Lines 451-583
Link Here
|
451 |
<pre> |
451 |
<pre> |
452 |
sudo(8) MAINTENANCE COMMANDS sudo(8) |
452 |
sudo(8) MAINTENANCE COMMANDS sudo(8) |
453 |
|
453 |
|
454 |
<a name="N%3c%2fbNA%3c%2fbAM%3c%2fbME%3c%2fbE" href="#end"><b>N</bNA</bAM</bME</bE</b></a> |
454 |
<a name="NAME" href="#end"><b>NAME</b></a> |
455 |
sudo - execute a command as another user |
455 |
sudo - execute a command as another user |
456 |
|
456 |
|
457 |
<a name="S%3c%2fbSY%3c%2fbYN%3c%2fbNO%3c%2fbOP%3c%2fbPS%3c%2fbSI%3c%2fbIS%3c%2fbS" href="#end"><b>S</bSY</bYN</bNO</bOP</bPS</bSI</bIS</bS</b></a> |
457 |
<a name="SYNOPSIS" href="#end"><b>SYNOPSIS</b></a> |
458 |
<b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> <b>-</b<b>-V</b<b>V</b> | <b>-</b<b>-h</b<b>h</b> | <b>-</b<b>-l</b<b>l</b> | <b>-</b<b>-L</b<b>L</b> | <b>-</b<b>-v</b<b>v</b> | <b>-</b<b>-k</b<b>k</b> | <b>-</b<b>-K</b<b>K</b> | <b>-</b<b>-s</b<b>s</b> | [ <b>-</b<b>-H</b<b>H</b> ] [<b>-</b<b>-P</b<b>P</b> ] [<b>-</b<b>-S</b<b>S</b> ] [ <b>-</b<b>-b</b<b>b</b> ] |
458 |
<b>sudo</b> <b>-V</b> | <b>-h</b> | <b>-l</b> | <b>-L</b> | <b>-v</b> | <b>-k</b> | <b>-K</b> | <b>-s</b> | [ <b>-H</b> ] [<b>-P</b> ] [<b>-S</b> ] [ <b>-b</b> ] |
459 |
| [ <b>-</b<b>-p</b<b>p</b> <i>prompt</i> ] [ <b>-</b<b>-c</b<b>c</b> <i>class</i>|<i>-</i> ] [ <b>-</b<b>-a</b<b>a</b> <i>auth</i><b>_</b><i>type</i> ] [ <b>-</b<b>-u</b<b>u</b> <i>username</i>|<i>#uid</i> ] |
459 |
| [ <b>-p</b> <i>prompt</i> ] [ <b>-c</b> <i>class</i>|<i>-</i> ] [ <b>-a</b> <i>auth</i><b>_</b><i>type</i> ] [ <b>-u</b> <i>username</i>|<i>#uid</i> ] |
460 |
<i>command</i> |
460 |
<i>command</i> |
461 |
|
461 |
|
462 |
<a name="D%3c%2fbDE%3c%2fbES%3c%2fbSC%3c%2fbCR%3c%2fbRI%3c%2fbIP%3c%2fbPT%3c%2fbTI%3c%2fbIO%3c%2fbON%3c%2fbN" href="#end"><b>D</bDE</bES</bSC</bCR</bRI</bIP</bPT</bTI</bIO</bON</bN</b></a> |
462 |
<a name="DESCRIPTION" href="#end"><b>DESCRIPTION</b></a> |
463 |
<b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> allows a permitted user to execute a <i>command</i> as the superuser or |
463 |
<b>sudo</b> allows a permitted user to execute a <i>command</i> as the superuser or |
464 |
another user, as specified in the <i>sudoers</i> file. The real and effective |
464 |
another user, as specified in the <i>sudoers</i> file. The real and effective |
465 |
uid and gid are set to match those of the target user as specified in |
465 |
uid and gid are set to match those of the target user as specified in |
466 |
the passwd file (the group vector is also initialized when the target |
466 |
the passwd file (the group vector is also initialized when the target |
467 |
user is not root). By default, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> requires that users authenticate |
467 |
user is not root). By default, <b>sudo</b> requires that users authenticate |
468 |
themselves with a password (NOTE: by default this is the user's pass- |
468 |
themselves with a password (NOTE: by default this is the user's pass- |
469 |
word, not the root password). Once a user has been authenticated, a |
469 |
word, not the root password). Once a user has been authenticated, a |
470 |
timestamp is updated and the user may then use sudo without a password |
470 |
timestamp is updated and the user may then use sudo without a password |
471 |
for a short period of time (5 minutes unless overridden in <i>sudoers</i>). |
471 |
for a short period of time (5 minutes unless overridden in <i>sudoers</i>). |
472 |
|
472 |
|
473 |
<b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> determines who is an authorized user by consulting the file |
473 |
<b>sudo</b> determines who is an authorized user by consulting the file |
474 |
<i>/etc/sudoers</i>. By giving <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> the <b>-</b<b>-v</b<b>v</b> flag a user can update the time |
474 |
<i>/etc/sudoers</i>. By giving <b>sudo</b> the <b>-</b<b>-v</b<b>v</b> flag a user can update the time |
475 |
stamp without running a <i>command.</i> The password prompt itself will also |
475 |
stamp without running a <i>command.</i> The password prompt itself will also |
476 |
time out if the user's password is not entered within 5 minutes (unless |
476 |
time out if the user's password is not entered within 5 minutes (unless |
477 |
overridden via <i>sudoers</i>). |
477 |
overridden via <i>sudoers</i>). |
478 |
|
478 |
|
479 |
If a user who is not listed in the <i>sudoers</i> file tries to run a command |
479 |
If a user who is not listed in the <i>sudoers</i> file tries to run a command |
480 |
via <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b>, mail is sent to the proper authorities, as defined at config- |
480 |
via <b>sudo</b>, mail is sent to the proper authorities, as defined at config- |
481 |
ure time or the <i>sudoers</i> file (defaults to root). Note that the mail |
481 |
ure time or the <i>sudoers</i> file (defaults to root). Note that the mail |
482 |
will not be sent if an unauthorized user tries to run sudo with the <b>-</b<b>-l</b<b>l</b> |
482 |
