Cmnd_Alias ::= NAME '=' Cmnd_List
- NAME ::= [A-Z]([A-Z][0-9]_)*
+ NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
Each I<alias> definition is of the form
=over 16
-=item always_set_home
+=item mail_badpass
If set, B<sudo> will set the C<HOME> environment variable to the home
directory of the target user (which is root unless the B<-u> option is used).
=item env_delete
-Environment variables to be removed from the user's environment.
+
+Not effective due to security issues: only variables listed in
+I<env_keep> or I<env_check> can be passed through B<sudo>!
+
The argument may be a double-quoted, space-separated list or a
single value without double-quotes. The list can be replaced, added
to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
=item env_keep
-Environment variables to be preserved in the user's environment
-when the I<env_reset> option is in effect. This allows fine-grained
+Environment variables to be preserved in the user's environment.
+This allows fine-grained
control over the environment B<sudo>-spawned processes will receive.
The argument may be a double-quoted, space-separated list or a
single value without double-quotes. The list can be replaced, added
Below are example I<sudoers> entries. Admittedly, some of
these are a bit contrived. First, we define our I<aliases>:
+Below are example I<sudoers> entries. Admittedly, some of
+these are a bit contrived. First, we allow a few environment
+variables to pass and then define our I<aliases>:
+
+ # Run X applications through sudo; HOME is used to find .Xauthority file
+ # Note that some programs may use HOME for other purposes too and
+ # this may lead to privilege escalation!
+ Defaults env_keep = "DISPLAY HOME"
+
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
projects / debian / sudo / blobdiff