4 SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
8 sudo, sudoedit - execute a command as another user
10 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
11 s
\bsu
\bud
\bdo
\bo -
\b-K
\bK | -
\b-L
\bL | -
\b-V
\bV | -
\b-h
\bh | -
\b-k
\bk | -
\b-l
\bl | -
\b-v
\bv
13 s
\bsu
\bud
\bdo
\bo [-
\b-H
\bHP
\bPS
\bSb
\bb] [-
\b-a
\ba _
\ba_
\bu_
\bt_
\bh_
\b__
\bt_
\by_
\bp_
\be] [-
\b-c
\bc _
\bc_
\bl_
\ba_
\bs_
\bs|_
\b-] [-
\b-p
\bp _
\bp_
\br_
\bo_
\bm_
\bp_
\bt]
14 [-
\b-u
\bu _
\bu_
\bs_
\be_
\br_
\bn_
\ba_
\bm_
\be|_
\b#_
\bu_
\bi_
\bd] {-
\b-e
\be file [...] | -
\b-i
\bi | -
\b-s
\bs | _
\bc_
\bo_
\bm_
\bm_
\ba_
\bn_
\bd}
16 s
\bsu
\bud
\bdo
\boe
\bed
\bdi
\bit
\bt [-
\b-S
\bS] [-
\b-a
\ba _
\ba_
\bu_
\bt_
\bh_
\b__
\bt_
\by_
\bp_
\be] [-
\b-p
\bp _
\bp_
\br_
\bo_
\bm_
\bp_
\bt] [-
\b-u
\bu _
\bu_
\bs_
\be_
\br_
\b
17 _
\bn_
\ba_
\bm_
\be|_
\b#_
\bu_
\bi_
\bd] file [...]
19 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
20 s
\bsu
\bud
\bdo
\bo allows a permitted user to execute a _
\bc_
\bo_
\bm_
\bm_
\ba_
\bn_
\bd as the
21 superuser or another user, as specified in the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs
22 file. The real and effective uid and gid are set to match
23 those of the target user as specified in the passwd file
24 and the group vector is initialized based on the group
25 file (unless the -
\b-P
\bP option was specified). If the invok
26 ing user is root or if the target user is the same as the
27 invoking user, no password is required. Otherwise, s
\bsu
\bud
\bdo
\bo
28 requires that users authenticate themselves with a pass
29 word by default (NOTE: in the default configuration this
30 is the user's password, not the root password). Once a
31 user has been authenticated, a timestamp is updated and
32 the user may then use sudo without a password for a short
33 period of time (5 minutes unless overridden in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs).
35 When invoked as s
\bsu
\bud
\bdo
\boe
\bed
\bdi
\bit
\bt, the -
\b-e
\be option (described below),
38 s
\bsu
\bud
\bdo
\bo determines who is an authorized user by consulting
39 the file _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. By giving s
\bsu
\bud
\bdo
\bo the -
\b-v
\bv flag a user
40 can update the time stamp without running a _
\bc_
\bo_
\bm_
\bm_
\ba_
\bn_
\bd_
\b. The
41 password prompt itself will also time out if the user's
42 password is not entered within 5 minutes (unless overrid
43 den via _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs).
45 If a user who is not listed in the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file tries to
46 run a command via s
\bsu
\bud
\bdo
\bo, mail is sent to the proper author
47 ities, as defined at configure time or in the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file
48 (defaults to root). Note that the mail will not be sent
49 if an unauthorized user tries to run sudo with the -
\b-l
\bl or
50 -
\b-v
\bv flags. This allows users to determine for themselves
51 whether or not they are allowed to use s
\bsu
\bud
\bdo
\bo.
53 If s
\bsu
\bud
\bdo
\bo is run by root and the SUDO_USER environment vari
54 able is set, s
\bsu
\bud
\bdo
\bo will use this value to determine who the
55 actual user is. This can be used by a user to log com
56 mands through sudo even when a root shell has been
57 invoked. It also allows the -
\b-e
\be flag to remain useful even
58 when being run via a sudo-run script or program. Note
59 however, that the sudoers lookup is still done for root,
60 not the user specified by SUDO_USER.
