version 1.12, 2002/04/25 15:49:03 |
version 1.13, 2003/01/23 08:58:47 |
|
|
.Ve |
.Ve |
where \fIAlias_Type\fR is one of \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, \f(CW\*(C`Host_Alias\*(C'\fR, |
where \fIAlias_Type\fR is one of \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, \f(CW\*(C`Host_Alias\*(C'\fR, |
or \f(CW\*(C`Cmnd_Alias\*(C'\fR. A \f(CW\*(C`NAME\*(C'\fR is a string of uppercase letters, numbers, |
or \f(CW\*(C`Cmnd_Alias\*(C'\fR. A \f(CW\*(C`NAME\*(C'\fR is a string of uppercase letters, numbers, |
and the underscore characters ('_'). A \f(CW\*(C`NAME\*(C'\fR \fBmust\fR start with an |
and underscore characters ('_'). A \f(CW\*(C`NAME\*(C'\fR \fBmust\fR start with an |
uppercase letter. It is possible to put several alias definitions |
uppercase letter. It is possible to put several alias definitions |
of the same type on a single line, joined by a colon (':'). E.g., |
of the same type on a single line, joined by a colon (':'). E.g., |
.PP |
.PP |
|
|
.Ip "mail_no_perms" 12 |
.Ip "mail_no_perms" 12 |
.IX Item "mail_no_perms" |
.IX Item "mail_no_perms" |
If set, mail will be sent to the \fImailto\fR user if the invoking |
If set, mail will be sent to the \fImailto\fR user if the invoking |
user allowed to use \fBsudo\fR but the command they are trying is not |
user is allowed to use \fBsudo\fR but the command they are trying is not |
listed in their \fIsudoers\fR file entry. This flag is \fIoff\fR |
listed in their \fIsudoers\fR file entry. This flag is \fIoff\fR |
by default. |
by default. |
.Ip "tty_tickets" 12 |
.Ip "tty_tickets" 12 |
|
|
.Ip "fqdn" 12 |
.Ip "fqdn" 12 |
.IX Item "fqdn" |
.IX Item "fqdn" |
Set this flag if you want to put fully qualified hostnames in the |
Set this flag if you want to put fully qualified hostnames in the |
\&\fIsudoers\fR file. I.e.: instead of myhost you would use myhost.mydomain.edu. |
\&\fIsudoers\fR file. I.e., instead of myhost you would use myhost.mydomain.edu. |
You may still use the short form if you wish (and even mix the two). |
You may still use the short form if you wish (and even mix the two). |
Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups |
Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups |
which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example |
which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example |
|
|
If set, \fBsudo\fR will only run when the user is logged in to a real |
If set, \fBsudo\fR will only run when the user is logged in to a real |
tty. This will disallow things like \f(CW\*(C`"rsh somehost sudo ls"\*(C'\fR since |
tty. This will disallow things like \f(CW\*(C`"rsh somehost sudo ls"\*(C'\fR since |
\&\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn |
\&\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn |
of echo when there is no tty present, some sites may with to set |
off echo when there is no tty present, some sites may wish to set |
this flag to prevent a user from entering a visible password. This |
this flag to prevent a user from entering a visible password. This |
flag is \fIoff\fR by default. |
flag is \fIoff\fR by default. |
.Ip "env_editor" 12 |
.Ip "env_editor" 12 |
|
|
.Ip "listpw" 12 |
.Ip "listpw" 12 |
.IX Item "listpw" |
.IX Item "listpw" |
This option controls when a password will be required when a |
This option controls when a password will be required when a |
user runs \fBsudo\fR with the \fB\-l\fR. It has the following possible values: |
user runs \fBsudo\fR with the \fB\-l\fR flag. It has the |
|
following possible values: |
.RS 12 |
.RS 12 |
.Ip "all" 8 |
.Ip "all" 8 |
.IX Item "all" |
.IX Item "all" |
|
|
.IX Item "env_check" |
.IX Item "env_check" |
Environment variables to be removed from the user's environment if |
Environment variables to be removed from the user's environment if |