will not be sent if an unauthorized user tries to run sudo with the <b>-</b<b>-l</b<b>l</b> |
483 |
or <b>-</b<b>-v</b<b>v</b> flags. This allows users to determine for themselves whether or |
483 |
or <b>-</b<b>-v</b<b>v</b> flags. This allows users to determine for themselves whether or |
484 |
not they are allowed to use <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b>. |
484 |
not they are allowed to use <b>sudo</b>. |
485 |
|
485 |
|
486 |
<b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> can log both successful and unsuccessful attempts (as well as |
486 |
<b>sudo</b> can log both successful and unsuccessful attempts (as well as |
487 |
errors) to <a href="/cgi/man.cgi?query=syslog&sektion=3&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>syslog</i>(3)</a>, a log file, or both. By default <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will log |
487 |
errors) to <a href="/cgi/man.cgi?query=syslog&sektion=3&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>syslog</i>(3)</a>, a log file, or both. By default <b>sudo</b> will log |
488 |
via <a href="/cgi/man.cgi?query=syslog&sektion=3&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>syslog</i>(3)</a> but this is changeable at configure time or via the <i>sudo-</i> |
488 |
via <a href="/cgi/man.cgi?query=syslog&sektion=3&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>syslog</i>(3)</a> but this is changeable at configure time or via the <i>sudo-</i> |
489 |
<i>ers</i> file. |
489 |
<i>ers</i> file. |
490 |
|
490 |
|
491 |
<a name="O%3c%2fbOP%3c%2fbPT%3c%2fbTI%3c%2fbIO%3c%2fbON%3c%2fbNS%3c%2fbS" href="#end"><b>O</bOP</bPT</bTI</bIO</bON</bNS</bS</b></a> |
491 |
<a name="OPTIONS" href="#end"><b>OPTIONS</b></a> |
492 |
<b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> accepts the following command line options: |
492 |
<b>sudo</b> accepts the following command line options: |
493 |
|
493 |
|
494 |
-V The <b>-</b<b>-V</b<b>V</b> (<i>version</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to print the version number and |
494 |
-V The <b>-V</b> (<i>version</i>) option causes <b>sudo</b> to print the version number and |
495 |
exit. If the invoking user is already root the <b>-</b<b>-V</b<b>V</b> option will |
495 |
exit. If the invoking user is already root the <b>-V</b> option will |
496 |
print out a list of the defaults <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> was compiled with as well as |
496 |
print out a list of the defaults <b>sudo</b> was compiled with as well as |
497 |
the machine's local network addresses. |
497 |
the machine's local network addresses. |
498 |
|
498 |
|
499 |
-l The <b>-</b<b>-l</b<b>l</b> (<i>list</i>) option will list out the allowed (and forbidden) com- |
499 |
-l The <b>-l</b> (<i>list</i>) option will list out the allowed (and forbidden) com- |
500 |
mands for the user on the current host. |
500 |
mands for the user on the current host. |
501 |
|
501 |
|
502 |
-L The <b>-</b<b>-L</b<b>L</b> (<i>list</i> defaults) option will list out the parameters that may |
502 |
-L The <b>-L</b> (<i>list</i> defaults) option will list out the parameters that may |
503 |
be set in a <i>Defaults</i> line along with a short description for each. |
503 |
be set in a <i>Defaults</i> line along with a short description for each. |
504 |
This option is useful in conjunction with <a href="/cgi/man.cgi?query=grep&sektion=1&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>grep</i>(1)</a>. |
504 |
This option is useful in conjunction with <a href="/cgi/man.cgi?query=grep&sektion=1&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>grep</i>(1)</a>. |
505 |
|
505 |
|
506 |
-h The <b>-</b<b>-h</b<b>h</b> (<i>help</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to print a usage message and exit. |
506 |
-h The <b>-h</b> (<i>help</i>) option causes <b>sudo</b> to print a usage message and exit. |
507 |
|
507 |
|
508 |
-v If given the <b>-</b<b>-v</b<b>v</b> (<i>validate</i>) option, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will update the user's |
508 |
-v If given the <b>-v</b> (<i>validate</i>) option, <b>sudo</b> will update the user's |
509 |
timestamp, prompting for the user's password if necessary. This |
509 |
timestamp, prompting for the user's password if necessary. This |
510 |
extends the <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> timeout for another 5 minutes (or whatever the |
510 |
extends the <b>sudo</b> timeout for another 5 minutes (or whatever the |
511 |
timeout is set to in <i>sudoers</i>) but does not run a command. |
511 |
timeout is set to in <i>sudoers</i>) but does not run a command. |
512 |
|
512 |
|
513 |
-k The <b>-</b<b>-k</b<b>k</b> (<i>kill</i>) option to <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> invalidates the user's timestamp by |
513 |
-k The <b>-k</b> (<i>kill</i>) option to <b>sudo</b> invalidates the user's timestamp by |
514 |
setting the time on it to the epoch. The next time <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> is run a |
514 |
setting the time on it to the epoch. The next time <b>sudo</b> is run a |