64 1.6.8p9 June, 20 2005 1
70 SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
73 s
\bsu
\bud
\bdo
\bo can log both successful and unsuccessful attempts (as
74 well as errors) to _
\bs_
\by_
\bs_
\bl_
\bo_
\bg(3), a log file, or both. By
75 default s
\bsu
\bud
\bdo
\bo will log via _
\bs_
\by_
\bs_
\bl_
\bo_
\bg(3) but this is changeable
76 at configure time or via the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
78 O
\bOP
\bPT
\bTI
\bIO
\bON
\bNS
\bS
79 s
\bsu
\bud
\bdo
\bo accepts the following command line options:
81 -H The -
\b-H
\bH (_
\bH_
\bO_
\bM_
\bE) option sets the HOME environment vari
82 able to the homedir of the target user (root by
83 default) as specified in passwd(4). By default, s
\bsu
\bud
\bdo
\bo
84 does not modify HOME (see _
\bs_
\be_
\bt_
\b__
\bh_
\bo_
\bm_
\be and _
\ba_
\bl_
\bw_
\ba_
\by_
\bs_
\b__
\bs_
\be_
\bt_
\b__
\bh_
\bo_
\bm_
\be
87 -K The -
\b-K
\bK (sure _
\bk_
\bi_
\bl_
\bl) option is like -
\b-k
\bk except that it
88 removes the user's timestamp entirely. Like -
\b-k
\bk, this
89 option does not require a password.
91 -L The -
\b-L
\bL (_
\bl_
\bi_
\bs_
\bt defaults) option will list out the param
92 eters that may be set in a _
\bD_
\be_
\bf_
\ba_
\bu_
\bl_
\bt_
\bs line along with a
93 short description for each. This option is useful in
94 conjunction with _
\bg_
\br_
\be_
\bp(1).
96 -P The -
\b-P
\bP (_
\bp_
\br_
\be_
\bs_
\be_
\br_
\bv_
\be _
\bg_
\br_
\bo_
\bu_
\bp _
\bv_
\be_
\bc_
\bt_
\bo_
\br) option causes s
\bsu
\bud
\bdo
\bo to
97 preserve the invoking user's group vector unaltered.
98 By default, s
\bsu
\bud
\bdo
\bo will initialize the group vector to
99 the list of groups the target user is in. The real
100 and effective group IDs, however, are still set to
101 match the target user.
103 -S The -
\b-S
\bS (_
\bs_
\bt_
\bd_
\bi_
\bn) option causes s
\bsu
\bud
\bdo
\bo to read the password
104 from the standard input instead of the terminal
107 -V The -
\b-V
\bV (_
\bv_
\be_
\br_
\bs_
\bi_
\bo_
\bn) option causes s
\bsu
\bud
\bdo
\bo to print the ver
108 sion number and exit. If the invoking user is already
109 root the -
\b-V
\bV option will print out a list of the
110 defaults s
\bsu
\bud
\bdo
\bo was compiled with as well as the
111 machine's local network addresses.
113 -a The -
\b-a
\ba (_
\ba_
\bu_
\bt_
\bh_
\be_
\bn_
\bt_
\bi_
\bc_
\ba_
\bt_
\bi_
\bo_
\bn _
\bt_
\by_
\bp_
\be) option causes s
\bsu
\bud
\bdo
\bo to use
114 the specified authentication type when validating the
115 user, as allowed by /etc/login.conf. The system
116 administrator may specify a list of sudo-specific
117 authentication methods by adding an "auth-sudo" entry
118 in /etc/login.conf. This option is only available on
119 systems that support BSD authentication where s
\bsu
\bud
\bdo
\bo has
120 been configured with the --with-bsdauth option.
