terminal.
! 161: If the
! 162: .Fl A No ( Em askpass Ns No )
! 163: option is specified, a (possibly graphical) helper program is
! 164: executed to read the user's password and output the password to the
! 165: standard output.
! 166: If the
! 167: .Ev SUDO_ASKPASS
! 168: environment variable is set, it specifies the path to the helper
! 169: program.
! 170: Otherwise, the value specified by the
! 171: .Em askpass
! 172: option in
! 173: .Xr sudoers @mansectform@
! 174: is used.
! 175: If no askpass program is available,
! 176: .Nm sudo
! 177: will exit with an error.
! 178: .It Fl a Ar type
! 179: The
! 180: .Fl a No ( Em "authentication type" Ns No )
! 181: option causes
! 182: .Nm sudo
! 183: to use the specified authentication type when validating the user,
! 184: as allowed by
! 185: .Pa /etc/login.conf .
! 186: The system administrator may specify a list of sudo-specific
! 187: authentication methods by adding an
! 188: .Dq auth-sudo
! 189: entry in
! 190: .Pa /etc/login.conf .
! 191: This option is only available on systems that support BSD authentication.
! 192: .It Fl b
! 193: The
! 194: .Fl b No ( Em background Ns No )
! 195: option tells
! 196: .Nm sudo
! 197: to run the given command in the background.
! 198: Note that if you use the
! 199: .Fl b
! 200: option you cannot use shell job control to manipulate the process.
! 201: Most interactive commands will fail to work properly in background
! 202: mode.
! 203: .It Fl C Ar fd
! 204: Normally,
! 205: .Nm sudo
! 206: will close all open file descriptors other than standard input,
! 207: standard output and standard error.
! 208: The
! 209: .Fl C No ( Em close from Ns No )
! 210: option allows the user to specify a starting point above the standard
! 211: error (file descriptor three).
! 212: Values less than three are not permitted.
! 213: This option is only available when the administrator has enabled the
! 214: .Em closefrom_override
! 215: option in
! 216: .Xr sudoers @mansectform@ .
! 217: .It Fl c Ar class
! 218: The
! 219: .Fl c No ( Em class Ns No )
! 220: option causes
! 221: .Nm sudo
! 222: to run the specified command with resources limited by the specified
! 223: login class.
! 224: The
! 225: .Em class
! 226: argument can be either a class name as defined in
! 227: .Pa /etc/login.conf ,
! 228: or a single
! 229: .Ql \-
! 230: character.
! 231: Specifying a
! 232: .Ar class
! 233: of
! 234: .Li -
! 235: indicates that the command should be run restricted by the default
! 236: login capabilities for the user the command is run as.
! 237: If the
! 238: .Ar class
! 239: argument specifies an existing user class, the command must be run
! 240: as root, or the
! 241: .Nm sudo
! 242: command must be run from a shell that is already root.
! 243: This option is only available on systems with BSD login classes.
! 244: .It Fl E
! 245: The
! 246: .Fl E No ( Em preserve environment Ns No )
! 247: option will override the
! 248: .Em env_reset
! 249: option in
! 250: .Xr sudoers @mansectform@ .
! 251: It is only available when either the matching command has the
! 252: .Li SETENV
! 253: tag or the
! 254: .Em setenv
! 255: option is set in
! 256: .Xr sudoers @mansectform@ .
! 257: .Nm sudo
! 258: will return an error if the
! 259: .Fl E
! 260: option is specified and the user does not have permission to preserve
! 261: the environment.
! 262: .It Fl e
! 263: The
! 264: .Fl e No ( Em edit Ns No )
! 265: option indicates that, instead of running a command, the user wishes
! 266: to edit one or more files.
! 267: In lieu of a command, the string "sudoedit" is used when consulting the
! 268: .Em sudoers
! 269: file.
! 270: If the user is authorized by
! 271: .Em sudoers ,
! 272: the following steps are taken:
! 273: .Bl -enum -offset 4
! 274: .It
! 275: Temporary copies are made of the files to be edited with the owner
! 276: set to the invoking user.
! 277: .It
! 278: The editor specified by the
! 279: .Ev SUDO_EDITOR ,
! 280: .Ev VISUAL
! 281: or
! 282: .Ev EDITOR
! 283: environment variables (in that order) is run to edit the temporary files.
! 284: If none of
! 285: .Ev SUDO_EDITOR ,
! 286: .Ev VISUAL
! 287: or
! 288: .Ev EDITOR
! 289: are set, the first program listed in the
! 290: .Em editor
! 291: .Xr sudoers @mansectform@
! 292: option is used.
! 293: .It
! 294: If they have been modified, the temporary files are copied back to
! 295: their original location and the temporary versions are removed.
! 296: .El
! 297: .Pp
! 298: If the specified file does not exist, it will be created.
! 299: Note that unlike most commands run by
! 300: .Em sudo ,
! 301: the editor is run with the invoking user's environment unmodified.
! 302: If, for some reason,
! 303: .Nm sudo
! 304: is unable to update a file with its edited version, the user will
! 305: receive a warning and the edited copy will remain in a temporary
! 306: file.
! 307: .It Fl g Ar group
! 308: Normally,
! 309: .Nm sudo
! 310: runs a command with the primary group set to the one specified by
! 311: the password database for the user the command is being run as (by
! 312: default, root).
! 313: The
! 314: .Fl g No ( Em group Ns No )
! 315: option causes
! 316: .Nm sudo
! 317: to run the command with the primary group set to
! 318: .Ar group
! 319: instead.
! 320: To specify a
! 321: .Em gid
! 322: instead of a
! 323: .Em "group name" ,
! 324: use
! 325: .Em #gid .
! 326: When running commands as a
! 327: .Em gid ,
! 328: many shells require that the
! 329: .Ql #
! 330: be escaped with a backslash
! 331: .Pq Ql \e .
! 332: If no
! 333: .Fl u
! 334: option is specified, the command will be run as the invoking user
! 335: (not root).
