4 sudo(1m) MAINTENANCE COMMANDS sudo(1m)
7 N
\bN
\bN
\bNA
\bA
\bA
\bAM
\bM
\bM
\bME
\bE
\bE
\bE
8 sudo - execute a command as another user
10 S
\bS
\bS
\bSY
\bY
\bY
\bYN
\bN
\bN
\bNO
\bO
\bO
\bOP
\bP
\bP
\bPS
\bS
\bS
\bSI
\bI
\bI
\bIS
\bS
\bS
\bS
11 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo -
\b-
\b-
\b-V
\bV
\bV
\bV | -
\b-
\b-
\b-h
\bh
\bh
\bh | -
\b-
\b-
\b-l
\bl
\bl
\bl | -
\b-
\b-
\b-L
\bL
\bL
\bL | -
\b-
\b-
\b-v
\bv
\bv
\bv | -
\b-
\b-
\b-k
\bk
\bk
\bk | -
\b-
\b-
\b-K
\bK
\bK
\bK | -
\b-
\b-
\b-s
\bs
\bs
\bs | [ -
\b-
\b-
\b-H
\bH
\bH
\bH ] [-
\b-
\b-
\b-P
\bP
\bP
\bP ]
12 [-
\b-
\b-
\b-S
\bS
\bS
\bS ] [ -
\b-
\b-
\b-b
\bb
\bb
\bb ] | [ -
\b-
\b-
\b-p
\bp
\bp
\bp _
\bp_
\br_
\bo_
\bm_
\bp_
\bt ] [ -
\b-
\b-
\b-c
\bc
\bc
\bc _
\bc_
\bl_
\ba_
\bs_
\bs|_
\b- ] [ -
\b-
\b-
\b-a
\ba
\ba
\ba _
\ba_
\bu_
\bt_
\bh_
\b__
\bt_
\by_
\bp_
\be
13 ] [ -
\b-
\b-
\b-u
\bu
\bu
\bu _
\bu_
\bs_
\be_
\br_
\bn_
\ba_
\bm_
\be|_
\b#_
\bu_
\bi_
\bd ] _
\bc_
\bo_
\bm_
\bm_
\ba_
\bn_
\bd
15 D
\bD
\bD
\bDE
\bE
\bE
\bES
\bS
\bS
\bSC
\bC
\bC
\bCR
\bR
\bR
\bRI
\bI
\bI
\bIP
\bP
\bP
\bPT
\bT
\bT
\bTI
\bI
\bI
\bIO
\bO
\bO
\bON
\bN
\bN
\bN
16 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo allows a permitted user to execute a _
\bc_
\bo_
\bm_
\bm_
\ba_
\bn_
\bd as the
17 superuser or another user, as specified in the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs
18 file. The real and effective uid and gid are set to match
19 those of the target user as specified in the passwd file
20 (the group vector is also initialized when the target user
21 is not root). By default, s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo requires that users
22 authenticate themselves with a password (NOTE: by default
23 this is the user's password, not the root password). Once
24 a user has been authenticated, a timestamp is updated and
25 the user may then use sudo without a password for a short
26 period of time (5 minutes unless overridden in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs).
28 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo determines who is an authorized user by consulting
29 the file _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. By giving s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo the -
\b-
\b-
\b-v
\bv
\bv
\bv flag a user
30 can update the time stamp without running a _
\bc_
\bo_
\bm_
\bm_
\ba_
\bn_
\bd_
\b. The
31 password prompt itself will also time out if the user's
32 password is not entered within 5 minutes (unless overrid
33 den via _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs).
35 If a user who is not listed in the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file tries to
36 run a command via s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo, mail is sent to the proper author
37 ities, as defined at configure time or the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file
38 (defaults to root). Note that the mail will not be sent
39 if an unauthorized user tries to run sudo with the -
\b-
\b-
\b-l
\bl
\bl
\bl or
40 -
\b-
\b-
\b-v
\bv
\bv
\bv flags. This allows users to determine for themselves
41 whether or not they are allowed to use s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo.
