X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=doc%2Fsudo.cat;h=75f6876b539d0ae03e839c6dd68ec84013e5ce2a;hb=e8db7f6eea9b35527ddd4532affabd18a30549b5;hp=c32092beee90009637cb04e207d0237298cf6377;hpb=2e444a5714593fb7659157cee2e7037577c0bdcd;p=debian%2Fsudo diff --git a/doc/sudo.cat b/doc/sudo.cat index c32092b..75f6876 100644 --- a/doc/sudo.cat +++ b/doc/sudo.cat @@ -1,627 +1,564 @@ -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - - +SUDO(1m) System Manager's Manual SUDO(1m) NNAAMMEE - sudo, sudoedit - execute a command as another user + ssuuddoo, ssuuddooeeddiitt - execute a command as another user SSYYNNOOPPSSIISS - ssuuddoo --hh | --KK | --kk | --VV - - ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] - [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] - - ssuuddoo --ll[[ll]] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] - [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d] - - ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] - [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] - [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] [--ii | --ss] [_c_o_m_m_a_n_d] - - ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] - [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] file ... + ssuuddoo --hh | --KK | --kk | --VV + ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--pp _p_r_o_m_p_t] + [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] + ssuuddoo --ll[_l] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--pp _p_r_o_m_p_t] + [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] [_c_o_m_m_a_n_d] + ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s | _-] + [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] + [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] [VVAARR=_v_a_l_u_e] --ii | --ss [_c_o_m_m_a_n_d] + ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s | _-] + [--gg _g_r_o_u_p _n_a_m_e | _#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e | _#_u_i_d] file + ... DDEESSCCRRIIPPTTIIOONN - ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or - another user, as specified by the security policy. The real and - effective uid and gid are set to match those of the target user, as - specified in the password database, and the group vector is initialized - based on the group database (unless the --PP option was specified). - - ssuuddoo supports a plugin architecture for security policies and - input/output logging. Third parties can develop and distribute their - own policy and I/O logging modules to work seamlessly with the ssuuddoo - front end. The default security policy is _s_u_d_o_e_r_s, which is configured - via the file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP. See the PLUGINS section for - more information. - - The security policy determines what privileges, if any, a user has to - run ssuuddoo. The policy may require that users authenticate themselves - with a password or another authentication mechanism. If authentication - is required, ssuuddoo will exit if the user's password is not entered - within a configurable time limit. This limit is policy-specific; the - default password prompt timeout for the _s_u_d_o_e_r_s security policy is 5 - minutes. - - Security policies may support credential caching to allow the user to - run ssuuddoo again for a period of time without requiring authentication. - The _s_u_d_o_e_r_s policy caches credentials for 5 minutes, unless overridden - in _s_u_d_o_e_r_s(4). By running ssuuddoo with the --vv option, a user can update - the cached credentials without running a _c_o_m_m_a_n_d. - - When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied. - - Security policies may log successful and failed attempts to use ssuuddoo. - If an I/O plugin is configured, the running command's input and output - may be logged as well. - -OOPPTTIIOONNSS - ssuuddoo accepts the following command line options: - - -A Normally, if ssuuddoo requires a password, it will read it from - the user's terminal. If the --AA (_a_s_k_p_a_s_s) option is - specified, a (possibly graphical) helper program is - executed to read the user's password and output the - password to the standard output. If the SUDO_ASKPASS - environment variable is set, it specifies the path to the - helper program. Otherwise, if _/_e_t_c_/_s_u_d_o_._c_o_n_f contains a - line specifying the askpass program, that value will be - used. For example: - - # Path to askpass helper program - Path askpass /usr/X11R6/bin/ssh-askpass - - If no askpass program is available, sudo will exit with an - error. - - -a _t_y_p_e The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the - specified authentication type when validating the user, as - allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system administrator may - specify a list of sudo-specific authentication methods by - adding an "auth-sudo" entry in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. This - option is only available on systems that support BSD - authentication. - - -b The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given - command in the background. Note that if you use the --bb - option you cannot use shell job control to manipulate the - process. Most interactive commands will fail to work - properly in background mode. - - -C _f_d Normally, ssuuddoo will close all open file descriptors other - than standard input, standard output and standard error. - The --CC (_c_l_o_s_e _f_r_o_m) option allows the user to specify a - starting point above the standard error (file descriptor - three). Values less than three are not permitted. The - security policy may restrict the user's ability to use the - --CC option. The _s_u_d_o_e_r_s policy only permits use of the --CC - option when the administrator has enabled the - _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option. - - -c _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified - command with resources limited by the specified login - class. The _c_l_a_s_s argument can be either a class name as - defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single '-' character. - Specifying a _c_l_a_s_s of - indicates that the command should - be run restricted by the default login capabilities for the - user the command is run as. If the _c_l_a_s_s argument - specifies an existing user class, the command must be run - as root, or the ssuuddoo command must be run from a shell that - is already root. This option is only available on systems - with BSD login classes. - - -E The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option indicates