515 |
password will be required. This option does not require a password |
515 |
password will be required. This option does not require a password |
516 |
and was added to allow a user to revoke <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> permissions from a |
516 |
and was added to allow a user to revoke <b>sudo</b> permissions from a |
517 |
.logout file. |
517 |
.logout file. |
518 |
|
518 |
|
519 |
-K The <b>-</b<b>-K</b<b>K</b> (sure <i>kill</i>) option to <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> removes the user's timestamp |
519 |
-K The <b>-K</b> (sure <i>kill</i>) option to <b>sudo</b> removes the user's timestamp |
520 |
entirely. Likewise, this option does not require a password. |
520 |
entirely. Likewise, this option does not require a password. |
521 |
|
521 |
|
522 |
-b The <b>-</b<b>-b</b<b>b</b> (<i>background</i>) option tells <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to run the given command in |
522 |
-b The <b>-b</b> (<i>background</i>) option tells <b>sudo</b> to run the given command in |
523 |
the background. Note that if you use the <b>-</b<b>-b</b<b>b</b> option you cannot use |
523 |
the background. Note that if you use the <b>-b</b> option you cannot use |
524 |
shell job control to manipulate the process. |
524 |
shell job control to manipulate the process. |
525 |
|
525 |
|
526 |
-p The <b>-</b<b>-p</b<b>p</b> (<i>prompt</i>) option allows you to override the default password |
526 |
-p The <b>-p</b> (<i>prompt</i>) option allows you to override the default password |
527 |
prompt and use a custom one. If the password prompt contains the |
527 |
prompt and use a custom one. If the password prompt contains the |
528 |
%u escape, %u will be replaced with the user's login name. Simi- |
528 |
%u escape, %u will be replaced with the user's login name. Simi- |
529 |
larly, %h will be replaced with the local hostname. |
529 |
larly, %h will be replaced with the local hostname. |
530 |
|
530 |
|
531 |
-c The <b>-</b<b>-c</b<b>c</b> (<i>class</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to run the specified command with |
531 |
-c The <b>-c</b> (<i>class</i>) option causes <b>sudo</b> to run the specified command with |
532 |
resources limited by the specified login class. The <i>class</i> argument |
532 |
resources limited by the specified login class. The <i>class</i> argument |
533 |
can be either a class name as defined in /etc/login.conf, or a sin- |
533 |
can be either a class name as defined in /etc/login.conf, or a sin- |
534 |
gle '-' character. Specifying a <i>class</i> of - indicates that the com- |
534 |
gle '-' character. Specifying a <i>class</i> of - indicates that the com- |
535 |
mand should be run restricted by the default login capabilities for |
535 |
mand should be run restricted by the default login capabilities for |
536 |
the user the command is run as. If the <i>class</i> argument specifies an |
536 |
the user the command is run as. If the <i>class</i> argument specifies an |
537 |
existing user class, the command must be run as root, or the <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> |
537 |
existing user class, the command must be run as root, or the <b>sudo</b> |
538 |
command must be run from a shell that is already root. This option |
538 |
command must be run from a shell that is already root. This option |
539 |
is only available on systems with BSD login classes where <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> has |
539 |
is only available on systems with BSD login classes where <b>sudo</b> has |
540 |
been configured with the --with-logincap option. |
540 |
been configured with the --with-logincap option. |
541 |
|
541 |
|
542 |
-a The <b>-</b<b>-a</b<b>a</b> (<i>authentication</i> <i>type</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to use the speci- |
542 |
-a The <b>-a</b> (<i>authentication</i> <i>type</i>) option causes <b>sudo</b> to use the speci- |
543 |
fied authentication type when validating the user, as allowed by |
543 |
fied authentication type when validating the user, as allowed by |
544 |
/etc/login.conf. The system administrator may specify a list of |
544 |
/etc/login.conf. The system administrator may specify a list of |
545 |
sudo-specific authentication methods by adding an "auth-sudo" entry |
545 |
sudo-specific authentication methods by adding an "auth-sudo" entry |
546 |
in /etc/login.conf. This option is only available on systems that |
546 |
in /etc/login.conf. This option is only available on systems that |
547 |
support BSD authentication where <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> has been configured with the |
547 |
support BSD authentication where <b>sudo</b> has been configured with the |
548 |
--with-bsdauth option. |
548 |
--with-bsdauth option. |
549 |
|
549 |
|
550 |
-u The <b>-</b<b>-u</b<b>u</b> (<i>user</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to run the specified command as a |
550 |
-u The <b>-u</b> (<i>user</i>) option causes <b>sudo</b> to run the specified command as a |