43 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo can log both successful and unsuccessful attempts (as
44 well as errors) to _
\bs_
\by_
\bs_
\bl_
\bo_
\bg(3), a log file, or both. By
45 default s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will log via _
\bs_
\by_
\bs_
\bl_
\bo_
\bg(3) but this is changeable
46 at configure time or via the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
48 O
\bO
\bO
\bOP
\bP
\bP
\bPT
\bT
\bT
\bTI
\bI
\bI
\bIO
\bO
\bO
\bON
\bN
\bN
\bNS
\bS
\bS
\bS
49 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo accepts the following command line options:
51 -V The -
\b-
\b-
\b-V
\bV
\bV
\bV (_
\bv_
\be_
\br_
\bs_
\bi_
\bo_
\bn) option causes s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo to print the ver
52 sion number and exit. If the invoking user is already
53 root the -
\b-
\b-
\b-V
\bV
\bV
\bV option will print out a list of the
54 defaults s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo was compiled with as well as the
55 machine's local network addresses.
57 -l The -
\b-
\b-
\b-l
\bl
\bl
\bl (_
\bl_
\bi_
\bs_
\bt) option will list out the allowed (and
58 forbidden) commands for the user on the current host.
64 April 25, 2002 1.6.6 1
70 sudo(1m) MAINTENANCE COMMANDS sudo(1m)
73 -L The -
\b-
\b-
\b-L
\bL
\bL
\bL (_
\bl_
\bi_
\bs_
\bt defaults) option will list out the param
74 eters that may be set in a _
\bD_
\be_
\bf_
\ba_
\bu_
\bl_
\bt_
\bs line along with a
75 short description for each. This option is useful in
76 conjunction with _
\bg_
\br_
\be_
\bp(1).
78 -h The -
\b-
\b-
\b-h
\bh
\bh
\bh (_
\bh_
\be_
\bl_
\bp) option causes s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo to print a usage mes
81 -v If given the -
\b-
\b-
\b-v
\bv
\bv
\bv (_
\bv_
\ba_
\bl_
\bi_
\bd_
\ba_
\bt_
\be) option, s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will update
82 the user's timestamp, prompting for the user's pass
83 word if necessary. This extends the s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo timeout for
84 another 5 minutes (or whatever the timeout is set to
85 in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs) but does not run a command.
87 -k The -
\b-
\b-
\b-k
\bk
\bk
\bk (_
\bk_
\bi_
\bl_
\bl) option to s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo invalidates the user's
88 timestamp by setting the time on it to the epoch. The
89 next time s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo is run a password will be required.
90 This option does not require a password and was added
91 to allow a user to revoke s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo permissions from a
94 -K The -
\b-
\b-
\b-K
\bK
\bK
\bK (sure _
\bk_
\bi_
\bl_
\bl) option to s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo removes the user's
95 timestamp entirely. Likewise, this option does not
98 -b The -
\b-
\b-
\b-b
\bb
\bb
\bb (_
\bb_
\ba_
\bc_
\bk_
\bg_
\br_
\bo_
\bu_
\bn_
\bd) option tells s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo to run the given
99 command in the background. Note that if you use the
100 -
\b-
\b-
\b-b
\bb
\bb
\bb option you cannot use shell job control to manipu
103 -p The -
\b-
\b-
\b-p
\bp
\bp
\bp (_
\bp_
\br_
\bo_
\bm_
\bp_
\bt) option allows you to override the
104 default password prompt and use a custom one. If the
105 password prompt contains the %u escape, %u will be
106 replaced with the user's login name. Similarly, %h
107 will be replaced with the local hostname.
109 -c The -
\b-
\b-
\b-c
\bc
\bc
\bc (_
\bc_
\bl_
\ba_
\bs_
\bs) option causes s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo to run the specified
110 command with resources limited by the specified login
111 class. The _
\bc_
\bl_
\ba_
\bs_
\bs argument can be either a class name
112 as defined in /etc/login.conf, or a single '-' charac
113 ter. Specifying a _
\bc_
\bl_
\ba_
\bs_
\bs of - indicates that the com
114 mand should be run restricted by the default login
115 capabilities for the user the command is run as. If
116 the _
\bc_
\bl_
\ba_
\bs_
\bs argument specifies an existing user class,
117 the command must be run as root, or the s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo command
118 must be run from a shell that is already root. This
119 option is only available on systems with BSD login
120 classes where s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo has been configured with the
121 --with-logincap option.