122 -b The -
\b-b
\bb (_
\bb_
\ba_
\bc_
\bk_
\bg_
\br_
\bo_
\bu_
\bn_
\bd) option tells s
\bsu
\bud
\bdo
\bo to run the given
123 command in the background. Note that if you use the
124 -
\b-b
\bb option you cannot use shell job control to manipu
130 1.6.8p9 June, 20 2005 2
136 SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
139 -c The -
\b-c
\bc (_
\bc_
\bl_
\ba_
\bs_
\bs) option causes s
\bsu
\bud
\bdo
\bo to run the specified
140 command with resources limited by the specified login
141 class. The _
\bc_
\bl_
\ba_
\bs_
\bs argument can be either a class name
142 as defined in /etc/login.conf, or a single '-' charac
143 ter. Specifying a _
\bc_
\bl_
\ba_
\bs_
\bs of - indicates that the com
144 mand should be run restricted by the default login
145 capabilities for the user the command is run as. If
146 the _
\bc_
\bl_
\ba_
\bs_
\bs argument specifies an existing user class,
147 the command must be run as root, or the s
\bsu
\bud
\bdo
\bo command
148 must be run from a shell that is already root. This
149 option is only available on systems with BSD login
150 classes where s
\bsu
\bud
\bdo
\bo has been configured with the
151 --with-logincap option.
153 -e The -
\b-e
\be (_
\be_
\bd_
\bi_
\bt) option indicates that, instead of run
154 ning a command, the user wishes to edit one or more
155 files. In lieu of a command, the string "sudoedit" is
156 used when consulting the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file. If the user is
157 authorized by _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs the following steps are taken:
159 1. Temporary copies are made of the files to be
160 edited with the owner set to the invoking
163 2. The editor specified by the VISUAL or EDITOR
164 environment variables is run to edit the tem
165 porary files. If neither VISUAL nor EDITOR
166 are set, the program listed in the _
\be_
\bd_
\bi_
\bt_
\bo_
\br
167 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs variable is used.
169 3. If they have been modified, the temporary
170 files are copied back to their original loca
171 tion and the temporary versions are removed.
173 If the specified file does not exist, it will be cre
174 ated. Note that unlike most commands run by s
\bsu
\bud
\bdo
\bo, the
175 editor is run with the invoking user's environment
176 unmodified. If, for some reason, s
\bsu
\bud
\bdo
\bo is unable to
177 update a file with its edited version, the user will
178 receive a warning and the edited copy will remain in a
181 -h The -
\b-h
\bh (_
\bh_
\be_
\bl_
\bp) option causes s
\bsu
\bud
\bdo
\bo to print a usage mes
184 -i The -
\b-i
\bi (_
\bs_
\bi_
\bm_
\bu_
\bl_
\ba_
\bt_
\be _
\bi_
\bn_
\bi_
\bt_
\bi_
\ba_
\bl _
\bl_
\bo_
\bg_
\bi_
\bn) option runs the shell
185 specified in the passwd(4) entry of the user that the
186 command is being run as. The command name argument
187 given to the shell begins with a - to tell the shell
188 to run as a login shell. s
\bsu
\bud
\bdo
\bo attempts to change to
189 that user's home directory before running the shell.
190 It also initializes the environment, leaving _
\bT_
\bE_
\bR_
\bM
191 unchanged, setting _
\bH_
\bO_
\bM_
\bE, _
\bS_
\bH_
\bE_
\bL_
\bL, _
\bU_
\bS_
\bE_
\bR, _
\bL_
\bO_
\bG_
\bN_
\bA_
\bM_
\bE, and
192 _
\bP_
\bA_
\bT_
\bH, and unsetting all other environment variables.
196 1.6.8p9 June, 20 2005 3
202 SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
205 Note that because the shell to use is determined
206 before the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file is parsed, a _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bd_
\be_
\bf_
\ba_
\bu_
\bl_
\bt
207 setting in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs will specify the user to run the
208 shell as but will not affect which shell is actually
211 -k The -
\b-k
\bk (_
\bk_
\bi_
\bl_
\bl) option to s
\bsu
\bud
\bdo
\bo invalidates the user's
212 timestamp by setting the time on it to the epoch. The
213 next time s
\bsu
\bud
\bdo
\bo is run a password will be required.
214 This option does not require a password and was added
215 to allow a user to revoke s
\bsu
\bud
\bdo
\bo permissions from a
218 -l The -
\b-l
\bl (_
\bl_
\bi_
\bs_
\bt) option will list out the allowed (and
219 forbidden) commands for the user on the current host.
221 -p The -
\b-p
\bp (_
\bp_
\br_
\bo_
\bm_
\bp_
\bt) option allows you to override the
222 default password prompt and use a custom one. The
223 following percent (`%') escapes are supported:
225 %u expanded to the invoking user's login name
227 %U expanded to the login name of the user the
228 command will be run as (defaults to root)
230 %h expanded to the local hostname without the
233 %H expanded to the local hostname including the
234 domain name (on if the machine's hostname is
235 fully qualified or the _
\bf_
\bq_
\bd_
\bn sudoers option is
238 %% two consecutive % characters are collapsed
239 into a single % character
241 -s The -
\b-s
\bs (_
\bs_
\bh_
\be_
\bl_
\bl) option runs the shell specified by the
242 _
\bS_
\bH_
\bE_
\bL_
\bL environment variable if it is set or the shell
243 as specified in passwd(4).
245 -u The -
\b-u
\bu (_
\bu_
\bs_
\be_
\br) option causes s
\bsu
\bud
\bdo
\bo to run the specified
246 command as a user other than _
\br_
\bo_
\bo_
\bt. To specify a _
\bu_
\bi_
\bd
247 instead of a _
\bu_
\bs_
\be_
\br_
\bn_
\ba_
\bm_
\be, use _
\b#_
\bu_
\bi_
\bd. Note that if the
248 _
\bt_
\ba_
\br_
\bg_
\be_
\bt_
\bp_
\bw Defaults option is set (see sudoers(4)) it is
249 not possible to run commands with a uid not listed in
250 the password database.
252 -v If given the -
\b-v
\bv (_
\bv_
\ba_
\bl_
\bi_
\bd_
\ba_
\bt_
\be) option, s
\bsu
\bud
\bdo
\bo will update
253 the user's timestamp, prompting for the user's pass
254 word if necessary. This extends the s
\bsu
\bud
\bdo
\bo timeout for
255 another 5 minutes (or whatever the timeout is set to
256 in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs) but does not run a command.
258 -- The -
\b--
\b- flag indicates that s
\bsu
\bud
\bdo
\bo should stop processing
262 1.6.8p9 June, 20 2005 4
268 SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
271 command line arguments. It is most useful in conjunc
272 tion with the -
\b-s
\bs flag.
274 R
\bRE
\bET
\bTU
\bUR
\bRN
\bN V
\bVA
\bAL
\bLU
\bUE
\bES
\bS
275 Upon successful execution of a program, the return value
276 from s
\bsu
\bud
\bdo
\bo will simply be the return value of the program
279 Otherwise, s
\bsu
\bud
\bdo
\bo quits with an exit value of 1 if there is
280 a configuration/permission problem or if s
\bsu
\bud
\bdo
\bo cannot exe
281 cute the given command. In the latter case the error
282 string is printed to stderr. If s
\bsu
\bud
\bdo
\bo cannot _
\bs_
\bt_
\ba_
\bt(2) one
283 or more entries in the user's PATH an error is printed on
284 stderr. (If the directory does not exist or if it is not
285 really a directory, the entry is ignored and no error is
286 printed.) This should not happen under normal circum
287 stances. The most common reason for _
\bs_
\bt_
\ba_
\bt(2) to return
288 "permission denied" is if you are running an automounter
289 and one of the directories in your PATH is on a machine
290 that is currently unreachable.
292 S
\bSE
\bEC
\bCU
\bUR
\bRI
\bIT
\bTY
\bY N
\bNO
\bOT
\bTE
\bES
\bS
293 s
\bsu
\bud
\bdo
\bo tries to be safe when executing external commands.
294 Variables that control how dynamic loading and binding is
295 done can be used to subvert the program that s
\bsu
\bud
\bdo
\bo runs.
296 To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only),
297 and LIBPATH (AIX only) environment variables are removed
298 from the environment passed on to all commands executed.
299 s
\bsu
\bud
\bdo
\bo will also remove the IFS, CDPATH, ENV, BASH_ENV,
300 KRB_CONF, KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN,
301 RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO,
302 TERMINFO_DIRS and TERMPATH variables as they too can pose
303 a threat. If the TERMCAP variable is set and is a path
304 name, it too is ignored. Additionally, if the LC_* or
305 LANGUAGE variables contain the / or % characters, they are
306 ignored. Environment variables with a value beginning
307 with () are also removed as they could be interpreted as
308 b
\bba
\bas
\bsh
\bh functions. If s
\bsu
\bud
\bdo
\bo has been compiled with SecurID
309 support, the VAR_ACE, USR_ACE and DLC_ACE variables are
310 cleared as well. The list of environment variables that
311 s
\bsu
\bud
\bdo
\bo clears is contained in the output of sudo -V when run
314 To prevent command spoofing, s
\bsu
\bud
\bdo
\bo checks "." and "" (both
315 denoting current directory) last when searching for a com
316 mand in the user's PATH (if one or both are in the PATH).
