-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2011
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "May 16, 2011" "1.8.1p2" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "February 5, 2012" "1.8.4" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
-\&\fBsudo\fR [\fB\-D\fR\ \fIlevel\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR
+\&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR
.PP
\&\fBsudo\fR \fB\-v\fR [\fB\-AknS\fR]
.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
-[\fB\-D\fR\ \fIlevel\fR]
[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR]
.PP
\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AknS\fR]
.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
-[\fB\-D\fR\ \fIlevel\fR]
[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-U\fR\ \fIuser\ name\fR] [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] [\fIcommand\fR]
.PP
\&\fBsudo\fR [\fB\-AbEHnPS\fR]
.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
[\fB\-C\fR\ \fIfd\fR]
-[\fB\-D\fR\ \fIlevel\fR]
.if \n(LC [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
.if \n(SL [\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR]
.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
[\fB\-C\fR\ \fIfd\fR]
.if \n(LC [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
-[\fB\-D\fR\ \fIlevel\fR]
[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] file ...
.SH "DESCRIPTION"
.PP
\&\fBsudo\fR supports a plugin architecture for security policies and
input/output logging. Third parties can develop and distribute
-their own policy and I/O logging modules to work seemlessly with
+their own policy and I/O logging modules to work seamlessly with
the \fBsudo\fR front end. The default security policy is \fIsudoers\fR,
which is configured via the file \fI@sysconfdir@/sudoers\fR, or via
\&\s-1LDAP\s0. See the \s-1PLUGINS\s0 section for more information.
as root, or the \fBsudo\fR command must be run from a shell that is already
root. This option is only available on systems with \s-1BSD\s0 login classes.
\}
-.IP "\-D \fIlevel\fR" 12
-.IX Item "-D level"
-Enable debugging of \fBsudo\fR plugins and \fBsudo\fR itself. The \fIlevel\fR
-may be a value from 1 through 9.
.IP "\-E" 12
.IX Item "-E"
The \fB\-E\fR (\fIpreserve\fR \fIenvironment\fR) option indicates to the
-security policy that the uses wishes to preserve their existing
+security policy that the user wishes to preserve their existing
environment variables. The security policy may return an error if
the \fB\-E\fR option is specified and the user does not have permission
to preserve the environment.
\&\fBsudo\fR attempts to change to that user's home directory before
running the shell. The security policy shall initialize the
environment to a minimal set of variables, similar to what is present
-when a user logs in.
+when a user logs in. The \fICommand Environment\fR section in the
+\&\fIsudoers\fR\|(@mansectform@) manual documents how the \fB\-i\fR option affects the
+environment in which a command is run when the \fIsudoers\fR policy
+is in use.
.IP "\-K" 12
.IX Item "-K"
The \fB\-K\fR (sure \fIkill\fR) option is like \fB\-k\fR except that it removes
variables with one important exception. If the \fIsetenv\fR option
is set in \fIsudoers\fR, the command to be run has the \f(CW\*(C`SETENV\*(C'\fR tag
set or the command matched is \f(CW\*(C`ALL\*(C'\fR, the user may set variables
-that would overwise be forbidden. See \fIsudoers\fR\|(@mansectform@) for more information.
+that would otherwise be forbidden. See \fIsudoers\fR\|(@mansectform@) for more information.
.SH "PLUGINS"
.IX Header "PLUGINS"
Plugins are dynamically loaded based on the contents of the
\& # Plugin plugin_name plugin_path
\& # Path askpass /path/to/askpass
\& # Path noexec /path/to/noexec.so
+\& # Debug sudo /var/log/sudo_debug all@warn
+\& # Set disable_coredump true
\& #
\& # The plugin_path is relative to @prefix@/libexec unless
\& # fully qualified.
that just return an error. This is used to implement the \fInoexec\fR
functionality on systems that support \f(CW\*(C`LD_PRELOAD\*(C'\fR or its equivalent.
Defaults to \fI@noexec_file@\fR.
+.SH "DEBUG FLAGS"
+.IX Header "DEBUG FLAGS"
+\&\fBsudo\fR versions 1.8.4 and higher support a flexible debugging
+framework that can help track down what \fBsudo\fR is doing internally
+if there is a problem.
+.PP
+A \f(CW\*(C`Debug\*(C'\fR line consists of the \f(CW\*(C`Debug\*(C'\fR keyword, followed by the
+name of the program to debug (\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR),
+the debug file name and a comma-separated list of debug flags.
+The debug flag syntax used by \fBsudo\fR and the \fIsudoers\fR plugin is
+\&\fIsubsystem\fR@\fIpriority\fR but the plugin is free to use a different
+format so long as it does not include a command \f(CW\*(C`,\*(C'\fR.
+.PP
+For instance:
+.PP
+.Vb 1
+\& Debug sudo /var/log/sudo_debug all@warn,plugin@info
+.Ve
+.PP
+would log all debugging statements at the \fIwarn\fR level and higher
+in addition to those at the \fIinfo\fR level for the plugin subsystem.
+.PP
+Currently, only one \f(CW\*(C`Debug\*(C'\fR entry per program is supported. The
+\&\f(CW\*(C`sudo\*(C'\fR \f(CW\*(C`Debug\*(C'\fR entry is shared by the \fBsudo\fR front end, \fBsudoedit\fR
+and the plugins. A future release may add support for per-plugin
+\&\f(CW\*(C`Debug\*(C'\fR lines and/or support for multiple debugging files for a
+single program.
+.PP
+The priorities used by the \fBsudo\fR front end, in order of decreasing
+severity, are: \fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR,
+\&\fItrace\fR and \fIdebug\fR. Each priority, when specified, also includes
+all priorities higher than it. For example, a priority of \fInotice\fR
+would include debug messages logged at \fInotice\fR and higher.
+.PP
+The following subsystems are used by \fBsudo\fR:
+.IP "\fIall\fR" 10
+.IX Item "all"
+matches every subsystem
+.IP "\fIargs\fR" 10
+.IX Item "args"
+command line argument processing
+.IP "\fIconv\fR" 10
+.IX Item "conv"
+user conversation
+.IP "\fIedit\fR" 10
+.IX Item "edit"
+sudoedit
+.IP "\fIexec\fR" 10
+.IX Item "exec"
+command execution
+.IP "\fImain\fR" 10
+.IX Item "main"
+\&\fBsudo\fR main function
+.IP "\fInetif\fR" 10
+.IX Item "netif"
+network interface handling
+.IP "\fIpcomm\fR" 10
+.IX Item "pcomm"
+communication with the plugin
+.IP "\fIplugin\fR" 10
+.IX Item "plugin"
+plugin configuration
+.IP "\fIpty\fR" 10
+.IX Item "pty"
+pseudo-tty related code
+.IP "\fIselinux\fR" 10
+.IX Item "selinux"
+SELinux-specific handling
+.IP "\fIutil\fR" 10
+.IX Item "util"
+utility functions
+.IP "\fIutmp\fR" 10
+.IX Item "utmp"
+utmp handling
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Upon successful execution of a program, the exit status from \fBsudo\fR
commands via \fBsudo\fR to verify that the command does not inadvertently
give the user an effective root shell. For more information, please
see the \f(CW\*(C`PREVENTING SHELL ESCAPES\*(C'\fR section in \fIsudoers\fR\|(@mansectform@).
+.PP
+To prevent the disclosure of potentially sensitive information,
+\&\fBsudo\fR disables core dumps by default while it is executing (they
+are re-enabled for the command that is run). To aid in debugging
+\&\fBsudo\fR crashes, you may wish to re-enable core dumps by setting
+\&\*(L"disable_coredump\*(R" to false in the \fI@sysconfdir@/sudo.conf\fR file.
+.PP
+.Vb 1
+\& Set disable_coredump false
+.Ve
+.PP
+Note that by default, most operating systems disable core dumps
+from setuid programs, which includes \fBsudo\fR. To actually get a
+\&\fBsudo\fR core file you may need to enable core dumps for setuid
+processes. On \s-1BSD\s0 and Linux systems this is accomplished via the
+sysctl command, on Solaris the coreadm command can be used.
.SH "ENVIRONMENT"
.IX Header "ENVIRONMENT"
\&\fBsudo\fR utilizes the following environment variables. The security
.ie n .IP "\fI@sysconfdir@/sudo.conf\fR" 24
.el .IP "\fI@sysconfdir@/sudo.conf\fR" 24
.IX Item "@sysconfdir@/sudo.conf"
-\&\fBsudo\fR plugin and path configuration
+\&\fBsudo\fR front end configuration
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Note: the following examples assume a properly configured security policy.
\& Todd C. Miller
.Ve
.PP
-See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution or visit
-http://www.sudo.ws/sudo/history.html for a short history
-of \fBsudo\fR.
+See the \s-1CONTRIBUTORS\s0 file in the \fBsudo\fR distribution
+(http://www.sudo.ws/sudo/contributors.html) for a list of people
+who have contributed to \fBsudo\fR.
+.SH "HISTORY"
+.IX Header "HISTORY"
+See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution
+(http://www.sudo.ws/sudo/history.html) for a brief history of sudo.
.SH "CAVEATS"
.IX Header "CAVEATS"
There is no easy way to prevent a user from gaining a root shell
projects / debian / sudo / blobdiff