! 336: In either case, the primary group will be set to
! 337: .Em group .
! 338: .It Fl H
! 339: The
! 340: .Fl H No ( Em HOME Ns No )
! 341: option option sets the
! 342: .Ev HOME
! 343: environment variable to the home directory of the target user (root
! 344: by default) as specified by the password database.
! 345: The default handling of the
! 346: .Ev HOME
! 347: environment variable depends on
! 348: .Xr sudoers @mansectform@
! 349: settings.
! 350: By default,
! 351: .Nm sudo
! 352: will not modify
! 353: .Ev HOME
! 354: (see
! 355: .Em set_home
! 356: and
! 357: .Em always_set_home
! 358: in
! 359: .Xr sudoers @mansectform@ ) .
! 360: .It Fl h
! 361: The
! 362: .Fl h No ( Em help Ns No )
! 363: option causes
! 364: .Nm sudo
! 365: to print a short help message to the standard output and exit.
! 366: .It Fl i Op Ar command
! 367: The
! 368: .Fl i No ( Em simulate initial login Ns No )
! 369: option runs the shell specified by the password database entry of
! 370: the target user as a login shell.
! 371: This means that login-specific resource files such as
! 372: .Pa .profile
! 373: or
! 374: .Pa .login
! 375: will be read by the shell.
! 376: If a command is specified, it is passed to the shell for execution
! 377: via the shell's
! 378: .Fl c
! 379: option.
! 380: If no command is specified, an interactive shell is executed.
! 381: .Nm sudo
! 382: attempts to change to that user's home directory before running the
! 383: shell.
! 384: It also initializes the environment to a minimal
! 385: set of variables, similar to what is present when a user logs in.
! 386: The
! 387: .Sx Command Environment
! 388: section below documents in detail how the
! 389: .Fl i
! 390: option affects the environment in which a command is run.
! 391: .It Fl K
! 392: The
! 393: .Fl K No ( sure Em kill Ns No )
! 394: option is like
! 395: .Fl k
! 396: except that it removes the user's time stamp file entirely and
! 397: may not be used in conjunction with a command or other option.
! 398: This option does not require a password.
! 399: .It Fl k Op Ar command
! 400: When used alone, the
! 401: .Fl k No ( Em kill Ns No )
! 402: option to
! 403: .Nm sudo
! 404: invalidates the user's time stamp file.
! 405: The next time
! 406: .Nm sudo
! 407: is run a password will be required.
! 408: This option does not require a password and was added to allow a
! 409: user to revoke
! 410: .Nm sudo
! 411: permissions from a
! 412: .Pa .logout
! 413: file.
! 414: .Pp
! 415: When used in conjunction with a command or an option that may require
! 416: a password, the
! 417: .Fl k
! 418: option will cause
! 419: .Nm sudo
! 420: to ignore the user's time stamp file.
! 421: As a result,
! 422: .Nm sudo
! 423: will prompt for a password (if one is required by
! 424: .Em sudoers )
! 425: and will not update the user's time stamp file.
! 426: .It Fl L
! 427: The
! 428: .Fl L No ( Em list No defaults Ns )
! 429: option will list the parameters that
! 430: may be set in a
! 431: .Em Defaults
! 432: line along with a short description for each.
! 433: This option will be removed from a future version of
! 434: .Nm sudo .
! 435: .It Fl l Ns Oo Sy l Oc Op Ar command
! 436: If no
! 437: .Ar command
! 438: is specified, the
! 439: .Fl l No ( Em list Ns No )
! 440: option will list the allowed (and forbidden) commands for the
! 441: invoking user (or the user specified by the
! 442: .Fl U
! 443: option) on the current host.
! 444: If a
! 445: .Ar command
! 446: is specified and is permitted by
! 447: .Em sudoers ,
! 448: the fully-qualified
! 449: path to the command is displayed along with any command line
! 450: arguments.
! 451: If
! 452: .Ar command
! 453: is specified but not allowed,
! 454: .Nm sudo
! 455: will exit with a status value of 1.
! 456: If the
! 457: .Fl l
! 458: option is specified with an
! 459: .Ar l
! 460: argument
! 461: .Pq i.e.\& Fl ll ,
! 462: or if
! 463: .Fl l
! 464: is specified multiple times, a longer list format is used.
! 465: .It Fl n
! 466: The
! 467: .Fl n No ( Em non-interactive Ns No )
! 468: option prevents
! 469: .Nm sudo
! 470: from prompting the user for a password.
! 471: If a password is required for the command to run,
! 472: .Nm sudo
! 473: will display an error message and exit.
! 474: .It Fl P
! 475: The
! 476: .Fl P No ( Em preserve group vector Ns No )
! 477: option causes
! 478: .Nm sudo
! 479: to preserve the invoking user's group vector unaltered.
! 480: By default,
! 481: .Nm sudo
! 482: will initialize the group vector to the list of groups the
! 483: target user is in.
! 484: The real and effective group IDs, however, are still set to match
! 485: the target user.
! 486: .It Fl p Ar prompt
! 487: The
! 488: .Fl p No ( Em prompt Ns No )
! 489: option allows you to override the default password prompt and use
! 490: a custom one.
! 491: The following percent
! 492: .Pq Ql %
! 493: escapes are supported:
! 494: .Bl -tag -width 2n
! 495: .It Li %H
! 496: expanded to the host name including the domain name (on if the
! 497: machine's host name is fully qualified or the
! 498: .Em fqdn
! 499: option is set in
! 500: .Xr sudoers @mansectform@ )
! 501: .It Li %h
! 502: expanded to the local host name without the domain name
! 503: .It Li %p
! 504: expanded to the name of the user whose password is being requested
! 505: (respects the
! 506: .Em rootpw ,
! 507: .Em targetpw ,
! 508: and
! 509: .Em runaspw
! 510: flags in
! 511: .Xr sudoers @mansectform@ )
! 512: .It Li \&%U
! 513: expanded to the login name of the user the command will be run as
! 514: (defaults to root unless the
! 515: .Fl u
! 516: option is also specified)
! 517: .It Li %u
! 518: expanded to the invoking user's login name
! 519: .It Li %%
! 520: two consecutive
! 521: .Ql %
! 522: characters are collapsed into a single
! 523: .Ql %
! 524: character
! 525: .El
! 526: .Pp
! 527: The prompt specified by the
! 528: .Fl p
! 529: option will override the system password prompt on systems that
! 530: support PAM unless the
! 531: .Em passprompt_override
! 532: flag is disabled in
! 533: .Em sudoers .
! 534: .It Fl S
! 535: The
! 536: .Fl S ( Em stdin Ns No )
! 537: option causes
! 538: .Nm sudo
! 539: to read the password from the standard input instead of the terminal
! 540: device.
! 541: The password must be followed by a newline character.
! 542: .It Fl s Op Ar command
! 543: The
! 544: .Fl s ( Em shell Ns No )
! 545: option runs the shell specified by the
! 546: .Ev SHELL
! 547: environment variable if it is set or the shell as specified in the
! 548: password database.
! 549: If a command is specified, it is passed to the shell for execution
! 550: via the shell's
! 551: .Fl c
! 552: option.
! 553: If no command is specified, an interactive shell is executed.
! 554: .It Fl U Ar user
! 555: The
! 556: .Fl U ( Em other user Ns No )
! 557: option is used in conjunction with the
! 558: .Fl l
! 559: option to specify the user whose privileges should be listed.
! 560: Only root or a user with the
! 561: .Li ALL
! 562: privilege on the current host may use this option.
! 563: .It Fl u Ar user
! 564: The
! 565: .Fl u ( Em user Ns No )
! 566: option causes
! 567: .Nm sudo
! 568: to run the specified command as a user other than
! 569: .Em root .
! 570: To specify a
! 571: .Em uid
! 572: instead of a
! 573: .Em user name ,
! 574: .Em #uid .
! 575: When running commands as a
! 576: .Em uid ,
! 577: many shells require that the
! 578: .Ql #
! 579: be escaped with a backslash
! 580: .Pq Ql \e .
! 581: Note that if the
! 582: .Em targetpw
! 583: Defaults option is set (see
! 584: .Xr sudoers @mansectform@ ) ,
! 585: it is not possible to run commands with a uid not listed in the
! 586: password database.
! 587: .It Fl V
! 588: The
! 589: .Fl V ( Em version Ns No )
! 590: option causes
! 591: .Nm sudo
! 592: to print its version string and exit.
! 593: If the invoking user is already root the
! 594: .Fl V
! 595: option will display the arguments passed to configure when
! 596: .Nm sudo
! 597: was built as well a list of the defaults
! 598: .Nm sudo
! 599: was compiled with as well as the machine's local network addresses.
! 600: .It Fl v
! 601: When given the
! 602: .Fl v ( Em validate Ns No )
! 603: option,
! 604: .Nm sudo
! 605: will update the user's time stamp file, authenticating the user's
! 606: password if necessary.
! 607: This extends the
! 608: .Nm sudo
! 609: timeout for another
! 610: .Li @timeout@
! 611: minutes (or whatever the timeout is set to in
! 612: .Em sudoers )
! 613: but does not run a command.
! 614: .It Fl -
! 615: The
! 616: .Fl -
! 617: option indicates that
! 618: .Nm sudo
! 619: should stop processing command line arguments.
! 620: .El
! 621: .Pp
! 622: Environment variables to be set for the command may also be passed
! 623: on the command line in the form of
! 624: .Sy VAR Ns No = Ns Em value ,
! 625: e.g.\&
! 626: .Sy LD_LIBRARY_PATH Ns No = Ns Em /usr/local/pkg/lib .
! 627: Variables passed on the command line are subject to the same
! 628: restrictions as normal environment variables with one important
! 629: exception.
! 630: If the
! 631: .Em setenv
! 632: option is set in
! 633: .Em sudoers ,
! 634: the command to be run has the
! 635: .Li SETENV
! 636: tag set or the command matched is
! 637: .Li ALL ,
! 638: the user may set variables that would otherwise be forbidden.
! 639: See
! 640: .Xr sudoers @mansectform@
! 641: for more information.
! 642: .Ss Authentication and Logging
! 643: .Nm sudo
! 644: requires that most users authenticate themselves by default.
! 645: A password is not required
! 646: if the invoking user is root, if the target user is the same as the
! 647: invoking user, or if the authentication has been disabled for the
! 648: user or command in the
! 649: .Em sudoers
! 650: file.
! 651: Unlike
! 652: .Xr su 1 ,
! 653: when
! 654: .Nm sudo
! 655: requires
! 656: authentication, it validates the invoking user's credentials, not
! 657: the target user's (or root's) credentials.
! 658: This can be changed via
! 659: the
! 660: .Em rootpw ,
! 661: .Em targetpw
! 662: and
! 663: .Em runaspw
! 664: Defaults entries in
! 665: .Em sudoers .
! 666: .Pp
! 667: If a user who is not listed in
! 668: .Em sudoers
! 669: tries to run a command via
! 670: .Nm sudo ,
! 671: mail is sent to the proper authorities.
! 672: The address
! 673: used for such mail is configurable via the
! 674: .Em mailto
! 675: .Em sudoers
! 676: Defaults entry and defaults to
! 677: .Li @mailto@ .
! 678: .Pp
! 679: Note that mail will not be sent if an unauthorized user tries to
! 680: run
! 681: .Nm sudo
! 682: with the
! 683: .Fl l
! 684: or
! 685: .Fl v
! 686: option.
! 687: This allows users to
! 688: determine for themselves whether or not they are allowed to use
! 689: .Nm sudo .
! 690: .Pp
! 691: If
! 692: .Nm sudo
! 693: is run by root and the
! 694: .Ev SUDO_USER
! 695: environment variable
! 696: is set, its value will be used to determine who the actual user is.
