mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-30 05:48:18 +00:00
Code Issues Releases Wiki Activity

Document use of mkdtemp() for iolog path teplates

Browse Source
This commit is contained in:
Todd C. Miller 2010-12-27 15:43:01 -05:00
parent e3cd512bfa
commit 21dd6af796
3 changed files with 75 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
doc/sudoers.cat
View File

@ -1221,6 +1221,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
In addition, any escape sequences supported by the
system's _s_t_r_f_t_i_m_e_(_) function will be expanded.
Path names that end in six or more Xs will have the Xs
replaced with a unique combination of digits and
letters, similar to the _m_k_t_e_m_p_(_) function.
iolog_file The path name, relative to _i_o_l_o_g___d_i_r, in which to store
input/output logs when the _l_o_g___i_n_p_u_t or _l_o_g___o_u_t_p_u_t
options are enabled or when the <LOG_INPUT> or
@ -1242,10 +1246,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
LD_PRELOAD or its equivalent. Defaults to
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o.
passprompt The default prompt to use when asking for a password;
can be overridden via the --pp option or the SUDO_PROMPT
environment variable. The following percent (`%')
escape sequences are supported:
@ -1258,6 +1258,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
passprompt The default prompt to use when asking for a password;
can be overridden via the --pp option or the SUDO_PROMPT
environment variable. The following percent (`%')
escape sequences are supported:
%H expanded to the local host name including the
domain name (on if the machine's host name is fully
qualified or the _f_q_d_n option is set)
@ -1307,11 +1312,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
stored therein. The default is root.
type The default SELinux type to use when constructing a new
security context to run the command. The default type
may be overridden on a per-command basis in _s_u_d_o_e_r_s or
via command line options. This option is only
available whe ssuuddoo is built with SELinux support.
@ -1324,6 +1324,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
security context to run the command. The default type
may be overridden on a per-command basis in _s_u_d_o_e_r_s or
via command line options. This option is only
available whe ssuuddoo is built with SELinux support.
SSttrriinnggss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
askpass The _a_s_k_p_a_s_s option specifies the fully qualified path to a
@ -1374,11 +1379,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
never Never lecture the user.
once Only lecture the user the first time they run ssuuddoo.
If no value is specified, a value of _o_n_c_e is implied.
Negating the option results in a value of _n_e_v_e_r being used.
1.8.0b3 December 27, 2010 21
@ -1390,6 +1390,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
once Only lecture the user the first time they run ssuuddoo.
If no value is specified, a value of _o_n_c_e is implied.
Negating the option results in a value of _n_e_v_e_r being used.
The default value is _o_n_c_e.
lecture_file
@ -1440,10 +1444,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
secure_path Path used for every command run from ssuuddoo. If you don't
trust the people running ssuuddoo to have a sane PATH
environment variable you may want to use this. Another use
is if you want to have the "root path" be separate from the
"user path." Users in the group specified by the
_e_x_e_m_p_t___g_r_o_u_p option are not affected by _s_e_c_u_r_e___p_a_t_h. This
option is not set by default.
@ -1456,6 +1456,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
is if you want to have the "root path" be separate from the
"user path." Users in the group specified by the
_e_x_e_m_p_t___g_r_o_u_p option are not affected by _s_e_c_u_r_e___p_a_t_h. This
option is not set by default.
syslog Syslog facility if syslog is being used for logging (negate
to disable syslog logging). Defaults to auth.
@ -1505,11 +1510,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
can be replaced, added to, deleted from, or disabled by
using the =, +=, -=, and ! operators respectively. The
default list of environment variables to remove is
displayed when ssuuddoo is run by root with the _-_V option.
Note that many operating systems will remove
potentially dangerous variables from the environment of
any setuid process (such as ssuuddoo).
@ -1522,6 +1522,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
displayed when ssuuddoo is run by root with the _-_V option.
Note that many operating systems will remove
potentially dangerous variables from the environment of
any setuid process (such as ssuuddoo).
env_keep Environment variables to be preserved in the user's
environment when the _e_n_v___r_e_s_e_t option is in effect.
This allows fine-grained control over the environment
@ -1571,11 +1576,6 @@ EEXXAAMMPPLLEESS
User_Alias WEBMASTERS = will, wendy, wim
# Runas alias specification
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Runas_Alias ADMINGRP = adm, oper
# Host alias specification
@ -1588,6 +1588,11 @@ EEXXAAMMPPLLEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Runas_Alias ADMINGRP = adm, oper
# Host alias specification
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
ALPHA = widget, thalamus, foobar :\
@ -1637,11 +1642,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
%wheel ALL = (ALL) ALL
We let rroooott and any user in group wwhheeeell run any command on any host as
any user.
FULLTIMERS ALL = NOPASSWD: ALL
Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on
@ -1654,6 +1654,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
any user.
FULLTIMERS ALL = NOPASSWD: ALL
Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on
any host without authenticating themselves.
PARTTIMERS ALL = ALL
@ -1703,11 +1708,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The user bboobb may run anything on the _S_P_A_R_C and _S_G_I machines as any user
listed in the _O_P Runas_Alias (rroooott and ooppeerraattoorr).
jim +biglab = ALL
The user jjiimm may run any command on machines in the _b_i_g_l_a_b netgroup.
ssuuddoo knows that "biglab" is a netgroup due to the '+' prefix.
@ -1720,6 +1720,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
jim +biglab = ALL
The user jjiimm may run any command on machines in the _b_i_g_l_a_b netgroup.
ssuuddoo knows that "biglab" is a netgroup due to the '+' prefix.
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
Users in the sseeccrreettaarriieess netgroup need to help manage the printers as
@ -1769,11 +1774,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Any user may mount or unmount a CD-ROM on the machines in the CDROM
Host_Alias (orion, perseus, hercules) without entering a password.
This is a bit tedious for users to type, so it is a prime candidate for
encapsulating in a shell script.
SSEECCUURRIITTYY NNOOTTEESS
It is generally not effective to "subtract" commands from ALL using the
'!' operator. A user can trivially circumvent this by copying the
@ -1786,6 +1786,11 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
encapsulating in a shell script.
SSEECCUURRIITTYY NNOOTTEESS
It is generally not effective to "subtract" commands from ALL using the
'!' operator. A user can trivially circumvent this by copying the
desired command to a different name and then executing that. For
example:
@ -1835,11 +1840,6 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
shared library. On such systems, ssuuddoo's _n_o_e_x_e_c functionality
can be used to prevent a program run by ssuuddoo from executing
any other programs. Note, however, that this applies only to
native dynamically-linked executables. Statically-linked
executables and foreign executables running under binary
emulation are not affected.
To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you can run the
@ -1852,6 +1852,11 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
native dynamically-linked executables. Statically-linked
executables and foreign executables running under binary
emulation are not affected.
To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you can run the
following as root:
sudo -V | grep "dummy exec"
@ -1901,11 +1906,6 @@ SSEECCUURRIITTYY NNOOTTEESS
ownership and mode of the directory and its contents, the only damage
that can be done is to "hide" files by putting them in the time stamp
dir. This is unlikely to happen since once the time stamp dir is owned
by root and inaccessible by any other user, the user placing files
there would be unable to get them back out.
_s_u_d_o_e_r_s will not honor time stamps set far in the future. Time stamps
with a date greater than current_time + 2 * TIMEOUT will be ignored and
@ -1918,6 +1918,11 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
by root and inaccessible by any other user, the user placing files
there would be unable to get them back out.
_s_u_d_o_e_r_s will not honor time stamps set far in the future. Time stamps
with a date greater than current_time + 2 * TIMEOUT will be ignored and
sudo will log and complain. This is done to keep a user from creating
his/her own time stamp with a bogus date on systems that allow users to
give away files if the time stamp directory is located in a world-
@ -1947,8 +1952,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
specification.
SSEEEE AALLSSOO
_r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _g_l_o_b(3), _s_t_r_f_t_i_m_e(3), _s_u_d_o_e_r_s_._l_d_a_p(4),
_s_u_d_o___p_l_u_g_i_n(1m), _s_u_d_o(1m), _v_i_s_u_d_o(1m)
_r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _g_l_o_b(3), _m_k_t_e_m_p(3), _s_t_r_f_t_i_m_e(3),
_s_u_d_o_e_r_s_._l_d_a_p(4), _s_u_d_o___p_l_u_g_i_n(1m), _s_u_d_o(1m), _v_i_s_u_d_o(1m)
CCAAVVEEAATTSS
The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which
@ -1967,11 +1972,6 @@ BBUUGGSS
SSUUPPPPOORRTT
Limited free support is available via the sudo-users mailing list, see
http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
the archives.
DDIISSCCLLAAIIMMEERR
ssuuddoo is provided ``AS IS'' and any express or implied warranties,
@ -1984,6 +1984,11 @@ DDIISSCCLLAAIIMMEERR
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
the archives.
DDIISSCCLLAAIIMMEERR
ssuuddoo is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose are disclaimed.
See the LICENSE file distributed with ssuuddoo or
@ -2030,11 +2035,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)

6
doc/sudoers.man.in
View File

@ -1248,6 +1248,10 @@ expanded to the base name of the command being run
.Sp
In addition, any escape sequences supported by the system's \fIstrftime()\fR
function will be expanded.
.Sp
Path names that end in six or more \f(CW\*(C`X\*(C'\fRs will have the \f(CW\*(C`X\*(C'\fRs replaced
with a unique combination of digits and letters, similar to the
\&\fImktemp()\fR function.
.RE
.IP "iolog_file" 16
.IX Item "iolog_file"
@ -1956,7 +1960,7 @@ their own copy of a shell) regardless of any '!' elements in the
user specification.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIglob\fR\|(3), \fIstrftime\fR\|(3),
\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIglob\fR\|(3), \fImktemp\fR\|(3), \fIstrftime\fR\|(3),
\&\fIsudoers.ldap\fR\|(@mansectform@), \fIsudo_plugin\fR\|(@mansectsu@), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)
.SH "CAVEATS"
.IX Header "CAVEATS"

6
doc/sudoers.pod
View File

@ -1170,6 +1170,10 @@ expanded to the base name of the command being run
In addition, any escape sequences supported by the system's strftime()
function will be expanded.
Path names that end in six or more C<X>s will have the C<X>s replaced
with a unique combination of digits and letters, similar to the
mktemp() function.
=item iolog_file
The path name, relative to I<iolog_dir>, in which to store input/output
@ -1887,7 +1891,7 @@ user specification.
=head1 SEE ALSO
L<rsh(1)>, L<su(1)>, L<fnmatch(3)>, L<glob(3)>, L<strftime(3)>,
L<rsh(1)>, L<su(1)>, L<fnmatch(3)>, L<glob(3)>, L<mktemp(3)>, L<strftime(3)>,
L<sudoers.ldap(5)>, L<sudo_plugin(8)>, L<sudo(8)>, L<visudo(8)>
=head1 CAVEATS