-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
+SUDO(1m) System Manager's Manual SUDO(1m)
N\bNA\bAM\bME\bE
- sudo, sudoedit - execute a command as another user
+ s\bsu\bud\bdo\bo, s\bsu\bud\bdo\boe\bed\bdi\bit\bt - execute a command as another user
S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
- s\bsu\bud\bdo\bo [-\b-D\bD _\bl_\be_\bv_\be_\bl] -\b-h\bh | -\b-K\bK | -\b-k\bk | -\b-V\bV
-
- s\bsu\bud\bdo\bo -\b-v\bv [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-D\bD _\bl_\be_\bv_\be_\bl] [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd]
- [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd]
-
- s\bsu\bud\bdo\bo -\b-l\bl[\b[l\bl]\b] [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-D\bD _\bl_\be_\bv_\be_\bl] [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd]
- [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-U\bU _\bu_\bs_\be_\br _\bn_\ba_\bm_\be] [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
-
- s\bsu\bud\bdo\bo [-\b-A\bAb\bbE\bEH\bHn\bnP\bPS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-D\bD _\bl_\be_\bv_\be_\bl] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-]
- [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-r\br _\br_\bo_\bl_\be] [-\b-t\bt _\bt_\by_\bp_\be]
- [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be] [-\b-i\bi | -\b-s\bs] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
-
- s\bsu\bud\bdo\boe\bed\bdi\bit\bt [-\b-A\bAn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-] [-\b-D\bD _\bl_\be_\bv_\be_\bl]
- [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] file ...
+ s\bsu\bud\bdo\bo -\b-h\bh | -\b-K\bK | -\b-k\bk | -\b-V\bV
+ s\bsu\bud\bdo\bo -\b-v\bv [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be | _\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt]
+ [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be | _\b#_\bu_\bi_\bd]
+ s\bsu\bud\bdo\bo -\b-l\bl[_\bl] [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be | _\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt]
+ [-\b-U\bU _\bu_\bs_\be_\br _\bn_\ba_\bm_\be] [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be | _\b#_\bu_\bi_\bd] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ s\bsu\bud\bdo\bo [-\b-A\bAb\bbE\bEH\bHn\bnP\bPS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs | _\b-]
+ [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be | _\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-r\br _\br_\bo_\bl_\be] [-\b-t\bt _\bt_\by_\bp_\be]
+ [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be | _\b#_\bu_\bi_\bd] [V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be] -\b-i\bi | -\b-s\bs [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ s\bsu\bud\bdo\boe\bed\bdi\bit\bt [-\b-A\bAn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs | _\b-]
+ [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be | _\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be | _\b#_\bu_\bi_\bd] file
+ ...
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
- s\bsu\bud\bdo\bo allows a permitted user to execute a _\bc_\bo_\bm_\bm_\ba_\bn_\bd as the superuser or
- another user, as specified by the security policy. The real and
- effective uid and gid are set to match those of the target user, as
- specified in the password database, and the group vector is initialized
- based on the group database (unless the -\b-P\bP option was specified).
-
- s\bsu\bud\bdo\bo supports a plugin architecture for security policies and
- input/output logging. Third parties can develop and distribute their
- own policy and I/O logging modules to work seemlessly with the s\bsu\bud\bdo\bo
- front end. The default security policy is _\bs_\bu_\bd_\bo_\be_\br_\bs, which is configured
- via the file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs, or via LDAP. See the PLUGINS section for
- more information.
-
- The security policy determines what privileges, if any, a user has to
- run s\bsu\bud\bdo\bo. The policy may require that users authenticate themselves
- with a password or another authentication mechanism. If authentication
- is required, s\bsu\bud\bdo\bo will exit if the user's password is not entered
- within a configurable time limit. This limit is policy-specific; the
- default password prompt timeout for the _\bs_\bu_\bd_\bo_\be_\br_\bs security policy is 5
- minutes.
-
- Security policies may support credential caching to allow the user to
- run s\bsu\bud\bdo\bo again for a period of time without requiring authentication.
- The _\bs_\bu_\bd_\bo_\be_\br_\bs policy caches credentials for 5 minutes, unless overridden
- in _\bs_\bu_\bd_\bo_\be_\br_\bs(4). By running s\bsu\bud\bdo\bo with the -\b-v\bv option, a user can update
- the cached credentials without running a _\bc_\bo_\bm_\bm_\ba_\bn_\bd.
-
- When invoked as s\bsu\bud\bdo\boe\bed\bdi\bit\bt, the -\b-e\be option (described below), is implied.
-
- Security policies may log successful and failed attempts to use s\bsu\bud\bdo\bo.
- If an I/O plugin is configured, the running command's input and output
- may be logged as well.
-
-O\bOP\bPT\bTI\bIO\bON\bNS\bS
- s\bsu\bud\bdo\bo accepts the following command line options:
-
- -A Normally, if s\bsu\bud\bdo\bo requires a password, it will read it from
- the user's terminal. If the -\b-A\bA (_\ba_\bs_\bk_\bp_\ba_\bs_\bs) option is
- specified, a (possibly graphical) helper program is
- executed to read the user's password and output the
- password to the standard output. If the SUDO_ASKPASS
- environment variable is set, it specifies the path to the
- helper program. Otherwise, if _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf contains a
- line specifying the askpass program, that value will be
- used. For example:
-
- # Path to askpass helper program
- Path askpass /usr/X11R6/bin/ssh-askpass
-
- If no askpass program is available, sudo will exit with an
- error.
-
- -a _\bt_\by_\bp_\be The -\b-a\ba (_\ba_\bu_\bt_\bh_\be_\bn_\bt_\bi_\bc_\ba_\bt_\bi_\bo_\bn _\bt_\by_\bp_\be) option causes s\bsu\bud\bdo\bo to use the
- specified authentication type when validating the user, as
- allowed by _\b/_\be_\bt_\bc_\b/_\bl_\bo_\bg_\bi_\bn_\b._\bc_\bo_\bn_\bf. The system administrator may
- specify a list of sudo-specific authentication methods by
- adding an "auth-sudo" entry in _\b/_\be_\bt_\bc_\b/_\bl_\bo_\bg_\bi_\bn_\b._\bc_\bo_\bn_\bf. This
- option is only available on systems that support BSD
- authentication.
-
- -b The -\b-b\bb (_\bb_\ba_\bc_\bk_\bg_\br_\bo_\bu_\bn_\bd) option tells s\bsu\bud\bdo\bo to run the given
- command in the background. Note that if you use the -\b-b\bb
- option you cannot use shell job control to manipulate the
- process. Most interactive commands will fail to work
- properly in background mode.
-
- -C _\bf_\bd Normally, s\bsu\bud\bdo\bo will close all open file descriptors other
- than standard input, standard output and standard error.
- The -\b-C\bC (_\bc_\bl_\bo_\bs_\be _\bf_\br_\bo_\bm) option allows the user to specify a
- starting point above the standard error (file descriptor
- three). Values less than three are not permitted. The
- security policy may restrict the user's ability to use the
- -\b-C\bC option. The _\bs_\bu_\bd_\bo_\be_\br_\bs policy only permits use of the -\b-C\bC
- option when the administrator has enabled the
- _\bc_\bl_\bo_\bs_\be_\bf_\br_\bo_\bm_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be option.
-
- -c _\bc_\bl_\ba_\bs_\bs The -\b-c\bc (_\bc_\bl_\ba_\bs_\bs) option causes s\bsu\bud\bdo\bo to run the specified
- command with resources limited by the specified login
- class. The _\bc_\bl_\ba_\bs_\bs argument can be either a class name as
- defined in _\b/_\be_\bt_\bc_\b/_\bl_\bo_\bg_\bi_\bn_\b._\bc_\bo_\bn_\bf, or a single '-' character.
- Specifying a _\bc_\bl_\ba_\bs_\bs of - indicates that the command should
- be run restricted by the default login capabilities for the
- user the command is run as. If the _\bc_\bl_\ba_\bs_\bs argument
- specifies an existing user class, the command must be run
- as root, or the s\bsu\bud\bdo\bo command must be run from a shell that
- is already root. This option is only available on systems
- with BSD login classes.
-
- -D _\bl_\be_\bv_\be_\bl Enable debugging of s\bsu\bud\bdo\bo plugins and s\bsu\bud\bdo\bo itself. The
- _\bl_\be_\bv_\be_\bl may be a value from 1 through 9.
-
- -E The -\b-E\bE (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt) option indicates to the
- security policy that the uses wishes to preserve their
- existing environment variables. The security policy may
- return an error if the -\b-E\bE option is specified and the user
- does not have permission to preserve the environment.
-
- -e The -\b-e\be (_\be_\bd_\bi_\bt) option indicates that, instead of running a
- command, the user wishes to edit one or more files. In
- lieu of a command, the string "sudoedit" is used when
- consulting the security policy. If the user is authorized
- by the policy, the following steps are taken:
-
- 1. Temporary copies are made of the files to be edited
+ s\bsu\bud\bdo\bo allows a permitted user to execute a _\bc_\bo_\bm_\bm_\ba_\bn_\bd as the superuser or
+ another user, as specified by the security policy.
+
+ s\bsu\bud\bdo\bo supports a plugin architecture for security policies and
+ input/output logging. Third parties can develop and distribute their own
+ policy and I/O logging plugins to work seamlessly with the s\bsu\bud\bdo\bo front
+ end. The default security policy is _\bs_\bu_\bd_\bo_\be_\br_\bs, which is configured via the
+ file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs, or via LDAP. See the _\bP_\bl_\bu_\bg_\bi_\bn_\bs section for more
+ information.
+
+ The security policy determines what privileges, if any, a user has to run
+ s\bsu\bud\bdo\bo. The policy may require that users authenticate themselves with a
+ password or another authentication mechanism. If authentication is
+ required, s\bsu\bud\bdo\bo will exit if the user's password is not entered within a
+ configurable time limit. This limit is policy-specific; the default
+ password prompt timeout for the _\bs_\bu_\bd_\bo_\be_\br_\bs security policy is 5 minutes.
+
+ Security policies may support credential caching to allow the user to run
+ s\bsu\bud\bdo\bo again for a period of time without requiring authentication. The
+ _\bs_\bu_\bd_\bo_\be_\br_\bs policy caches credentials for 5 minutes, unless overridden in
+ sudoers(4). By running s\bsu\bud\bdo\bo with the -\b-v\bv option, a user can update the
+ cached credentials without running a _\bc_\bo_\bm_\bm_\ba_\bn_\bd.
+
+ When invoked as s\bsu\bud\bdo\boe\bed\bdi\bit\bt, the -\b-e\be option (described below), is implied.
+
+ Security policies may log successful and failed attempts to use s\bsu\bud\bdo\bo. If
+ an I/O plugin is configured, the running command's input and output may
+ be logged as well.
+
+ The options are as follows:
+
+ -\b-A\bA Normally, if s\bsu\bud\bdo\bo requires a password, it will read it from
+ the user's terminal. If the -\b-A\bA (_\ba_\bs_\bk_\bp_\ba_\bs_\bs) option is
+ specified, a (possibly graphical) helper program is executed
+ to read the user's password and output the password to the
+ standard output. If the SUDO_ASKPASS environment variable is
+ set, it specifies the path to the helper program. Otherwise,
+ if sudo.conf(4) contains a line specifying the askpass
+ program, that value will be used. For example:
+
+ # Path to askpass helper program
+ Path askpass /usr/X11R6/bin/ssh-askpass
+
+ If no askpass program is available, s\bsu\bud\bdo\bo will exit with an
+ error.
+
+ -\b-a\ba _\bt_\by_\bp_\be The -\b-a\ba (_\ba_\bu_\bt_\bh_\be_\bn_\bt_\bi_\bc_\ba_\bt_\bi_\bo_\bn _\bt_\by_\bp_\be) option causes s\bsu\bud\bdo\bo to use the
+ specified authentication type when validating the user, as
+ allowed by _\b/_\be_\bt_\bc_\b/_\bl_\bo_\bg_\bi_\bn_\b._\bc_\bo_\bn_\bf. The system administrator may
+ specify a list of sudo-specific authentication methods by
+ adding an ``auth-sudo'' entry in _\b/_\be_\bt_\bc_\b/_\bl_\bo_\bg_\bi_\bn_\b._\bc_\bo_\bn_\bf. This
+ option is only available on systems that support BSD
+ authentication.
+
+ -\b-b\bb The -\b-b\bb (_\bb_\ba_\bc_\bk_\bg_\br_\bo_\bu_\bn_\bd) option tells s\bsu\bud\bdo\bo to run the given
+ command in the background. Note that if you use the -\b-b\bb
+ option you cannot use shell job control to manipulate the
+ process. Most interactive commands will fail to work
+ properly in background mode.
+
+ -\b-C\bC _\bf_\bd Normally, s\bsu\bud\bdo\bo will close all open file descriptors other
+ than standard input, standard output and standard error. The
+ -\b-C\bC (_\bc_\bl_\bo_\bs_\be _\bf_\br_\bo_\bm) option allows the user to specify a starting
+ point above the standard error (file descriptor three).
+ Values less than three are not permitted. The security
+ policy may restrict the user's ability to use the -\b-C\bC option.
+ The _\bs_\bu_\bd_\bo_\be_\br_\bs policy only permits use of the -\b-C\bC option when the
+ administrator has enabled the _\bc_\bl_\bo_\bs_\be_\bf_\br_\bo_\bm_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be option.
+
+ -\b-c\bc _\bc_\bl_\ba_\bs_\bs The -\b-c\bc (_\bc_\bl_\ba_\bs_\bs) option causes s\bsu\bud\bdo\bo to run the specified
+ command with resources limited by the specified login class.
+ The _\bc_\bl_\ba_\bs_\bs argument can be either a class name as defined in
+ _\b/_\be_\bt_\bc_\b/_\bl_\bo_\bg_\bi_\bn_\b._\bc_\bo_\bn_\bf, or a single `-' character. Specifying a
+ _\bc_\bl_\ba_\bs_\bs of - indicates that the command should be run
+ restricted by the default login capabilities for the user the
+ command is run as. If the _\bc_\bl_\ba_\bs_\bs argument specifies an
+ existing user class, the command must be run as root, or the
+ s\bsu\bud\bdo\bo command must be run from a shell that is already root.
+ This option is only available on systems with BSD login
+ classes.
+
+ -\b-E\bE The -\b-E\bE (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt) option indicates to the
+ security policy that the user wishes to preserve their
+ existing environment variables. The security policy may
+ return an error if the -\b-E\bE option is specified and the user
+ does not have permission to preserve the environment.
+
+ -\b-e\be The -\b-e\be (_\be_\bd_\bi_\bt) option indicates that, instead of running a
+ command, the user wishes to edit one or more files. In lieu
+ of a command, the string "sudoedit" is used when consulting
+ the security policy. If the user is authorized by the
+ policy, the following steps are taken:
+
+ 1. Temporary copies are made of the files to be edited
with the owner set to the invoking user.
- 2. The editor specified by the policy is run to edit the
+ 2. The editor specified by the policy is run to edit the
temporary files. The _\bs_\bu_\bd_\bo_\be_\br_\bs policy uses the
SUDO_EDITOR, VISUAL and EDITOR environment variables
(in that order). If none of SUDO_EDITOR, VISUAL or
EDITOR are set, the first program listed in the _\be_\bd_\bi_\bt_\bo_\br
- _\bs_\bu_\bd_\bo_\be_\br_\bs(4) option is used.
+ sudoers(4) option is used.
- 3. If they have been modified, the temporary files are
+ 3. If they have been modified, the temporary files are
copied back to their original location and the
temporary versions are removed.
- If the specified file does not exist, it will be created.
- Note that unlike most commands run by s\bsu\bud\bdo\bo, the editor is
- run with the invoking user's environment unmodified. If,
- for some reason, s\bsu\bud\bdo\bo is unable to update a file with its
- edited version, the user will receive a warning and the
- edited copy will remain in a temporary file.
-
- -g _\bg_\br_\bo_\bu_\bp Normally, s\bsu\bud\bdo\bo runs a command with the primary group set to
- the one specified by the password database for the user the
- command is being run as (by default, root). The -\b-g\bg (_\bg_\br_\bo_\bu_\bp)
- option causes s\bsu\bud\bdo\bo to run the command with the primary
- group set to _\bg_\br_\bo_\bu_\bp instead. To specify a _\bg_\bi_\bd instead of a
- _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be, use _\b#_\bg_\bi_\bd. When running commands as a _\bg_\bi_\bd, many
- shells require that the '#' be escaped with a backslash
- ('\'). If no -\b-u\bu option is specified, the command will be
- run as the invoking user (not root). In either case, the
- primary group will be set to _\bg_\br_\bo_\bu_\bp.
-
- -H The -\b-H\bH (_\bH_\bO_\bM_\bE) option requests that the security policy set
- the HOME environment variable to the home directory of the
- target user (root by default) as specified by the password
- database. Depending on the policy, this may be the default
- behavior.
-
- -h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes s\bsu\bud\bdo\bo to print a short help
- message to the standard output and exit.
-
- -i [command]
- The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs the shell
- specified by the password database entry of the target user
- as a login shell. This means that login-specific resource
- files such as .profile or .login will be read by the shell.
- If a command is specified, it is passed to the shell for
- execution via the shell's -\b-c\bc option. If no command is
- specified, an interactive shell is executed. s\bsu\bud\bdo\bo attempts
- to change to that user's home directory before running the
- shell. The security policy shall initialize the
- environment to a minimal set of variables, similar to what
- is present when a user logs in.
-
- -K The -\b-K\bK (sure _\bk_\bi_\bl_\bl) option is like -\b-k\bk except that it removes
- the user's cached credentials entirely and may not be used
- in conjunction with a command or other option. This option
- does not require a password. Not all security policies
- support credential caching.
-
- -k [command]
- When used alone, the -\b-k\bk (_\bk_\bi_\bl_\bl) option to s\bsu\bud\bdo\bo invalidates
- the user's cached credentials. The next time s\bsu\bud\bdo\bo is run a
- password will be required. This option does not require a
- password and was added to allow a user to revoke s\bsu\bud\bdo\bo
- permissions from a .logout file. Not all security policies
- support credential caching.
-
- When used in conjunction with a command or an option that
- may require a password, the -\b-k\bk option will cause s\bsu\bud\bdo\bo to
- ignore the user's cached credentials. As a result, s\bsu\bud\bdo\bo
- will prompt for a password (if one is required by the
- security policy) and will not update the user's cached
- credentials.
-
- -l[l] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
- If no _\bc_\bo_\bm_\bm_\ba_\bn_\bd is specified, the -\b-l\bl (_\bl_\bi_\bs_\bt) option will list
- the allowed (and forbidden) commands for the invoking user
- (or the user specified by the -\b-U\bU option) on the current
- host. If a _\bc_\bo_\bm_\bm_\ba_\bn_\bd is specified and is permitted by the
- security policy, the fully-qualified path to the command is
- displayed along with any command line arguments. If
- _\bc_\bo_\bm_\bm_\ba_\bn_\bd is specified but not allowed, s\bsu\bud\bdo\bo will exit with a
- status value of 1. If the -\b-l\bl option is specified with an l\bl
- argument (i.e. -\b-l\bll\bl), or if -\b-l\bl is specified multiple times,
- a longer list format is used.
-
- -n The -\b-n\bn (_\bn_\bo_\bn_\b-_\bi_\bn_\bt_\be_\br_\ba_\bc_\bt_\bi_\bv_\be) option prevents s\bsu\bud\bdo\bo from
- prompting the user for a password. If a password is
- required for the command to run, s\bsu\bud\bdo\bo will display an error
- messages and exit.
-
- -P The -\b-P\bP (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\bg_\br_\bo_\bu_\bp _\bv_\be_\bc_\bt_\bo_\br) option causes s\bsu\bud\bdo\bo to
- preserve the invoking user's group vector unaltered. By
- default, the _\bs_\bu_\bd_\bo_\be_\br_\bs policy will initialize the group
- vector to the list of groups the target user is in. The
- real and effective group IDs, however, are still set to
- match the target user.
-
- -p _\bp_\br_\bo_\bm_\bp_\bt The -\b-p\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the default
- password prompt and use a custom one. The following
- percent (`%') escapes are supported by the _\bs_\bu_\bd_\bo_\be_\br_\bs policy:
-
- %H expanded to the host name including the domain name (on
- if the machine's host name is fully qualified or the
- _\bf_\bq_\bd_\bn option is set in _\bs_\bu_\bd_\bo_\be_\br_\bs(4))
-
- %h expanded to the local host name without the domain name
-
- %p expanded to the name of the user whose password is
- being requested (respects the _\br_\bo_\bo_\bt_\bp_\bw, _\bt_\ba_\br_\bg_\be_\bt_\bp_\bw and
- _\br_\bu_\bn_\ba_\bs_\bp_\bw flags in _\bs_\bu_\bd_\bo_\be_\br_\bs(4))
-
- %U expanded to the login name of the user the command will
- be run as (defaults to root unless the -u option is
- also specified)
-
- %u expanded to the invoking user's login name
-
- %% two consecutive % characters are collapsed into a
- single % character
-
- The prompt specified by the -\b-p\bp option will override the
- system password prompt on systems that support PAM unless
- the _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be flag is disabled in _\bs_\bu_\bd_\bo_\be_\br_\bs.
-
- -r _\br_\bo_\bl_\be The -\b-r\br (_\br_\bo_\bl_\be) option causes the new (SELinux) security
- context to have the role specified by _\br_\bo_\bl_\be.
-
- -S The -\b-S\bS (_\bs_\bt_\bd_\bi_\bn) option causes s\bsu\bud\bdo\bo to read the password from
- the standard input instead of the terminal device. The
- password must be followed by a newline character.
-
- -s [command]
- The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by the _\bS_\bH_\bE_\bL_\bL
- environment variable if it is set or the shell as specified
- in the password database. If a command is specified, it is
- passed to the shell for execution via the shell's -\b-c\bc
- option. If no command is specified, an interactive shell
- is executed.
-
- -t _\bt_\by_\bp_\be The -\b-t\bt (_\bt_\by_\bp_\be) option causes the new (SELinux) security
- context to have the type specified by _\bt_\by_\bp_\be. If no type is
- specified, the default type is derived from the specified
- role.
-
- -U _\bu_\bs_\be_\br The -\b-U\bU (_\bo_\bt_\bh_\be_\br _\bu_\bs_\be_\br) option is used in conjunction with the
- -\b-l\bl option to specify the user whose privileges should be
- listed. The security policy may restrict listing other
- users' privileges. The _\bs_\bu_\bd_\bo_\be_\br_\bs policy only allows root or
- a user with the ALL privilege on the current host to use
- this option.
-
- -u _\bu_\bs_\be_\br The -\b-u\bu (_\bu_\bs_\be_\br) option causes s\bsu\bud\bdo\bo to run the specified
- command as a user other than _\br_\bo_\bo_\bt. To specify a _\bu_\bi_\bd
- instead of a _\bu_\bs_\be_\br _\bn_\ba_\bm_\be, use _\b#_\bu_\bi_\bd. When running commands as
- a _\bu_\bi_\bd, many shells require that the '#' be escaped with a
- backslash ('\'). Security policies may restrict _\bu_\bi_\bds to
- those listed in the password database. The _\bs_\bu_\bd_\bo_\be_\br_\bs policy
- allows _\bu_\bi_\bds that are not in the password database as long
- as the _\bt_\ba_\br_\bg_\be_\bt_\bp_\bw option is not set. Other security policies
- may not support this.
-
- -V The -\b-V\bV (_\bv_\be_\br_\bs_\bi_\bo_\bn) option causes s\bsu\bud\bdo\bo to print its version
- string and the version string of the security policy plugin
- and any I/O plugins. If the invoking user is already root
- the -\b-V\bV option will display the arguments passed to
- configure when _\bs_\bu_\bd_\bo was built and plugins may display more
- verbose information such as default options.
-
- -v When given the -\b-v\bv (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bsu\bud\bdo\bo will update the
- user's cached credentials, authenticating the user's
- password if necessary. For the _\bs_\bu_\bd_\bo_\be_\br_\bs plugin, this
- extends the s\bsu\bud\bdo\bo timeout for another 5 minutes (or whatever
- the timeout is set to in _\bs_\bu_\bd_\bo_\be_\br_\bs) but does not run a
- command. Not all security policies support cached
- credentials.
-
- -- The -\b--\b- option indicates that s\bsu\bud\bdo\bo should stop processing
- command line arguments.
-
- Environment variables to be set for the command may also be passed on
- the command line in the form of V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be, e.g.
- L\bLD\bD_\b_L\bLI\bIB\bBR\bRA\bAR\bRY\bY_\b_P\bPA\bAT\bTH\bH=_\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bp_\bk_\bg_\b/_\bl_\bi_\bb. Variables passed on the command
- line are subject to the same restrictions as normal environment
- variables with one important exception. If the _\bs_\be_\bt_\be_\bn_\bv option is set in
- _\bs_\bu_\bd_\bo_\be_\br_\bs, the command to be run has the SETENV tag set or the command
- matched is ALL, the user may set variables that would overwise be
- forbidden. See _\bs_\bu_\bd_\bo_\be_\br_\bs(4) for more information.
-
-P\bPL\bLU\bUG\bGI\bIN\bNS\bS
- Plugins are dynamically loaded based on the contents of the
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file. If no _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file is present, or it
- contains no Plugin lines, s\bsu\bud\bdo\bo will use the traditional _\bs_\bu_\bd_\bo_\be_\br_\bs
- security policy and I/O logging, which corresponds to the following
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file.
-
- #
- # Default /etc/sudo.conf file
- #
- # Format:
- # Plugin plugin_name plugin_path
- # Path askpass /path/to/askpass
- # Path noexec /path/to/noexec.so
- #
- # The plugin_path is relative to /usr/local/libexec unless
- # fully qualified.
- # The plugin_name corresponds to a global symbol in the plugin
- # that contains the plugin interface structure.
- #
- Plugin policy_plugin sudoers.so
- Plugin io_plugin sudoers.so
-
- A Plugin line consists of the Plugin keyword, followed by the
- _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be and the _\bp_\ba_\bt_\bh to the shared object containing the plugin.
- The _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be is the name of the struct policy_plugin or struct
- io_plugin in the plugin shared object. The _\bp_\ba_\bt_\bh may be fully qualified
- or relative. If not fully qualified it is relative to the
- _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc directory. Any additional parameters after the _\bp_\ba_\bt_\bh
- are ignored. Lines that don't begin with Plugin or Path are silently
- ignored
-
- For more information, see the _\bs_\bu_\bd_\bo_\b__\bp_\bl_\bu_\bg_\bi_\bn(1m) manual.
-
-P\bPA\bAT\bTH\bHS\bS
- A Path line consists of the Path keyword, followed by the name of the
- path to set and its value. E.g.
-
- Path noexec /usr/local/libexec/sudo_noexec.so
- Path askpass /usr/X11R6/bin/ssh-askpass
-
- The following plugin-agnostic paths may be set in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf
- file.
-
- askpass The fully qualified path to a helper program used to
- read the user's password when no terminal is available.
- This may be the case when s\bsu\bud\bdo\bo is executed from a
- graphical (as opposed to text-based) application. The
- program specified by _\ba_\bs_\bk_\bp_\ba_\bs_\bs should display the
- argument passed to it as the prompt and write the
- user's password to the standard output. The value of
- _\ba_\bs_\bk_\bp_\ba_\bs_\bs may be overridden by the SUDO_ASKPASS
- environment variable.
-
- noexec The fully-qualified path to a shared library containing
- dummy versions of the _\be_\bx_\be_\bc_\bv_\b(_\b), _\be_\bx_\be_\bc_\bv_\be_\b(_\b) and _\bf_\be_\bx_\be_\bc_\bv_\be_\b(_\b)
- library functions that just return an error. This is
- used to implement the _\bn_\bo_\be_\bx_\be_\bc functionality on systems
- that support LD_PRELOAD or its equivalent. Defaults to
- _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo_\b__\bn_\bo_\be_\bx_\be_\bc_\b._\bs_\bo.
-
-R\bRE\bET\bTU\bUR\bRN\bN V\bVA\bAL\bLU\bUE\bES\bS
- Upon successful execution of a program, the exit status from s\bsu\bud\bdo\bo will
- simply be the exit status of the program that was executed.
-
- Otherwise, s\bsu\bud\bdo\bo exits with a value of 1 if there is a
- configuration/permission problem or if s\bsu\bud\bdo\bo cannot execute the given
- command. In the latter case the error string is printed to the
- standard error. If s\bsu\bud\bdo\bo cannot _\bs_\bt_\ba_\bt(2) one or more entries in the
- user's PATH, an error is printed on stderr. (If the directory does not
- exist or if it is not really a directory, the entry is ignored and no
- error is printed.) This should not happen under normal circumstances.
- The most common reason for _\bs_\bt_\ba_\bt(2) to return "permission denied" is if
- you are running an automounter and one of the directories in your PATH
- is on a machine that is currently unreachable.
+ If the specified file does not exist, it will be created.
+ Note that unlike most commands run by _\bs_\bu_\bd_\bo, the editor is run
+ with the invoking user's environment unmodified. If, for
+ some reason, s\bsu\bud\bdo\bo is unable to update a file with its edited
+ version, the user will receive a warning and the edited copy
+ will remain in a temporary file.
+
+ -\b-g\bg _\bg_\br_\bo_\bu_\bp Normally, s\bsu\bud\bdo\bo runs a command with the primary group set to
+ the one specified by the password database for the user the
+ command is being run as (by default, root). The -\b-g\bg (_\bg_\br_\bo_\bu_\bp)
+ option causes s\bsu\bud\bdo\bo to run the command with the primary group
+ set to _\bg_\br_\bo_\bu_\bp instead. To specify a _\bg_\bi_\bd instead of a _\bg_\br_\bo_\bu_\bp
+ _\bn_\ba_\bm_\be, use _\b#_\bg_\bi_\bd. When running commands as a _\bg_\bi_\bd, many shells
+ require that the `#' be escaped with a backslash (`\'). If
+ no -\b-u\bu option is specified, the command will be run as the
+ invoking user (not root). In either case, the primary group
+ will be set to _\bg_\br_\bo_\bu_\bp.
+
+ -\b-H\bH The -\b-H\bH (_\bH_\bO_\bM_\bE) option requests that the security policy set
+ the HOME environment variable to the home directory of the
+ target user (root by default) as specified by the password
+ database. Depending on the policy, this may be the default
+ behavior.
+
+ -\b-h\bh The -\b-h\bh (_\bh_\be_\bl_\bp) option causes s\bsu\bud\bdo\bo to print a short help
+ message to the standard output and exit.
+
+ -\b-i\bi [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs the shell
+ specified by the password database entry of the target user
+ as a login shell. This means that login-specific resource
+ files such as _\b._\bp_\br_\bo_\bf_\bi_\bl_\be or _\b._\bl_\bo_\bg_\bi_\bn will be read by the shell.
+ If a command is specified, it is passed to the shell for
+ execution via the shell's -\b-c\bc option. If no command is
+ specified, an interactive shell is executed. s\bsu\bud\bdo\bo attempts
+ to change to that user's home directory before running the
+ shell. The security policy shall initialize the environment
+ to a minimal set of variables, similar to what is present
+ when a user logs in. The _\bC_\bo_\bm_\bm_\ba_\bn_\bd _\bE_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt section in the
+ sudoers(4) manual documents how the -\b-i\bi option affects the
+ environment in which a command is run when the _\bs_\bu_\bd_\bo_\be_\br_\bs policy
+ is in use.
+
+ -\b-K\bK The -\b-K\bK (sure _\bk_\bi_\bl_\bl) option is like -\b-k\bk except that it removes
+ the user's cached credentials entirely and may not be used in
+ conjunction with a command or other option. This option does
+ not require a password. Not all security policies support
+ credential caching.
+
+ -\b-k\bk [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ When used alone, the -\b-k\bk (_\bk_\bi_\bl_\bl) option to s\bsu\bud\bdo\bo invalidates the
+ user's cached credentials. The next time s\bsu\bud\bdo\bo is run a
+ password will be required. This option does not require a
+ password and was added to allow a user to revoke s\bsu\bud\bdo\bo
+ permissions from a _\b._\bl_\bo_\bg_\bo_\bu_\bt file. Not all security policies
+ support credential caching.
+
+ When used in conjunction with a command or an option that may
+ require a password, the -\b-k\bk option will cause s\bsu\bud\bdo\bo to ignore
+ the user's cached credentials. As a result, s\bsu\bud\bdo\bo will prompt
+ for a password (if one is required by the security policy)
+ and will not update the user's cached credentials.
+
+ -\b-l\bl[l\bl] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ If no _\bc_\bo_\bm_\bm_\ba_\bn_\bd is specified, the -\b-l\bl (_\bl_\bi_\bs_\bt) option will list
+ the allowed (and forbidden) commands for the invoking user
+ (or the user specified by the -\b-U\bU option) on the current host.
+ If a _\bc_\bo_\bm_\bm_\ba_\bn_\bd is specified and is permitted by the security
+ policy, the fully-qualified path to the command is displayed
+ along with any command line arguments. If _\bc_\bo_\bm_\bm_\ba_\bn_\bd is
+ specified but not allowed, s\bsu\bud\bdo\bo will exit with a status value
+ of 1. If the -\b-l\bl option is specified with an _\bl argument (i.e.
+ -\b-l\bll\bl), or if -\b-l\bl is specified multiple times, a longer list
+ format is used.
+
+ -\b-n\bn The -\b-n\bn (_\bn_\bo_\bn_\b-_\bi_\bn_\bt_\be_\br_\ba_\bc_\bt_\bi_\bv_\be) option prevents s\bsu\bud\bdo\bo from prompting
+ the user for a password. If a password is required for the
+ command to run, s\bsu\bud\bdo\bo will display an error message and exit.
+
+ -\b-P\bP The -\b-P\bP (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\bg_\br_\bo_\bu_\bp _\bv_\be_\bc_\bt_\bo_\br) option causes s\bsu\bud\bdo\bo to preserve
+ the invoking user's group vector unaltered. By default, the
+ _\bs_\bu_\bd_\bo_\be_\br_\bs policy will initialize the group vector to the list
+ of groups the target user is in. The real and effective
+ group IDs, however, are still set to match the target user.
+
+ -\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt The -\b-p\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the default
+ password prompt and use a custom one. The following percent
+ (`%') escapes are supported by the _\bs_\bu_\bd_\bo_\be_\br_\bs policy:
+
+ %H expanded to the host name including the domain name (on
+ if the machine's host name is fully qualified or the _\bf_\bq_\bd_\bn
+ option is set in sudoers(4))
+
+ %h expanded to the local host name without the domain name
+
+ %p expanded to the name of the user whose password is being
+ requested (respects the _\br_\bo_\bo_\bt_\bp_\bw, _\bt_\ba_\br_\bg_\be_\bt_\bp_\bw, and _\br_\bu_\bn_\ba_\bs_\bp_\bw
+ flags in sudoers(4))
+
+ %U expanded to the login name of the user the command will
+ be run as (defaults to root unless the -\b-u\bu option is also
+ specified)
+
+ %u expanded to the invoking user's login name
+
+ %% two consecutive `%' characters are collapsed into a
+ single `%' character
+
+ The prompt specified by the -\b-p\bp option will override the
+ system password prompt on systems that support PAM unless the
+ _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be flag is disabled in _\bs_\bu_\bd_\bo_\be_\br_\bs.
+
+ -\b-r\br _\br_\bo_\bl_\be The -\b-r\br (_\br_\bo_\bl_\be) option causes the new (SELinux) security
+ context to have the role specified by _\br_\bo_\bl_\be.
+
+ -\b-S\bS The -\b-S\bS (_\bs_\bt_\bd_\bi_\bn) option causes s\bsu\bud\bdo\bo to read the password from
+ the standard input instead of the terminal device. The
+ password must be followed by a newline character.
+
+ -\b-s\bs [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by the SHELL
+ environment variable if it is set or the shell as specified
+ in the password database. If a command is specified, it is
+ passed to the shell for execution via the shell's -\b-c\bc option.
+ If no command is specified, an interactive shell is executed.
+
+ -\b-t\bt _\bt_\by_\bp_\be The -\b-t\bt (_\bt_\by_\bp_\be) option causes the new (SELinux) security
+ context to have the type specified by _\bt_\by_\bp_\be. If no type is
+ specified, the default type is derived from the specified
+ role.
+
+ -\b-U\bU _\bu_\bs_\be_\br The -\b-U\bU (_\bo_\bt_\bh_\be_\br _\bu_\bs_\be_\br) option is used in conjunction with the -\b-l\bl
+ option to specify the user whose privileges should be listed.
+ The security policy may restrict listing other users'
+ privileges. The _\bs_\bu_\bd_\bo_\be_\br_\bs policy only allows root or a user
+ with the ALL privilege on the current host to use this
+ option.
+
+ -\b-u\bu _\bu_\bs_\be_\br The -\b-u\bu (_\bu_\bs_\be_\br) option causes s\bsu\bud\bdo\bo to run the specified command
+ as a user other than _\br_\bo_\bo_\bt. To specify a _\bu_\bi_\bd instead of a
+ _\bu_\bs_\be_\br _\bn_\ba_\bm_\be, _\b#_\bu_\bi_\bd. When running commands as a _\bu_\bi_\bd, many shells
+ require that the `#' be escaped with a backslash (`\').
+ Security policies may restrict _\bu_\bi_\bds to those listed in the
+ password database. The _\bs_\bu_\bd_\bo_\be_\br_\bs policy allows _\bu_\bi_\bds that are
+ not in the password database as long as the _\bt_\ba_\br_\bg_\be_\bt_\bp_\bw option
+ is not set. Other security policies may not support this.
+
+ -\b-V\bV The -\b-V\bV (_\bv_\be_\br_\bs_\bi_\bo_\bn) option causes s\bsu\bud\bdo\bo to print its version
+ string and the version string of the security policy plugin
+ and any I/O plugins. If the invoking user is already root
+ the -\b-V\bV option will display the arguments passed to configure
+ when s\bsu\bud\bdo\bo was built and plugins may display more verbose
+ information such as default options.
+
+ -\b-v\bv When given the -\b-v\bv (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bsu\bud\bdo\bo will update the
+ user's cached credentials, authenticating the user's password
+ if necessary. For the _\bs_\bu_\bd_\bo_\be_\br_\bs plugin, this extends the s\bsu\bud\bdo\bo
+ timeout for another 5 minutes (or whatever the timeout is set
+ to by the security policy) but does not run a command. Not
+ all security policies support cached credentials.
+
+ -\b--\b- The -\b--\b- option indicates that s\bsu\bud\bdo\bo should stop processing
+ command line arguments.
+
+ Environment variables to be set for the command may also be passed on the
+ command line in the form of V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be, e.g.
+ L\bLD\bD_\b_L\bLI\bIB\bBR\bRA\bAR\bRY\bY_\b_P\bPA\bAT\bTH\bH=_\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bp_\bk_\bg_\b/_\bl_\bi_\bb. Variables passed on the command line
+ are subject to the same restrictions as normal environment variables with
+ one important exception. If the _\bs_\be_\bt_\be_\bn_\bv option is set in _\bs_\bu_\bd_\bo_\be_\br_\bs, the
+ command to be run has the SETENV tag set or the command matched is ALL,
+ the user may set variables that would otherwise be forbidden. See
+ sudoers(4) for more information.
+
+C\bCO\bOM\bMM\bMA\bAN\bND\bD E\bEX\bXE\bEC\bCU\bUT\bTI\bIO\bON\bN
+ When s\bsu\bud\bdo\bo executes a command, the security policy specifies the execution
+ environment for the command. Typically, the real and effective uid and
+ gid are set to match those of the target user, as specified in the
+ password database, and the group vector is initialized based on the group
+ database (unless the -\b-P\bP option was specified).
+
+ The following parameters may be specified by security policy:
+
+ o\bo real and effective user ID
+
+ o\bo real and effective group ID
+
+ o\bo supplementary group IDs
+
+ o\bo the environment list
+
+ o\bo current working directory
+
+ o\bo file creation mode mask (umask)
+
+ o\bo SELinux role and type
+
+ o\bo Solaris project
+
+ o\bo Solaris privileges
+
+ o\bo BSD login class
+
+ o\bo scheduling priority (aka nice value)
+
+ P\bPr\bro\boc\bce\bes\bss\bs m\bmo\bod\bde\bel\bl
+ When s\bsu\bud\bdo\bo runs a command, it calls fork(2), sets up the execution
+ environment as described above, and calls the execve system call in the
+ child process. The main s\bsu\bud\bdo\bo process waits until the command has
+ completed, then passes the command's exit status to the security policy's
+ close function and exits. If an I/O logging plugin is configured or if
+ the security policy explicitly requests it, a new pseudo-terminal
+ (``pty'') is created and a second s\bsu\bud\bdo\bo process is used to relay job
+ control signals between the user's existing pty and the new pty the
+ command is being run in. This extra process makes it possible to, for
+ example, suspend and resume the command. Without it, the command would
+ be in what POSIX terms an ``orphaned process group'' and it would not
+ receive any job control signals. As a special case, if the policy plugin
+ does not define a close function and no pty is required, s\bsu\bud\bdo\bo will
+ execute the command directly instead of calling fork(2) first.
+
+ S\bSi\big\bgn\bna\bal\bl h\bha\ban\bnd\bdl\bli\bin\bng\bg
+ Because the command is run as a child of the s\bsu\bud\bdo\bo process, s\bsu\bud\bdo\bo will
+ relay signals it receives to the command. Unless the command is being
+ run in a new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed
+ unless they are sent by a user process, not the kernel. Otherwise, the
+ command would receive SIGINT twice every time the user entered control-C.
+ Some signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will
+ not be relayed to the command. As a general rule, SIGTSTP should be used
+ instead of SIGSTOP when you wish to suspend a command being run by s\bsu\bud\bdo\bo.
+
+ As a special case, s\bsu\bud\bdo\bo will not relay signals that were sent by the
+ command it is running. This prevents the command from accidentally
+ killing itself. On some systems, the reboot(1m) command sends SIGTERM to
+ all non-system processes other than itself before rebooting the system.
+ This prevents s\bsu\bud\bdo\bo from relaying the SIGTERM signal it received back to
+ reboot(1m), which might then exit before the system was actually rebooted,
+ leaving it in a half-dead state similar to single user mode. Note,
+ however, that this check only applies to the command run by s\bsu\bud\bdo\bo and not
+ any other processes that the command may create. As a result, running a
+ script that calls reboot(1m) or shutdown(1m) via s\bsu\bud\bdo\bo may cause the system
+ to end up in this undefined state unless the reboot(1m) or shutdown(1m) are
+ run using the e\bex\bxe\bec\bc() family of functions instead of s\bsy\bys\bst\bte\bem\bm() (which
+ interposes a shell between the command and the calling process).
+
+ If no I/O logging plugins are loaded and the policy plugin has not
+ defined a c\bcl\blo\bos\bse\be() function, set a command timeout or required that the
+ command be run in a new pty, s\bsu\bud\bdo\bo may execute the command directly
+ instead of running it as a child process.
+
+ P\bPl\blu\bug\bgi\bin\bns\bs
+ Plugins are dynamically loaded based on the contents of the sudo.conf(4)
+ file. If no sudo.conf(4) file is present, or it contains no Plugin
+ lines, s\bsu\bud\bdo\bo will use the traditional _\bs_\bu_\bd_\bo_\be_\br_\bs security policy and I/O
+ logging. See the sudo.conf(4) manual for details of the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf
+ file and the sudo_plugin(1m) manual for more information about the s\bsu\bud\bdo\bo
+ plugin architecture.
+
+E\bEX\bXI\bIT\bT V\bVA\bAL\bLU\bUE\bE
+ Upon successful execution of a program, the exit status from _\bs_\bu_\bd_\bo will
+ simply be the exit status of the program that was executed.
+
+ Otherwise, s\bsu\bud\bdo\bo exits with a value of 1 if there is a
+ configuration/permission problem or if s\bsu\bud\bdo\bo cannot execute the given
+ command. In the latter case the error string is printed to the standard
+ error. If s\bsu\bud\bdo\bo cannot stat(2) one or more entries in the user's PATH, an
+ error is printed on stderr. (If the directory does not exist or if it is
+ not really a directory, the entry is ignored and no error is printed.)
+ This should not happen under normal circumstances. The most common
+ reason for stat(2) to return ``permission denied'' is if you are running
+ an automounter and one of the directories in your PATH is on a machine
+ that is currently unreachable.
S\bSE\bEC\bCU\bUR\bRI\bIT\bTY\bY N\bNO\bOT\bTE\bES\bS
- s\bsu\bud\bdo\bo tries to be safe when executing external commands.
-
- To prevent command spoofing, s\bsu\bud\bdo\bo checks "." and "" (both denoting
- current directory) last when searching for a command in the user's PATH
- (if one or both are in the PATH). Note, however, that the actual PATH
- environment variable is _\bn_\bo_\bt modified and is passed unchanged to the
- program that s\bsu\bud\bdo\bo executes.
-
- Please note that s\bsu\bud\bdo\bo will normally only log the command it explicitly
- runs. If a user runs a command such as sudo su or sudo sh, subsequent
- commands run from that shell are not subject to s\bsu\bud\bdo\bo's security policy.
- The same is true for commands that offer shell escapes (including most
- editors). If I/O logging is enabled, subsequent commands will have
- their input and/or output logged, but there will not be traditional
- logs for those commands. Because of this, care must be taken when
- giving users access to commands via s\bsu\bud\bdo\bo to verify that the command
- does not inadvertently give the user an effective root shell. For more
- information, please see the PREVENTING SHELL ESCAPES section in
- _\bs_\bu_\bd_\bo_\be_\br_\bs(4).
+ s\bsu\bud\bdo\bo tries to be safe when executing external commands.
+
+ To prevent command spoofing, s\bsu\bud\bdo\bo checks "." and "" (both denoting
+ current directory) last when searching for a command in the user's PATH
+ (if one or both are in the PATH). Note, however, that the actual PATH
+ environment variable is _\bn_\bo_\bt modified and is passed unchanged to the
+ program that s\bsu\bud\bdo\bo executes.
+
+ Please note that s\bsu\bud\bdo\bo will normally only log the command it explicitly
+ runs. If a user runs a command such as sudo su or sudo sh, subsequent
+ commands run from that shell are not subject to s\bsu\bud\bdo\bo's security policy.
+ The same is true for commands that offer shell escapes (including most
+ editors). If I/O logging is enabled, subsequent commands will have their
+ input and/or output logged, but there will not be traditional logs for
+ those commands. Because of this, care must be taken when giving users
+ access to commands via s\bsu\bud\bdo\bo to verify that the command does not
+ inadvertently give the user an effective root shell. For more
+ information, please see the _\bP_\bR_\bE_\bV_\bE_\bN_\bT_\bI_\bN_\bG _\bS_\bH_\bE_\bL_\bL _\bE_\bS_\bC_\bA_\bP_\bE_\bS section in
+ sudoers(4).
+
+ To prevent the disclosure of potentially sensitive information, s\bsu\bud\bdo\bo
+ disables core dumps by default while it is executing (they are re-enabled
+ for the command that is run). To aid in debugging s\bsu\bud\bdo\bo crashes, you may
+ wish to re-enable core dumps by setting ``disable_coredump'' to false in
+ the sudo.conf(4) file as follows:
+
+ Set disable_coredump false
+
+ See the sudo.conf(4) manual for more information.
E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
- s\bsu\bud\bdo\bo utilizes the following environment variables. The security policy
- has control over the content of the command's environment.
+ s\bsu\bud\bdo\bo utilizes the following environment variables. The security policy
+ has control over the actual content of the command's environment.
- EDITOR Default editor to use in -\b-e\be (sudoedit) mode if neither
- SUDO_EDITOR nor VISUAL is set
+ EDITOR Default editor to use in -\b-e\be (sudoedit) mode if neither
+ SUDO_EDITOR nor VISUAL is set.
- MAIL In -\b-i\bi mode or when _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is enabled in _\bs_\bu_\bd_\bo_\be_\br_\bs, set
- to the mail spool of the target user
+ MAIL In -\b-i\bi mode or when _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is enabled in _\bs_\bu_\bd_\bo_\be_\br_\bs, set
+ to the mail spool of the target user.
- HOME Set to the home directory of the target user if -\b-i\bi or
- -\b-H\bH are specified, _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt or _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be are set
- in _\bs_\bu_\bd_\bo_\be_\br_\bs, or when the -\b-s\bs option is specified and
- _\bs_\be_\bt_\b__\bh_\bo_\bm_\be is set in _\bs_\bu_\bd_\bo_\be_\br_\bs
+ HOME Set to the home directory of the target user if -\b-i\bi or -\b-H\bH
+ are specified, _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt or _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be are set in
+ _\bs_\bu_\bd_\bo_\be_\br_\bs, or when the -\b-s\bs option is specified and _\bs_\be_\bt_\b__\bh_\bo_\bm_\be
+ is set in _\bs_\bu_\bd_\bo_\be_\br_\bs.
- PATH May be overridden by the security policy.
+ PATH May be overridden by the security policy.
- SHELL Used to determine shell to run with -s option
+ SHELL Used to determine shell to run with -\b-s\bs option.
- SUDO_ASKPASS Specifies the path to a helper program used to read the
- password if no terminal is available or if the -A
- option is specified.
+ SUDO_ASKPASS Specifies the path to a helper program used to read the
+ password if no terminal is available or if the -\b-A\bA option
+ is specified.
- SUDO_COMMAND Set to the command run by sudo
+ SUDO_COMMAND Set to the command run by sudo.
- SUDO_EDITOR Default editor to use in -\b-e\be (sudoedit) mode
+ SUDO_EDITOR Default editor to use in -\b-e\be (sudoedit) mode.
- SUDO_GID Set to the group ID of the user who invoked sudo
+ SUDO_GID Set to the group ID of the user who invoked sudo.
- SUDO_PROMPT Used as the default password prompt
+ SUDO_PROMPT Used as the default password prompt.
- SUDO_PS1 If set, PS1 will be set to its value for the program
- being run
+ SUDO_PS1 If set, PS1 will be set to its value for the program
+ being run.
- SUDO_UID Set to the user ID of the user who invoked sudo
+ SUDO_UID Set to the user ID of the user who invoked sudo.
- SUDO_USER Set to the login of the user who invoked sudo
+ SUDO_USER Set to the login name of the user who invoked sudo.
- USER Set to the target user (root unless the -\b-u\bu option is
- specified)
+ USER Set to the target user (root unless the -\b-u\bu option is
+ specified).
- VISUAL Default editor to use in -\b-e\be (sudoedit) mode if
- SUDO_EDITOR is not set
+ VISUAL Default editor to use in -\b-e\be (sudoedit) mode if
+ SUDO_EDITOR is not set.
F\bFI\bIL\bLE\bES\bS
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf s\bsu\bud\bdo\bo plugin and path configuration
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf s\bsu\bud\bdo\bo front end configuration
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
- Note: the following examples assume a properly configured security
- policy.
+ Note: the following examples assume a properly configured security
+ policy.
- To get a file listing of an unreadable directory:
+ To get a file listing of an unreadable directory:
- $ sudo ls /usr/local/protected
+ $ sudo ls /usr/local/protected
- To list the home directory of user yaz on a machine where the file
- system holding ~yaz is not exported as root:
+ To list the home directory of user yaz on a machine where the file system
+ holding ~yaz is not exported as root:
- $ sudo -u yaz ls ~yaz
+ $ sudo -u yaz ls ~yaz
- To edit the _\bi_\bn_\bd_\be_\bx_\b._\bh_\bt_\bm_\bl file as user www:
+ To edit the _\bi_\bn_\bd_\be_\bx_\b._\bh_\bt_\bm_\bl file as user www:
- $ sudo -u www vi ~www/htdocs/index.html
+ $ sudo -u www vi ~www/htdocs/index.html
- To view system logs only accessible to root and users in the adm group:
+ To view system logs only accessible to root and users in the adm group:
- $ sudo -g adm view /var/log/syslog
+ $ sudo -g adm view /var/log/syslog
- To run an editor as jim with a different primary group:
+ To run an editor as jim with a different primary group:
- $ sudo -u jim -g audio vi ~jim/sound.txt
+ $ sudo -u jim -g audio vi ~jim/sound.txt
- To shutdown a machine:
+ To shut down a machine:
- $ sudo shutdown -r +15 "quick reboot"
+ $ sudo shutdown -r +15 "quick reboot"
- To make a usage listing of the directories in the /home partition.
- Note that this runs the commands in a sub-shell to make the cd and file
- redirection work.
+ To make a usage listing of the directories in the /home partition. Note
+ that this runs the commands in a sub-shell to make the cd and file
+ redirection work.
- $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
+ $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\bg_\br_\be_\bp(1), _\bs_\bu(1), _\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), _\bp_\ba_\bs_\bs_\bw_\bd(4), _\bs_\bu_\bd_\bo_\be_\br_\bs(4),
- _\bs_\bu_\bd_\bo_\b__\bp_\bl_\bu_\bg_\bi_\bn(1m), _\bs_\bu_\bd_\bo_\br_\be_\bp_\bl_\ba_\by(1m), _\bv_\bi_\bs_\bu_\bd_\bo(1m)
+ su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudoers(4),
+ sudo_plugin(1m), sudoreplay(1m), visudo(1m)
+
+H\bHI\bIS\bST\bTO\bOR\bRY\bY
+ See the HISTORY file in the s\bsu\bud\bdo\bo distribution
+ (http://www.sudo.ws/sudo/history.html) for a brief history of sudo.
A\bAU\bUT\bTH\bHO\bOR\bRS\bS
- Many people have worked on s\bsu\bud\bdo\bo over the years; this version consists
- of code written primarily by:
+ Many people have worked on s\bsu\bud\bdo\bo over the years; this version consists of
+ code written primarily by:
- Todd C. Miller
+ Todd C. Miller
- See the HISTORY file in the s\bsu\bud\bdo\bo distribution or visit
- http://www.sudo.ws/sudo/history.html for a short history of s\bsu\bud\bdo\bo.
+ See the CONTRIBUTORS file in the s\bsu\bud\bdo\bo distribution
+ (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
+ people who have contributed to s\bsu\bud\bdo\bo.
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
- There is no easy way to prevent a user from gaining a root shell if
- that user is allowed to run arbitrary commands via s\bsu\bud\bdo\bo. Also, many
- programs (such as editors) allow the user to run commands via shell
- escapes, thus avoiding s\bsu\bud\bdo\bo's checks. However, on most systems it is
- possible to prevent shell escapes with the _\bs_\bu_\bd_\bo_\be_\br_\bs(4) module's _\bn_\bo_\be_\bx_\be_\bc
- functionality.
+ There is no easy way to prevent a user from gaining a root shell if that
+ user is allowed to run arbitrary commands via s\bsu\bud\bdo\bo. Also, many programs
+ (such as editors) allow the user to run commands via shell escapes, thus
+ avoiding s\bsu\bud\bdo\bo's checks. However, on most systems it is possible to
+ prevent shell escapes with the sudoers(4) plugin's _\bn_\bo_\be_\bx_\be_\bc functionality.
- It is not meaningful to run the cd command directly via sudo, e.g.,
+ It is not meaningful to run the cd command directly via sudo, e.g.,
- $ sudo cd /usr/local/protected
+ $ sudo cd /usr/local/protected
- since when the command exits the parent process (your shell) will still
- be the same. Please see the EXAMPLES section for more information.
+ since when the command exits the parent process (your shell) will still
+ be the same. Please see the _\bE_\bX_\bA_\bM_\bP_\bL_\bE_\bS section for more information.
- Running shell scripts via s\bsu\bud\bdo\bo can expose the same kernel bugs that
- make setuid shell scripts unsafe on some operating systems (if your OS
- has a /dev/fd/ directory, setuid shell scripts are generally safe).
+ Running shell scripts via s\bsu\bud\bdo\bo can expose the same kernel bugs that make
+ setuid shell scripts unsafe on some operating systems (if your OS has a
+ /dev/fd/ directory, setuid shell scripts are generally safe).
B\bBU\bUG\bGS\bS
- If you feel you have found a bug in s\bsu\bud\bdo\bo, please submit a bug report at
- http://www.sudo.ws/sudo/bugs/
+ If you feel you have found a bug in s\bsu\bud\bdo\bo, please submit a bug report at
+ http://www.sudo.ws/sudo/bugs/
S\bSU\bUP\bPP\bPO\bOR\bRT\bT
- Limited free support is available via the sudo-users mailing list, see
- http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
- the archives.
+ Limited free support is available via the sudo-users mailing list, see
+ http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
+ archives.
D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
- s\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied warranties,
- including, but not limited to, the implied warranties of
- merchantability and fitness for a particular purpose are disclaimed.
- See the LICENSE file distributed with s\bsu\bud\bdo\bo or
- http://www.sudo.ws/sudo/license.html for complete details.
-
-
+ s\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied warranties,
+ including, but not limited to, the implied warranties of merchantability
+ and fitness for a particular purpose are disclaimed. See the LICENSE
+ file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
+ complete details.
-1.8.1p2 May 16, 2011 SUDO(1m)
+Sudo 1.8.7 March 13, 2013 Sudo 1.8.7