123 -a The -
\b-
\b-
\b-a
\ba
\ba
\ba (_
\ba_
\bu_
\bt_
\bh_
\be_
\bn_
\bt_
\bi_
\bc_
\ba_
\bt_
\bi_
\bo_
\bn _
\bt_
\by_
\bp_
\be) option causes s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo to use
124 the specified authentication type when validating the
125 user, as allowed by /etc/login.conf. The system
126 administrator may specify a list of sudo-specific
130 April 25, 2002 1.6.6 2
136 sudo(1m) MAINTENANCE COMMANDS sudo(1m)
139 authentication methods by adding an "auth-sudo" entry
140 in /etc/login.conf. This option is only available on
141 systems that support BSD authentication where s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo has
142 been configured with the --with-bsdauth option.
144 -u The -
\b-
\b-
\b-u
\bu
\bu
\bu (_
\bu_
\bs_
\be_
\br) option causes s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo to run the specified
145 command as a user other than _
\br_
\bo_
\bo_
\bt. To specify a _
\bu_
\bi_
\bd
146 instead of a _
\bu_
\bs_
\be_
\br_
\bn_
\ba_
\bm_
\be, use _
\b#_
\bu_
\bi_
\bd.
148 -s The -
\b-
\b-
\b-s
\bs
\bs
\bs (_
\bs_
\bh_
\be_
\bl_
\bl) option runs the shell specified by the
149 _
\bS_
\bH_
\bE_
\bL_
\bL environment variable if it is set or the shell
150 as specified in _
\bp_
\ba_
\bs_
\bs_
\bw_
\bd(4).
152 -H The -
\b-
\b-
\b-H
\bH
\bH
\bH (_
\bH_
\bO_
\bM_
\bE) option sets the HOME environment vari
153 able to the homedir of the target user (root by
154 default) as specified in _
\bp_
\ba_
\bs_
\bs_
\bw_
\bd(4). By default, s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo
155 does not modify HOME.
157 -P The -
\b-
\b-
\b-P
\bP
\bP
\bP (_
\bp_
\br_
\be_
\bs_
\be_
\br_
\bv_
\be _
\bg_
\br_
\bo_
\bu_
\bp _
\bv_
\be_
\bc_
\bt_
\bo_
\br) option causes s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo to
158 preserve the user's group vector unaltered. By
159 default, s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will initialize the group vector to the
160 list of groups the target user is in. The real and
161 effective group IDs, however, are still set to match
164 -S The -
\b-
\b-
\b-S
\bS
\bS
\bS (_
\bs_
\bt_
\bd_
\bi_
\bn) option causes s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo to read the password
165 from standard input instead of the terminal device.
167 -- The -
\b-
\b-
\b--
\b-
\b-
\b- flag indicates that s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo should stop processing
168 command line arguments. It is most useful in conjunc
169 tion with the -
\b-
\b-
\b-s
\bs
\bs
\bs flag.
171 R
\bR
\bR
\bRE
\bE
\bE
\bET
\bT
\bT
\bTU
\bU
\bU
\bUR
\bR
\bR
\bRN
\bN
\bN
\bN V
\bV
\bV
\bVA
\bA
\bA
\bAL
\bL
\bL
\bLU
\bU
\bU
\bUE
\bE
\bE
\bES
\bS
\bS
\bS
172 Upon successful execution of a program, the return value
173 from s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will simply be the return value of the program
176 Otherwise, s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo quits with an exit value of 1 if there is
177 a configuration/permission problem or if s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo cannot exe
178 cute the given command. In the latter case the error
179 string is printed to stderr. If s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo cannot _
\bs_
\bt_
\ba_
\bt(2) one
180 or more entries in the user's PATH an error is printed on
181 stderr. (If the directory does not exist or if it is not
182 really a directory, the entry is ignored and no error is
183 printed.) This should not happen under normal circum
184 stances. The most common reason for _
\bs_
\bt_
\ba_
\bt(2) to return
185 "permission denied" is if you are running an automounter
186 and one of the directories in your PATH is on a machine
187 that is currently unreachable.
189 S
\bS
\bS
\bSE
\bE
\bE
\bEC
\bC
\bC
\bCU
\bU
\bU
\bUR
\bR
\bR
\bRI
\bI
\bI
\bIT
\bT
\bT
\bTY
\bY
\bY
\bY N
\bN
\bN
\bNO
\bO
\bO
\bOT
\bT
\bT
\bTE
\bE
\bE
\bES
\bS
\bS
\bS
190 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo tries to be safe when executing external commands.
191 Variables that control how dynamic loading and binding is
192 done can be used to subvert the program that s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo runs.
196 April 25, 2002 1.6.6 3
202 sudo(1m) MAINTENANCE COMMANDS sudo(1m)
205 To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only),
206 and LIBPATH (AIX only) environment variables are removed
207 from the environment passed on to all commands executed.
