+++ /dev/null
-Copyright (c) 1994-1996, 1998-2005, 2007-2010
- Todd C. Miller <Todd.Miller@courtesan.com>
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-Sponsored in part by the Defense Advanced Research Projects
-Agency (DARPA) and Air Force Research Laboratory, Air Force
-Materiel Command, USAF, under agreement number F39502-99-1-0512.
-
-=pod
-
-=head1 NAME
-
-sudo, sudoedit - execute a command as another user
-
-=head1 SYNOPSIS
-
-B<sudo> B<-h> | B<-K> | B<-k> | B<-L> | B<-V>
-
-B<sudo> B<-v> [B<-AknS>]
-S<[B<-a> I<auth_type>]>
-S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]>
-S<[B<-u> I<username>|I<#uid>]>
-
-B<sudo> B<-l[l]> [B<-AknS>]
-S<[B<-a> I<auth_type>]>
-S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]>
-S<[B<-U> I<user name>]> S<[B<-u> I<user name>|I<#uid>]> [I<command>]
-
-B<sudo> [B<-AbEHnPS>]
-S<[B<-a> I<auth_type>]>
-S<[B<-C> I<fd>]>
-S<[B<-c> I<class>|I<->]>
-S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]>
-S<[B<-r> I<role>]> S<[B<-t> I<type>]>
-S<[B<-u> I<user name>|I<#uid>]>
-S<[B<VAR>=I<value>]> S<[B<-i> | B<-s>]> [I<command>]
-
-B<sudoedit> [B<-AnS>]
-S<[B<-a> I<auth_type>]>
-S<[B<-C> I<fd>]>
-S<[B<-c> I<class>|I<->]>
-S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]>
-S<[B<-u> I<user name>|I<#uid>]> file ...
-
-=head1 DESCRIPTION
-
-B<sudo> allows a permitted user to execute a I<command> as the
-superuser or another user, as specified in the I<sudoers> file.
-The real and effective uid and gid are set to match those of the
-target user as specified in the passwd file and the group vector
-is initialized based on the group file (unless the B<-P> option was
-specified). If the invoking user is root or if the target user is
-the same as the invoking user, no password is required. Otherwise,
-B<sudo> requires that users authenticate themselves with a password
-by default (NOTE: in the default configuration this is the user's
-password, not the root password). Once a user has been authenticated,
-a time stamp is updated and the user may then use sudo without a
-password for a short period of time (C<@timeout@> minutes unless
-overridden in I<sudoers>).
-
-When invoked as B<sudoedit>, the B<-e> option (described below),
-is implied.
-
-B<sudo> determines who is an authorized user by consulting the file
-F<@sysconfdir@/sudoers>. By running B<sudo> with the B<-v> option,
-a user can update the time stamp without running a I<command>. If
-a password is required, B<sudo> will exit if the user's password
-is not entered within a configurable time limit. The default
-password prompt timeout is C<@password_timeout@> minutes.
-
-If a user who is not listed in the I<sudoers> file tries to run a
-command via B<sudo>, mail is sent to the proper authorities, as
-defined at configure time or in the I<sudoers> file (defaults to
-C<@mailto@>). Note that the mail will not be sent if an unauthorized
-user tries to run sudo with the B<-l> or B<-v> option. This allows
-users to determine for themselves whether or not they are allowed
-to use B<sudo>.
-
-If B<sudo> is run by root and the C<SUDO_USER> environment variable
-is set, B<sudo> will use this value to determine who the actual
-user is. This can be used by a user to log commands through sudo
-even when a root shell has been invoked. It also allows the B<-e>
-option to remain useful even when being run via a sudo-run script or
-program. Note however, that the sudoers lookup is still done for
-root, not the user specified by C<SUDO_USER>.
-
-B<sudo> can log both successful and unsuccessful attempts (as well
-as errors) to syslog(3), a log file, or both. By default B<sudo>
-will log via syslog(3) but this is changeable at configure time
-or via the I<sudoers> file.
-
-=head1 OPTIONS
-
-B<sudo> accepts the following command line options:
-
-=over 12
-
-=item -A
-
-Normally, if B<sudo> requires a password, it will read it from the
-current terminal. If the B<-A> (I<askpass>) option is specified,
-a (possibly graphical) helper program is executed to read the
-user's password and output the password to the standard output. If
-the C<SUDO_ASKPASS> environment variable is set, it specifies the
-path to the helper program. Otherwise, the value specified by the
-I<askpass> option in L<sudoers(5)> is used.
