# Cmnd alias specification
##
Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
- /usr/sbin/rrestore, /usr/bin/mt
-Cmnd_Alias KILL = /usr/bin/kill
+ /usr/sbin/rrestore, /bin/mt
+Cmnd_Alias KILL = /bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
- Cmnd_Alias SHUTDOWN = /sbin/shutdown
- Cmnd_Alias HALT = /sbin/halt
- Cmnd_Alias REBOOT = /sbin/reboot
- Cmnd_Alias SHELLS = /sbin/sh, /bin/sh, /bin/csh, /usr/bin/ksh, \
- /usr/bin/tcsh, /usr/bin/rsh, \
- /usr/bin/zsh
- Cmnd_Alias SU = /bin/su
+ Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+ Cmnd_Alias HALT = /usr/sbin/halt
+ Cmnd_Alias REBOOT = /usr/sbin/reboot
+ Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+ /usr/local/bin/tcsh, /usr/bin/rsh, \
+ /usr/local/bin/zsh
+ Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
/usr/bin/chfn
user_host = user_shost = "localhost";
else {
user_host = estrdup(thost);
- if ((p = strchr(user_host, '.'))) {
- *p = '\0';
- user_shost = estrdup(user_host);
- *p = '.';
+ if (def_fqdn) {
+ /* Defer call to set_fqdn() until log_error() is safe. */
+ user_shost = user_host;
} else {
- if ((p = strchr(user_host, '.'))) {
- *p = '\0';
- user_shost = estrdup(user_host);
- *p = '.';
- } else {
- user_shost = user_host;
- }
+ user_shost = user_host;
}
}
} else {
user_shost = user_host;
}
+ sudo_user.host_fqdn_queried = TRUE;
+}
+
++/*
++ * Get passwd entry for the user we are going to run commands as.
++ * By default, this is "root". Updates runas_pw as a side effect.
++ */
++int
++set_runaspw(user)
++ char *user;
++{
++ if (runas_pw != NULL) {
++ if (user_runas != &def_runas_default)
++ return(TRUE); /* don't override -u option */
++ efree(runas_pw);
++ }
++ if (*user == '#') {
++ runas_pw = sudo_getpwuid(atoi(user + 1));
++ if (runas_pw == NULL) {
++ runas_pw = emalloc(sizeof(struct passwd));
++ (void) memset((VOID *)runas_pw, 0, sizeof(struct passwd));
++ runas_pw->pw_uid = atoi(user + 1);
++ }
++ } else {
++ runas_pw = sudo_getpwnam(user);
++ if (runas_pw == NULL)
++ log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", user);
++ }
++ return(TRUE);
+ }
+
/*
* Get passwd entry for the user we are going to run commands as.
* By default, this is "root". Updates runas_pw as a side effect.
++<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 1
++=======
+ 1.6.9p16 May 8, 2008 1
++>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
++<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 2
++=======
+ 1.6.9p16 May 8, 2008 2
++>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
++<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 3
++=======
+ 1.6.9p16 May 8, 2008 3
++>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
++<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 4
++=======
+ 1.6.9p16 May 8, 2008 4
++>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
++<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 5
++=======
+ 1.6.9p16 May 8, 2008 5
++>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
++<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 6
++=======
+ 1.6.9p16 May 8, 2008 6
++>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
++<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 7
++=======
+ 1.6.9p16 May 8, 2008 7
++>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
++<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 8
++=======
+ 1.6.9p16 May 8, 2008 8
++>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
++<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 9
++=======
+ 1.6.9p16 May 8, 2008 9
++>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
.IP "logfile" 12
.IX Item "logfile"
Path to the \fBsudo\fR log file (not the syslog log file). Setting a path
+turns on logging to a file; negating this option turns it off.
+By default, \fBsudo\fR logs via syslog.
+.IP "mailerflags" 12
+.IX Item "mailerflags"
+Flags to use when invoking mailer. Defaults to \fB\-t\fR.
+.IP "mailerpath" 12
+.IX Item "mailerpath"
+Path to mail program used to send warning mail.
+Defaults to the path to sendmail found at configure time.
+.IP "mailto" 12
+.IX Item "mailto"
+Address to send warning and error mail to. The address should
+be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to protect against \fBsudo\fR
+interpreting the \f(CW\*(C`@\*(C'\fR sign. Defaults to \f(CW\*(C`@mailto@\*(C'\fR.
+.IP "exempt_group" 12
+.IX Item "exempt_group"
+Users in this group are exempt from password and \s-1PATH\s0 requirements.
+On Debian systems, this is set to the group 'sudo' by default.
+.IP "syslog" 12
+.IX Item "syslog"
+Syslog facility if syslog is being used for logging (negate to
+disable syslog logging). Defaults to \f(CW\*(C`@logfac@\*(C'\fR.
