mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

Add a warning that for "sudo -i command" and "sudo -s command" the

Browse Source 
shell is not run in interactive mode which may change its behavior.
This commit is contained in:
Todd C. Miller 2017-10-12 10:07:46 -06:00
parent 3b88cdfcd8
commit cece54ae85
3 changed files with 35 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
doc/sudo.cat
View File

@ -187,16 +187,19 @@ DDEESSCCRRIIPPTTIIOONN
--ii, ----llooggiinn --ii, ----llooggiinn
Run the shell specified by the target user's password Run the shell specified by the target user's password
database entry as a login shell. This means that login- database entry as a login shell. This means that login-
specific resource files such as _._p_r_o_f_i_l_e or _._l_o_g_i_n will be specific resource files such as _._p_r_o_f_i_l_e, _._b_a_s_h___p_r_o_f_i_l_e or
read by the shell. If a command is specified, it is passed _._l_o_g_i_n will be read by the shell. If a command is specified,
to the shell for execution via the shell's --cc option. If no it is passed to the shell for execution via the shell's --cc
command is specified, an interactive shell is executed. ssuuddoo option. If no command is specified, an interactive shell is
attempts to change to that user's home directory before executed. ssuuddoo attempts to change to that user's home
running the shell. The command is run with an environment directory before running the shell. The command is run with
similar to the one a user would receive at log in. The an environment similar to the one a user would receive at log
_C_o_m_m_a_n_d _e_n_v_i_r_o_n_m_e_n_t section in the sudoers(4) manual in. Note that most shells behave differently when a command
documents how the --ii option affects the environment in which is specified as compared to an interactive session; consult
a command is run when the _s_u_d_o_e_r_s policy is in use. the shell's manual for details. The _C_o_m_m_a_n_d _e_n_v_i_r_o_n_m_e_n_t
section in the sudoers(4) manual documents how the --ii option
affects the environment in which a command is run when the
_s_u_d_o_e_r_s policy is in use.
--KK, ----rreemmoovvee--ttiimmeessttaammpp --KK, ----rreemmoovvee--ttiimmeessttaammpp
Similar to the --kk option, except that it removes the user's Similar to the --kk option, except that it removes the user's
@ -289,6 +292,9 @@ DDEESSCCRRIIPPTTIIOONN
password database entry. If a command is specified, it is password database entry. If a command is specified, it is
passed to the shell for execution via the shell's --cc option. passed to the shell for execution via the shell's --cc option.
If no command is specified, an interactive shell is executed. If no command is specified, an interactive shell is executed.
Note that most shells behave differently when a command is
specified as compared to an interactive session; consult the
shell's manual for details.
--tt _t_y_p_e, ----ttyyppee=_t_y_p_e --tt _t_y_p_e, ----ttyyppee=_t_y_p_e
Run the command with an SELinux security context that Run the command with an SELinux security context that
@ -638,4 +644,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details. complete details.
Sudo 1.8.21 August 2, 2017 Sudo 1.8.21 Sudo 1.8.21 October 12, 2017 Sudo 1.8.21

11
doc/sudo.man.in
View File

@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDO" "8" "August 2, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .TH "SUDO" "8" "October 12, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@ -385,7 +385,8 @@ option to list a user's privileges for the remote host.
Run the shell specified by the target user's password database entry Run the shell specified by the target user's password database entry
as a login shell. as a login shell.
This means that login-specific resource files such as This means that login-specific resource files such as
\fI.profile\fR \fI.profile\fR,
\fI.bash_profile\fR
or or
\fI.login\fR \fI.login\fR
will be read by the shell. will be read by the shell.
@ -399,6 +400,9 @@ attempts to change to that user's home directory before running the
shell. shell.
The command is run with an environment similar to the one The command is run with an environment similar to the one
a user would receive at log in. a user would receive at log in.
Note that most shells behave differently when a command is specified
as compared to an interactive session; consult the shell's manual
for details.
The The
\fICommand environment\fR \fICommand environment\fR
section in the section in the
@ -556,6 +560,9 @@ via the shell's
\fB\-c\fR \fB\-c\fR
option. option.
If no command is specified, an interactive shell is executed. If no command is specified, an interactive shell is executed.
Note that most shells behave differently when a command is specified
as compared to an interactive session; consult the shell's manual
for details.
.TP 12n .TP 12n
\fB\-t\fR \fItype\fR, \fB\--type\fR=\fItype\fR \fB\-t\fR \fItype\fR, \fB\--type\fR=\fItype\fR
Run the command with an SELinux security context that includes Run the command with an SELinux security context that includes

11
doc/sudo.mdoc.in
View File

@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd August 2, 2017 .Dd October 12, 2017
.Dt SUDO @mansectsu@ .Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@ -347,7 +347,8 @@ option to list a user's privileges for the remote host.
Run the shell specified by the target user's password database entry Run the shell specified by the target user's password database entry
as a login shell. as a login shell.
This means that login-specific resource files such as This means that login-specific resource files such as
.Pa .profile .Pa .profile ,
.Pa .bash_profile
or or
.Pa .login .Pa .login
will be read by the shell. will be read by the shell.
@ -361,6 +362,9 @@ attempts to change to that user's home directory before running the
shell. shell.
The command is run with an environment similar to the one The command is run with an environment similar to the one
a user would receive at log in. a user would receive at log in.
Note that most shells behave differently when a command is specified
as compared to an interactive session; consult the shell's manual
for details.
The The
.Em Command environment .Em Command environment
section in the section in the
@ -500,6 +504,9 @@ via the shell's
.Fl c .Fl c
option. option.
If no command is specified, an interactive shell is executed. If no command is specified, an interactive shell is executed.
Note that most shells behave differently when a command is specified
as compared to an interactive session; consult the shell's manual
for details.
.It Fl t Ar type , Fl -type Ns = Ns Ar type .It Fl t Ar type , Fl -type Ns = Ns Ar type
Run the command with an SELinux security context that includes Run the command with an SELinux security context that includes
the specified the specified