-
-=item -a I<type>
-
-The B<-a> (I<authentication type>) option causes B<sudo> to use the
-specified authentication type when validating the user, as allowed
-by F</etc/login.conf>. The system administrator may specify a list
-of sudo-specific authentication methods by adding an "auth-sudo"
-entry in F</etc/login.conf>. This option is only available on systems
-that support BSD authentication.
-
-=item -b
-
-The B<-b> (I<background>) option tells B<sudo> to run the given
-command in the background. Note that if you use the B<-b>
-option you cannot use shell job control to manipulate the process.
-
-=item -C I<fd>
-
-Normally, B<sudo> will close all open file descriptors other than
-standard input, standard output and standard error. The B<-C>
-(I<close from>) option allows the user to specify a starting point
-above the standard error (file descriptor three). Values less than
-three are not permitted. This option is only available if the
-administrator has enabled the I<closefrom_override> option in
-L<sudoers(5)>.
-
-=item -c I<class>
-
-The B<-c> (I<class>) option causes B<sudo> to run the specified command
-with resources limited by the specified login class. The I<class>
-argument can be either a class name as defined in F</etc/login.conf>,
-or a single '-' character. Specifying a I<class> of C<-> indicates
-that the command should be run restricted by the default login
-capabilities for the user the command is run as. If the I<class>
-argument specifies an existing user class, the command must be run
-as root, or the B<sudo> command must be run from a shell that is already
-root. This option is only available on systems with BSD login classes.
-
-=item -E
-
-The B<-E> (I<preserve> I<environment>) option will override the
-I<env_reset> option in L<sudoers(5)>). It is only
-available when either the matching command has the C<SETENV> tag
-or the I<setenv> option is set in L<sudoers(5)>.
-
-=item -e
-
-The B<-e> (I<edit>) option indicates that, instead of running
-a command, the user wishes to edit one or more files. In lieu
-of a command, the string "sudoedit" is used when consulting
-the I<sudoers> file. If the user is authorized by I<sudoers>
-the following steps are taken:
-
-=over 4
-
-=item 1.
-
-Temporary copies are made of the files to be edited with the owner
-set to the invoking user.
-
-=item 2.
-
-The editor specified by the C<SUDO_EDITOR>, C<VISUAL> or C<EDITOR>
-environment variables is run to edit the temporary files. If none
-of C<SUDO_EDITOR>, C<VISUAL> or C<EDITOR> are set, the first program
-listed in the I<editor> I<sudoers> variable is used.
-
-=item 3.
-
-If they have been modified, the temporary files are copied back to
-their original location and the temporary versions are removed.
-
-=back
-
-If the specified file does not exist, it will be created. Note
-that unlike most commands run by B<sudo>, the editor is run with
-the invoking user's environment unmodified. If, for some reason,
-B<sudo> is unable to update a file with its edited version, the
-user will receive a warning and the edited copy will remain in a
-temporary file.
-
-=item -g I<group>
-
-Normally, B<sudo> sets the primary group to the one specified by
-the passwd database for the user the command is being run as (by
-default, root). The B<-g> (I<group>) option causes B<sudo> to run
-the specified command with the primary group set to I<group>. To
-specify a I<gid> instead of a I<group name>, use I<#gid>. When
-running commands as a I<gid>, many shells require that the '#' be
-escaped with a backslash ('\'). If no B<-u> option is specified,
-the command will be run as the invoking user (not root). In either
-case, the primary group will be set to I<group>.
-
-=item -H
-
-The B<-H> (I<HOME>) option sets the C<HOME> environment variable
-to the homedir of the target user (root by default) as specified
-in passwd(5). The default handling of the C<HOME> environment
-variable depends on L<sudoers(5)> settings. By default, B<sudo>
-will set C<HOME> if I<env_reset> or I<always_set_home> are set, or
-if I<set_home> is set and the B<-s> option is specified on the
-command line.
-
-=item -h
-
-The B<-h> (I<help>) option causes B<sudo> to print a usage message and exit.