! 697: This can be used by a user to log commands
! 698: through
! 699: .Nm sudo
! 700: even when a root shell has been invoked.
! 701: It also
! 702: allows the
! 703: .Fl e
! 704: option to remain useful even when invoked via a
! 705: sudo-run script or program.
! 706: Note, however, that the
! 707: .Em sudoers
! 708: lookup is still done for root, not the user specified by
! 709: .Ev SUDO_USER .
! 710: .Pp
! 711: .Nm sudo
! 712: uses time stamp files for credential caching.
! 713: Once a
! 714: user has been authenticated, the time stamp is updated and the user
! 715: may then use sudo without a password for a short period of time
! 716: .Po
! 717: .Li @timeout@
! 718: minutes unless overridden by the
! 719: .Em timeout
! 720: option
! 721: .Pc .
! 722: By default,
! 723: .Nm sudo
! 724: uses a tty-based time stamp which means that
! 725: there is a separate time stamp for each of a user's login sessions.
! 726: The
! 727: .Em tty_tickets
! 728: option can be disabled to force the use of a
! 729: single time stamp for all of a user's sessions.
! 730: .Pp
! 731: .Nm sudo
! 732: can log both successful and unsuccessful attempts (as well
! 733: as errors) to
! 734: .Xr syslog 3 ,
! 735: a log file, or both.
! 736: By default,
! 737: .Nm sudo
! 738: will log via
! 739: .Xr syslog 3
! 740: but this is changeable via the
! 741: .Em syslog
! 742: and
! 743: .Em logfile
! 744: Defaults settings.
! 745: .Pp
! 746: .Nm sudo
! 747: also supports logging a command's input and output
! 748: streams.
! 749: I/O logging is not on by default but can be enabled using
! 750: the
! 751: .Em log_input
! 752: and
! 753: .Em log_output
! 754: Defaults flags as well as the
! 755: .Li LOG_INPUT
! 756: and
! 757: .Li LOG_OUTPUT
! 758: command tags.
! 759: .Ss Command Environment
! 760: Since environment variables can influence program behavior,
! 761: .Nm sudo
! 762: provides a means to restrict which variables from the user's
! 763: environment are inherited by the command to be run.
! 764: There are two
! 765: distinct ways
! 766: .Em sudoers
! 767: can be configured to handle with environment variables.
! 768: .Pp
! 769: By default, the
! 770: .Em env_reset
! 771: option is enabled.
! 772: This causes commands
! 773: to be executed with a new, minimal environment.
! 774: On AIX (and Linux
! 775: systems without PAM), the environment is initialized with the
! 776: contents of the
! 777: .Pa /etc/environment
! 778: file.
! 779: On BSD systems, if the
! 780: .Em use_loginclass
! 781: option is enabled, the environment is initialized
! 782: based on the
! 783: .Em path
! 784: and
! 785: .Em setenv
! 786: settings in
! 787: .Pa /etc/login.conf .
! 788: The new environment contains the
! 789: .Ev TERM ,
! 790: .Ev PATH ,
! 791: .Ev HOME ,
! 792: .Ev MAIL ,
! 793: .Ev SHELL ,
! 794: .Ev LOGNAME ,
! 795: .Ev USER ,
! 796: .Ev USERNAME
! 797: and
! 798: .Ev SUDO_*
! 799: variables
! 800: in addition to variables from the invoking process permitted by the
! 801: .Em env_check
! 802: and
! 803: .Em env_keep
! 804: options.
! 805: This is effectively a whitelist
! 806: for environment variables.
! 807: .Pp
! 808: If, however, the
! 809: .Em env_reset
! 810: option is disabled, any variables not
! 811: explicitly denied by the
! 812: .Em env_check
! 813: and
! 814: .Em env_delete
! 815: options are
! 816: inherited from the invoking process.
! 817: In this case,
! 818: .Em env_check
! 819: and
! 820: .Em env_delete
! 821: behave like a blacklist.
! 822: Since it is not possible
! 823: to blacklist all potentially dangerous environment variables, use
! 824: of the default
! 825: .Em env_reset
! 826: behavior is encouraged.
! 827: .Pp
! 828: In all cases, environment variables with a value beginning with
! 829: .Li ()
! 830: are removed as they could be interpreted as
! 831: .Sy bash
! 832: functions.
! 833: The list of environment variables that
! 834: .Nm sudo
! 835: allows or denies is
! 836: contained in the output of
! 837: .Dq Li sudo -V
! 838: when run as root.
! 839: .Pp
! 840: Note that the dynamic linker on most operating systems will remove
! 841: variables that can control dynamic linking from the environment of
! 842: setuid executables, including
! 843: .Nm sudo .
! 844: Depending on the operating
! 845: system this may include
! 846: .Ev _RLD* ,
! 847: .Ev DYLD_* ,
! 848: .Ev LD_* ,
! 849: .Ev LDR_* ,
! 850: .Ev LIBPATH ,
! 851: .Ev SHLIB_PATH ,
! 852: and others.
! 853: These type of variables are
! 854: removed from the environment before
! 855: .Nm sudo
! 856: even begins execution
! 857: and, as such, it is not possible for
! 858: .Nm sudo
! 859: to preserve them.
! 860: .Pp
! 861: As a special case, if
! 862: .Nm sudo Ns No 's
! 863: .Fl i
! 864: option (initial login) is
! 865: specified,
! 866: .Nm sudo
! 867: will initialize the environment regardless
! 868: of the value of
! 869: .Em env_reset .
! 870: The
! 871: .Ev DISPLAY ,
! 872: .Ev PATH
! 873: and
! 874: .Ev TERM
! 875: variables remain unchanged;
! 876: .Ev HOME ,
! 877: .Ev MAIL ,
! 878: .Ev SHELL ,
! 879: .Ev USER ,
! 880: and
! 881: .Ev LOGNAME
! 882: are set based on the target user.
