| version 1.12, 2002/04/25 15:49:03 |
version 1.13, 2003/01/23 08:58:47 |
|
|
| .Ve |
.Ve |
| where \fIAlias_Type\fR is one of \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, \f(CW\*(C`Host_Alias\*(C'\fR, |
where \fIAlias_Type\fR is one of \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, \f(CW\*(C`Host_Alias\*(C'\fR, |
| or \f(CW\*(C`Cmnd_Alias\*(C'\fR. A \f(CW\*(C`NAME\*(C'\fR is a string of uppercase letters, numbers, |
or \f(CW\*(C`Cmnd_Alias\*(C'\fR. A \f(CW\*(C`NAME\*(C'\fR is a string of uppercase letters, numbers, |
| and the underscore characters ('_'). A \f(CW\*(C`NAME\*(C'\fR \fBmust\fR start with an |
and underscore characters ('_'). A \f(CW\*(C`NAME\*(C'\fR \fBmust\fR start with an |
| uppercase letter. It is possible to put several alias definitions |
uppercase letter. It is possible to put several alias definitions |
| of the same type on a single line, joined by a colon (':'). E.g., |
of the same type on a single line, joined by a colon (':'). E.g., |
| .PP |
.PP |
|
|
| .Ip "mail_no_perms" 12 |
.Ip "mail_no_perms" 12 |
| .IX Item "mail_no_perms" |
.IX Item "mail_no_perms" |
| If set, mail will be sent to the \fImailto\fR user if the invoking |
If set, mail will be sent to the \fImailto\fR user if the invoking |
| user allowed to use \fBsudo\fR but the command they are trying is not |
user is allowed to use \fBsudo\fR but the command they are trying is not |
| listed in their \fIsudoers\fR file entry. This flag is \fIoff\fR |
listed in their \fIsudoers\fR file entry. This flag is \fIoff\fR |
| by default. |
by default. |
| .Ip "tty_tickets" 12 |
.Ip "tty_tickets" 12 |
|
|
| .Ip "fqdn" 12 |
.Ip "fqdn" 12 |
| .IX Item "fqdn" |
.IX Item "fqdn" |
| Set this flag if you want to put fully qualified hostnames in the |
Set this flag if you want to put fully qualified hostnames in the |
| \&\fIsudoers\fR file. I.e.: instead of myhost you would use myhost.mydomain.edu. |
\&\fIsudoers\fR file. I.e., instead of myhost you would use myhost.mydomain.edu. |
| You may still use the short form if you wish (and even mix the two). |
You may still use the short form if you wish (and even mix the two). |
| Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups |
Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups |
| which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example |
which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example |
|
|
| If set, \fBsudo\fR will only run when the user is logged in to a real |
If set, \fBsudo\fR will only run when the user is logged in to a real |
| tty. This will disallow things like \f(CW\*(C`"rsh somehost sudo ls"\*(C'\fR since |
tty. This will disallow things like \f(CW\*(C`"rsh somehost sudo ls"\*(C'\fR since |
| \&\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn |
\&\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn |
| of echo when there is no tty present, some sites may with to set |
off echo when there is no tty present, some sites may wish to set |
| this flag to prevent a user from entering a visible password. This |
this flag to prevent a user from entering a visible password. This |
| flag is \fIoff\fR by default. |
flag is \fIoff\fR by default. |
| .Ip "env_editor" 12 |
.Ip "env_editor" 12 |
|
|
| .Ip "listpw" 12 |
.Ip "listpw" 12 |
| .IX Item "listpw" |
.IX Item "listpw" |
| This option controls when a password will be required when a |
This option controls when a password will be required when a |
| user runs \fBsudo\fR with the \fB\-l\fR. It has the following possible values: |
user runs \fBsudo\fR with the \fB\-l\fR flag. It has the |
| |
following possible values: |
| .RS 12 |
.RS 12 |
| .Ip "all" 8 |
.Ip "all" 8 |
| .IX Item "all" |
.IX Item "all" |
|
|
| .IX Item "env_check" |
.IX Item "env_check" |
| Environment variables to be removed from the user's environment if |
Environment variables to be removed from the user's environment if |
| the variable's value contains \f(CW\*(C`%\*(C'\fR or \f(CW\*(C`/\*(C'\fR characters. This can |