-
-=item -i [command]
-
-The B<-i> (I<simulate initial login>) option runs the shell specified
-in the L<passwd(5)> entry of the target user as a login shell. This
-means that login-specific resource files such as C<.profile> or
-C<.login> will be read by the shell. If a command is specified,
-it is passed to the shell for execution. Otherwise, an interactive
-shell is executed. B<sudo> attempts to change to that user's home
-directory before running the shell. It also initializes the
-environment, leaving I<DISPLAY> and I<TERM> unchanged, setting
-I<HOME>, I<MAIL>, I<SHELL>, I<USER>, I<LOGNAME>, and I<PATH>, as well as
-the contents of F</etc/environment> on Linux and AIX systems.
-All other environment variables are removed.
-
-=item -K
-
-The B<-K> (sure I<kill>) option is like B<-k> except that it removes
-the user's time stamp entirely and may not be used in conjunction
-with a command or other option. This option does not require a
-password.
-
-=item -k
-
-When used by itself, the B<-k> (I<kill>) option to B<sudo> invalidates
-the user's time stamp by setting the time on it to the Epoch. The
-next time B<sudo> is run a password will be required. This option
-does not require a password and was added to allow a user to revoke
-B<sudo> permissions from a .logout file.
-
-When used in conjunction with a command or an option that may require
-a password, the B<-k> option will cause B<sudo> to ignore the user's
-time stamp file. As a result, B<sudo> will prompt for a password
-(if one is required by I<sudoers>) and will not update the user's
-time stamp file.
-
-=item -L
-
-The B<-L> (I<list> defaults) option will list the parameters that
-may be set in a I<Defaults> line along with a short description for
-each. This option will be removed from a future version of B<sudo>.
-
-=item -l[l] [I<command>]
-
-If no I<command> is specified, the B<-l> (I<list>) option will list
-the allowed (and forbidden) commands for the invoking user (or the
-user specified by the B<-U> option) on the current host. If a
-I<command> is specified and is permitted by I<sudoers>, the
-fully-qualified path to the command is displayed along with any
-command line arguments. If I<command> is specified but not allowed,
-B<sudo> will exit with a status value of 1. If the B<-l> option is
-specified with an B<l> argument (i.e. B<-ll>), or if B<-l>
-is specified multiple times, a longer list format is used.
-
-=item -n
-
-The B<-n> (I<non-interactive>) option prevents B<sudo> from prompting
-the user for a password. If a password is required for the command
-to run, B<sudo> will display an error messages and exit.
-
-=item -P
-
-The B<-P> (I<preserve> I<group vector>) option causes B<sudo> to
-preserve the invoking user's group vector unaltered. By default,
-B<sudo> will initialize the group vector to the list of groups the
-target user is in. The real and effective group IDs, however, are
-still set to match the target user.
-
-=item -p I<prompt>
-
-The B<-p> (I<prompt>) option allows you to override the default
-password prompt and use a custom one. The following percent (`C<%>')
-escapes are supported:
-
-=over 4
-
-=item C<%H>
-
-expanded to the local host name including the domain name
-(on if the machine's host name is fully qualified or the I<fqdn>
-I<sudoers> option is set)
-
-=item C<%h>
-
-expanded to the local host name without the domain name
-
-=item C<%p>
-
-expanded to the user whose password is being asked for (respects the
-I<rootpw>, I<targetpw> and I<runaspw> flags in I<sudoers>)
-
-=item C<%U>
-
-expanded to the login name of the user the command will
-be run as (defaults to root)
-
-=item C<%u>
-
-expanded to the invoking user's login name
-
-=item C<%%>
-
-two consecutive C<%> characters are collapsed into a single C<%> character
-
-=back
-
-The prompt specified by the B<-p> option will override the system
-password prompt on systems that support PAM unless the
-I<passprompt_override> flag is disabled in I<sudoers>.
-
-=item -r I<role>
-
-The B<-r> (I<role>) option causes the new (SELinux) security context to
-have the role specified by I<role>.
-
-=item -S
-
-The B<-S> (I<stdin>) option causes B<sudo> to read the password from
-the standard input instead of the terminal device. The password must
-be followed by a newline character.
-
-=item -s [command]
-
-The B<-s> (I<shell>) option runs the shell specified by the I<SHELL>
-environment variable if it is set or the shell as specified in
-L<passwd(5)>. If a command is specified, it is passed to the shell
-for execution. Otherwise, an interactive shell is executed.
-
-=item -t I<type>
-
-The B<-t> (I<type>) option causes the new (SELinux) security context to
-have the type specified by I<type>. If no type is specified, the default
-type is derived from the specified role.
-
-=item -U I<user>
-
-The B<-U> (I<other user>) option is used in conjunction with the B<-l>
-option to specify the user whose privileges should be listed. Only
-root or a user with B<sudo> C<ALL> on the current host may use this
-option.
-
-=item -u I<user>
-
-The B<-u> (I<user>) option causes B<sudo> to run the specified
-command as a user other than I<root>. To specify a I<uid> instead
-of a I<user name>, use I<#uid>. When running commands as a I<uid>,
-many shells require that the '#' be escaped with a backslash ('\').
-Note that if the I<targetpw> Defaults option is set (see L<sudoers(5)>)
-it is not possible to run commands with a uid not listed in the
-password database.
-
-=item -V
-
-The B<-V> (I<version>) option causes B<sudo> to print the version
-number and exit. If the invoking user is already root the B<-V>
-option will print out a list of the defaults B<sudo> was compiled
-with as well as the machine's local network addresses.
-
-=item -v
-
-If given the B<-v> (I<validate>) option, B<sudo> will update the
-user's time stamp, prompting for the user's password if necessary.
-This extends the B<sudo> timeout for another C<@timeout@> minutes
-(or whatever the timeout is set to in I<sudoers>) but does not run
-a command.
-
-=item --
-
-The B<--> option indicates that B<sudo> should stop processing command
-line arguments.
-
-=back
-
-Environment variables to be set for the command may also be passed
-on the command line in the form of B<VAR>=I<value>, e.g.
-B<LD_LIBRARY_PATH>=I</usr/local/pkg/lib>. Variables passed on the
-command line are subject to the same restrictions as normal environment
-variables with one important exception. If the I<setenv> option
-is set in I<sudoers>, the command to be run has the C<SETENV> tag
-set or the command matched is C<ALL>, the user may set variables
-that would overwise be forbidden. See L<sudoers(5)> for more information.
-
-=head1 RETURN VALUES
-
-Upon successful execution of a program, the exit status from B<sudo>
-will simply be the exit status of the program that was executed.
-
-Otherwise, B<sudo> quits with an exit value of 1 if there is a
-configuration/permission problem or if B<sudo> cannot execute the
-given command. In the latter case the error string is printed to
-stderr. If B<sudo> cannot L<stat(2)> one or more entries in the user's
-C<PATH> an error is printed on stderr. (If the directory does not
-exist or if it is not really a directory, the entry is ignored and
-no error is printed.) This should not happen under normal
-circumstances. The most common reason for L<stat(2)> to return
-"permission denied" is if you are running an automounter and one
-of the directories in your C<PATH> is on a machine that is currently
-unreachable.
-
-=head1 SECURITY NOTES
-
-B<sudo> tries to be safe when executing external commands.
-
-There are two distinct ways to deal with environment variables.
-By default, the I<env_reset> I<sudoers> option is enabled.
-This causes commands to be executed with a minimal environment
-containing C<TERM>, C<PATH>, C<HOME>, C<SHELL>, C<LOGNAME>, C<USER>
-and C<USERNAME> in addition to variables from the invoking process
-permitted by the I<env_check> and I<env_keep> I<sudoers> options.
-There is effectively a whitelist for environment variables.
-
-If, however, the I<env_reset> option is disabled in I<sudoers>, any
-variables not explicitly denied by the I<env_check> and I<env_delete>
-options are inherited from the invoking process. In this case,
-I<env_check> and I<env_delete> behave like a blacklist. Since it
-is not possible to blacklist all potentially dangerous environment
-variables, use of the default I<env_reset> behavior is encouraged.
-
-In all cases, environment variables with a value beginning with
-C<()> are removed as they could be interpreted as B<bash> functions.
-The list of environment variables that B<sudo> allows or denies is
-contained in the output of C<sudo -V> when run as root.