! 883: On AIX (and Linux
! 884: systems without PAM), the contents of
! 885: .Pa /etc/environment
! 886: are also
! 887: included.
! 888: On BSD systems, if the
! 889: .Em use_loginclass
! 890: option is
! 891: enabled, the
! 892: .Em path
! 893: and
! 894: .Em setenv
! 895: variables in
! 896: .Pa /etc/login.conf
! 897: are also applied.
! 898: All other environment variables are removed.
! 899: .Pp
! 900: Finally, if the
! 901: .Em env_file
! 902: option is defined, any variables present
! 903: in that file will be set to their specified values as long as they
! 904: would not conflict with an existing environment variable.
! 905: .Sh EXIT VALUE
! 906: Upon successful execution of a program, the exit status from
! 907: .Em sudo
! 908: will simply be the exit status of the program that was executed.
! 909: .Pp
! 910: Otherwise,
! 911: .Nm sudo
! 912: exits with a value of 1 if there is a configuration/permission
! 913: problem or if
! 914: .Nm sudo
! 915: cannot execute the given command.
! 916: In the latter case the error string is printed to the standard error.
! 917: If
! 918: .Nm sudo
! 919: cannot
! 920: .Xr stat 2
! 921: one or more entries in the user's
! 922: .Ev PATH ,
! 923: an error is printed on stderr.
! 924: (If the directory does not exist or if it is not really a directory,
! 925: the entry is ignored and no error is printed.)
! 926: This should not happen under normal circumstances.
! 927: The most common reason for
! 928: .Xr stat 2
! 929: to return
! 930: .Dq permission denied
! 931: is if you are running an automounter and one of the directories in
! 932: your
! 933: .Ev PATH
! 934: is on a machine that is currently unreachable.
! 935: .Sh LOG FORMAT
! 936: .Nm sudo
! 937: can log events using either
! 938: .Xr syslog 3
! 939: or a simple log file.
! 940: In each case the log format is almost identical.
! 941: .Ss Accepted command log entries
! 942: Commands that sudo runs are logged using the following format (split
! 943: into multiple lines for readability):
! 944: .Bd -literal -offset 4n
! 945: date hostname progname: username : TTY=ttyname ; PWD=cwd ; \e
! 946: USER=runasuser ; GROUP=runasgroup ; TSID=logid ; \e
! 947: ENV=env_vars COMMAND=command
! 948: .Ed
! 949: .Pp
! 950: Where the fields are as follows:
! 951: .Bl -tag -width 12n
! 952: .It date
! 953: The date the command was run.
! 954: Typically, this is in the format
! 955: .Dq MMM, DD, HH:MM:SS .
! 956: If logging via
! 957: .Xr syslog 3 ,
! 958: the actual date format is controlled by the syslog daemon.
! 959: If logging to a file and the
! 960: .Em log_year
! 961: option is enabled,
! 962: the date will also include the year.
! 963: .It hostname
! 964: The name of the host
! 965: .Nm sudo
! 966: was run on.
! 967: This field is only present when logging via
! 968: .Xr syslog 3 .
! 969: .It progname
! 970: The name of the program, usually
! 971: .Em sudo
! 972: or
! 973: .Em sudoedit .
! 974: This field is only present when logging via
! 975: .Xr syslog 3 .
! 976: .It username
! 977: The login name of the user who ran
! 978: .Nm sudo .
! 979: .It ttyname
! 980: The short name of the terminal (e.g.\&
! 981: .Dq console ,
! 982: .Dq tty01 ,
! 983: or
! 984: .Dq pts/0 )
! 985: .Nm sudo
! 986: was run on, or
! 987: .Dq unknown
! 988: if there was no terminal present.
! 989: .It cwd
! 990: The current working directory that
! 991: .Nm sudo
! 992: was run in.
! 993: .It runasuser
! 994: The user the command was run as.
! 995: .It runasgroup
! 996: The group the command was run as if one was specified on the command line.
! 997: .It logid
! 998: An I/O log identifier that can be used to replay the command's output.
! 999: This is only present when the
! 1000: .Em log_input
! 1001: or
! 1002: .Em log_output
! 1003: option is enabled.
! 1004: .It env_vars
! 1005: A list of environment variables specified on the command line,
! 1006: if specified.
! 1007: .It command
! 1008: The actual command that was executed.
! 1009: .El
! 1010: .Pp
! 1011: Messages are logged using the locale specified by
! 1012: .Em sudoers_locale ,
! 1013: which defaults to the
! 1014: .Dq Li C
! 1015: locale.
! 1016: .Ss Denied command log entries
! 1017: If the user is not allowed to run the command, the reason for the denial
! 1018: will follow the user name.
! 1019: Possible reasons include:
! 1020: .Bl -tag -width 4
! 1021: .It user NOT in sudoers
! 1022: The user is not listed in the
! 1023: .Em sudoers
! 1024: file.
! 1025: .It user NOT authorized on host
! 1026: The user is listed in the
! 1027: .Em sudoers
! 1028: file but is not allowed to run commands on the host.
! 1029: .It command not allowed
! 1030: The user is listed in the
! 1031: .Em sudoers
! 1032: file for the host but they are not allowed to run the specified command.
! 1033: .It 3 incorrect password attempts
! 1034: The user failed to enter their password after 3 tries.
! 1035: The actual number of tries will vary based on the number of
! 1036: failed attempts and the value of the
! 1037: .Em passwd_tries
! 1038: .Em sudoers
! 1039: option.
! 1040: .It a password is required
! 1041: The
! 1042: .Fl n
! 1043: option was specified but a password was required.
! 1044: .It sorry, you are not allowed to set the following environment variables
! 1045: The user specified environment variables on the command line that
! 1046: were not allowed by
! 1047: .Em sudoers .
! 1048: .El
! 1049: .Ss Error log entries
! 1050: If an error occurs,
! 1051: .Nm sudo
! 1052: will log a message and, in most cases, send a message to the
! 1053: administrator via email.