551 |
user other than <i>root</i>. To specify a <i>uid</i> instead of a <i>username</i>, use |
551 |
user other than <i>root</i>. To specify a <i>uid</i> instead of a <i>username</i>, use |
552 |
<i>#uid</i>. |
552 |
<i>#uid</i>. |
553 |
|
553 |
|
554 |
-s The <b>-</b<b>-s</b<b>s</b> (<i>shell</i>) option runs the shell specified by the <i>SHELL</i> envi- |
554 |
-s The <b>-s</b> (<i>shell</i>) option runs the shell specified by the <i>SHELL</i> envi- |
555 |
ronment variable if it is set or the shell as specified in |
555 |
ronment variable if it is set or the shell as specified in |
556 |
<a href="/cgi/man.cgi?query=passwd&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>passwd</i>(5)</a>. |
556 |
<a href="/cgi/man.cgi?query=passwd&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>passwd</i>(5)</a>. |
557 |
|
557 |
|
558 |
-H The <b>-</b<b>-H</b<b>H</b> (<i>HOME</i>) option sets the HOME environment variable to the |
558 |
-H The <b>-H</b> (<i>HOME</i>) option sets the HOME environment variable to the |
559 |
homedir of the target user (root by default) as specified in |
559 |
homedir of the target user (root by default) as specified in |
560 |
<a href="/cgi/man.cgi?query=passwd&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>passwd</i>(5)</a>. By default, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> does not modify HOME. |
560 |
<a href="/cgi/man.cgi?query=passwd&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>passwd</i>(5)</a>. By default, <b>sudo</b> does not modify HOME. |
561 |
|
561 |
|
562 |
-P The <b>-</b<b>-P</b<b>P</b> (<i>preserve</i> <i>group</i> <i>vector</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to preserve the |
562 |
-P The <b>-P</b> (<i>preserve</i> <i>group</i> <i>vector</i>) option causes <b>sudo</b> to preserve the |
563 |
user's group vector unaltered. By default, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will initialize |
563 |
user's group vector unaltered. By default, <b>sudo</b> will initialize |
564 |
the group vector to the list of groups the target user is in. The |
564 |
the group vector to the list of groups the target user is in. The |
565 |
real and effective group IDs, however, are still set to match the |
565 |
real and effective group IDs, however, are still set to match the |
566 |
target user. |
566 |
target user. |
567 |
|
567 |
|
568 |
-S The <b>-</b<b>-S</b<b>S</b> (<i>stdin</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to read the password from stan- |
568 |
-S The <b>-S</b> (<i>stdin</i>) option causes <b>sudo</b> to read the password from stan- |
569 |
dard input instead of the terminal device. |
569 |
dard input instead of the terminal device. |
570 |
|
570 |
|
571 |
-- The <b>-</b<b>--</b<b>-</b> flag indicates that <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> should stop processing command line |
571 |
-- The <b>--</b> flag indicates that <b>sudo</b> should stop processing command line |
572 |
arguments. It is most useful in conjunction with the <b>-</b<b>-s</b<b>s</b> flag. |
572 |
arguments. It is most useful in conjunction with the <b>-s</b> flag. |
573 |
|
573 |
|
574 |
<a name="R%3c%2fbRE%3c%2fbET%3c%2fbTU%3c%2fbUR%3c%2fbRN%3c%2fbN_V%3c%2fbVA%3c%2fbAL%3c%2fbLU%3c%2fbUE%3c%2fbES%3c%2fbS" href="#end"><b>R</bRE</bET</bTU</bUR</bRN</bN V</bVA</bAL</bLU</bUE</bES</bS</b></a> |
574 |
<a name="RETURN VALUES" href="#end"><b>RETURN VALUES</b></a> |
575 |
Upon successful execution of a program, the return value from <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will |
575 |
Upon successful execution of a program, the return value from <b>sudo</b> will |
576 |
simply be the return value of the program that was executed. |
576 |
simply be the return value of the program that was executed. |
577 |
|
577 |
|
578 |
Otherwise, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> quits with an exit value of 1 if there is a configura- |
578 |
Otherwise, <b>sudo</b> quits with an exit value of 1 if there is a configura- |
579 |
tion/permission problem or if <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> cannot execute the given command. |
579 |
tion/permission problem or if <b>sudo</b> cannot execute the given command. |
580 |
In the latter case the error string is printed to stderr. If <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> can- |
580 |
In the latter case the error string is printed to stderr. If <b>sudo</b> can- |
581 |
not <a href="/cgi/man.cgi?query=stat&sektion=2&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>stat</i>(2)</a> one or more entries in the user's PATH an error is printed |
581 |
not <a href="/cgi/man.cgi?query=stat&sektion=2&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>stat</i>(2)</a> one or more entries in the user's PATH an error is printed |
582 |
on stderr. (If the directory does not exist or if it is not really a |
582 |
on stderr. (If the directory does not exist or if it is not really a |
583 |
directory, the entry is ignored and no error is printed.) This should |
583 |
directory, the entry is ignored and no error is printed.) This should |
Lines 586-625
Link Here
|
586 |
mounter and one of the directories in your PATH is on a machine that is |
586 |
mounter and one of the directories in your PATH is on a machine that is |
587 |
currently unreachable. |
587 |
currently unreachable. |
588 |
|
588 |
|
589 |
<a name="S%3c%2fbSE%3c%2fbEC%3c%2fbCU%3c%2fbUR%3c%2fbRI%3c%2fbIT%3c%2fbTY%3c%2fbY_N%3c%2fbNO%3c%2fbOT%3c%2fbTE%3c%2fbES%3c%2fbS" href="#end"><b>S</bSE</bEC</bCU</bUR</bRI</bIT</bTY</bY N</bNO</bOT</bTE</bES</bS</b></a> |
589 |
<a name="SECURITY NOTES" href="#end"><b>SECURITY NOTES</b></a> |
590 |
<b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> tries to be safe when executing external commands. Variables that |
590 |
<b>sudo</b> tries to be safe when executing external commands. Variables that |
591 |
control how dynamic loading and binding is done can be used to subvert |
591 |
control how dynamic loading and binding is done can be used to subvert |
592 |
the program that <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> runs. To combat this the LD_*, _RLD_*, |
592 |
the program that <b>sudo</b> runs. To combat this the LD_*, _RLD_*, |
593 |
SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables |
593 |
SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables |
594 |
are removed from the environment passed on to all commands executed. |
594 |
are removed from the environment passed on to all commands executed. |
595 |
<b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will also remove the IFS, ENV, BASH_ENV, KRB_CONF, KRBCONFDIR, |
595 |
<b>sudo</b> will also remove the IFS, ENV, BASH_ENV, KRB_CONF, KRBCONFDIR, |
596 |
KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS, HOSTALIASES, NLSPATH, |
596 |
KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS, HOSTALIASES, NLSPATH, |
597 |
PATH_LOCALE, TERMINFO, TERMINFO_DIRS and TERMPATH variables as they too |
597 |
PATH_LOCALE, TERMINFO, TERMINFO_DIRS and TERMPATH variables as they too |
598 |
can pose a threat. If the TERMCAP variable is set and is a pathname, |
598 |
can pose a threat. If the TERMCAP variable is set and is a pathname, |
599 |
it too is ignored. Additionally, if the LC_* or LANGUAGE variables |
599 |
it too is ignored. Additionally, if the LC_* or LANGUAGE variables |
600 |
contain the / or % characters, they are ignored. If <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> has been com- |
600 |
contain the / or % characters, they are ignored. If <b>sudo</b> has been com- |
601 |
piled with SecurID support, the VAR_ACE, USR_ACE and DLC_ACE variables |
601 |
piled with SecurID support, the VAR_ACE, USR_ACE and DLC_ACE variables |
602 |
are cleared as well. The list of environment variables that <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> |
602 |
are cleared as well. The list of environment variables that <b>sudo</b> |
603 |
clears is contained in the output of sudo -V when run as root. |
603 |
clears is contained in the output of sudo -V when run as root. |
604 |
|
604 |
|
605 |
To prevent command spoofing, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> checks "." and "" (both denoting cur- |
605 |
To prevent command spoofing, <b>sudo</b> checks "." and "" (both denoting cur- |
606 |
rent directory) last when searching for a command in the user's PATH |
606 |
rent directory) last when searching for a command in the user's PATH |
607 |
(if one or both are in the PATH). Note, however, that the actual PATH |
607 |
(if one or both are in the PATH). Note, however, that the actual PATH |
608 |
environment variable is <i>not</i> modified and is passed unchanged to the |
608 |
environment variable is <i>not</i> modified and is passed unchanged to the |
609 |
program that <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> executes. |
609 |
program that <b>sudo</b> executes. |
610 |
|
610 |
|
611 |
For security reasons, if your OS supports shared libraries and does not |
611 |
For security reasons, if your OS supports shared libraries and does not |
612 |
disable user-defined library search paths for setuid programs (most |
612 |
disable user-defined library search paths for setuid programs (most |
613 |
do), you should either use a linker option that disables this behavior |
613 |
do), you should either use a linker option that disables this behavior |
614 |
or link <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> statically. |
614 |
or link <b>sudo</b> statically. |
615 |
|
615 |
|
616 |
<b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will check the ownership of its timestamp directory (<i>/var/run/sudo</i> |
616 |
<b>sudo</b> will check the ownership of its timestamp directory (<i>/var/run/sudo</i> |
617 |
by default) and ignore the directory's contents if it is not owned by |
617 |
by default) and ignore the directory's contents if it is not owned by |
618 |
root and only writable by root. On systems that allow non-root users |
618 |
root and only writable by root. On systems that allow non-root users |