-
-Note that the dynamic linker on most operating systems will remove
-variables that can control dynamic linking from the environment of
-setuid executables, including B<sudo>. Depending on the operating
-system this may include C<_RLD*>, C<DYLD_*>, C<LD_*>, C<LDR_*>,
-C<LIBPATH>, C<SHLIB_PATH>, and others. These type of variables are
-removed from the environment before B<sudo> even begins execution
-and, as such, it is not possible for B<sudo> to preserve them.
-
-To prevent command spoofing, B<sudo> checks "." and "" (both denoting
-current directory) last when searching for a command in the user's
-PATH (if one or both are in the PATH). Note, however, that the
-actual C<PATH> environment variable is I<not> modified and is passed
-unchanged to the program that B<sudo> executes.
-
-B<sudo> will check the ownership of its time stamp directory
-(F<@timedir@> by default) and ignore the directory's contents if
-it is not owned by root or if it is writable by a user other than
-root. On systems that allow non-root users to give away files via
-L<chown(2)>, if the time stamp directory is located in a directory
-writable by anyone (e.g., F</tmp>), it is possible for a user to
-create the time stamp directory before B<sudo> is run. However,
-because B<sudo> checks the ownership and mode of the directory and
-its contents, the only damage that can be done is to "hide" files
-by putting them in the time stamp dir. This is unlikely to happen
-since once the time stamp dir is owned by root and inaccessible by
-any other user, the user placing files there would be unable to get
-them back out. To get around this issue you can use a directory
-that is not world-writable for the time stamps (F</var/adm/sudo> for
-instance) or create F<@timedir@> with the appropriate owner (root)
-and permissions (0700) in the system startup files.
-
-B<sudo> will not honor time stamps set far in the future.
-Timestamps with a date greater than current_time + 2 * C<TIMEOUT>
-will be ignored and sudo will log and complain. This is done to
-keep a user from creating his/her own time stamp with a bogus
-date on systems that allow users to give away files.
-
-On systems where the boot time is available, B<sudo> will also not
-honor time stamps from before the machine booted.
-
-Since time stamp files live in the file system, they can outlive a
-user's login session. As a result, a user may be able to login,
-run a command with B<sudo> after authenticating, logout, login
-again, and run B<sudo> without authenticating so long as the time
-stamp file's modification time is within C<@timeout@> minutes (or
-whatever the timeout is set to in I<sudoers>). When the I<tty_tickets>
-option is enabled in I<sudoers>, the time stamp has per-tty granularity
-but still may outlive the user's session. On Linux systems where
-the devpts filesystem is used, Solaris systems with the devices
-filesystem, as well as other systems that utilize a devfs filesystem
-that monotonically increase the inode number of devices as they are
-created (such as Mac OS X), B<sudo> is able to determine when a
-tty-based time stamp file is stale and will ignore it. Administrators
-should not rely on this feature as it is not universally available.
-
-Please note that B<sudo> will normally only log the command it
-explicitly runs. If a user runs a command such as C<sudo su> or
-C<sudo sh>, subsequent commands run from that shell will I<not> be
-logged, nor will B<sudo>'s access control affect them. The same
-is true for commands that offer shell escapes (including most
-editors). Because of this, care must be taken when giving users
-access to commands via B<sudo> to verify that the command does not
-inadvertently give the user an effective root shell. For more
-information, please see the C<PREVENTING SHELL ESCAPES> section in
-L<sudoers(5)>.
-
-=head1 ENVIRONMENT
-
-B<sudo> utilizes the following environment variables:
-
-=over 16
-
-=item C<EDITOR>
-
-Default editor to use in B<-e> (sudoedit) mode if neither C<SUDO_EDITOR>
-nor C<VISUAL> is set
-
-=item C<MAIL>
-
-In B<-i> mode or when I<env_reset> is enabled in I<sudoers>, set
-to the mail spool of the target user
-
-=item C<HOME>
-
-Set to the home directory of the target user if B<-i> or B<-H> are
-specified, I<env_reset> or I<always_set_home> are set in I<sudoers>,
-or when the B<-s> option is specified and I<set_home> is set in
-I<sudoers>
-
-=item C<PATH>
-
-Set to a sane value if the I<secure_path> sudoers option is set.
-
-=item C<SHELL>
-
-Used to determine shell to run with C<-s> option
-
-=item C<SUDO_ASKPASS>
-
-Specifies the path to a helper program used to read the password
-if no terminal is available or if the C<-A> option is specified.
-
-=item C<SUDO_COMMAND>
-
-Set to the command run by sudo
-
-=item C<SUDO_EDITOR>
-
-Default editor to use in B<-e> (sudoedit) mode
-
-=item C<SUDO_GID>
-
-Set to the group ID of the user who invoked sudo
-
-=item C<SUDO_PROMPT>
-
-Used as the default password prompt
-
-=item C<SUDO_PS1>
-
-If set, C<PS1> will be set to its value for the program being run
-
-=item C<SUDO_UID>
-
-Set to the user ID of the user who invoked sudo
-
-=item C<SUDO_USER>
-
-Set to the login of the user who invoked sudo
-
-=item C<USER>
-
-Set to the target user (root unless the B<-u> option is specified)
-
-=item C<VISUAL>
-
-Default editor to use in B<-e> (sudoedit) mode if C<SUDO_EDITOR>
-is not set
-
-=back
-
-=head1 FILES
-
-=over 24
-
-=item F<@sysconfdir@/sudoers>
-
-List of who can run what
-
-=item F<@timedir@>
-
-Directory containing time stamps
-
-=item F</etc/environment>
-
-Initial environment for B<-i> mode on Linux and AIX
-
-=back
-
-=head1 EXAMPLES
-
-Note: the following examples assume suitable L<sudoers(5)> entries.
-
-To get a file listing of an unreadable directory:
-
- $ sudo ls /usr/local/protected
-
-To list the home directory of user yaz on a machine where the
-file system holding ~yaz is not exported as root:
-
- $ sudo -u yaz ls ~yaz
-
-To edit the F<index.html> file as user www:
-
- $ sudo -u www vi ~www/htdocs/index.html
-
-To view system logs only accessible to root and users in the adm group:
-
- $ sudo -g adm view /var/log/syslog
-
-To run an editor as jim with a different primary group:
-
- $ sudo -u jim -g audio vi ~jim/sound.txt
-
-To shutdown a machine:
-
- $ sudo shutdown -r +15 "quick reboot"
-
-To make a usage listing of the directories in the /home
-partition. Note that this runs the commands in a sub-shell
-to make the C<cd> and file redirection work.
-
- $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
-
-=head1 SEE ALSO
-
-L<grep(1)>, L<su(1)>, L<stat(2)>,
-L<login_cap(3)>,
-L<passwd(5)>, L<sudoers(5)>, L<visudo(8)>
-
-=head1 AUTHORS
-
-Many people have worked on B<sudo> over the years; this
-version consists of code written primarily by:
-
- Todd C. Miller
-
-See the HISTORY file in the B<sudo> distribution or visit
-http://www.sudo.ws/sudo/history.html for a short history
-of B<sudo>.
-
-=head1 CAVEATS
-
-There is no easy way to prevent a user from gaining a root shell
-if that user is allowed to run arbitrary commands via B<sudo>.
-Also, many programs (such as editors) allow the user to run commands
-via shell escapes, thus avoiding B<sudo>'s checks. However, on
-most systems it is possible to prevent shell escapes with B<sudo>'s
-I<noexec> functionality. See the L<sudoers(5)> manual
-for details.
-
-It is not meaningful to run the C<cd> command directly via sudo, e.g.,
-
- $ sudo cd /usr/local/protected
-
-since when the command exits the parent process (your shell) will
-still be the same. Please see the EXAMPLES section for more information.
-
-If users have sudo C<ALL> there is nothing to prevent them from
-creating their own program that gives them a root shell regardless
-of any '!' elements in the user specification.
-
-Running shell scripts via B<sudo> can expose the same kernel bugs that
-make setuid shell scripts unsafe on some operating systems (if your OS
-has a /dev/fd/ directory, setuid shell scripts are generally safe).
-
-=head1 BUGS
-
-If you feel you have found a bug in B<sudo>, please submit a bug report
-at http://www.sudo.ws/sudo/bugs/
-
-=head1 SUPPORT
-
-Limited free support is available via the sudo-users mailing list,
-see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
-search the archives.
-
-=head1 DISCLAIMER
-
-B<sudo> is provided ``AS IS'' and any express or implied warranties,
-including, but not limited to, the implied warranties of merchantability
-and fitness for a particular purpose are disclaimed. See the LICENSE
-file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
-for complete details.
projects / debian / sudo / blobdiff