317 Note, however, that the actual PATH environment variable
318 is _
\bn_
\bo_
\bt modified and is passed unchanged to the program
319 that s
\bsu
\bud
\bdo
\bo executes.
321 For security reasons, if your OS supports shared libraries
322 and does not disable user-defined library search paths for
323 setuid programs (most do), you should either use a linker
324 option that disables this behavior or link s
\bsu
\bud
\bdo
\bo
328 1.6.8p9 June, 20 2005 5
334 SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
339 s
\bsu
\bud
\bdo
\bo will check the ownership of its timestamp directory
340 (_
\b/_
\bv_
\ba_
\br_
\b/_
\br_
\bu_
\bn_
\b/_
\bs_
\bu_
\bd_
\bo by default) and ignore the directory's con
341 tents if it is not owned by root and only writable by
342 root. On systems that allow non-root users to give away
343 files via _
\bc_
\bh_
\bo_
\bw_
\bn(2), if the timestamp directory is located
344 in a directory writable by anyone (e.g.: _
\b/_
\bt_
\bm_
\bp), it is pos
345 sible for a user to create the timestamp directory before
346 s
\bsu
\bud
\bdo
\bo is run. However, because s
\bsu
\bud
\bdo
\bo checks the ownership
347 and mode of the directory and its contents, the only dam
348 age that can be done is to "hide" files by putting them in
349 the timestamp dir. This is unlikely to happen since once
350 the timestamp dir is owned by root and inaccessible by any
351 other user the user placing files there would be unable to
352 get them back out. To get around this issue you can use a
353 directory that is not world-writable for the timestamps
354 (_
\b/_
\bv_
\ba_
\br_
\b/_
\ba_
\bd_
\bm_
\b/_
\bs_
\bu_
\bd_
\bo for instance) or create _
\b/_
\bv_
\ba_
\br_
\b/_
\br_
\bu_
\bn_
\b/_
\bs_
\bu_
\bd_
\bo with
355 the appropriate owner (root) and permissions (0700) in the
356 system startup files.
358 s
\bsu
\bud
\bdo
\bo will not honor timestamps set far in the future.
359 Timestamps with a date greater than current_time + 2 *
360 TIMEOUT will be ignored and sudo will log and complain.
361 This is done to keep a user from creating his/her own
362 timestamp with a bogus date on systems that allow users to
365 Please note that s
\bsu
\bud
\bdo
\bo will only log the command it explic
366 itly runs. If a user runs a command such as sudo su or
367 sudo sh, subsequent commands run from that shell will _
\bn_
\bo_
\bt
368 be logged, nor will s
\bsu
\bud
\bdo
\bo's access control affect them.
369 The same is true for commands that offer shell escapes
370 (including most editors). Because of this, care must be
371 taken when giving users access to commands via s
\bsu
\bud
\bdo
\bo to
372 verify that the command does not inadvertently give the
373 user an effective root shell.
375 E
\bEN
\bNV
\bVI
\bIR
\bRO
\bON
\bNM
\bME
\bEN
\bNT
\bT
376 s
\bsu
\bud
\bdo
\bo utilizes the following environment variables:
378 EDITOR Default editor to use in -e (sudoedit) mode if
381 HOME In -s or -H mode (or if sudo was configured with
382 the --enable-shell-sets-home option), set to
383 homedir of the target user
385 PATH Set to a sane value if sudo was configured with
386 the --with-secure-path option
388 SHELL Used to determine shell to run with -s option
390 SUDO_PROMPT Used as the default password prompt
394 1.6.8p9 June, 20 2005 6
400 SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
403 SUDO_COMMAND Set to the command run by sudo
405 SUDO_USER Set to the login of the user who invoked sudo
407 SUDO_UID Set to the uid of the user who invoked sudo
409 SUDO_GID Set to the gid of the user who invoked sudo
411 SUDO_PS1 If set, PS1 will be set to its value
413 USER Set to the target user (root unless the -u option
416 VISUAL Default editor to use in -e (sudoedit) mode
419 /etc/sudoers List of who can run what
420 /var/run/sudo Directory containing timestamps
422 E
\bEX
\bXA
\bAM
\bMP
\bPL
\bLE
\bES
\bS
423 Note: the following examples assume suitable sudoers(4)
426 To get a file listing of an unreadable directory:
428 $ sudo ls /usr/local/protected
430 To list the home directory of user yazza on a machine
431 where the file system holding ~yazza is not exported as
434 $ sudo -u yazza ls ~yazza
436 To edit the _
\bi_
\bn_
\bd_
\be_
\bx_
\b._
\bh_
\bt_
\bm_
\bl file as user www:
438 $ sudo -u www vi ~www/htdocs/index.html
440 To shutdown a machine:
442 $ sudo shutdown -r +15 "quick reboot"
444 To make a usage listing of the directories in the /home
445 partition. Note that this runs the commands in a sub-
446 shell to make the cd and file redirection work.
448 $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
450 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
451 _
\bg_
\br_
\be_
\bp(1), _
\bs_
\bu(1), _
\bs_
\bt_
\ba_
\bt(2), _
\bl_
\bo_
\bg_
\bi_
\bn_
\b__
\bc_
\ba_
\bp(3), sudoers(4),
452 passwd(4), visudo(1m)
454 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bRS
\bS
455 Many people have worked on s
\bsu
\bud
\bdo
\bo over the years; this ver
456 sion consists of code written primarily by:
460 1.6.8p9 June, 20 2005 7
466 SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
472 See the HISTORY file in the s
\bsu
\bud
\bdo
\bo distribution or visit
473 http://www.sudo.ws/sudo/history.html for a short history
476 C
\bCA
\bAV
\bVE
\bEA
\bAT
\bTS
\bS
477 There is no easy way to prevent a user from gaining a root
478 shell if that user is allowed to run arbitrary commands
479 via s
\bsu
\bud
\bdo
\bo. Also, many programs (such as editors) allow the
480 user to run commands via shell escapes, thus avoiding
481 s
\bsu
\bud
\bdo
\bo's checks. However, on most systems it is possible to
482 prevent shell escapes with s
\bsu
\bud
\bdo
\bo's _
\bn_
\bo_
\be_
\bx_
\be_
\bc functionality.
483 See the sudoers(4) manual for details.
485 It is not meaningful to run the cd command directly via
488 $ sudo cd /usr/local/protected
490 since when whe command exits the parent process (your
491 shell) will still be the same. Please see the EXAMPLES
492 section for more information.
494 If users have sudo ALL there is nothing to prevent them
495 from creating their own program that gives them a root
496 shell regardless of any '!' elements in the user specifi
499 Running shell scripts via s
\bsu
\bud
\bdo
\bo can expose the same kernel
500 bugs that make setuid shell scripts unsafe on some operat
501 ing systems (if your OS has a /dev/fd/ directory, setuid
502 shell scripts are generally safe).
505 If you feel you have found a bug in s
\bsu
\bud
\bdo
\bo, please submit a
506 bug report at http://www.sudo.ws/sudo/bugs/
508 S
\bSU
\bUP
\bPP
\bPO
\bOR
\bRT
\bT
509 Commercial support is available for s
\bsu
\bud
\bdo
\bo, see
510 http://www.sudo.ws/sudo/support.html for details.
512 Limited free support is available via the sudo-users mail
513 ing list, see http://www.sudo.ws/mail
514 man/listinfo/sudo-users to subscribe or search the
517 D
\bDI
\bIS
\bSC
\bCL
\bLA
\bAI
\bIM
\bME
\bER
\bR
518 S
\bSu
\bud
\bdo
\bo is provided ``AS IS'' and any express or implied war
519 ranties, including, but not limited to, the implied war
520 ranties of merchantability and fitness for a particular
521 purpose are disclaimed. See the LICENSE file distributed
522 with s
\bsu
\bud
\bdo
\bo or http://www.sudo.ws/sudo/license.html for
526 1.6.8p9 June, 20 2005 8
532 SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
592 1.6.8p9 June, 20 2005 9