the variable's value contains \f(CW\*(C`%\*(C'\fR or \f(CW\*(C`/\*(C'\fR characters. This can |
| be used to guard against printf-style format vulnerabilties in |
be used to guard against printf-style format vulnerabilities in |
| poorly-written programs. The argument may be a double-quoted, |
poorly-written programs. The argument may be a double-quoted, |
| space-separated list or a single value without double-quotes. The |
space-separated list or a single value without double-quotes. The |
| list can be replaced, added to, deleted from, or disabled by using |
list can be replaced, added to, deleted from, or disabled by using |
| the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators respectively. The default |
the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators respectively. The default |
| list of environment variable to check is printed when \fBsudo\fR is |
list of environment variables to check is printed when \fBsudo\fR is |
| run by root with the \fI\-V\fR option. |
run by root with the \fI\-V\fR option. |
| .Ip "env_delete" 12 |
.Ip "env_delete" 12 |
| .IX Item "env_delete" |
.IX Item "env_delete" |
|
|
| single value without double-quotes. The list can be replaced, added |
single value without double-quotes. The list can be replaced, added |
| to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and |
to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and |
| \&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of environment |
\&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of environment |
| variable to remove is printed when \fBsudo\fR is run by root with the |
variables to remove is printed when \fBsudo\fR is run by root with the |
| \&\fI\-V\fR option. |
\&\fI\-V\fR option. |
| .Ip "env_keep" 12 |
.Ip "env_keep" 12 |
| .IX Item "env_keep" |
.IX Item "env_keep" |
|
|
| commands that follow it. What this means is that for the entry: |
commands that follow it. What this means is that for the entry: |
| .PP |
.PP |
| .Vb 1 |
.Vb 1 |
| \& dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who |
\& dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm |
| .Ve |
.Ve |
| The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and |
The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and |
| \&\fI/usr/bin/lprm\fR \*(-- but only as \fBoperator\fR. E.g., |
\&\fI/usr/bin/lprm\fR \*(-- but only as \fBoperator\fR. E.g., |
|
|
| .PP |
.PP |
| Note that a forward slash ('/') will \fBnot\fR be matched by |
Note that a forward slash ('/') will \fBnot\fR be matched by |
| wildcards used in the pathname. When matching the command |
wildcards used in the pathname. When matching the command |
| line arguments, however, as slash \fBdoes\fR get matched by |
line arguments, however, a slash \fBdoes\fR get matched by |
| wildcards. This is to make a path like: |
wildcards. This is to make a path like: |
| .PP |
.PP |
| .Vb 1 |
.Vb 1 |
|
|
| .Sh "Exceptions to wildcard rules:" |
.Sh "Exceptions to wildcard rules:" |
| .IX Subsection "Exceptions to wildcard rules:" |
.IX Subsection "Exceptions to wildcard rules:" |
| The following exceptions apply to the above rules: |
The following exceptions apply to the above rules: |
| .if n .Ip "\f(CW""""""""\fR" 8 |
.if n .Ip "\f(CW""""\fR" 8 |
| .el .Ip "\f(CW``''\fR" 8 |
.el .Ip "\f(CW``''\fR" 8 |
| .IX Item """"" |
.IX Item """"" |
| If the empty string \f(CW\*(C`""\*(C'\fR is the only command line argument in the |
If the empty string \f(CW\*(C`""\*(C'\fR is the only command line argument in the |
|
|
| .Ve |
.Ve |
| .SH "SEE ALSO" |
.SH "SEE ALSO" |
| .IX Header "SEE ALSO" |
.IX Header "SEE ALSO" |
| \&\fIrsh\fR\|(1), \fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3). |
\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIsudo\fR\|(8), \fIvisudo\fR\|(8). |
![[BACK]](/icons/back.gif){kind=icon}
Return to sudoers.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo