sudo, sudoedit - execute a command as another user
S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
- s\bsu\bud\bdo\bo [-\b-n\bn] -\b-h\bh | -\b-K\bK | -\b-k\bk | -\b-L\bL | -\b-V\bV | -\b-v\bv
+ s\bsu\bud\bdo\bo -\b-h\bh | -\b-K\bK | -\b-k\bk | -\b-L\bL | -\b-V\bV
- s\bsu\bud\bdo\bo -\b-l\bl[\b[l\bl]\b] [-\b-A\bAn\bnS\bS] [-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-U\bU _\bu_\bs_\be_\br_\bn_\ba_\bm_\be] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd]
- [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ s\bsu\bud\bdo\bo -\b-v\bv [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt]
+ [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd]
- s\bsu\bud\bdo\bo [-\b-A\bAb\bbE\bEH\bHn\bnP\bPS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-] [-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd]
- [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be] [-\b-i\bi | -\b-s\bs] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ s\bsu\bud\bdo\bo -\b-l\bl[\b[l\bl]\b] [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt]
+ [-\b-U\bU _\bu_\bs_\be_\br _\bn_\ba_\bm_\be] [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
- s\bsu\bud\bdo\boe\bed\bdi\bit\bt [-\b-A\bAn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-] [-\b-g\bg _\bg_\br_\bo_\bu_\bp_\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd]
- [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] file ...
+ s\bsu\bud\bdo\bo [-\b-A\bAb\bbE\bEH\bHn\bnP\bPS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-]
+ [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-r\br _\br_\bo_\bl_\be] [-\b-t\bt _\bt_\by_\bp_\be]
+ [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be] [-\b-i\bi | -\b-s\bs] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+
+ s\bsu\bud\bdo\boe\bed\bdi\bit\bt [-\b-A\bAn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-C\bC _\bf_\bd] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs|_\b-]
+ [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] file ...
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
s\bsu\bud\bdo\bo allows a permitted user to execute a _\bc_\bo_\bm_\bm_\ba_\bn_\bd as the superuser or
password is required. Otherwise, s\bsu\bud\bdo\bo requires that users authenticate
themselves with a password by default (NOTE: in the default
configuration this is the user's password, not the root password).
- Once a user has been authenticated, a timestamp is updated and the user
- may then use sudo without a password for a short period of time (5
+ Once a user has been authenticated, a time stamp is updated and the
+ user may then use sudo without a password for a short period of time (5
minutes unless overridden in _\bs_\bu_\bd_\bo_\be_\br_\bs).
When invoked as s\bsu\bud\bdo\boe\bed\bdi\bit\bt, the -\b-e\be option (described below), is implied.
s\bsu\bud\bdo\bo determines who is an authorized user by consulting the file
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. By running s\bsu\bud\bdo\bo with the -\b-v\bv option, a user can update
- the time stamp without running a _\bc_\bo_\bm_\bm_\ba_\bn_\bd. The password prompt itself
- will also time out if the user's password is not entered within 5
- minutes (unless overridden via _\bs_\bu_\bd_\bo_\be_\br_\bs).
+ the time stamp without running a _\bc_\bo_\bm_\bm_\ba_\bn_\bd. If a password is required,
+ s\bsu\bud\bdo\bo will exit if the user's password is not entered within a
+ configurable time limit. The default password prompt timeout is 5
+ minutes.
If a user who is not listed in the _\bs_\bu_\bd_\bo_\be_\br_\bs file tries to run a command
via s\bsu\bud\bdo\bo, mail is sent to the proper authorities, as defined at
be used by a user to log commands through sudo even when a root shell
has been invoked. It also allows the -\b-e\be option to remain useful even
when being run via a sudo-run script or program. Note however, that
- the sudoers lookup is still done for root, not the user specified by
- SUDO_USER.
-
- s\bsu\bud\bdo\bo can log both successful and unsuccessful attempts (as well as
- errors) to _\bs_\by_\bs_\bl_\bo_\bg(3), a log file, or both. By default s\bsu\bud\bdo\bo will log
-1.7.0 November 15, 2008 1
+1.7.4 July 19, 2010 1
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ the sudoers lookup is still done for root, not the user specified by
+ SUDO_USER.
+
+ s\bsu\bud\bdo\bo can log both successful and unsuccessful attempts (as well as
+ errors) to _\bs_\by_\bs_\bl_\bo_\bg(3), a log file, or both. By default s\bsu\bud\bdo\bo will log
via _\bs_\by_\bs_\bl_\bo_\bg(3) but this is changeable at configure time or via the
_\bs_\bu_\bd_\bo_\be_\br_\bs file.
-A Normally, if s\bsu\bud\bdo\bo requires a password, it will read it from
the current terminal. If the -\b-A\bA (_\ba_\bs_\bk_\bp_\ba_\bs_\bs) option is
- specified, a helper program is executed to read the user's
- password and output the password to the standard output.
- If the SUDO_ASKPASS environment variable is set, it
- specifies the path to the helper program. Otherwise, the
- value specified by the _\ba_\bs_\bk_\bp_\ba_\bs_\bs option in _\bs_\bu_\bd_\bo_\be_\br_\bs(4) is
- used.
+ specified, a (possibly graphical) helper program is
+ executed to read the user's password and output the
+ password to the standard output. If the SUDO_ASKPASS
+ environment variable is set, it specifies the path to the
+ helper program. Otherwise, the value specified by the
+ _\ba_\bs_\bk_\bp_\ba_\bs_\bs option in _\bs_\bu_\bd_\bo_\be_\br_\bs(4) is used.
-a _\bt_\by_\bp_\be The -\b-a\ba (_\ba_\bu_\bt_\bh_\be_\bn_\bt_\bi_\bc_\ba_\bt_\bi_\bo_\bn _\bt_\by_\bp_\be) option causes s\bsu\bud\bdo\bo to use the
specified authentication type when validating the user, as
with BSD login classes.
-E The -\b-E\bE (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt) option will override the
- _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option in _\bs_\bu_\bd_\bo_\be_\br_\bs(4)). It is only available when
- either the matching command has the SETENV tag or the
- _\bs_\be_\bt_\be_\bn_\bv option is set in _\bs_\bu_\bd_\bo_\be_\br_\bs(4).
-
- -e The -\b-e\be (_\be_\bd_\bi_\bt) option indicates that, instead of running a
-1.7.0 November 15, 2008 2
+1.7.4 July 19, 2010 2
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option in _\bs_\bu_\bd_\bo_\be_\br_\bs(4)). It is only available when
+ either the matching command has the SETENV tag or the
+ _\bs_\be_\bt_\be_\bn_\bv option is set in _\bs_\bu_\bd_\bo_\be_\br_\bs(4).
+
+ -e The -\b-e\be (_\be_\bd_\bi_\bt) option indicates that, instead of running a
command, the user wishes to edit one or more files. In
lieu of a command, the string "sudoedit" is used when
consulting the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If the user is authorized by
-H The -\b-H\bH (_\bH_\bO_\bM_\bE) option sets the HOME environment variable to
the homedir of the target user (root by default) as
- specified in _\bp_\ba_\bs_\bs_\bw_\bd(4). By default, s\bsu\bud\bdo\bo does not modify
- HOME (see _\bs_\be_\bt_\b__\bh_\bo_\bm_\be and _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be in _\bs_\bu_\bd_\bo_\be_\br_\bs(4)).
+ specified in _\bp_\ba_\bs_\bs_\bw_\bd(4). The default handling of the HOME
+ environment variable depends on _\bs_\bu_\bd_\bo_\be_\br_\bs(4) settings. By
+ default, s\bsu\bud\bdo\bo will set HOME if _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt or _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be
+ are set, or if _\bs_\be_\bt_\b__\bh_\bo_\bm_\be is set and the -\b-s\bs option is
+ specified on the command line.
-h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes s\bsu\bud\bdo\bo to print a usage message
and exit.
-i [command]
The -\b-i\bi (_\bs_\bi_\bm_\bu_\bl_\ba_\bt_\be _\bi_\bn_\bi_\bt_\bi_\ba_\bl _\bl_\bo_\bg_\bi_\bn) option runs the shell
- specified in the _\bp_\ba_\bs_\bs_\bw_\bd(4) entry of the target user as a
- login shell. This means that login-specific resource files
- such as .profile or .login will be read by the shell. If a
- command is specified, it is passed to the shell for
- execution. Otherwise, an interactive shell is executed.
- s\bsu\bud\bdo\bo attempts to change to that user's home directory
- before running the shell. It also initializes the
- environment, leaving _\bD_\bI_\bS_\bP_\bL_\bA_\bY and _\bT_\bE_\bR_\bM unchanged, setting
-1.7.0 November 15, 2008 3
+1.7.4 July 19, 2010 3
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- _\bH_\bO_\bM_\bE, _\bS_\bH_\bE_\bL_\bL, _\bU_\bS_\bE_\bR, _\bL_\bO_\bG_\bN_\bA_\bM_\bE, and _\bP_\bA_\bT_\bH, as well as the
+ specified in the _\bp_\ba_\bs_\bs_\bw_\bd(4) entry of the target user as a
+ login shell. This means that login-specific resource files
+ such as .profile or .login will be read by the shell. If a
+ command is specified, it is passed to the shell for
+ execution. Otherwise, an interactive shell is executed.
+ s\bsu\bud\bdo\bo attempts to change to that user's home directory
+ before running the shell. It also initializes the
+ environment, leaving _\bD_\bI_\bS_\bP_\bL_\bA_\bY and _\bT_\bE_\bR_\bM unchanged, setting
+ _\bH_\bO_\bM_\bE, _\bM_\bA_\bI_\bL, _\bS_\bH_\bE_\bL_\bL, _\bU_\bS_\bE_\bR, _\bL_\bO_\bG_\bN_\bA_\bM_\bE, and _\bP_\bA_\bT_\bH, as well as the
contents of _\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt on Linux and AIX systems. All
other environment variables are removed.
-K The -\b-K\bK (sure _\bk_\bi_\bl_\bl) option is like -\b-k\bk except that it removes
- the user's timestamp entirely. Like -\b-k\bk, this option does
- not require a password.
-
- -k The -\b-k\bk (_\bk_\bi_\bl_\bl) option to s\bsu\bud\bdo\bo invalidates the user's
- timestamp by setting the time on it to the Epoch. The next
- time s\bsu\bud\bdo\bo is run a password will be required. This option
- does not require a password and was added to allow a user
- to revoke s\bsu\bud\bdo\bo permissions from a .logout file.
-
- -L The -\b-L\bL (_\bl_\bi_\bs_\bt defaults) option will list out the parameters
- that may be set in a _\bD_\be_\bf_\ba_\bu_\bl_\bt_\bs line along with a short
- description for each. This option is useful in conjunction
- with _\bg_\br_\be_\bp(1).
+ the user's time stamp entirely and may not be used in
+ conjunction with a command or other option. This option
+ does not require a password.
+
+ -k When used by itself, the -\b-k\bk (_\bk_\bi_\bl_\bl) option to s\bsu\bud\bdo\bo
+ invalidates the user's time stamp by setting the time on it
+ to the Epoch. The next time s\bsu\bud\bdo\bo is run a password will be
+ required. This option does not require a password and was
+ added to allow a user to revoke s\bsu\bud\bdo\bo permissions from a
+ .logout file.
+
+ When used in conjunction with a command or an option that
+ may require a password, the -\b-k\bk option will cause s\bsu\bud\bdo\bo to
+ ignore the user's time stamp file. As a result, s\bsu\bud\bdo\bo will
+ prompt for a password (if one is required by _\bs_\bu_\bd_\bo_\be_\br_\bs) and
+ will not update the user's time stamp file.
+
+ -L The -\b-L\bL (_\bl_\bi_\bs_\bt defaults) option will list the parameters that
+ may be set in a _\bD_\be_\bf_\ba_\bu_\bl_\bt_\bs line along with a short
+ description for each. This option will be removed from a
+ future version of s\bsu\bud\bdo\bo.
-l[l] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
If no _\bc_\bo_\bm_\bm_\ba_\bn_\bd is specified, the -\b-l\bl (_\bl_\bi_\bs_\bt) option will list
-P The -\b-P\bP (_\bp_\br_\be_\bs_\be_\br_\bv_\be _\bg_\br_\bo_\bu_\bp _\bv_\be_\bc_\bt_\bo_\br) option causes s\bsu\bud\bdo\bo to
preserve the invoking user's group vector unaltered. By
- default, s\bsu\bud\bdo\bo will initialize the group vector to the list
- of groups the target user is in. The real and effective
- group IDs, however, are still set to match the target user.
- -p _\bp_\br_\bo_\bm_\bp_\bt The -\b-p\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the default
- password prompt and use a custom one. The following
- percent (`%') escapes are supported:
- %H expanded to the local hostname including the domain
- name (on if the machine's hostname is fully qualified
- or the _\bf_\bq_\bd_\bn _\bs_\bu_\bd_\bo_\be_\br_\bs option is set)
- %h expanded to the local hostname without the domain name
+1.7.4 July 19, 2010 4
- %p expanded to the user whose password is being asked for
- (respects the _\br_\bo_\bo_\bt_\bp_\bw, _\bt_\ba_\br_\bg_\be_\bt_\bp_\bw and _\br_\bu_\bn_\ba_\bs_\bp_\bw flags in
-1.7.0 November 15, 2008 4
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ default, s\bsu\bud\bdo\bo will initialize the group vector to the list
+ of groups the target user is in. The real and effective
+ group IDs, however, are still set to match the target user.
+ -p _\bp_\br_\bo_\bm_\bp_\bt The -\b-p\bp (_\bp_\br_\bo_\bm_\bp_\bt) option allows you to override the default
+ password prompt and use a custom one. The following
+ percent (`%') escapes are supported:
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ %H expanded to the local host name including the domain
+ name (on if the machine's host name is fully qualified
+ or the _\bf_\bq_\bd_\bn _\bs_\bu_\bd_\bo_\be_\br_\bs option is set)
+ %h expanded to the local host name without the domain name
+ %p expanded to the user whose password is being asked for
+ (respects the _\br_\bo_\bo_\bt_\bp_\bw, _\bt_\ba_\br_\bg_\be_\bt_\bp_\bw and _\br_\bu_\bn_\ba_\bs_\bp_\bw flags in
_\bs_\bu_\bd_\bo_\be_\br_\bs)
%U expanded to the login name of the user the command will
system password prompt on systems that support PAM unless
the _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be flag is disabled in _\bs_\bu_\bd_\bo_\be_\br_\bs.
+ -r _\br_\bo_\bl_\be The -\b-r\br (_\br_\bo_\bl_\be) option causes the new (SELinux) security
+ context to have the role specified by _\br_\bo_\bl_\be.
+
-S The -\b-S\bS (_\bs_\bt_\bd_\bi_\bn) option causes s\bsu\bud\bdo\bo to read the password from
- the standard input instead of the terminal device.
+ the standard input instead of the terminal device. The
+ password must be followed by a newline character.
-s [command]
The -\b-s\bs (_\bs_\bh_\be_\bl_\bl) option runs the shell specified by the _\bS_\bH_\bE_\bL_\bL
the shell for execution. Otherwise, an interactive shell
is executed.
+ -t _\bt_\by_\bp_\be The -\b-t\bt (_\bt_\by_\bp_\be) option causes the new (SELinux) security
+ context to have the type specified by _\bt_\by_\bp_\be. If no type is
+ specified, the default type is derived from the specified
+ role.
+
-U _\bu_\bs_\be_\br The -\b-U\bU (_\bo_\bt_\bh_\be_\br _\bu_\bs_\be_\br) option is used in conjunction with the
-\b-l\bl option to specify the user whose privileges should be
listed. Only root or a user with s\bsu\bud\bdo\bo ALL on the current
host may use this option.
+
+
+
+1.7.4 July 19, 2010 5
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
-u _\bu_\bs_\be_\br The -\b-u\bu (_\bu_\bs_\be_\br) option causes s\bsu\bud\bdo\bo to run the specified
command as a user other than _\br_\bo_\bo_\bt. To specify a _\bu_\bi_\bd
instead of a _\bu_\bs_\be_\br _\bn_\ba_\bm_\be, use _\b#_\bu_\bi_\bd. When running commands as
addresses.
-v If given the -\b-v\bv (_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be) option, s\bsu\bud\bdo\bo will update the
- user's timestamp, prompting for the user's password if
+ user's time stamp, prompting for the user's password if
necessary. This extends the s\bsu\bud\bdo\bo timeout for another 5
minutes (or whatever the timeout is set to in _\bs_\bu_\bd_\bo_\be_\br_\bs) but
does not run a command.
-- The -\b--\b- option indicates that s\bsu\bud\bdo\bo should stop processing
- command line arguments. It is most useful in conjunction
- with the -\b-s\bs option.
+ command line arguments.
Environment variables to be set for the command may also be passed on
-
-
-
-1.7.0 November 15, 2008 5
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
the command line in the form of V\bVA\bAR\bR=_\bv_\ba_\bl_\bu_\be, e.g.
L\bLD\bD_\b_L\bLI\bIB\bBR\bRA\bAR\bRY\bY_\b_P\bPA\bAT\bTH\bH=_\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bp_\bk_\bg_\b/_\bl_\bi_\bb. Variables passed on the command
line are subject to the same restrictions as normal environment
default, the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt _\bs_\bu_\bd_\bo_\be_\br_\bs option is enabled. This causes commands
to be executed with a minimal environment containing TERM, PATH, HOME,
SHELL, LOGNAME, USER and USERNAME in addition to variables from the
+
+
+
+1.7.4 July 19, 2010 6
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
invoking process permitted by the _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and _\be_\bn_\bv_\b__\bk_\be_\be_\bp _\bs_\bu_\bd_\bo_\be_\br_\bs
options. There is effectively a whitelist for environment variables.
s\bsu\bud\bdo\bo to preserve them.
To prevent command spoofing, s\bsu\bud\bdo\bo checks "." and "" (both denoting
+ current directory) last when searching for a command in the user's PATH
+ (if one or both are in the PATH). Note, however, that the actual PATH
+ environment variable is _\bn_\bo_\bt modified and is passed unchanged to the
+ program that s\bsu\bud\bdo\bo executes.
+ s\bsu\bud\bdo\bo will check the ownership of its time stamp directory
+ (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo by default) and ignore the directory's contents if it is
+ not owned by root or if it is writable by a user other than root. On
+ systems that allow non-root users to give away files via _\bc_\bh_\bo_\bw_\bn(2), if
+ the time stamp directory is located in a directory writable by anyone
+ (e.g., _\b/_\bt_\bm_\bp), it is possible for a user to create the time stamp
+ directory before s\bsu\bud\bdo\bo is run. However, because s\bsu\bud\bdo\bo checks the
+ ownership and mode of the directory and its contents, the only damage
+ that can be done is to "hide" files by putting them in the time stamp
+ dir. This is unlikely to happen since once the time stamp dir is owned
+ by root and inaccessible by any other user, the user placing files
+ there would be unable to get them back out. To get around this issue
+ you can use a directory that is not world-writable for the time stamps
+ (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo for instance) or create _\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo with the
+ appropriate owner (root) and permissions (0700) in the system startup
+ files.
+
+ s\bsu\bud\bdo\bo will not honor time stamps set far in the future. Timestamps with
+ a date greater than current_time + 2 * TIMEOUT will be ignored and sudo
+ will log and complain. This is done to keep a user from creating
+ his/her own time stamp with a bogus date on systems that allow users to
+ give away files.
+ On systems where the boot time is available, s\bsu\bud\bdo\bo will also not honor
+ time stamps from before the machine booted.
-1.7.0 November 15, 2008 6
+1.7.4 July 19, 2010 7
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- current directory) last when searching for a command in the user's PATH
- (if one or both are in the PATH). Note, however, that the actual PATH
- environment variable is _\bn_\bo_\bt modified and is passed unchanged to the
- program that s\bsu\bud\bdo\bo executes.
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- s\bsu\bud\bdo\bo will check the ownership of its timestamp directory (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo
- by default) and ignore the directory's contents if it is not owned by
- root or if it is writable by a user other than root. On systems that
- allow non-root users to give away files via _\bc_\bh_\bo_\bw_\bn(2), if the timestamp
- directory is located in a directory writable by anyone (e.g., _\b/_\bt_\bm_\bp), it
- is possible for a user to create the timestamp directory before s\bsu\bud\bdo\bo is
- run. However, because s\bsu\bud\bdo\bo checks the ownership and mode of the
- directory and its contents, the only damage that can be done is to
- "hide" files by putting them in the timestamp dir. This is unlikely to
- happen since once the timestamp dir is owned by root and inaccessible
- by any other user, the user placing files there would be unable to get
- them back out. To get around this issue you can use a directory that
- is not world-writable for the timestamps (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo for instance)
- or create _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo with the appropriate owner (root) and
- permissions (0700) in the system startup files.