the variable's value contains \f(CW\*(C`%\*(C'\fR or \f(CW\*(C`/\*(C'\fR characters. This can |
the variable's value contains \f(CW\*(C`%\*(C'\fR or \f(CW\*(C`/\*(C'\fR characters. This can |
be used to guard against printf-style format vulnerabilties in |
be used to guard against printf-style format vulnerabilities in |
poorly-written programs. The argument may be a double-quoted, |
poorly-written programs. The argument may be a double-quoted, |
space-separated list or a single value without double-quotes. The |
space-separated list or a single value without double-quotes. The |
list can be replaced, added to, deleted from, or disabled by using |
list can be replaced, added to, deleted from, or disabled by using |
the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators respectively. The default |
the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators respectively. The default |
list of environment variable to check is printed when \fBsudo\fR is |
list of environment variables to check is printed when \fBsudo\fR is |
run by root with the \fI\-V\fR option. |
run by root with the \fI\-V\fR option. |
.Ip "env_delete" 12 |
.Ip "env_delete" 12 |
.IX Item "env_delete" |
.IX Item "env_delete" |
|
|
single value without double-quotes. The list can be replaced, added |
single value without double-quotes. The list can be replaced, added |
to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and |
to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and |
\&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of environment |
\&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of environment |
variable to remove is printed when \fBsudo\fR is run by root with the |
variables to remove is printed when \fBsudo\fR is run by root with the |
\&\fI\-V\fR option. |
\&\fI\-V\fR option. |
.Ip "env_keep" 12 |
.Ip "env_keep" 12 |
.IX Item "env_keep" |
.IX Item "env_keep" |
|
|
commands that follow it. What this means is that for the entry: |
commands that follow it. What this means is that for the entry: |
.PP |
.PP |
.Vb 1 |
.Vb 1 |
\& dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who |
\& dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm |
.Ve |
.Ve |
The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and |
The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and |
\&\fI/usr/bin/lprm\fR \*(-- but only as \fBoperator\fR. E.g., |
\&\fI/usr/bin/lprm\fR \*(-- but only as \fBoperator\fR. E.g., |
|
|
.PP |
.PP |
Note that a forward slash ('/') will \fBnot\fR be matched by |
Note that a forward slash ('/') will \fBnot\fR be matched by |
wildcards used in the pathname. When matching the command |
wildcards used in the pathname. When matching the command |
line arguments, however, as slash \fBdoes\fR get matched by |
line arguments, however, a slash \fBdoes\fR get matched by |
wildcards. This is to make a path like: |
wildcards. This is to make a path like: |
.PP |
.PP |
.Vb 1 |
.Vb 1 |
|
|
.Sh "Exceptions to wildcard rules:" |
.Sh "Exceptions to wildcard rules:" |
.IX Subsection "Exceptions to wildcard rules:" |
.IX Subsection "Exceptions to wildcard rules:" |
The following exceptions apply to the above rules: |
The following exceptions apply to the above rules: |
.if n .Ip "\f(CW""""""""\fR" 8 |
.if n .Ip "\f(CW""""\fR" 8 |
.el .Ip "\f(CW``''\fR" 8 |
.el .Ip "\f(CW``''\fR" 8 |
.IX Item """"" |
.IX Item """"" |
If the empty string \f(CW\*(C`""\*(C'\fR is the only command line argument in the |
If the empty string \f(CW\*(C`""\*(C'\fR is the only command line argument in the |
|
|
.Ve |
.Ve |
.SH "SEE ALSO" |
.SH "SEE ALSO" |
.IX Header "SEE ALSO" |
.IX Header "SEE ALSO" |
\&\fIrsh\fR\|(1), \fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3). |
\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIsudo\fR\|(8), \fIvisudo\fR\|(8). |