to the - security policy that the user wishes to preserve their - existing environment variables. The security policy may - return an error if the --EE option is specified and the user - does not have permission to preserve the environment. - - -e The --ee (_e_d_i_t) option indicates that, instead of running a - command, the user wishes to edit one or more files. In - lieu of a command, the string "sudoedit" is used when - consulting the security policy. If the user is authorized - by the policy, the following steps are taken: - - 1. Temporary copies are made of the files to be edited + ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or + another user, as specified by the security policy. + + ssuuddoo supports a plugin architecture for security policies and + input/output logging. Third parties can develop and distribute their own + policy and I/O logging plugins to work seamlessly with the ssuuddoo front + end. The default security policy is _s_u_d_o_e_r_s, which is configured via the + file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP. See the _P_l_u_g_i_n_s section for more + information. + + The security policy determines what privileges, if any, a user has to run + ssuuddoo. The policy may require that users authenticate themselves with a + password or another authentication mechanism. If authentication is + required, ssuuddoo will exit if the user's password is not entered within a + configurable time limit. This limit is policy-specific; the default + password prompt timeout for the _s_u_d_o_e_r_s security policy is 5 minutes. + + Security policies may support credential caching to allow the user to run + ssuuddoo again for a period of time without requiring authentication. The + _s_u_d_o_e_r_s policy caches credentials for 5 minutes, unless overridden in + sudoers(4). By running ssuuddoo with the --vv option, a user can update the + cached credentials without running a _c_o_m_m_a_n_d. + + When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied. + + Security policies may log successful and failed attempts to use ssuuddoo. If + an I/O plugin is configured, the running command's input and output may + be logged as well. + + The options are as follows: + + --AA Normally, if ssuuddoo requires a password, it will read it from + the user's terminal. If the --AA (_a_s_k_p_a_s_s) option is + specified, a (possibly graphical) helper program is executed + to read the user's password and output the password to the + standard output. If the SUDO_ASKPASS environment variable is + set, it specifies the path to the helper program. Otherwise, + if sudo.conf(4) contains a line specifying the askpass + program, that value will be used. For example: + + # Path to askpass helper program + Path askpass /usr/X11R6/bin/ssh-askpass + + If no askpass program is available, ssuuddoo will exit with an + error. + + --aa _t_y_p_e The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the + specified authentication type when validating the user, as + allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system administrator may + specify a list of sudo-specific authentication methods by + adding an ``auth-sudo'' entry in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. This + option is only available on systems that support BSD + authentication. + + --bb The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given + command in the background. Note that if you use the --bb + option you cannot use shell job control to manipulate the + process. Most interactive commands will fail to work + properly in background mode. + + --CC _f_d Normally, ssuuddoo will close all open file descriptors other + than standard input, standard output and standard error. The + --CC (_c_l_o_s_e _f_r_o_m) option allows the user to specify a starting + point above the standard error (file descriptor three). + Values less than three are not permitted. The security + policy may restrict the user's ability to use the --CC option. + The _s_u_d_o_e_r_s policy only permits use of the --CC option when the + administrator has enabled the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option. + + --cc _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified + command with resources limited by the specified login class. + The _c_l_a_s_s argument can be either a class name as defined in + _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single `-' character. Specifying a + _c_l_a_s_s of - indicates that the command should be run + restricted by the default login capabilities for the user the + command is run as. If the _c_l_a_s_s argument specifies an + existing user class, the command must be run as root, or the + ssuuddoo command must be run from a shell that is already root. + This option is only available on systems with BSD login + classes. + + --EE The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option indicates to the + security policy that the user wishes to preserve their + existing environment variables. The security policy may + return an error if the --EE option is specified and the user + does not have permission to preserve the environment. + + --ee The --ee (_e_d_i_t) option indicates that, instead of running a + command, the user wishes to edit one or more files. In lieu + of a command, the string "sudoedit" is used when consulting + the security policy. If the user is authorized by the + policy, the following steps are taken: + + 1. Temporary copies are made of the files to be edited with the owner set to the invoking user. - 2. The editor specified by the policy is run to edit the + 2. The editor specified by the policy is run to edit the temporary files. The _s_u_d_o_e_r_s policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the _e_d_i_t_o_r - _s_u_d_o_e_r_s(4) option is used. + sudoers(4) option is used. - 3. If they have been modified, the temporary files are + 3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed. - If the specified file does not exist, it will be created. - Note that unlike most commands run by ssuuddoo, the editor is - run with the invoking user's environment unmodified. If, - for some reason, ssuuddoo is unable to update a file with its - edited version, the user will receive a warning and the - edited copy will remain in a temporary file. - - -g _g_r_o_u_p Normally, ssuuddoo runs a command with the primary group set to - the one specified by the password database for the user the - command is being run as (by default, root). The --gg (_g_r_o_u_p) - option causes ssuuddoo to run the command with the primary - group set to _g_r_o_u_p instead. To specify a _g_i_d instead of a - _g_r_o_u_p _n_a_m_e, use _#_g_i_d. When running commands as a _g_i_d, many - shells require that the '#' be escaped with a backslash - ('\'). If no --uu option is specified, the command will be - run as the invoking user (not root). In either case, the - primary group will be set to _g_r_o_u_p. - - -H The --HH (_H_O_M_E) option requests that the security policy set - the HOME environment variable to the home directory of the - target user (root by default) as specified by the password - database. Depending on the policy, this may be the default - behavior. - - -h The --hh (_h_e_l_p) option causes ssuuddoo to print a short help - message to the standard output and exit. - - -i [command] - The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell - specified by the password database entry of the target user - as a login shell. This means that login-specific resource - files such as .profile or .login will be read by the shell. - If a command is specified, it is passed to the shell for - execution via the shell's --cc option. If no command is - specified, an interactive shell is executed. ssuuddoo attempts - to change to that user's home directory before running the - shell. The security policy shall initialize the - environment to a minimal set of variables, similar to what - is present when a user logs in. The _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t - section in the _s_u_d_o_e_r_s(4) manual documents how the --ii - option affects the environment in which a command is run - when the _s_u_d_o_e_r_s policy is in use. - - -K The --KK (sure _k_i_l_l) option is like --kk except that it removes - the user's cached credentials entirely and may not be used - in conjunction with a command or other option. This option - does not require a password. Not all security policies - support credential caching. - - -k [command] - When used alone, the --kk (_k_i_l_l) option to ssuuddoo invalidates - the user's cached credentials. The next time ssuuddoo is run a - password will be required. This option does not require a - password and was added to allow a user to revoke ssuuddoo - permissions from a .logout file. Not all security policies - support credential caching. - - When used in conjunction with a command or an option that - may require a password, the --kk option will cause ssuuddoo to - ignore the user's cached credentials. As a result, ssuuddoo - will prompt for a password (if one is required by the - security policy) and will not update the user's cached - credentials. - - -l[l] [_c_o_m_m_a_n_d] - If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list - the allowed (and forbidden) commands for the invoking user - (or the user specified by the --UU option) on the current - host. If a _c_o_m_m_a_n_d is specified and is permitted by the - security policy, the fully-qualified path to the command is - displayed along with any command line arguments. If - _c_o_m_m_a_n_d is specified but not allowed, ssuuddoo will exit with a - status value of 1. If the --ll option is specified with an ll - argument (i.e. --llll), or if --ll is specified multiple times, - a longer list format is used. - - -n The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from - prompting the user for a password. If a password is - required for the command to run, ssuuddoo will display an error - messages and exit. - - -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to - preserve the invoking user's group vector unaltered. By - default, the _s_u_d_o_e_r_s policy will initialize the group - vector to the list of groups the target user is in. The - real and effective group IDs, however, are still set to - match the target user. - - -p _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default - password prompt and use a custom one. The following - percent (`%') escapes are supported by the _s_u_d_o_e_r_s policy: - - %H expanded to the host name including the domain name (on - if the machine's host name is fully qualified or the - _f_q_d_n option is set in _s_u_d_o_e_r_s(4)) - - %h expanded to the local host name without the domain name - - %p expanded to the name of the user whose password is - being requested (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and - _r_u_n_a_s_p_w flags in _s_u_d_o_e_r_s(4)) - - %U expanded to the login name of the user the command will - be run as (defaults to root unless the -u option is - also specified) - - %u expanded to the invoking user's login name - - %% two consecutive % characters are collapsed into a - single % character - - The prompt specified by the --pp option will override the - system password prompt on systems that support PAM unless - the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s. - - -r _r_o_l_e The --rr (_r_o_l_e) option causes the new (SELinux) security - context to have the role specified by _r_o_l_e. - - -S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from - the standard input instead of the terminal device. The - password must be followed by a newline character. - - -s [command] - The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L - environment variable if it is set or the shell as specified - in the password database. If a command is specified, it is - passed to the shell for execution via the shell's --cc - option. If no command is specified, an interactive shell - is executed. - - -t _t_y_p_e The --tt (_t_y_p_e) option causes the new (SELinux) security - context to have the type specified by _t_y_p_e. If no type is - specified, the default type is derived from the specified - role. - - -U _u_s_e_r The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the - --ll option to specify the user whose privileges should be - listed. The security policy may restrict listing other - users' privileges. The _s_u_d_o_e_r_s policy only allows root or - a user with the ALL privilege on the current host to use - this option. - - -u _u_s_e_r The --uu (_u_s_e_r) option causes ssuuddoo to run the specified - command as a user other than _r_o_o_t. To specify a _u_i_d - instead of a _u_s_e_r _n_a_m_e, use _#_u_i_d. When running commands as - a _u_i_d, many shells require that the '#' be escaped with a - backslash ('\'). Security policies may restrict _u_i_ds to - those listed in the password database. The _s_u_d_o_e_r_s policy - allows _u_i_ds that are not in the password database as long - as the _t_a_r_g_e_t_p_w option is not set. Other security policies - may not support this. - - -V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print its version - string and the version string of the security policy plugin - and any I/O plugins. If the invoking user is already root - the --VV option will display the arguments passed to - configure when _s_u_d_o was built and plugins may display more - verbose information such as default options. - - -v When given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the - user's cached credentials, authenticating the user's - password if necessary. For the _s_u_d_o_e_r_s plugin, this - extends the ssuuddoo timeout for another 5 minutes (or whatever - the timeout is set to in _s_u_d_o_e_r_s) but does not run a - command. Not all security policies support cached - credentials. - - -- The ---- option indicates that ssuuddoo should stop processing - command line arguments. - - Environment variables to be set for the command may also be passed on - the command line in the form of VVAARR=_v_a_l_u_e, e.g. - LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b. Variables passed on the command - line are subject to the same restrictions as normal environment - variables with one important exception. If the _s_e_t_e_n_v option is set in - _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command - matched is ALL, the user may set variables that would otherwise be - forbidden. See _s_u_d_o_e_r_s(4) for more information. - -PPLLUUGGIINNSS - Plugins are dynamically loaded based on the contents of the - _/_e_t_c_/_s_u_d_o_._c_o_n_f file. If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, or it - contains no Plugin lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s - security policy and I/O logging, which corresponds to the following - _/_e_t_c_/_s_u_d_o_._c_o_n_f file. - - # - # Default /etc/sudo.conf file - # - # Format: - # Plugin plugin_name plugin_path plugin_options ... - # Path askpass /path/to/askpass - # Path noexec /path/to/sudo_noexec.so - # Debug sudo /var/log/sudo_debug all@warn - # Set disable_coredump true - # - # The plugin_path is relative to /usr/local/libexec unless - # fully qualified. - # The plugin_name corresponds to a global symbol in the plugin - # that contains the plugin interface structure. - # The plugin_options are optional. - # - Plugin policy_plugin sudoers.so - Plugin io_plugin sudoers.so - - A Plugin line consists of the Plugin keyword, followed by the - _s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin. - The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct - io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified - or relative. If not fully qualified it is relative to the - _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any additional parameters after the _p_a_t_h - are passed as arguments to the plugin's _o_p_e_n function. Lines that - don't begin with Plugin, Path, Debug or Set are silently ignored. - - For more information, see the _s_u_d_o___p_l_u_g_i_n(1m) manual. - -PPAATTHHSS - A Path line consists of the Path keyword, followed by the name of the - path to set and its value. E.g. - - Path noexec /usr/local/libexec/sudo_noexec.so - Path askpass /usr/X11R6/bin/ssh-askpass - - The following plugin-agnostic paths may be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f - file. - - askpass The fully qualified path to a helper program used to - read the user's password when no terminal is available. - This may be the case when ssuuddoo is executed from a - graphical (as opposed to text-based) application. The - program specified by _a_s_k_p_a_s_s should display the - argument passed to it as the prompt and write the - user's password to the standard output. The value of - _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS - environment variable. - - noexec The fully-qualified path to a shared library containing - dummy versions of the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and _f_e_x_e_c_v_e_(_) - library functions that just return an error. This is - used to implement the _n_o_e_x_e_c functionality on systems - that support LD_PRELOAD or its equivalent. Defaults to - _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o. - -DDEEBBUUGG FFLLAAGGSS - ssuuddoo versions 1.8.4 and higher support a flexible debugging framework - that can help track down what ssuuddoo is doing internally if there is a - problem. - - A Debug line consists of the Debug keyword, followed by the name of the - program to debug (ssuuddoo, vviissuuddoo, ssuuddoorreeppllaayy), the debug file name and a - comma-separated list of debug flags. The debug flag syntax used by - ssuuddoo and the _s_u_d_o_e_r_s plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but the plugin is - free to use a different format so long as it does not include a command - ,. - - For instance: - - Debug sudo /var/log/sudo_debug all@warn,plugin@info - - would log all debugging statements at the _w_a_r_n level and higher in - addition to those at the _i_n_f_o level for the plugin subsystem. - - Currently, only one Debug entry per program is supported. The sudo - Debug entry is shared by the ssuuddoo front end, ssuuddooeeddiitt and the plugins. - A future release may add support for per-plugin Debug lines and/or - support for multiple debugging files for a single program. - - The priorities used by the ssuuddoo front end, in order of decreasing - severity, are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g. - Each priority, when specified, also includes all priorities higher than - it. For example, a priority of _n_o_t_i_c_e would include debug messages - logged at _n_o_t_i_c_e and higher. - - The following subsystems are used by ssuuddoo: - - _a_l_l matches every subsystem - - _a_r_g_s command line argument processing - - _c_o_n_v user conversation - - _e_d_i_t sudoedit - - _e_x_e_c command execution - - _m_a_i_n ssuuddoo main function - - _n_e_t_i_f network interface handling - - _p_c_o_m_m communication with the plugin - - _p_l_u_g_i_n plugin configuration - - _p_t_y pseudo-tty related code - - _s_e_l_i_n_u_x SELinux-specific handling - - _u_t_i_l utility functions - - _u_t_m_p utmp handling - -RREETTUURRNN VVAALLUUEESS - Upon successful execution of a program, the exit status from ssuuddoo will - simply be the exit status of the program that was executed. - - Otherwise, ssuuddoo exits with a value of 1 if there is a - configuration/permission problem or if ssuuddoo cannot execute the given - command. In the latter case the error string is printed to the - standard error. If ssuuddoo cannot _s_t_a_t(2) one or more entries in the - user's PATH, an error is printed on stderr. (If the directory does not - exist or if it is not really a directory, the entry is ignored and no - error is printed.) This should not happen under normal circumstances. - The most common reason for _s_t_a_t(2) to return "permission denied" is if - you are running an automounter and one of the directories in your PATH - is on a machine that is currently unreachable. + If the specified file does not exist, it will be created. + Note that unlike most commands run by _s_u_d_o, the editor is run + with the invoking user's environment unmodified. If, for + some reason, ssuuddoo is unable to update a file with its edited + version, the user will receive a warning and the edited copy + will remain in a temporary file. + + --gg _g_r_o_u_p Normally, ssuuddoo runs a command with the primary group set to + the one specified by the password database for the user the + command is being run as (by default, root). The --gg (_g_r_o_u_p) + option causes ssuuddoo to run the command with the primary group + set to _g_r_o_u_p instead. To specify a _g_i_d instead of a _g_r_o_u_p + _n_a_m_e, use _#_g_i_d. When running commands as a _g_i_d, many shells + require that the `#' be escaped with a backslash (`\'). If + no --uu option is specified, the command will be run as the + invoking user (not root). In either case, the primary group + will be set to _g_r_o_u_p. + + --HH The --HH (_H_O_M_E) option requests that the security policy set + the HOME environment variable to the home directory of the + target user (root by default) as specified by the password + database. Depending on the policy, this may be the default + behavior. + + --hh The --hh (_h_e_l_p) option causes ssuuddoo to print a short help + message to the standard output and exit. + + --ii [_c_o_m_m_a_n_d] + The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell + specified by the password database entry of the target user + as a login shell. This means that login-specific resource + files such as _._p_r_o_f_i_l_e or _._l_o_g_i_n will be read by the shell. + If a command is specified, it is passed to the shell for + execution via the shell's --cc option. If no command is + specified, an interactive shell is executed. ssuuddoo attempts + to change to that user's home directory before running the + shell. The security policy shall initialize the environment + to a minimal set of variables, similar to what is present + when a user logs in. The _C_o_m_m_a_n_d _E_n_v_i_r_o_n_m_e_n_t section in the + sudoers(4) manual documents how the --ii option affects the + environment in which a command is run when the _s_u_d_o_e_r_s policy + is in use. + + --KK The --KK (sure _k_i_l_l) option is like --kk except that it removes + the user's cached credentials entirely and may not be used in + conjunction with a command or other option. This option does + not require a password. Not all security policies support + credential caching. + + --kk [_c_o_m_m_a_n_d] + When used alone, the --kk (_k_i_l_l) option to ssuuddoo invalidates the + user's cached credentials. The next time ssuuddoo is run a + password will be required. This option does not require a + password and was added to allow a user to revoke ssuuddoo + permissions from a _._l_o_g_o_u_t file. Not all security policies + support credential caching. + + When used in conjunction with a command or an option that may + require a password, the --kk option will cause ssuuddoo to ignore + the user's cached credentials. As a result, ssuuddoo will prompt + for a password (if one is required by the security policy) + and will not update the user's cached credentials. + + --ll[ll] [_c_o_m_m_a_n_d] + If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list + the allowed (and forbidden) commands for the invoking user + (or the user specified by the --UU option) on the current host. + If a _c_o_m_m_a_n_d is specified and is permitted by the security + policy, the fully-qualified path to the command is displayed + along with any command line arguments. If _c_o_m_m_a_n_d is + specified but not allowed, ssuuddoo will exit with a status value + of 1. If the --ll option is specified with an _l argument (i.e. + --llll), or if --ll is specified multiple times, a longer list + format is used. + + --nn The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from prompting + the user for a password. If a password is required for the + command to run, ssuuddoo will display an error message and exit. + + --PP The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to preserve + the invoking user's group vector unaltered. By default, the + _s_u_d_o_e_r_s policy will initialize the group vector to the list + of groups the target user is in. The real and effective + group IDs, however, are still set to match the target user. + + --pp _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default + password prompt and use a custom one. The following percent + (`%') escapes are supported by the _s_u_d_o_e_r_s policy: + + %H expanded to the host name including the domain name (on + if the machine's host name is fully qualified or the _f_q_d_n + option is set in sudoers(4)) + + %h expanded to the local host name without the domain name + + %p expanded to the name of the user whose password is being + requested (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w, and _r_u_n_a_s_p_w + flags in sudoers(4)) + + %U expanded to the login name of the user the command will + be run as (defaults to root unless the --uu option is also + specified) + + %u expanded to the invoking user's login name + + %% two consecutive `%' characters are collapsed into a + single `%' character + + The prompt specified by the --pp option will override the + system password prompt on systems that support PAM unless the + _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s. + + --rr _r_o_l_e The --rr (_r_o_l_e) option causes the new (SELinux) security + context to have the role specified by _r_o_l_e. + + --SS The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from + the standard input instead of the terminal device. The + password must be followed by a newline character. + + --ss [_c_o_m_m_a_n_d] + The --ss (_s_h_e_l_l) option runs the shell specified by the SHELL + environment variable if it is set or the shell as specified + in the password database. If a command is specified, it is + passed to the shell for execution via the shell's --cc option. + If no command is specified, an interactive shell is executed. + + --tt _t_y_p_e The --tt (_t_y_p_e) option causes the new (SELinux) security + context to have the type specified by _t_y_p_e. If no type is + specified, the default type is derived from the specified + role. + + --UU _u_s_e_r The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the --ll + option to specify the user whose privileges should be listed. + The security policy may restrict listing other users' + privileges. The _s_u_d_o_e_r_s policy only allows root or a user + with the ALL privilege on the current host to use this + option. + + --uu _u_s_e_r The --uu (_u_s_e_r) option causes ssuuddoo to run the specified command + as a user other than _r_o_o_t. To specify a _u_i_d instead of a + _u_s_e_r _n_a_m_e, _#_u_i_d. When running commands as a _u_i_d, many shells + require that the `#' be escaped with a backslash (`\'). + Security policies may restrict _u_i_ds to those listed in the + password database. The _s_u_d_o_e_r_s policy allows _u_i_ds that are + not in the password database as long as the _t_a_r_g_e_t_p_w option + is not set. Other security policies may not support this. + + --VV The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print its version + string and the version string of the security policy plugin + and any I/O plugins. If the invoking user is already root + the --VV option will display the arguments passed to configure + when ssuuddoo was built and plugins may display more verbose + information such as default options. + + --vv When given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the + user's cached credentials, authenticating the user's password + if necessary. For the _s_u_d_o_e_r_s plugin, this extends the ssuuddoo + timeout for another 5 minutes (or whatever the timeout is set + to by the security policy) but does not run a command. Not + all security policies support cached credentials. + + ---- The ---- option indicates that ssuuddoo should stop processing + command line arguments. + + Environment variables to be set for the command may also be passed on the + command line in the form of VVAARR=_v_a_l_u_e, e.g. + LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b. Variables passed on the command line + are subject to the same restrictions as normal environment variables with + one important exception. If the _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s, the + command to be run has the SETENV tag set or the command matched is ALL, + the user may set variables that would otherwise be forbidden. See + sudoers(4) for more information. + +CCOOMMMMAANNDD EEXXEECCUUTTIIOONN + When ssuuddoo executes a command, the security policy specifies the execution + environment for the command. Typically, the real and effective uid and + gid are set to match those of the target user, as specified in the + password database, and the group vector is initialized based on the group + database (unless the --PP option was specified). + + The following parameters may be specified by security policy: + + oo real and effective user ID + + oo real and effective group ID + + oo supplementary group IDs + + oo the environment list + + oo current working directory + + oo file creation mode mask (umask) + + oo SELinux role and type + + oo Solaris project + + oo Solaris privileges + + oo BSD login class + + oo scheduling priority (aka nice value) + + PPrroocceessss mmooddeell + When ssuuddoo runs a command, it calls fork(2), sets up the execution + environment as described above, and calls the execve system call in the + child process. The main ssuuddoo process waits until the command has + completed, then passes the command's exit status to the security policy's + close function and exits. If an I/O logging plugin is configured or if + the security policy explicitly requests it, a new pseudo-terminal + (``pty'') is created and a second ssuuddoo process is used to relay job + control signals between the user's existing pty and the new pty the + command is being run in. This extra process makes it possible to, for + example, suspend and resume the command. Without it, the command would + be in what POSIX terms an ``orphaned process group'' and it would not + receive any job control signals. As a special case, if the policy plugin + does not define a close function and no pty is required, ssuuddoo will + execute the command directly instead of calling fork(2) first. + + SSiiggnnaall hhaannddlliinngg + Because the command is run as a child of the ssuuddoo process, ssuuddoo will + relay signals it receives to the command. Unless the command is being + run in a new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed + unless they are sent by a user process, not the kernel. Otherwise, the + command would receive SIGINT twice every time the user entered control-C. + Some signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will + not be relayed to the command. As a general rule, SIGTSTP should be used + instead of SIGSTOP when you wish to suspend a command being run by ssuuddoo. + + As a special case, ssuuddoo will not relay signals that were sent by the + command it is running. This prevents the command from accidentally + killing itself. On some systems, the reboot(1m) command sends SIGTERM to + all non-system processes other than itself before rebooting the system. + This prevents ssuuddoo from relaying the SIGTERM signal it received back to + reboot(1m), which might then exit before the system was actually rebooted, + leaving it in a half-dead state similar to single user mode. Note, + however, that this check only applies to the command run by ssuuddoo and not + any other processes that the command may create. As a result, running a + script that calls reboot(1m) or shutdown(1m) via ssuuddoo may cause the system + to end up in this undefined state unless the reboot(1m) or shutdown(1m) are + run using the eexxeecc() family of functions instead of ssyysstteemm() (which + interposes a shell between the command and the calling process). + + If no I/O logging plugins are loaded and the policy plugin has not + defined a cclloossee() function, set a command timeout or required that the + command be run in a new pty, ssuuddoo may execute the command directly + instead of running it as a child process. + + PPlluuggiinnss + Plugins are dynamically loaded based on the contents of the sudo.conf(4) + file. If no sudo.conf(4) file is present, or it contains no Plugin + lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s security policy and I/O + logging. See the sudo.conf(4) manual for details of the _/_e_t_c_/_s_u_d_o_._c_o_n_f + file and the sudo_plugin(1m) manual for more information about the ssuuddoo + plugin architecture. + +EEXXIITT VVAALLUUEE + Upon successful execution of a program, the exit status from _s_u_d_o will + simply be the exit status of the program that was executed. + + Otherwise, ssuuddoo exits with a value of 1 if there is a + configuration/permission problem or if ssuuddoo cannot execute the given + command. In the latter case the error string is printed to the standard + error. If ssuuddoo cannot stat(2) one or more entries in the user's PATH, an + error is printed on stderr. (If the directory does not exist or if it is + not really a directory, the entry is ignored and no error is printed.) + This should not happen under normal circumstances. The most common + reason for stat(2) to return ``permission denied'' is if you are running + an automounter and one of the directories in your PATH is on a machine + that is currently unreachable. SSEECCUURRIITTYY NNOOTTEESS - ssuuddoo tries to be safe when executing external commands. - - To prevent command spoofing, ssuuddoo checks "." and "" (both denoting - current directory) last when searching for a command in the user's PATH - (if one or both are in the PATH). Note, however, that the actual PATH - environment variable is _n_o_t modified and is passed unchanged to the - program that ssuuddoo executes. - - Please note that ssuuddoo will normally only log the command it explicitly - runs. If a user runs a command such as sudo su or sudo sh, subsequent - commands run from that shell are not subject to ssuuddoo's security policy. - The same is true for commands that offer shell escapes (including most - editors). If I/O logging is enabled, subsequent commands will have - their input and/or output logged, but there will not be traditional - logs for those commands. Because of this, care must be taken when - giving users access to commands via ssuuddoo to verify that the command - does not inadvertently give the user an effective root shell. For more - information, please see the PREVENTING SHELL ESCAPES section in - _s_u_d_o_e_r_s(4). - - To prevent the disclosure of potentially sensitive information, ssuuddoo - disables core dumps by default while it is executing (they are re- - enabled for the command that is run). To aid in debugging ssuuddoo - crashes, you may wish to re-enable core dumps by setting - "disable_coredump" to false in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file. - - Set disable_coredump false - - Note that by default, most operating systems disable core dumps from - setuid programs, which includes ssuuddoo. To actually get a ssuuddoo core file - you may need to enable core dumps for setuid processes. On BSD and - Linux systems this is accomplished via the sysctl command, on Solaris - the coreadm command can be used. + ssuuddoo tries to be safe when executing external commands. + + To prevent command spoofing, ssuuddoo checks "." and "" (both denoting + current directory) last when searching for a command in the user's PATH + (if one or both are in the PATH). Note, however, that the actual PATH + environment variable is _n_o_t modified and is passed unchanged to the + program that ssuuddoo executes. + + Please note that ssuuddoo will normally only log the command it explicitly + runs. If a user runs a command such as sudo su or sudo sh, subsequent + commands run from that shell are not subject to ssuuddoo's security policy. + The same is true for commands that offer shell escapes (including most + editors). If I/O logging is enabled, subsequent commands will have their + input and/or output logged, but there will not be traditional logs for + those commands. Because of this, care must be taken when giving users + access to commands via ssuuddoo to verify that the command does not + inadvertently give the user an effective root shell. For more + information, please see the _P_R_E_V_E_N_T_I_N_G _S_H_E_L_L _E_S_C_A_P_E_S section in + sudoers(4). + + To prevent the disclosure of potentially sensitive information, ssuuddoo + disables core dumps by default while it is executing (they are re-enabled + for the command that is run). To aid in debugging ssuuddoo crashes, you may + wish to re-enable core dumps by setting ``disable_coredump'' to false in + the sudo.conf(4) file as follows: + + Set disable_coredump false + + See the sudo.conf(4) manual for more information. EENNVVIIRROONNMMEENNTT - ssuuddoo utilizes the following environment variables. The security policy - has control over the content of the command's environment. + ssuuddoo utilizes the following environment variables. The security policy + has control over the actual content of the command's environment. - EDITOR Default editor to use in --ee (sudoedit) mode if neither - SUDO_EDITOR nor VISUAL is set + EDITOR Default editor to use in --ee (sudoedit) mode if neither + SUDO_EDITOR nor VISUAL is set. - MAIL In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set - to the mail spool of the target user + MAIL In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set + to the mail spool of the target user. - HOME Set to the home directory of the target user if --ii or - --HH are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set - in _s_u_d_o_e_r_s, or when the --ss option is specified and - _s_e_t___h_o_m_e is set in _s_u_d_o_e_r_s + HOME Set to the home directory of the target user if --ii or --HH + are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set in + _s_u_d_o_e_r_s, or when the --ss option is specified and _s_e_t___h_o_m_e + is set in _s_u_d_o_e_r_s. - PATH May be overridden by the security policy. + PATH May be overridden by the security policy. - SHELL Used to determine shell to run with -s option + SHELL Used to determine shell to run with --ss option. - SUDO_ASKPASS Specifies the path to a helper program used to read the - password if no terminal is available or if the -A - option is specified. + SUDO_ASKPASS Specifies the path to a helper program used to read the + password if no terminal is available or if the --AA option + is specified. - SUDO_COMMAND Set to the command run by sudo + SUDO_COMMAND Set to the command run by sudo. - SUDO_EDITOR Default editor to use in --ee (sudoedit) mode + SUDO_EDITOR Default editor to use in --ee (sudoedit) mode. - SUDO_GID Set to the group ID of the user who invoked sudo + SUDO_GID Set to the group ID of the user who invoked sudo. - SUDO_PROMPT Used as the default password prompt + SUDO_PROMPT Used as the default password prompt. - SUDO_PS1 If set, PS1 will be set to its value for the program - being run + SUDO_PS1 If set, PS1 will be set to its value for the program + being run. - SUDO_UID Set to the user ID of the user who invoked sudo + SUDO_UID Set to the user ID of the user who invoked sudo. - SUDO_USER Set to the login of the user who invoked sudo + SUDO_USER Set to the login name of the user who invoked sudo. - USER Set to the target user (root unless the --uu option is - specified) + USER Set to the target user (root unless the --uu option is + specified). - VISUAL Default editor to use in --ee (sudoedit) mode if - SUDO_EDITOR is not set + VISUAL Default editor to use in --ee (sudoedit) mode if + SUDO_EDITOR is not set. FFIILLEESS - _/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo front end configuration + _/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo front end configuration EEXXAAMMPPLLEESS - Note: the following examples assume a properly configured security - policy. + Note: the following examples assume a properly configured security + policy. - To get a file listing of an unreadable directory: + To get a file listing of an unreadable directory: - $ sudo ls /usr/local/protected + $ sudo ls /usr/local/protected - To list the home directory of user yaz on a machine where the file - system holding ~yaz is not exported as root: + To list the home directory of user yaz on a machine where the file system + holding ~yaz is not exported as root: - $ sudo -u yaz ls ~yaz + $ sudo -u yaz ls ~yaz - To edit the _i_n_d_e_x_._h_t_m_l file as user www: + To edit the _i_n_d_e_x_._h_t_m_l file as user www: - $ sudo -u www vi ~www/htdocs/index.html + $ sudo -u www vi ~www/htdocs/index.html - To view system logs only accessible to root and users in the adm group: + To view system logs only accessible to root and users in the adm group: - $ sudo -g adm view /var/log/syslog + $ sudo -g adm view /var/log/syslog - To run an editor as jim with a different primary group: + To run an editor as jim with a different primary group: - $ sudo -u jim -g audio vi ~jim/sound.txt + $ sudo -u jim -g audio vi ~jim/sound.txt - To shutdown a machine: + To shut down a machine: - $ sudo shutdown -r +15 "quick reboot" + $ sudo shutdown -r +15 "quick reboot" - To make a usage listing of the directories in the /home partition. - Note that this runs the commands in a sub-shell to make the cd and file - redirection work. + To make a usage listing of the directories in the /home partition. Note + that this runs the commands in a sub-shell to make the cd and file + redirection work. - $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" + $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" SSEEEE AALLSSOO - _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(4), - _s_u_d_o___p_l_u_g_i_n(1m), _s_u_d_o_r_e_p_l_a_y(1m), _v_i_s_u_d_o(1m) + su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudoers(4), + sudo_plugin(1m), sudoreplay(1m), visudo(1m) -AAUUTTHHOORRSS - Many people have worked on ssuuddoo over the years; this version consists - of code written primarily by: +HHIISSTTOORRYY + See the HISTORY file in the ssuuddoo distribution + (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. - Todd C. Miller +AAUUTTHHOORRSS + Many people have worked on ssuuddoo over the years; this version consists of + code written primarily by: - See the CONTRIBUTORS file in the ssuuddoo distribution - (http://www.sudo.ws/sudo/contributors.html) for a list of people who - have contributed to ssuuddoo. + Todd C. Miller -HHIISSTTOORRYY - See the HISTORY file in the ssuuddoo distribution - (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. + See the CONTRIBUTORS file in the ssuuddoo distribution + (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of + people who have contributed to ssuuddoo. CCAAVVEEAATTSS - There is no easy way to prevent a user from gaining a root shell if - that user is allowed to run arbitrary commands via ssuuddoo. Also, many - programs (such as editors) allow the user to run commands via shell - escapes, thus avoiding ssuuddoo's checks. However, on most systems it is - possible to prevent shell escapes with the _s_u_d_o_e_r_s(4) module's _n_o_e_x_e_c - functionality. + There is no easy way to prevent a user from gaining a root shell if that + user is allowed to run arbitrary commands via ssuuddoo. Also, many programs + (such as editors) allow the user to run commands via shell escapes, thus + avoiding ssuuddoo's checks. However, on most systems it is possible to + prevent shell escapes with the sudoers(4) plugin's _n_o_e_x_e_c functionality. - It is not meaningful to run the cd command directly via sudo, e.g., + It is not meaningful to run the cd command directly via sudo, e.g., - $ sudo cd /usr/local/protected + $ sudo cd /usr/local/protected - since when the command exits the parent process (your shell) will still - be the same. Please see the EXAMPLES section for more information. + since when the command exits the parent process (your shell) will still + be the same. Please see the _E_X_A_M_P_L_E_S section for more information. - Running shell scripts via ssuuddoo can expose the same kernel bugs that - make setuid shell scripts unsafe on some operating systems (if your OS - has a /dev/fd/ directory, setuid shell scripts are generally safe). + Running shell scripts via ssuuddoo can expose the same kernel bugs that make + setuid shell scripts unsafe on some operating systems (if your OS has a + /dev/fd/ directory, setuid shell scripts are generally safe). BBUUGGSS - If you feel you have found a bug in ssuuddoo, please submit a bug report at - http://www.sudo.ws/sudo/bugs/ + If you feel you have found a bug in ssuuddoo, please submit a bug report at + http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT - Limited free support is available via the sudo-users mailing list, see - http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search - the archives. + Limited free support is available via the sudo-users mailing list, see + http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the + archives. DDIISSCCLLAAIIMMEERR - ssuuddoo is provided ``AS IS'' and any express or implied warranties, - including, but not limited to, the implied warranties of - merchantability and fitness for a particular purpose are disclaimed. - See the LICENSE file distributed with ssuuddoo or - http://www.sudo.ws/sudo/license.html for complete details. - - + ssuuddoo is provided ``AS IS'' and any express or implied warranties, + including, but not limited to, the implied warranties of merchantability + and fitness for a particular purpose are disclaimed. See the LICENSE + file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for + complete details. -1.8.5 March 15, 2012 SUDO(1m) +Sudo 1.8.7 March 13, 2013 Sudo 1.8.7