-
- s\bsu\bud\bdo\bo will not honor timestamps set far in the future. Timestamps with
- a date greater than current_time + 2 * TIMEOUT will be ignored and sudo
- will log and complain. This is done to keep a user from creating
- his/her own timestamp with a bogus date on systems that allow users to
- give away files.
+
+ Since time stamp files live in the file system, they can outlive a
+ user's login session. As a result, a user may be able to login, run a
+ command with s\bsu\bud\bdo\bo after authenticating, logout, login again, and run
+ s\bsu\bud\bdo\bo without authenticating so long as the time stamp file's
+ modification time is within 5 minutes (or whatever the timeout is set
+ to in _\bs_\bu_\bd_\bo_\be_\br_\bs). When the _\bt_\bt_\by_\b__\bt_\bi_\bc_\bk_\be_\bt_\bs option is enabled in _\bs_\bu_\bd_\bo_\be_\br_\bs, the
+ time stamp has per-tty granularity but still may outlive the user's
+ session. On Linux systems where the devpts filesystem is used, Solaris
+ systems with the devices filesystem, as well as other systems that
+ utilize a devfs filesystem that monotonically increase the inode number
+ of devices as they are created (such as Mac OS X), s\bsu\bud\bdo\bo is able to
+ determine when a tty-based time stamp file is stale and will ignore it.
+ Administrators should not rely on this feature as it is not universally
+ available.
Please note that s\bsu\bud\bdo\bo will normally only log the command it explicitly
runs. If a user runs a command such as sudo su or sudo sh, subsequent
EDITOR Default editor to use in -\b-e\be (sudoedit) mode if neither
SUDO_EDITOR nor VISUAL is set
- HOME In -\b-s\bs or -\b-H\bH mode (or if sudo was configured with the
- --enable-shell-sets-home option), set to homedir of the
- target user
+ MAIL In -\b-i\bi mode or when _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is enabled in _\bs_\bu_\bd_\bo_\be_\br_\bs, set
+ to the mail spool of the target user
+
+ HOME Set to the home directory of the target user if -\b-i\bi or
+ -\b-H\bH are specified, _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt or _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be are set
+ in _\bs_\bu_\bd_\bo_\be_\br_\bs, or when the -\b-s\bs option is specified and
+ _\bs_\be_\bt_\b__\bh_\bo_\bm_\be is set in _\bs_\bu_\bd_\bo_\be_\br_\bs
PATH Set to a sane value if the _\bs_\be_\bc_\bu_\br_\be_\b__\bp_\ba_\bt_\bh sudoers option
is set.
SUDO_ASKPASS Specifies the path to a helper program used to read the
password if no terminal is available or if the -A
+ option is specified.
+ SUDO_COMMAND Set to the command run by sudo
+ SUDO_EDITOR Default editor to use in -\b-e\be (sudoedit) mode
-1.7.0 November 15, 2008 7
+ SUDO_GID Set to the group ID of the user who invoked sudo
+1.7.4 July 19, 2010 8
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- option is specified.
- SUDO_COMMAND Set to the command run by sudo
- SUDO_EDITOR Default editor to use in -\b-e\be (sudoedit) mode
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
- SUDO_GID Set to the group ID of the user who invoked sudo
SUDO_PROMPT Used as the default password prompt
F\bFI\bIL\bLE\bES\bS
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
- _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo Directory containing timestamps
+ _\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo Directory containing time stamps
_\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt Initial environment for -\b-i\bi mode on Linux and
AIX
$ sudo ls /usr/local/protected
- To list the home directory of user yazza on a machine where the file
- system holding ~yazza is not exported as root:
+ To list the home directory of user yaz on a machine where the file
+ system holding ~yaz is not exported as root:
- $ sudo -u yazza ls ~yazza
+ $ sudo -u yaz ls ~yaz
To edit the _\bi_\bn_\bd_\be_\bx_\b._\bh_\bt_\bm_\bl file as user www:
$ sudo -u www vi ~www/htdocs/index.html
+ To view system logs only accessible to root and users in the adm group:
+
+ $ sudo -g adm view /var/log/syslog
+
+ To run an editor as jim with a different primary group:
+
+ $ sudo -u jim -g audio vi ~jim/sound.txt
+
To shutdown a machine:
$ sudo shutdown -r +15 "quick reboot"
-1.7.0 November 15, 2008 8
+1.7.4 July 19, 2010 9
-1.7.0 November 15, 2008 9
+1.7.4 July 19, 2010 10