+.IP "verifypw" 12
+.IX Item "verifypw"
+This option controls when a password will be required when a user runs
+\&\fBsudo\fR with the \fB\-v\fR flag. It has the following possible values:
+.RS 12
+.IP "all" 8
+.IX Item "all"
+All the user's \fIsudoers\fR entries for the current host must have
++the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
++.IP "always" 8
++.IX Item "always"
++The user must always enter a password to use the \fB\-l\fR flag.
++.IP "any" 8
++.IX Item "any"
++At least one of the user's \fIsudoers\fR entries for the current host
++must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
++.IP "never" 8
++.IX Item "never"
++The user need never enter a password to use the \fB\-l\fR flag.
++.RE
++.RS 12
++.Sp
++If no value is specified, a value of \fIany\fR is implied.
++Negating the option results in a value of \fInever\fR being used.
++The default value is \fIany\fR.
++.RE
++.IP "logfile" 12
++.IX Item "logfile"
++Path to the \fBsudo\fR log file (not the syslog log file). Setting a path
+ turns on logging to a file; negating this option turns it off.
+ By default, \fBsudo\fR logs via syslog.
+ .IP "mailerflags" 12
+ .IX Item "mailerflags"
+ Flags to use when invoking mailer. Defaults to \fB\-t\fR.
+ .IP "mailerpath" 12
+ .IX Item "mailerpath"
+ Path to mail program used to send warning mail.
+ Defaults to the path to sendmail found at configure time.
+ .IP "mailto" 12
+ .IX Item "mailto"
+ Address to send warning and error mail to. The address should
+ be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to protect against \fBsudo\fR
+ interpreting the \f(CW\*(C`@\*(C'\fR sign. Defaults to \f(CW\*(C`@mailto@\*(C'\fR.
+ .IP "syslog" 12
+ .IX Item "syslog"
+ Syslog facility if syslog is being used for logging (negate to
+ disable syslog logging). Defaults to \f(CW\*(C`@logfac@\*(C'\fR.
+ .IP "verifypw" 12
+ .IX Item "verifypw"
+ This option controls when a password will be required when a user runs
+ \&\fBsudo\fR with the \fB\-v\fR flag. It has the following possible values:
+ .RS 12
+ .IP "all" 8
+ .IX Item "all"
+ All the user's \fIsudoers\fR entries for the current host must have
the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
.IP "always" 8
.IX Item "always"
=over 16
--=item always_set_home
++=item mail_badpass
--If set, B<sudo> will set the C<HOME> environment variable to the home
--directory of the target user (which is root unless the B<-u> option is used).
--This effectively means that the B<-H> flag is always implied.
--This flag is I<off> by default.
++Send mail to the I<mailto> user if the user running B<sudo> does not
++enter the correct password. This flag is I<off> by default.
++
++=item mail_no_host
++
++If set, mail will be sent to the I<mailto> user if the invoking
++user exists in the I<sudoers> file, but is not allowed to run
++commands on the current host. This flag is I<@mail_no_host@> by default.
++
++=item mail_no_perms
++
++If set, mail will be sent to the I<mailto> user if the invoking
++user is allowed to use B<sudo> but the command they are trying is not
++listed in their I<sudoers> file entry or is explicitly denied.
++This flag is I<@mail_no_perms@> by default.
++
++=item mail_no_user
++
++If set, mail will be sent to the I<mailto> user if the invoking
++user is not in the I<sudoers> file. This flag is I<@mail_no_user@>
++by default.
++
++=item noexec
++
++If set, all commands run via B<sudo> will behave as if the C<NOEXEC>
++tag has been set, unless overridden by a C<EXEC> tag. See the
++description of I<NOEXEC and EXEC> below as well as the L<PREVENTING SHELL
++ESCAPES> section at the end of this manual. This flag is I<off> by default.
=item authenticate
the C<Host_Alias>, C<User_Alias>, and C<Cmnd_Alias> specifications
come first, followed by any C<Default_Entry> lines, and finally the
C<Runas_Alias> and user specifications. The basic rule of thumb
- is that you cannot reference an Alias that has not already been defined.
+ is you cannot reference an Alias that has not already been defined.
+
+ Below are example I<sudoers> entries. Admittedly, some of
+ these are a bit contrived. First, we define our I<aliases>:
+Below are example I<sudoers> entries. Admittedly, some of
+these are a bit contrived. First, we allow a few environment
+variables to pass and then define our I<aliases>:
+
+ # Run X applications through sudo; HOME is used to find .Xauthority file
+ # Note that some programs may use HOME for other purposes too and
+ # this may lead to privilege escalation!
+ Defaults env_keep = "DISPLAY HOME"
+
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl