mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00
Code Issues Releases Wiki Activity

regen

Browse Source
This commit is contained in:
Todd C. Miller
2004-08-06 01:16:29 +00:00
parent e2bc02a1de
commit e41a38e38c
4 changed files with 401 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
sudo.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.6.8 June 10, 2004 1
1.6.8 August 5, 2004 1
@@ -80,9 +80,9 @@ OOPPTTIIOONNSS
-H The --HH (_H_O_M_E) option sets the HOME environment vari<72>
able to the homedir of the target user (root by
default) as specified in passwd(4). By default, ssuuddoo
default) as specified in passwd(5). By default, ssuuddoo
does not modify HOME (see _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e
in sudoers(4)).
in sudoers(5)).
-K The --KK (sure _k_i_l_l) option is like --kk except that it
removes the user's timestamp entirely. Like --kk, this
@@ -127,7 +127,7 @@ OOPPTTIIOONNSS
1.6.8 June 10, 2004 2
1.6.8 August 5, 2004 2
@@ -182,7 +182,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
sage and exit.
-i The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell
specified in the passwd(4) entry of the user that the
specified in the passwd(5) entry of the user that the
command is being run as. The command name argument
given to the shell begins with a - to tell the shell
to run as a login shell. ssuuddoo attempts to change to
@@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.6.8 June 10, 2004 3
1.6.8 August 5, 2004 3
@@ -240,7 +240,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-s The --ss (_s_h_e_l_l) option runs the shell specified by the
_S_H_E_L_L environment variable if it is set or the shell
as specified in passwd(4).
as specified in passwd(5).
-u The --uu (_u_s_e_r) option causes ssuuddoo to run the specified
command as a user other than _r_o_o_t. To specify a _u_i_d
@@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.6.8 June 10, 2004 4
1.6.8 August 5, 2004 4
@@ -325,7 +325,7 @@ SSEECCUURRIITTYY NNOOTTEESS
1.6.8 June 10, 2004 5
1.6.8 August 5, 2004 5
@@ -367,7 +367,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
user an effective root shell.
EEXXAAMMPPLLEESS
Note: the following examples assume suitable sudoers(4)
Note: the following examples assume suitable sudoers(5)
entries.
To get a file listing of an unreadable directory:
@@ -391,7 +391,7 @@ EEXXAAMMPPLLEESS
1.6.8 June 10, 2004 6
1.6.8 August 5, 2004 6
@@ -416,7 +416,8 @@ EENNVVIIRROONNMMEENNTT
the --enable-shell-sets-home option), set to
homedir of the target user
PATH Set to a sane value if SECURE_PATH is set
PATH Set to a sane value if sudo was configured with
the --with-secure-path option
SHELL Used to determine shell to run with -s option
@@ -452,12 +453,11 @@ AAUUTTHHOORRSS
http://www.sudo.ws/sudo/history.html for a short history
of ssuuddoo.
BBUUGGSS
If you feel you have found a bug in sudo, please submit a
1.6.8 June 10, 2004 7
1.6.8 August 5, 2004 7
@@ -466,6 +466,8 @@ BBUUGGSS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
BBUUGGSS
If you feel you have found a bug in sudo, please submit a
bug report at http://www.sudo.ws/sudo/bugs/
DDIISSCCLLAAIIMMEERR
@@ -482,7 +484,7 @@ CCAAVVEEAATTSS
user to run commands via shell escapes, thus avoiding
ssuuddoo's checks. However, on most systems it is possible to
prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality.
See the sudoers(4) manual for details.
See the sudoers(5) manual for details.
It is not meaningful to run the cd command directly via
sudo, e.g.
@@ -504,8 +506,8 @@ CCAAVVEEAATTSS
setuid shell scripts are generally safe).
SSEEEE AALLSSOO
_g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), sudoers(4),
passwd(4), visudo(1m)
_g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), sudoers(5),
passwd(5), visudo(1m)
@@ -521,8 +523,6 @@ SSEEEE AALLSSOO
1.6.8 June 10, 2004 8
1.6.8 August 5, 2004 8

6
sudo.man.in
View File

@@ -149,7 +149,7 @@
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "July 30, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.TH SUDO @mansectsu@ "August 5, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
@@ -510,8 +510,8 @@ to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
.Ve
.PP
.Vb 2
\& PATH Set to a sane value if SECURE_PATH has been
\& defined at configure time
\& PATH Set to a sane value if sudo was configured with
\& the --with-secure-path option
.Ve
.PP
.Vb 1

590
sudoers.cat
View File

@@ -1,7 +1,7 @@
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
NNAAMMEE
@@ -10,10 +10,17 @@ NNAAMMEE
DDEESSCCRRIIPPTTIIOONN
The _s_u_d_o_e_r_s file is composed of two types of entries:
aliases (basically variables) and user specifications
(which specify who may run what). The grammar of _s_u_d_o_e_r_s
will be described below in Extended Backus-Naur Form
(EBNF). Don't despair if you don't know what EBNF is; it
is fairly simple, and the definitions below are annotated.
(which specify who may run what).
When multiple entries match for a user, they are applied
in order. Where there are conflicting values, the last
match is used (which is not necessarily the most specific
match).
The _s_u_d_o_e_r_s grammar will be described below in Extended
Backus-Naur Form (EBNF). Don't despair if you don't know
what EBNF is; it is fairly simple, and the definitions
below are annotated.
QQuuiicckk gguuiiddee ttoo EEBBNNFF
@@ -49,6 +56,20 @@ DDEESSCCRRIIPPTTIIOONN
There are four kinds of aliases: User_Alias, Runas_Alias,
Host_Alias and Cmnd_Alias.
1.6.8 August 5, 2004 1
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
Alias ::= 'User_Alias' User_Alias (':' User_Alias)* |
'Runas_Alias' Runas_Alias (':' Runas_Alias)* |
'Host_Alias' Host_Alias (':' Host_Alias)* |
@@ -58,18 +79,6 @@ DDEESSCCRRIIPPTTIIOONN
Runas_Alias ::= NAME '=' Runas_List
1.6.8 June 8, 2004 1
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Host_Alias ::= NAME '=' Host_List
Cmnd_Alias ::= NAME '=' Cmnd_List
@@ -116,6 +125,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
'!'* +netgroup |
'!'* Runas_Alias
1.6.8 August 5, 2004 2
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
A Runas_List is similar to a User_List except that it can
also contain uids (prefixed with '#') and instead of
User_Aliases it can contain Runas_Aliases. Note that
@@ -125,17 +145,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
names with the same uid (e.g. root and toor), you can use
a uid instead (#0 in the example given).
1.6.8 June 8, 2004 2
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Host_List ::= Host |
Host ',' Host_List
@@ -181,6 +190,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
specify "" to indicate that the command may only be run
wwiitthhoouutt command line arguments. A directory is a fully
qualified pathname ending in a '/'. When you specify a
1.6.8 August 5, 2004 3
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
directory in a Cmnd_List, the user will be able to run any
file within that directory (but not in any subdirectories
therein).
@@ -189,23 +210,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
arguments in the Cmnd must match exactly those given by
the user on the command line (or match the wildcards if
there are any). Note that the following characters must
be escaped with a '\' if they are used in command
1.6.8 June 8, 2004 3
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
arguments: ',', ':', '=', '\'. The special command
"sudoedit" is used to permit a user to run ssuuddoo with the
--ee flag (or as ssuuddooeeddiitt). It may take command line argu<67>
ments just as a normal command does.
be escaped with a '\' if they are used in command argu<67>
ments: ',', ':', '=', '\'. The special command "sudoedit"
is used to permit a user to run ssuuddoo with the --ee flag (or
as ssuuddooeeddiitt). It may take command line arguments just as
a normal command does.
DDeeffaauullttss
@@ -213,9 +222,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
default values at runtime via one or more Default_Entry
lines. These may affect all users on any host, all users
on a specific host, a specific user, or commands being run
as a specific user. When multiple entries match, they are
applied in order. Where there are conflicting values, the
last value on a matching line takes effect.
as a specific user.
Default_Type ::= 'Defaults' |
'Defaults' '@' Host |
@@ -245,29 +252,24 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
respectively. It is not an error to use the -= operator
to remove an element that does not exist in a list.
Note that since the _s_u_d_o_e_r_s file is parsed in order the
best place to put the Defaults section is after the
Host_Alias, User_Alias, and Cmnd_Alias specifications but
before any Runas_Alias or user specifications.
FFllaaggss:
long_otp_prompt
When validating with a One Time Password
1.6.8 August 5, 2004 4
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
scheme (SS//KKeeyy or OOPPIIEE), a two-line prompt is
used to make it easier to cut and paste the
1.6.8 June 8, 2004 4
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
challenge to a local window. It's not as
pretty as the default but some people find it
more convenient. This flag is _o_f_f by default.
@@ -320,20 +322,21 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
If set, users must authenticate themselves via
a password (or other means of authentication)
before they may run commands. This default
1.6.8 August 5, 2004 5
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
may be overridden via the PASSWD and NOPASSWD
tags. This flag is _o_n by default.
1.6.8 June 8, 2004 5
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
root_sudo If set, root is allowed to run ssuuddoo too. Dis<69>
abling this prevents users from "chaining"
ssuuddoo commands to get a root shell by doing
@@ -385,21 +388,20 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
tage is that if the executable is simply not
in the user's PATH, ssuuddoo will tell the user
that they are not allowed to run it, which can
1.6.8 August 5, 2004 6
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
be confusing. This flag is _o_f_f by default.
1.6.8 June 8, 2004 6
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
preserve_groups
By default ssuuddoo will initialize the group vec<65>
tor to the list of groups the target user is
@@ -452,20 +454,20 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
specified in editor. This flag is off by
default.
1.6.8 August 5, 2004 7
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
rootpw If set, ssuuddoo will prompt for the root password
instead of the password of the invoking user.
1.6.8 June 8, 2004 7
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
This flag is _o_f_f by default.
runaspw If set, ssuuddoo will prompt for the password of
@@ -517,21 +519,22 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
variables may be preserved with the _e_n_v___k_e_e_p
option.
1.6.8 August 5, 2004 8
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
use_loginclass
If set, ssuuddoo will apply the defaults specified
for the target user's login class if one
1.6.8 June 8, 2004 8
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
exists. Only available if ssuuddoo is configured
with the --with-logincap option. This flag is
_o_f_f by default.
@@ -543,6 +546,21 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
VENTING SHELL ESCAPES" section at the end of
this manual. This flag is _o_f_f by default.
ignore_local_sudoers
If set via LDAP, parsing of @sysconfdir@/sudo<64>
ers will be skipped. This is intended for an
Enterprises that wish to prevent the usage of
local sudoers files so that only LDAP is used.
This thwarts the efforts of rogue operators
who would attempt to add roles to
@sysconfdir@/sudoers. When this option is
present, @sysconfdir@/sudoers does not even
need to exist. Since this options tells sudo
how to behave when no specific LDAP entries
have been matched, this sudoOption is only
meaningful for the cn=defaults section. This
flag is _o_f_f by default.
IInntteeggeerrss:
passwd_tries
@@ -569,6 +587,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
their own timestamps via sudo -v and sudo -k
respectively.
1.6.8 August 5, 2004 9
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
passwd_timeout
Number of minutes before the ssuuddoo password
prompt times out. The default is 5, set this
@@ -585,19 +614,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
the machine. Default is *** SECURITY informa<6D>
tion for %h ***.
1.6.8 June 8, 2004 9
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
badpass_message
Message that is displayed if a user enters an
incorrect password. The default is Sorry, try
@@ -637,6 +653,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The default value is Password:.
1.6.8 August 5, 2004 10
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
runas_default
The default user to run commands as if the --uu
flag is not specified on the command line.
@@ -652,18 +679,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Syslog priority to use when user authenticates
unsuccessfully. Defaults to alert.
1.6.8 June 8, 2004 10
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
editor A colon (':') separated list of editors
allowed to be used with vviissuuddoo. vviissuuddoo will
choose the editor that matches the user's USER
@@ -704,6 +719,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
file). Setting a path turns on logging to a
file; negating this option turns it off.
1.6.8 August 5, 2004 11
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
syslog Syslog facility if syslog is being used for
logging (negate to disable syslog logging).
Defaults to local2.
@@ -717,20 +743,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
mailto Address to send warning and error mail to.
The address should be enclosed in double
quotes (") to protect against sudo
1.6.8 June 8, 2004 11
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
interpreting the @ sign. Defaults to root.
quotes (") to protect against sudo interpret<65>
ing the @ sign. Defaults to root.
exempt_group
Users in this group are exempt from password
@@ -771,6 +785,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
the NOPASSWD flag set to avoid enter<65>
ing a password.