619 |
to give away files via <a href="/cgi/man.cgi?query=chown&sektion=2&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>chown</i>(2)</a>, if the timestamp directory is located |
619 |
to give away files via <a href="/cgi/man.cgi?query=chown&sektion=2&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>chown</i>(2)</a>, if the timestamp directory is located |
620 |
in a directory writable by anyone (e.g.: <i>/tmp</i>), it is possible for a |
620 |
in a directory writable by anyone (e.g.: <i>/tmp</i>), it is possible for a |
621 |
user to create the timestamp directory before <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> is run. However, |
621 |
user to create the timestamp directory before <b>sudo</b> is run. However, |
622 |
because <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> checks the ownership and mode of the directory and its |
622 |
because <b>sudo</b> checks the ownership and mode of the directory and its |
623 |
contents, the only damage that can be done is to "hide" files by |
623 |
contents, the only damage that can be done is to "hide" files by |
624 |
putting them in the timestamp dir. This is unlikely to happen since |
624 |
putting them in the timestamp dir. This is unlikely to happen since |
625 |
once the timestamp dir is owned by root and inaccessible by any other |
625 |
once the timestamp dir is owned by root and inaccessible by any other |
Lines 629-649
Link Here
|
629 |
<i>/var/run/sudo</i> with the appropriate owner (root) and permissions (0700) |
629 |
<i>/var/run/sudo</i> with the appropriate owner (root) and permissions (0700) |
630 |
in the system startup files. |
630 |
in the system startup files. |
631 |
|
631 |
|
632 |
<b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will not honor timestamps set far in the future. Timestamps with |
632 |
<b>sudo</b> will not honor timestamps set far in the future. Timestamps with |
633 |
a date greater than current_time + 2 * TIMEOUT will be ignored and sudo |
633 |
a date greater than current_time + 2 * TIMEOUT will be ignored and sudo |
634 |
will log and complain. This is done to keep a user from creating |
634 |
will log and complain. This is done to keep a user from creating |
635 |
his/her own timestamp with a bogus date on systems that allow users to |
635 |
his/her own timestamp with a bogus date on systems that allow users to |
636 |
give away files. |
636 |
give away files. |
637 |
|
637 |
|
638 |
Please note that <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will only log the command it explicitly runs. If |
638 |
Please note that <b>sudo</b> will only log the command it explicitly runs. If |
639 |
a user runs a command such as sudo su or sudo sh, subsequent commands |
639 |
a user runs a command such as sudo su or sudo sh, subsequent commands |
640 |
run from that shell will <i>not</i> be logged, nor will <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b>'s access control |
640 |
run from that shell will <i>not</i> be logged, nor will <b>sudo</b>'s access control |
641 |
affect them. The same is true for commands that offer shell escapes |
641 |
affect them. The same is true for commands that offer shell escapes |
642 |
(including most editors). Because of this, care must be taken when |
642 |
(including most editors). Because of this, care must be taken when |
643 |
giving users access to commands via <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to verify that the command |
643 |
giving users access to commands via <b>sudo</b> to verify that the command |
644 |
does not inadvertantly give the user an effective root shell. |
644 |
does not inadvertantly give the user an effective root shell. |
645 |
|
645 |
|
646 |
<a name="E%3c%2fbEX%3c%2fbXA%3c%2fbAM%3c%2fbMP%3c%2fbPL%3c%2fbLE%3c%2fbES%3c%2fbS" href="#end"><b>E</bEX</bXA</bAM</bMP</bPL</bLE</bES</bS</b></a> |
646 |
<a name="EXAMPLES" href="#end"><b>EXAMPLES</b></a> |
647 |
Note: the following examples assume suitable <a href="/cgi/man.cgi?query=sudoers&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>sudoers</i>(5)</a> entries. |
647 |
Note: the following examples assume suitable <a href="/cgi/man.cgi?query=sudoers&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>sudoers</i>(5)</a> entries. |
648 |
|
648 |
|
649 |
To get a file listing of an unreadable directory: |
649 |
To get a file listing of an unreadable directory: |
Lines 669-676
Link Here
|
669 |
|
669 |
|
670 |
% sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" |
670 |
% sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" |
671 |
|
671 |
|
672 |
<a name="E%3c%2fbEN%3c%2fbNV%3c%2fbVI%3c%2fbIR%3c%2fbRO%3c%2fbON%3c%2fbNM%3c%2fbME%3c%2fbEN%3c%2fbNT%3c%2fbT" href="#end"><b>E</bEN</bNV</bVI</bIR</bRO</bON</bNM</bME</bEN</bNT</bT</b></a> |
672 |
<a name="ENVIRONMENT" href="#end"><b>ENVIRONMENT</b></a> |
673 |
<b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> utilizes the following environment variables: |
673 |
<b>sudo</b> utilizes the following environment variables: |
674 |
|
674 |
|
675 |
PATH Set to a sane value if SECURE_PATH is set |
675 |
PATH Set to a sane value if SECURE_PATH is set |
676 |
SHELL Used to determine shell to run with -s option |
676 |
SHELL Used to determine shell to run with -s option |
Lines 686-716
Link Here
|
686 |
SUDO_GID Set to the gid of the user who invoked sudo |
686 |
SUDO_GID Set to the gid of the user who invoked sudo |
687 |
SUDO_PS1 If set, PS1 will be set to its value |
687 |
SUDO_PS1 If set, PS1 will be set to its value |
688 |
|
688 |
|
689 |
<a name="F%3c%2fbFI%3c%2fbIL%3c%2fbLE%3c%2fbES%3c%2fbS" href="#end"><b>F</bFI</bIL</bLE</bES</bS</b></a> |
689 |
<a name="FILES" href="#end"><b>FILES</b></a> |
690 |
/etc/sudoers List of who can run what |
690 |
/etc/sudoers List of who can run what |
691 |
/var/run/sudo Directory containing timestamps |
691 |
/var/run/sudo Directory containing timestamps |
692 |
|
692 |
|
693 |
<a name="A%3c%2fbAU%3c%2fbUT%3c%2fbTH%3c%2fbHO%3c%2fbOR%3c%2fbRS%3c%2fbS" href="#end"><b>A</bAU</bUT</bTH</bHO</bOR</bRS</bS</b></a> |
693 |
<a name="AUTHORS" href="#end"><b>AUTHORS</b></a> |
694 |
Many people have worked on <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> over the years; this version consists |
694 |
Many people have worked on <b>sudo</b> over the years; this version consists |
695 |
of code written primarily by: |
695 |
of code written primarily by: |
696 |
|
696 |
|
697 |
Todd Miller |
697 |
Todd Miller |
698 |
Chris Jepeway |
698 |
Chris Jepeway |
699 |
|
699 |
|
700 |
See the HISTORY file in the <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> distribution or visit |
700 |
See the HISTORY file in the <b>sudo</b> distribution or visit |
701 |
<a href="http://www.sudo.ws/sudo/history.html">http://www.sudo.ws/sudo/history.html</a> for a short history of <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b>. |
701 |
<a href="http://www.sudo.ws/sudo/history.html">http://www.sudo.ws/sudo/history.html</a> for a short history of <b>sudo</b>. |
702 |
|
702 |
|
703 |
<a name="B%3c%2fbBU%3c%2fbUG%3c%2fbGS%3c%2fbS" href="#end"><b>B</bBU</bUG</bGS</bS</b></a> |
703 |
<a name="BUGS" href="#end"><b>BUGS</b></a> |
704 |
If you feel you have found a bug in sudo, please submit a bug report at |
704 |
If you feel you have found a bug in sudo, please submit a bug report at |
705 |
<a href="http://www.sudo.ws/sudo/bugs/">http://www.sudo.ws/sudo/bugs/</a> |
705 |
<a href="http://www.sudo.ws/sudo/bugs/">http://www.sudo.ws/sudo/bugs/</a> |
706 |
|
706 |
|
707 |
<a name="D%3c%2fbDI%3c%2fbIS%3c%2fbSC%3c%2fbCL%3c%2fbLA%3c%2fbAI%3c%2fbIM%3c%2fbME%3c%2fbER%3c%2fbR" href="#end"><b>D</bDI</bIS</bSC</bCL</bLA</bAI</bIM</bME</bER</bR</b></a> |
707 |
<a name="DISCLAIMER" href="#end"><b>DISCLAIMER</b></a> |
708 |
<b>S</b<b>Su</b<b>ud</b<b>do</b<b>o</b> is provided ``AS IS'' and any express or implied warranties, |
708 |
<b>Sudo</b> is provided ``AS IS'' and any express or implied warranties, |
709 |
including, but not limited to, the implied warranties of merchantabil- |
709 |
including, but not limited to, the implied warranties of merchantabil- |
710 |
ity and fitness for a particular purpose are disclaimed. See the |
710 |
ity and fitness for a particular purpose are disclaimed. See the |
711 |
LICENSE file distributed with <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> for complete details. |
711 |
LICENSE file distributed with <b>sudo</b> for complete details. |
712 |
|
712 |
|
713 |
<a name="C%3c%2fbCA%3c%2fbAV%3c%2fbVE%3c%2fbEA%3c%2fbAT%3c%2fbTS%3c%2fbS" href="#end"><b>C</bCA</bAV</bVE</bEA</bAT</bTS</bS</b></a> |
713 |
<a name="CAVEATS" href="#end"><b>CAVEATS</b></a> |
714 |
There is no easy way to prevent a user from gaining a root shell if |
714 |
There is no easy way to prevent a user from gaining a root shell if |
715 |
that user has access to commands allowing shell escapes. |
715 |
that user has access to commands allowing shell escapes. |
716 |
|
716 |
|
Lines 718-729
Link Here
|
718 |
their own program that gives them a root shell regardless of any '!' |
718 |
their own program that gives them a root shell regardless of any '!' |
719 |
elements in the user specification. |
719 |
elements in the user specification. |
720 |
|
720 |
|
721 |
Running shell scripts via <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> can expose the same kernel bugs that |
721 |
Running shell scripts via <b>sudo</b> can expose the same kernel bugs that |
722 |
make setuid shell scripts unsafe on some operating systems (if your OS |
722 |
make setuid shell scripts unsafe on some operating systems (if your OS |
723 |
supports the /dev/fd/ directory, setuid shell scripts are generally |
723 |
supports the /dev/fd/ directory, setuid shell scripts are generally |
724 |
safe). |
724 |
safe). |
725 |
|
725 |
|
726 |
<a name="S%3c%2fbSE%3c%2fbEE%3c%2fbE_A%3c%2fbAL%3c%2fbLS%3c%2fbSO%3c%2fbO" href="#end"><b>S</bSE</bEE</bE A</bAL</bLS</bSO</bO</b></a> |
726 |
<a name="SEE_ALSO" href="#end"><b>SEE_ALSO</b></a> |
727 |
<a href="/cgi/man.cgi?query=stat&sektion=2&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>stat</i>(2)</a>, <i>login</i><b>_</b><a href="/cgi/man.cgi?query=cap&sektion=3&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>cap</i>(3)</a>, <a href="/cgi/man.cgi?query=sudoers&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>sudoers</i>(5)</a>, <a href="/cgi/man.cgi?query=passwd&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>passwd</i>(5)</a>, <a href="/cgi/man.cgi?query=visudo&sektion=8&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>visudo</i>(8)</a>, <a href="/cgi/man.cgi?query=grep&sektion=1&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>grep</i>(1)</a>, |
727 |
<a href="/cgi/man.cgi?query=stat&sektion=2&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>stat</i>(2)</a>, <i>login</i><b>_</b><a href="/cgi/man.cgi?query=cap&sektion=3&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>cap</i>(3)</a>, <a href="/cgi/man.cgi?query=sudoers&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>sudoers</i>(5)</a>, <a href="/cgi/man.cgi?query=passwd&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>passwd</i>(5)</a>, <a href="/cgi/man.cgi?query=visudo&sektion=8&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>visudo</i>(8)</a>, <a href="/cgi/man.cgi?query=grep&sektion=1&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>grep</i>(1)</a>, |
728 |
<a href="/cgi/man.cgi?query=su&sektion=1&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>su</i>(1)</a>. |
728 |
<a href="/cgi/man.cgi?query=su&sektion=1&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>su</i>(1)</a>. |
729 |
|
729 |
|
Lines 731-750
Link Here
|
731 |
</pre> |
731 |
</pre> |
732 |
<a name="end" /> |
732 |
<a name="end" /> |
733 |
<hr /> |
733 |
<hr /> |
734 |
<a href="#N%3c%2fbNA%3c%2fbAM%3c%2fbME%3c%2fbE">N</bNA</bAM</bME</bE</a> | |
734 |
<a href="#NAME">NAME</a> | |
735 |
<a href="#S%3c%2fbSY%3c%2fbYN%3c%2fbNO%3c%2fbOP%3c%2fbPS%3c%2fbSI%3c%2fbIS%3c%2fbS">S</bSY</bYN</bNO</bOP</bPS</bSI</bIS</bS</a> | |
735 |
<a href="#SYNOPSIS">SYNOPSIS</a> | |
736 |
<a href="#D%3c%2fbDE%3c%2fbES%3c%2fbSC%3c%2fbCR%3c%2fbRI%3c%2fbIP%3c%2fbPT%3c%2fbTI%3c%2fbIO%3c%2fbON%3c%2fbN">D</bDE</bES</bSC</bCR</bRI</bIP</bPT</bTI</bIO</bON</bN</a> | |
736 |
<a href="#DESCRIPTION">DESCRIPTION</a> | |
737 |
<a href="#O%3c%2fbOP%3c%2fbPT%3c%2fbTI%3c%2fbIO%3c%2fbON%3c%2fbNS%3c%2fbS">O</bOP</bPT</bTI</bIO</bON</bNS</bS</a> | |
737 |
<a href="#OPTIONS">OPTIONS</a> | |
738 |
<a href="#R%3c%2fbRE%3c%2fbET%3c%2fbTU%3c%2fbUR%3c%2fbRN%3c%2fbN_V%3c%2fbVA%3c%2fbAL%3c%2fbLU%3c%2fbUE%3c%2fbES%3c%2fbS">R</bRE</bET</bTU</bUR</bRN</bN V</bVA</bAL</bLU</bUE</bES</bS</a> | |
738 |
<a href="#RETURN_VALUES">RETURN VALUES</a> | |
739 |
<a href="#S%3c%2fbSE%3c%2fbEC%3c%2fbCU%3c%2fbUR%3c%2fbRI%3c%2fbIT%3c%2fbTY%3c%2fbY_N%3c%2fbNO%3c%2fbOT%3c%2fbTE%3c%2fbES%3c%2fbS">S</bSE</bEC</bCU</bUR</bRI</bIT</bTY</bY N</bNO</bOT</bTE</bES</bS</a> | |
739 |
<a href="#SECURITY_NOTES">SECURITY NOTES</a> | |
740 |
<a href="#E%3c%2fbEX%3c%2fbXA%3c%2fbAM%3c%2fbMP%3c%2fbPL%3c%2fbLE%3c%2fbES%3c%2fbS">E</bEX</bXA</bAM</bMP</bPL</bLE</bES</bS</a> | |
740 |
<a href="#ENVIRONMENT">ENVIRONMENT</a> | |
741 |
<a href="#E%3c%2fbEN%3c%2fbNV%3c%2fbVI%3c%2fbIR%3c%2fbRO%3c%2fbON%3c%2fbNM%3c%2fbME%3c%2fbEN%3c%2fbNT%3c%2fbT">E</bEN</bNV</bVI</bIR</bRO</bON</bNM</bME</bEN</bNT</bT</a> | |
741 |
<a href="#FILES">FILES</a> | |
742 |
<a href="#F%3c%2fbFI%3c%2fbIL%3c%2fbLE%3c%2fbES%3c%2fbS">F</bFI</bIL</bLE</bES</bS</a> | |
742 |
<a href="#EXAMPLES">EXAMPLES</a> | |
743 |
<a href="#A%3c%2fbAU%3c%2fbUT%3c%2fbTH%3c%2fbHO%3c%2fbOR%3c%2fbRS%3c%2fbS">A</bAU</bUT</bTH</bHO</bOR</bRS</bS</a> | |
743 |
<a href="#SEE_ALSO">SEE ALSO</a> | |
744 |
<a href="#B%3c%2fbBU%3c%2fbUG%3c%2fbGS%3c%2fbS">B</bBU</bUG</bGS</bS</a> | |
744 |
<a href="#AUTHORS">AUTHORS</a> | |
745 |
<a href="#D%3c%2fbDI%3c%2fbIS%3c%2fbSC%3c%2fbCL%3c%2fbLA%3c%2fbAI%3c%2fbIM%3c%2fbME%3c%2fbER%3c%2fbR">D</bDI</bIS</bSC</bCL</bLA</bAI</bIM</bME</bER</bR</a> | |
745 |
<a href="#CAVEATS">CAVEATS</a> | |
746 |
<a href="#C%3c%2fbCA%3c%2fbAV%3c%2fbVE%3c%2fbEA%3c%2fbAT%3c%2fbTS%3c%2fbS">C</bCA</bAV</bVE</bEA</bAT</bTS</bS</a> | |
746 |
<a href="#BUGS">BUGS</a> | |
747 |
<a href="#S%3c%2fbSE%3c%2fbEE%3c%2fbE_A%3c%2fbAL%3c%2fbLS%3c%2fbSO%3c%2fbO">S</bSE</bEE</bE A</bAL</bLS</bSO</bO</a> |
747 |
<a href="#SUPPORT">SUPPORT</a> | |
|
|
748 |
<a href="#DISCLAIMER">DISCLAIMER</a> |
748 |
<p align="left">Want to link to this manual page? Use this URL:<br/><<a href="http://www.freebsd.org/cgi/man.cgi?query=sudo&manpath=Red+Hat+Linux%2fi386+9">http://www.freebsd.org/cgi/man.cgi?query=sudo&manpath=Red+Hat+Linux%2fi386+9</a>></p> |
749 |
<p align="left">Want to link to this manual page? Use this URL:<br/><<a href="http://www.freebsd.org/cgi/man.cgi?query=sudo&manpath=Red+Hat+Linux%2fi386+9">http://www.freebsd.org/cgi/man.cgi?query=sudo&manpath=Red+Hat+Linux%2fi386+9</a>></p> |
749 |
<a href="/cgi/man.cgi?manpath=">home</a> | <a href="/cgi/man.cgi/help.html">help</a> |
750 |
<a href="/cgi/man.cgi?manpath=">home</a> | <a href="/cgi/man.cgi/help.html">help</a> |
750 |
<hr noshade="noshade" /> |
751 |
<hr noshade="noshade" /> |