208 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will also remove the IFS, ENV, BASH_ENV, KRB_CONF,
209 KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN,
210 RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO,
211 TERMINFO_DIRS and TERMPATH variables as they too can pose
212 a threat. If the TERMCAP variable is set and is a path
213 name, it too is ignored. Additionally, if the LC_* or
214 LANGUAGE variables contain the / or % characters, they are
215 ignored. If s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo has been compiled with SecurID support,
216 the VAR_ACE, USR_ACE and DLC_ACE variables are cleared as
217 well. The list of environment variables that s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo clears
218 is contained in the output of sudo -V when run as root.
220 To prevent command spoofing, s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo checks "." and "" (both
221 denoting current directory) last when searching for a com
222 mand in the user's PATH (if one or both are in the PATH).
223 Note, however, that the actual PATH environment variable
224 is _
\bn_
\bo_
\bt modified and is passed unchanged to the program
225 that s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo executes.
227 For security reasons, if your OS supports shared libraries
228 and does not disable user-defined library search paths for
229 setuid programs (most do), you should either use a linker
230 option that disables this behavior or link s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo stati
233 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will check the ownership of its timestamp directory
234 (_
\b/_
\bv_
\ba_
\br_
\b/_
\br_
\bu_
\bn_
\b/_
\bs_
\bu_
\bd_
\bo by default) and ignore the directory's con
235 tents if it is not owned by root and only writable by
236 root. On systems that allow non-root users to give away
237 files via _
\bc_
\bh_
\bo_
\bw_
\bn(2), if the timestamp directory is located
238 in a directory writable by anyone (e.g.: _
\b/_
\bt_
\bm_
\bp), it is pos
239 sible for a user to create the timestamp directory before
240 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo is run. However, because s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo checks the ownership
241 and mode of the directory and its contents, the only dam
242 age that can be done is to "hide" files by putting them in
243 the timestamp dir. This is unlikely to happen since once
244 the timestamp dir is owned by root and inaccessible by any
245 other user the user placing files there would be unable to
246 get them back out. To get around this issue you can use a
247 directory that is not world-writable for the timestamps
248 (_
\b/_
\bv_
\ba_
\br_
\b/_
\ba_
\bd_
\bm_
\b/_
\bs_
\bu_
\bd_
\bo for instance) or create _
\b/_
\bv_
\ba_
\br_
\b/_
\br_
\bu_
\bn_
\b/_
\bs_
\bu_
\bd_
\bo with
249 the appropriate owner (root) and permissions (0700) in the
250 system startup files.
252 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will not honor timestamps set far in the future.
253 Timestamps with a date greater than current_time + 2 *
254 TIMEOUT will be ignored and sudo will log and complain.
255 This is done to keep a user from creating his/her own
256 timestamp with a bogus date on systems that allow users to
262 April 25, 2002 1.6.6 4
268 sudo(1m) MAINTENANCE COMMANDS sudo(1m)
271 Please note that s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will only log the command it explic
272 itly runs. If a user runs a command such as sudo su or
273 sudo sh, subsequent commands run from that shell will _
\bn_
\bo_
\bt
274 be logged, nor will s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo's access control affect them.
275 The same is true for commands that offer shell escapes
276 (including most editors). Because of this, care must be
277 taken when giving users access to commands via s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo to
278 verify that the command does not inadvertantly give the
279 user an effective root shell.
281 E
\bE
\bE
\bEX
\bX
\bX
\bXA
\bA
\bA
\bAM
\bM
\bM
\bMP
\bP
\bP
\bPL
\bL
\bL
\bLE
\bE
\bE
\bES
\bS
\bS
\bS
282 Note: the following examples assume suitable _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs(4)
285 To get a file listing of an unreadable directory:
287 % sudo ls /usr/local/protected
289 To list the home directory of user yazza on a machine
290 where the filesystem holding ~yazza is not exported as
293 % sudo -u yazza ls ~yazza
295 To edit the _
\bi_
\bn_
\bd_
\be_
\bx_
\b._
\bh_
\bt_
\bm_
\bl file as user www:
297 % sudo -u www vi ~www/htdocs/index.html
299 To shutdown a machine:
301 % sudo shutdown -r +15 "quick reboot"
303 To make a usage listing of the directories in the /home
304 partition. Note that this runs the commands in a sub-
305 shell to make the cd and file redirection work.