1.6.8 August 5, 2004 12
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
never The user need never enter a password
to use the --ll flag.
@@ -784,18 +809,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
env_check Environment variables to be removed from the
user's environment if the variable's value
contains % or / characters. This can be used
1.6.8 June 8, 2004 12
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
to guard against printf-style format vulnera<72>
bilities in poorly-written programs. The
argument may be a double-quoted, space-sepa<70>
@@ -837,6 +850,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Parameter): aauutthhpprriivv (if your OS supports it), aauutthh, ddaaee<><08>
mmoonn, uusseerr, llooccaall00, llooccaall11, llooccaall22, llooccaall33, llooccaall44, llooccaall55,
llooccaall66, and llooccaall77. The following syslog priorities are
1.6.8 August 5, 2004 13
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
supported: aalleerrtt, ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee,
and wwaarrnniinngg.
@@ -850,18 +875,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Cmnd_Spec ::= Runas_Spec? Tag_Spec* Cmnd
1.6.8 June 8, 2004 13
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Runas_Spec ::= '(' Runas_List ')'
Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:')
@@ -903,6 +916,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
There are four possible tag values, NOPASSWD, PASSWD,
NOEXEC, EXEC. Once a tag is set on a Cmnd, subsequent
Cmnds in the Cmnd_Spec_List, inherit the tag unless it is
1.6.8 August 5, 2004 14
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
overridden by the opposite tag (ie: PASSWD overrides
NOPASSWD and EXEC overrides NOEXEC).
@@ -917,17 +942,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
1.6.8 June 8, 2004 14
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
would allow the user rraayy to run _/_b_i_n_/_k_i_l_l, _/_b_i_n_/_l_s, and
_/_u_s_r_/_b_i_n_/_l_p_r_m as root on the machine rushmore as rroooott
without authenticating himself. If we only want rraayy to be
@@ -968,6 +982,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s (aka meta or glob char<61>
acters) to be used in pathnames as well as command line
arguments in the _s_u_d_o_e_r_s file. Wildcard matching is done
1.6.8 August 5, 2004 15
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
via the PPOOSSIIXX _f_n_m_a_t_c_h(3) routine. Note that these are _n_o_t
regular expressions.
@@ -983,17 +1009,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
used to escape special characters such as: "*",
"?", "[", and "}".
1.6.8 June 8, 2004 15
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Note that a forward slash ('/') will nnoott be matched by
wildcards used in the pathname. When matching the command
line arguments, however, a slash ddooeess get matched by wild<6C>
@@ -1003,13 +1018,50 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m.
WARNING: a pathname with wildcards will nnoott match a user
command that consists of a relative path. In other words,
given the following _s_u_d_o_e_r_s entry:
billy workstation = /usr/bin/*
user billy will be able to run any command in /usr/bin as
root, such as _/_u_s_r_/_b_i_n_/_w. The following two command will
be allowed (the first assumes that _/_u_s_r_/_b_i_n is in the
user's path):
$ sudo w
$ sudo /usr/bin/w
However, this will not:
$ cd /usr/bin
$ sudo ./w
For this reason you should only ggrraanntt access to commands
using wildcards and never rreessttrriicctt access using them.
This limitation will be removed in a future version of
ssuuddoo.
EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess
The following exceptions apply to the above rules:
"" If the empty string "" is the only command line
argument in the _s_u_d_o_e_r_s entry it means that com<6F>
mand is not allowed to be run with aannyy arguments.
argument in the _s_u_d_o_e_r_s entry it means that
1.6.8 August 5, 2004 16
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
command is not allowed to be run with aannyy argu<67>
ments.
OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss
@@ -1047,19 +1099,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
hostname): '@', '!', '=', ':', ',', '(', ')', '\'.
EEXXAAMMPPLLEESS
Since the _s_u_d_o_e_r_s file is parsed in a single pass, order
is important. In general, you should structure _s_u_d_o_e_r_s
such that the Host_Alias, User_Alias, and Cmnd_Alias spec<65>
ifications come first, followed by any Default_Entry
lines, and finally the Runas_Alias and user specifica<63>
tions. The basic rule of thumb is you cannot reference an
Alias that has not already been defined.
Below are example _s_u_d_o_e_r_s entries. Admittedly, some of
1.6.8 June 8, 2004 16
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
these are a bit contrived. First, we define our _a_l_i_a_s_e_s:
# User alias specification
@@ -1067,6 +1115,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
1.6.8 August 5, 2004 17
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
# Runas alias specification
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
@@ -1098,7 +1157,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
We want ssuuddoo to log via _s_y_s_l_o_g(3) using the _a_u_t_h facility
in all cases. We don't want to subject the full time
staff to the ssuuddoo lecture, user mmiilllleerrtt need not give a
password, and we don't want to set the LOGNAME or USER
password, and we don't want to reset the LOGNAME or USER
environment variables when running commands as root.
Additionally, on the machines in the _S_E_R_V_E_R_S Host_Alias,
we keep an additional local log file and make sure we log
@@ -1115,23 +1174,24 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually deter<65>
mines who may run what.
1.6.8 June 8, 2004 17
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
We let rroooott and any user in group wwhheeeell run any command on
any host as any user.
1.6.8 August 5, 2004 18
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
FULLTIMERS ALL = NOPASSWD: ALL
Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run
@@ -1180,24 +1240,24 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The user bboobb may run anything on the _S_P_A_R_C and _S_G_I
machines as any user listed in the _O_P Runas_Alias (rroooott
1.6.8 June 8, 2004 18
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
and ooppeerraattoorr).
jim +biglab = ALL
The user jjiimm may run any command on machines in the _b_i_g_l_a_b
netgroup. SSuuddoo knows that "biglab" is a netgroup due to
1.6.8 August 5, 2004 19
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
the '+' prefix.
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
@@ -1247,23 +1307,23 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
1.6.8 June 8, 2004 19
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Any user may mount or unmount a CD-ROM on the machines in
the CDROM Host_Alias (orion, perseus, hercules) without
entering a password. This is a bit tedious for users to
type, so it is a prime candidate for encapsulating in a
shell script.
1.6.8 August 5, 2004 20
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
SSEECCUURRIITTYY NNOOTTEESS
It is generally not effective to "subtract" commands from
ALL using the '!' operator. A user can trivially circum<75>
@@ -1312,25 +1372,25 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
return an error. Unfortunately, there is no foolproof way
to know whether or not _n_o_e_x_e_c will work at compile-time.
_N_o_e_x_e_c should work on SunOS, Solaris, *BSD, Linux, IRIX,
1.6.8 June 8, 2004 20
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Tru64 UNIX, MacOS X, and HP-UX 11.x. It is known nnoott to
work on AIX and UnixWare. _N_o_e_x_e_c is expected to work on
most operating systems that support the LD_PRELOAD envi<76>
ronment variable. Check your operating system's manual
pages for the dynamic linker (usually ld.so, ld.so.1,
dyld, dld.sl, rld, or loader) to see if LD_PRELOAD is sup<75>
ported.
dyld, dld.sl, rld, or loader) to see if LD_PRELOAD is
1.6.8 August 5, 2004 21
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
supported.
To enable _n_o_e_x_e_c for a command, use the NOEXEC tag as doc<6F>
umented in the User Specification section above. Here is
@@ -1381,6 +1441,12 @@ SSEEEE AALLSSOO
1.6.8 June 8, 2004 21
1.6.8 August 5, 2004 22

65
sudoers.man.in
View File

@@ -149,17 +149,22 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "July 30, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.TH SUDOERS @mansectform@ "August 5, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers \- list of which users may execute what
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIsudoers\fR file is composed of two types of entries:
aliases (basically variables) and user specifications
(which specify who may run what). The grammar of \fIsudoers\fR
will be described below in Extended Backus-Naur Form (\s-1EBNF\s0).
Don't despair if you don't know what \s-1EBNF\s0 is; it is fairly
simple, and the definitions below are annotated.
The \fIsudoers\fR file is composed of two types of entries: aliases
(basically variables) and user specifications (which specify who
may run what).
.PP
When multiple entries match for a user, they are applied in order.
Where there are conflicting values, the last match is used (which
is not necessarily the most specific match).
.PP
The \fIsudoers\fR grammar will be described below in Extended Backus-Naur
Form (\s-1EBNF\s0). Don't despair if you don't know what \s-1EBNF\s0 is; it is
fairly simple, and the definitions below are annotated.