! 1054: Possible errors include:
! 1055: .Bl -tag -width 4
! 1056: .It parse error in @sysconfdir@/sudoers near line N
! 1057: .Nm sudo
! 1058: encountered an error when parsing the specified file.
! 1059: In some cases, the actual error may be one line above or below the
! 1060: line number listed, depending on the type of error.
! 1061: .It problem with defaults entries
! 1062: The
! 1063: .Em sudoers
! 1064: file contains one or more unknown Defaults settings.
! 1065: This does not prevent
! 1066: .Nm sudo
! 1067: from running, but the
! 1068: .Em sudoers
! 1069: file should be checked using
! 1070: .Nm visudo .
! 1071: .It timestamp owner (username): \&No such user
! 1072: The time stamp directory owner, as specified by the
! 1073: .Em timestampowner
! 1074: setting, could not be found in the password database.
! 1075: .It unable to open/read @sysconfdir@/sudoers
! 1076: The
! 1077: .Em sudoers
! 1078: file could not be opened for reading.
! 1079: This can happen when the
! 1080: .Em sudoers
! 1081: file is located on a remote file system that maps user ID 0 to
! 1082: a different value.
! 1083: Normally,
! 1084: .Nm sudo
! 1085: tries to open
! 1086: .Em sudoers
! 1087: using group permissions to avoid this problem.
! 1088: .It unable to stat @sysconfdir@/sudoers
! 1089: The
! 1090: .Pa @sysconfdir@/sudoers
! 1091: file is missing.
! 1092: .It @sysconfdir@/sudoers is not a regular file
! 1093: The
! 1094: .Pa @sysconfdir@/sudoers
! 1095: file exists but is not a regular file or symbolic link.
! 1096: .It @sysconfdir@/sudoers is owned by uid N, should be 0
! 1097: The
! 1098: .Em sudoers
! 1099: file has the wrong owner.
! 1100: .It @sysconfdir@/sudoers is world writable
! 1101: The permissions on the
! 1102: .Em sudoers
! 1103: file allow all users to write to it.
! 1104: The
! 1105: .Em sudoers
! 1106: file must not be world-writable, the default file mode
! 1107: is 0440 (readable by owner and group, writable by none).
! 1108: .It @sysconfdir@/sudoers is owned by gid N, should be 1
! 1109: The
! 1110: .Em sudoers
! 1111: file has the wrong group ownership.
! 1112: .It unable to open @timedir@/username/ttyname
! 1113: .Em sudoers
! 1114: was unable to read or create the user's time stamp file.
! 1115: .It unable to write to @timedir@/username/ttyname
! 1116: .Em sudoers
! 1117: was unable to write to the user's time stamp file.
! 1118: .It unable to mkdir to @timedir@/username
! 1119: .Em sudoers
! 1120: was unable to create the user's time stamp directory.
! 1121: .El
! 1122: .Ss Notes on logging via syslog
! 1123: By default,
! 1124: .Em sudoers
! 1125: logs messages via
! 1126: .Xr syslog 3 .
! 1127: The
! 1128: .Em date ,
! 1129: .Em hostname ,
! 1130: and
! 1131: .Em progname
! 1132: fields are added by the syslog daemon, not
! 1133: .Em sudoers
! 1134: itself.
! 1135: As such, they may vary in format on different systems.
! 1136: .Pp
! 1137: On most systems,
! 1138: .Xr syslog 3
! 1139: has a relatively small log buffer.
! 1140: To prevent the command line arguments from being truncated,
! 1141: .Nm sudo
! 1142: will split up log messages that are larger than 960 characters
! 1143: (not including the date, hostname, and the string
! 1144: .Dq sudo ) .
! 1145: When a message is split, additional parts will include the string
! 1146: .Dq Pq command continued
! 1147: after the user name and before the continued command line arguments.
! 1148: .Ss Notes on logging to a file
! 1149: If the
! 1150: .Em logfile
! 1151: option is set,
! 1152: .Em sudoers
! 1153: will log to a local file, such as
! 1154: .Pa /var/log/sudo .
! 1155: When logging to a file,
! 1156: .Em sudoers
! 1157: uses a format similar to
! 1158: .Xr syslog 3 ,
! 1159: with a few important differences:
! 1160: .Bl -enum
! 1161: .It
! 1162: The
! 1163: .Em progname
! 1164: and
! 1165: .Em hostname
! 1166: fields are not present.
! 1167: .It
! 1168: If the
! 1169: .Em log_year
! 1170: .Em sudoers
! 1171: option is enabled,
! 1172: the date will also include the year.
! 1173: .It
! 1174: Lines that are longer than
! 1175: .Em loglinelen
! 1176: characters (80 by default) are word-wrapped and continued on the
! 1177: next line with a four character indent.
! 1178: This makes entries easier to read for a human being, but makes it
! 1179: more difficult to use
! 1180: .Xr grep 1
! 1181: on the log files.
! 1182: If the
! 1183: .Em loglinelen
! 1184: .Em sudoers
! 1185: option is set to 0 (or negated with a
! 1186: .Ql \&! ) ,
! 1187: word wrap will be disabled.
! 1188: .El
! 1189: .Sh SECURITY NOTES
! 1190: .Nm sudo
! 1191: tries to be safe when executing external commands.
! 1192: .Pp
! 1193: To prevent command spoofing,
! 1194: .Nm sudo
! 1195: checks "." and "" (both denoting current directory) last when
! 1196: searching for a command in the user's
! 1197: .Ev PATH
! 1198: (if one or both are in the
! 1199: .Ev PATH ) .
! 1200: Note, however, that the actual
! 1201: .Ev PATH
! 1202: environment variable is
! 1203: .Em not
! 1204: modified and is passed unchanged to the program that
! 1205: .Nm sudo
! 1206: executes.