307 % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
310 E
\bE
\bE
\bEN
\bN
\bN
\bNV
\bV
\bV
\bVI
\bI
\bI
\bIR
\bR
\bR
\bRO
\bO
\bO
\bON
\bN
\bN
\bNM
\bM
\bM
\bME
\bE
\bE
\bEN
\bN
\bN
\bNT
\bT
\bT
\bT
311 s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo utilizes the following environment variables:
328 April 25, 2002 1.6.6 5
334 sudo(1m) MAINTENANCE COMMANDS sudo(1m)
337 PATH Set to a sane value if SECURE_PATH is set
338 SHELL Used to determine shell to run with -s option
339 USER Set to the target user (root unless the -u option
341 HOME In -s or -H mode (or if sudo was configured with
342 the --enable-shell-sets-home option), set to
343 homedir of the target user.
344 SUDO_PROMPT Used as the default password prompt
345 SUDO_COMMAND Set to the command run by sudo
346 SUDO_USER Set to the login of the user who invoked sudo
347 SUDO_UID Set to the uid of the user who invoked sudo
348 SUDO_GID Set to the gid of the user who invoked sudo
349 SUDO_PS1 If set, PS1 will be set to its value
352 F
\bF
\bF
\bFI
\bI
\bI
\bIL
\bL
\bL
\bLE
\bE
\bE
\bES
\bS
\bS
\bS
353 /etc/sudoers List of who can run what
354 /var/run/sudo Directory containing timestamps
357 A
\bA
\bA
\bAU
\bU
\bU
\bUT
\bT
\bT
\bTH
\bH
\bH
\bHO
\bO
\bO
\bOR
\bR
\bR
\bRS
\bS
\bS
\bS
358 Many people have worked on s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo over the years; this ver
359 sion consists of code written primarily by:
364 See the HISTORY file in the s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo distribution or visit
365 http://www.sudo.ws/sudo/history.html for a short history
366 of s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo.
368 B
\bB
\bB
\bBU
\bU
\bU
\bUG
\bG
\bG
\bGS
\bS
\bS
\bS
369 If you feel you have found a bug in sudo, please submit a
370 bug report at http://www.sudo.ws/sudo/bugs/
372 D
\bD
\bD
\bDI
\bI
\bI
\bIS
\bS
\bS
\bSC
\bC
\bC
\bCL
\bL
\bL
\bLA
\bA
\bA
\bAI
\bI
\bI
\bIM
\bM
\bM
\bME
\bE
\bE
\bER
\bR
\bR
\bR
373 S
\bS
\bS
\bSu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo is provided ``AS IS'' and any express or implied war
374 ranties, including, but not limited to, the implied war
375 ranties of merchantability and fitness for a particular
376 purpose are disclaimed. See the LICENSE file distributed
377 with s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo for complete details.
379 C
\bC
\bC
\bCA
\bA
\bA
\bAV
\bV
\bV
\bVE
\bE
\bE
\bEA
\bA
\bA
\bAT
\bT
\bT
\bTS
\bS
\bS
\bS
380 There is no easy way to prevent a user from gaining a root
381 shell if that user has access to commands allowing shell
384 If users have sudo ALL there is nothing to prevent them
385 from creating their own program that gives them a root
386 shell regardless of any '!' elements in the user specifi
389 Running shell scripts via s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo can expose the same kernel
390 bugs that make setuid shell scripts unsafe on some
394 April 25, 2002 1.6.6 6
400 sudo(1m) MAINTENANCE COMMANDS sudo(1m)
403 operating systems (if your OS supports the /dev/fd/ direc
404 tory, setuid shell scripts are generally safe).
406 S
\bS
\bS
\bSE
\bE
\bE
\bEE
\bE
\bE
\bE A
\bA
\bA
\bAL
\bL
\bL
\bLS
\bS
\bS
\bSO
\bO
\bO
\bO
407 _
\bs_
\bt_
\ba_
\bt(2), _
\bl_
\bo_
\bg_
\bi_
\bn_
\b__
\bc_
\ba_
\bp(3), _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs(4), _
\bp_
\ba_
\bs_
\bs_
\bw_
\bd(5), _
\bv_
\bi_
\bs_
\bu_
\bd_
\bo(1m),
408 _
\bg_
\br_
\be_
\bp(1), _
\bs_
\bu(1).
460 April 25, 2002 1.6.6 7