-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2008
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2009
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.\" $Sudo: sudo.man.in,v 1.53 2008/11/15 18:34:26 millert Exp $
+.\" $Sudo: sudo.man.in,v 1.56 2009/06/29 13:36:42 millert Exp $
.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
.\"
.\" Standard preamble:
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "November 15, 2008" "1.7.0" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "June 15, 2009" "1.7.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
-\&\fBsudo\fR [\fB\-n\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR | \fB\-v\fR
+\&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR
.PP
-\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AnS\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR]
-[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fIcommand\fR]
+\&\fBsudo\fR \fB\-v\fR [\fB\-AknS\fR]
+@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
+[\fB\-p\fR\ \fIprompt\fR]
+.PP
+\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AknS\fR]
+@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
+[\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
+[\fB\-U\fR\ \fIusername\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fIcommand\fR]
.PP
\&\fBsudo\fR [\fB\-AbEHnPS\fR]
@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
.IX Item "-A"
Normally, if \fBsudo\fR requires a password, it will read it from the
current terminal. If the \fB\-A\fR (\fIaskpass\fR) option is specified,
-a helper program is executed to read the user's password and output
-the password to the standard output. If the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR
-environment variable is set, it specifies the path to the helper
-program. Otherwise, the value specified by the \fIaskpass\fR option
-in \fIsudoers\fR\|(@mansectform@) is used.
+a (possibly graphical) helper program is executed to read the
+user's password and output the password to the standard output. If
+the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable is set, it specifies the
+path to the helper program. Otherwise, the value specified by the
+\&\fIaskpass\fR option in \fIsudoers\fR\|(@mansectform@) is used.
@BAMAN@.IP "\-a \fItype\fR" 12
@BAMAN@.IX Item "-a type"
@BAMAN@The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
.IP "\-K" 12
.IX Item "-K"
The \fB\-K\fR (sure \fIkill\fR) option is like \fB\-k\fR except that it removes
-the user's timestamp entirely. Like \fB\-k\fR, this option does not
-require a password.
+the user's timestamp entirely and may not be used in conjunction
+with a command or other option. This option does not require a
+password.
.IP "\-k" 12
.IX Item "-k"
-The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
-by setting the time on it to the Epoch. The next time \fBsudo\fR is
-run a password will be required. This option does not require a password
-and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
-file.
+When used by itself, the \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates
+the user's timestamp by setting the time on it to the Epoch. The
+next time \fBsudo\fR is run a password will be required. This option
+does not require a password and was added to allow a user to revoke
+\&\fBsudo\fR permissions from a .logout file.
+.Sp
+When used in conjunction with a command or an option that may require
+a password, the \fB\-k\fR option will cause \fBsudo\fR to ignore the user's
+timestamp file. As a result, \fBsudo\fR will prompt for a password
+(if one is required by \fIsudoers\fR) and will not update the user's
+timestamp file.
.IP "\-L" 12
.IX Item "-L"
The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters
\& $ sudo ls /usr/local/protected
.Ve
.PP
-To list the home directory of user yazza on a machine where the
-file system holding ~yazza is not exported as root:
+To list the home directory of user yaz on a machine where the
+file system holding ~yaz is not exported as root:
.PP
.Vb 1
-\& $ sudo \-u yazza ls ~yazza
+\& $ sudo \-u yaz ls ~yaz
.Ve
.PP
To edit the \fIindex.html\fR file as user www:
\& $ sudo \-u www vi ~www/htdocs/index.html
.Ve
.PP
+To view system logs only accessible to root and users in the adm group:
+.PP
+.Vb 1
+\& $ sudo \-g adm view /var/log/syslog
+.Ve
+.PP
+To run an editor as jim with a different primary group:
+.PP
+.Vb 1
+\& $ sudo \-u jim \-g audio vi ~jim/sound.txt
+.Ve
+.PP
To shutdown a machine:
.PP
.Vb 1
projects / debian / sudo / blobdiff