! 1207: .Pp
! 1208: .Nm sudo
! 1209: will check the ownership of its time stamp directory
! 1210: .Po
! 1211: .Pa @timedir@
! 1212: by default
! 1213: .Pc
! 1214: and ignore the directory's contents if it is not owned by root or
! 1215: if it is writable by a user other than root.
! 1216: On systems that allow non-root users to give away files via
! 1217: .Xr chown 2 ,
! 1218: if the time stamp directory is located in a world-writable
! 1219: directory (e.g.\&,
! 1220: .Pa /tmp ) ,
! 1221: it is possible for a user to create the time stamp directory before
! 1222: .Nm sudo
! 1223: is run.
! 1224: However, because
! 1225: .Nm sudo
! 1226: checks the ownership and mode of the directory and its
! 1227: contents, the only damage that can be done is to
! 1228: .Dq hide
! 1229: files by putting them in the time stamp dir.
! 1230: This is unlikely to happen since once the time stamp dir is owned by root
! 1231: and inaccessible by any other user, the user placing files there would be
! 1232: unable to get them back out.
! 1233: .Pp
! 1234: .Nm sudo
! 1235: will not honor time stamps set far in the future.
! 1236: Time stamps with a date greater than current_time + 2 *
! 1237: .Li TIMEOUT
! 1238: will be ignored and sudo will log and complain.
! 1239: This is done to keep a user from creating his/her own time stamp with a
! 1240: bogus date on systems that allow users to give away files if the time
! 1241: stamp directory is located in a world-writable directory.
! 1242: .Pp
! 1243: Since time stamp files live in the file system, they can outlive a
! 1244: user's login session.
! 1245: As a result, a user may be able to login, run a command with
! 1246: .Nm sudo
! 1247: after authenticating, logout, login again, and run
! 1248: .Nm sudo
! 1249: without authenticating so long as the time stamp file's modification
! 1250: time is within
! 1251: .Li @timeout@
! 1252: minutes (or whatever the timeout is set to in
! 1253: .Em sudoers ) .
! 1254: When the
! 1255: .Em tty_tickets
! 1256: .Em sudoers
! 1257: option is enabled, the time stamp has per-tty granularity but still
! 1258: may outlive the user's session.
! 1259: .Pp
! 1260: Please note that
! 1261: .Nm sudo
! 1262: will normally only log the command it explicitly runs.
! 1263: If a user runs a command such as
! 1264: .Li sudo su
! 1265: or
! 1266: .Li sudo sh ,
! 1267: subsequent commands run from that shell are not subject to
! 1268: .Nm sudo Ns No 's
! 1269: security policy.
! 1270: The same is true for commands that offer shell escapes (including
! 1271: most editors).
! 1272: If I/O logging is enabled, subsequent commands will have their input and/or
! 1273: output logged, but there will not be traditional logs for those commands.
! 1274: Because of this, care must be taken when giving users access to commands via
! 1275: .Nm sudo
! 1276: to verify that the command does not inadvertently give the user an
! 1277: effective root shell.
! 1278: For more information, please see the
! 1279: .Em PREVENTING SHELL ESCAPES
! 1280: section in
! 1281: .Xr sudoers @mansectform@ .
! 1282: .Pp
! 1283: To prevent the disclosure of potentially sensitive information,
! 1284: .Nm sudo
! 1285: disables core dumps by default while it is executing (they are
! 1286: re-enabled for the command that is run).
! 1287: .Pp
! 1288: For information on the security implications of
! 1289: .Em sudoers
! 1290: entries, please see the
! 1291: .Em SECURITY NOTES
! 1292: section in
! 1293: .Xr sudoers @mansectform@ .
! 1294: .Sh ENVIRONMENT
! 1295: .Nm sudo
! 1296: utilizes the following environment variables:
! 1297: .Bl -tag -width 15n
! 1298: .It Ev EDITOR
! 1299: Default editor to use in
! 1300: .Fl e
! 1301: (sudoedit) mode if neither
! 1302: .Ev SUDO_EDITOR
! 1303: nor
! 1304: .Ev VISUAL
! 1305: is set.
! 1306: .It Ev MAIL
! 1307: In
! 1308: .Fl i
! 1309: mode or when
! 1310: .Em env_reset
! 1311: is enabled in
! 1312: .Em sudoers ,
! 1313: set to the mail spool of the target user.
! 1314: .It Ev HOME
! 1315: Set to the home directory of the target user if
! 1316: .Fl H
! 1317: it specified,
! 1318: .Em always_set_home
! 1319: is set in
! 1320: .Em sudoers ,
! 1321: or when the
! 1322: .Fl s
! 1323: option is specified and
! 1324: .Em set_home
! 1325: is set in
! 1326: .Em sudoers .
! 1327: .It Ev PATH
! 1328: Set to a sane value if the
! 1329: .Em secure_path
! 1330: option is set in the
! 1331: .Em sudoers
! 1332: file.
! 1333: .It Ev SHELL
! 1334: Used to determine shell to run with
! 1335: .Fl s
! 1336: option.
! 1337: .It Ev SUDO_ASKPASS
! 1338: Specifies the path to a helper program used to read the password
! 1339: if no terminal is available or if the
! 1340: .Fl A
! 1341: option is specified.
! 1342: .It Ev SUDO_COMMAND
! 1343: Set to the command run by sudo.
! 1344: .It Ev SUDO_EDITOR
! 1345: Default editor to use in
! 1346: .Fl e
! 1347: (sudoedit) mode.
! 1348: .It Ev SUDO_GID
! 1349: Set to the group ID of the user who invoked sudo.
! 1350: .It Ev SUDO_PROMPT
! 1351: Used as the default password prompt.
! 1352: .It Ev SUDO_PS1
! 1353: If set,
! 1354: .Ev PS1
! 1355: will be set to its value for the program being run.
! 1356: .It Ev SUDO_UID
! 1357: Set to the user ID of the user who invoked sudo.
! 1358: .It Ev SUDO_USER
! 1359: Set to the login name of the user who invoked sudo.
! 1360: .It Ev USER
! 1361: Set to the target user (root unless the
! 1362: .Fl u
! 1363: option is specified).
! 1364: .It Ev VISUAL
! 1365: Default editor to use in
! 1366: .Fl e
! 1367: (sudoedit) mode if
! 1368: .Ev SUDO_EDITOR
! 1369: is not set.
! 1370: .El
! 1371: .Sh FILES
! 1372: .Bl -tag -width 24n
! 1373: .It Pa @sysconfdir@/sudoers
! 1374: List of who can run what
! 1375: .It Pa @timedir@
! 1376: Directory containing time stamps
! 1377: .It Pa /etc/environment
! 1378: Initial environment for
! 1379: .Fl i
! 1380: mode on AIX and Linux systems
! 1381: .El
! 1382: .Sh EXAMPLES
! 1383: Note: the following examples assume suitable
! 1384: .Xr sudoers 5
! 1385: entries.
! 1386: .Pp
! 1387: To get a file listing of an unreadable directory:
! 1388: .Bd -literal -offset indent
! 1389: $ sudo ls /usr/local/protected
! 1390: .Ed
! 1391: .Pp
! 1392: To list the home directory of user yaz on a machine where the file
! 1393: system holding ~yaz is not exported as root:
! 1394: .Bd -literal -offset indent
! 1395: $ sudo -u yaz ls ~yaz
! 1396: .Ed
! 1397: .Pp
! 1398: To edit the
! 1399: .Pa index.html
! 1400: file as user www:
! 1401: .Bd -literal -offset indent
! 1402: $ sudo -u www vi ~www/htdocs/index.html
! 1403: .Ed
! 1404: .Pp
! 1405: To view system logs only accessible to root and users in the adm
! 1406: group:
! 1407: .Bd -literal -offset indent
! 1408: $ sudo -g adm view /var/log/syslog
! 1409: .Ed
! 1410: .Pp
! 1411: To run an editor as jim with a different primary group:
! 1412: .Bd -literal -offset indent
! 1413: $ sudo -u jim -g audio vi ~jim/sound.txt
! 1414: .Ed
! 1415: .Pp
! 1416: To shut down a machine:
! 1417: .Bd -literal -offset indent
! 1418: $ sudo shutdown -r +15 "quick reboot"
! 1419: .Ed
! 1420: .Pp
! 1421: To make a usage listing of the directories in the /home partition.
! 1422: Note that this runs the commands in a sub-shell to make the
! 1423: .Li cd
! 1424: and file redirection work.
! 1425: .Bd -literal -offset indent
! 1426: $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
! 1427: .Ed
! 1428: .Sh SEE ALSO
! 1429: .Xr grep 1 ,
! 1430: .Xr su 1 ,
! 1431: .Xr stat 2 ,
! 1432: .Xr login_cap 3 ,
! 1433: .Xr passwd @mansectform@ ,
! 1434: .Xr sudoers @mansectform@ ,
! 1435: .Xr sudoreplay @mansectsu@ ,
! 1436: .Xr visudo @mansectsu@
! 1437: .Sh HISTORY
! 1438: See the HISTORY file in the
! 1439: .Nm sudo
! 1440: distribution (http://www.sudo.ws/sudo/history.html) for a brief
! 1441: history of sudo.
! 1442: .Sh AUTHORS
! 1443: Many people have worked on
! 1444: .Nm sudo
! 1445: over the years; this version consists of code written primarily by:
! 1446: .Bd -ragged -offset indent
! 1447: Todd C. Miller
! 1448: .Ed
! 1449: .Pp
! 1450: See the CONTRIBUTORS file in the
! 1451: .Nm sudo
! 1452: distribution (http://www.sudo.ws/sudo/contributors.html) for an
! 1453: exhaustive list of people who have contributed to
! 1454: .Nm sudo .
! 1455: .Sh CAVEATS
! 1456: There is no easy way to prevent a user from gaining a root shell
! 1457: if that user is allowed to run arbitrary commands via
! 1458: .Nm sudo .
! 1459: Also, many programs (such as editors) allow the user to run commands
! 1460: via shell escapes, thus avoiding
! 1461: .Nm sudo Ns No 's
! 1462: checks.
! 1463: However, on most systems it is possible to prevent shell escapes with
! 1464: .Nm sudo ' s
! 1465: .Em noexec
! 1466: functionality.
! 1467: See the
! 1468: .Xr sudoers @mansectform@
! 1469: manual for details.
! 1470: .Pp
! 1471: It is not meaningful to run the
! 1472: .Li cd
! 1473: command directly via sudo, e.g.,
! 1474: .Bd -literal -offset indent
! 1475: $ sudo cd /usr/local/protected
! 1476: .Ed
! 1477: .Pp
! 1478: since when the command exits the parent process (your shell) will
! 1479: still be the same.
! 1480: Please see the
! 1481: .Sx EXAMPLES
! 1482: section for more information.
! 1483: .Pp
! 1484: Running shell scripts via
! 1485: .Nm sudo
! 1486: can expose the same kernel bugs that make setuid shell scripts
! 1487: unsafe on some operating systems (if your OS has a /dev/fd/ directory,
! 1488: setuid shell scripts are generally safe).
! 1489: .Sh BUGS
! 1490: If you feel you have found a bug in
! 1491: .Nm sudo ,
! 1492: please submit a bug report at http://www.sudo.ws/sudo/bugs/
! 1493: .Sh SUPPORT
! 1494: Limited free support is available via the sudo-users mailing list,
! 1495: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
! 1496: search the archives.
! 1497: .Sh DISCLAIMER
! 1498: .Nm sudo
! 1499: is provided
! 1500: .Dq AS IS
! 1501: and any express or implied warranties, including, but not limited
! 1502: to, the implied warranties of merchantability and fitness for a
! 1503: particular purpose are disclaimed.
! 1504: See the LICENSE file distributed with
! 1505: .Nm sudo
! 1506: or http://www.sudo.ws/sudo/license.html for complete details.