.Sh "Quick guide to \s-1EBNF\s0"
.IX Subsection "Quick guide to EBNF"
\&\s-1EBNF\s0 is a concise and exact way of describing the grammar of a language.
@@ -349,9 +354,7 @@ a normal command does.
Certain configuration options may be changed from their default
values at runtime via one or more \f(CW\*(C`Default_Entry\*(C'\fR lines. These
may affect all users on any host, all users on a specific host, a
specific user, or commands being run as a specific user. When
multiple entries match, they are applied in order. Where there are
conflicting values, the last value on a matching line takes effect.
specific user, or commands being run as a specific user.
.PP
.Vb 4
\& Default_Type ::= 'Defaults' |
@@ -388,11 +391,6 @@ These operators are used to add to and delete from a list respectively.
It is not an error to use the \f(CW\*(C`\-=\*(C'\fR operator to remove an element
that does not exist in a list.
.PP
Note that since the \fIsudoers\fR file is parsed in order the best place
to put the Defaults section is after the \f(CW\*(C`Host_Alias\*(C'\fR, \f(CW\*(C`User_Alias\*(C'\fR,
and \f(CW\*(C`Cmnd_Alias\*(C'\fR specifications but before any \f(CW\*(C`Runas_Alias\*(C'\fR or user
specifications.
.PP
\&\fBFlags\fR:
.IP "long_otp_prompt" 12
.IX Item "long_otp_prompt"
@@ -1000,6 +998,34 @@ wildcards. This is to make a path like:
.Ve
.PP
match \fI/usr/bin/who\fR but not \fI/usr/bin/X11/xterm\fR.
.PP
\&\s-1WARNING:\s0 a pathname with wildcards will \fBnot\fR match a user command
that consists of a relative path. In other words, given the
following \fIsudoers\fR entry:
.PP
.Vb 1
\& billy workstation = /usr/bin/*
.Ve
.PP
user billy will be able to run any command in /usr/bin as root, such
as \fI/usr/bin/w\fR. The following two command will be allowed (the first
assumes that \fI/usr/bin\fR is in the user's path):
.PP
.Vb 2
\& $ sudo w
\& $ sudo /usr/bin/w
.Ve
.PP
However, this will not:
.PP
.Vb 2
\& $ cd /usr/bin
\& $ sudo ./w
.Ve
.PP
For this reason you should only \fBgrant\fR access to commands using
wildcards and never \fBrestrict\fR access using them. This limitation
will be removed in a future version of \fBsudo\fR.
.Sh "Exceptions to wildcard rules"
.IX Subsection "Exceptions to wildcard rules"
The following exceptions apply to the above rules:
@@ -1043,6 +1069,13 @@ used as part of a word (e.g. a username or hostname):
\&'@', '!', '=', ':', ',', '(', ')', '\e'.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Since the \fIsudoers\fR file is parsed in a single pass, order is
important. In general, you should structure \fIsudoers\fR such that
the \f(CW\*(C`Host_Alias\*(C'\fR, \f(CW\*(C`User_Alias\*(C'\fR, and \f(CW\*(C`Cmnd_Alias\*(C'\fR specifications
come first, followed by any \f(CW\*(C`Default_Entry\*(C'\fR lines, and finally the
\&\f(CW\*(C`Runas_Alias\*(C'\fR and user specifications. The basic rule of thumb
is you cannot reference an Alias that has not already been defined.
.PP
Below are example \fIsudoers\fR entries. Admittedly, some of
these are a bit contrived. First, we define our \fIaliases\fR:
.PP
@@ -1090,7 +1123,7 @@ Here we override some of the compiled in default values. We want
\&\fBsudo\fR to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all
cases. We don't want to subject the full time staff to the \fBsudo\fR
lecture, user \fBmillert\fR need not give a password, and we don't
want to set the \f(CW\*(C`LOGNAME\*(C'\fR or \f(CW\*(C`USER\*(C'\fR environment variables when
want to reset the \f(CW\*(C`LOGNAME\*(C'\fR or \f(CW\*(C`USER\*(C'\fR environment variables when
running commands as root. Additionally, on the machines in the
\&\fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, we keep an additional local log file and
make sure we log the year in each log line since the log entries