FreeBSD Bugzilla – Attachment 120352 Details for
Bug 163149
[patch] Red Hat Linux/i386 9 HTML format sudo man page is mangled
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 28.60 KB, created by
Chris
on 2011-12-09 13:20:06 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Chris
Created:
2011-12-09 13:20:06 UTC
Size:
28.60 KB
patch
obsolete
>--- sudo_redhat_i386_9.cgi 2011-12-08 22:00:17.000000000 +0000 >+++ sudo_redhat_i386_9_new.cgi 2011-12-08 22:50:48.000000000 +0000 >@@ -451,133 +451,133 @@ > <pre> > sudo(8) MAINTENANCE COMMANDS sudo(8) > >-<a name="N%3c%2fbNA%3c%2fbAM%3c%2fbME%3c%2fbE" href="#end"><b>N</bNA</bAM</bME</bE</b></a> >+<a name="NAME" href="#end"><b>NAME</b></a> > sudo - execute a command as another user > >-<a name="S%3c%2fbSY%3c%2fbYN%3c%2fbNO%3c%2fbOP%3c%2fbPS%3c%2fbSI%3c%2fbIS%3c%2fbS" href="#end"><b>S</bSY</bYN</bNO</bOP</bPS</bSI</bIS</bS</b></a> >- <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> <b>-</b<b>-V</b<b>V</b> | <b>-</b<b>-h</b<b>h</b> | <b>-</b<b>-l</b<b>l</b> | <b>-</b<b>-L</b<b>L</b> | <b>-</b<b>-v</b<b>v</b> | <b>-</b<b>-k</b<b>k</b> | <b>-</b<b>-K</b<b>K</b> | <b>-</b<b>-s</b<b>s</b> | [ <b>-</b<b>-H</b<b>H</b> ] [<b>-</b<b>-P</b<b>P</b> ] [<b>-</b<b>-S</b<b>S</b> ] [ <b>-</b<b>-b</b<b>b</b> ] >- | [ <b>-</b<b>-p</b<b>p</b> <i>prompt</i> ] [ <b>-</b<b>-c</b<b>c</b> <i>class</i>|<i>-</i> ] [ <b>-</b<b>-a</b<b>a</b> <i>auth</i><b>_</b><i>type</i> ] [ <b>-</b<b>-u</b<b>u</b> <i>username</i>|<i>#uid</i> ] >+<a name="SYNOPSIS" href="#end"><b>SYNOPSIS</b></a> >+ <b>sudo</b> <b>-V</b> | <b>-h</b> | <b>-l</b> | <b>-L</b> | <b>-v</b> | <b>-k</b> | <b>-K</b> | <b>-s</b> | [ <b>-H</b> ] [<b>-P</b> ] [<b>-S</b> ] [ <b>-b</b> ] >+ | [ <b>-p</b> <i>prompt</i> ] [ <b>-c</b> <i>class</i>|<i>-</i> ] [ <b>-a</b> <i>auth</i><b>_</b><i>type</i> ] [ <b>-u</b> <i>username</i>|<i>#uid</i> ] > <i>command</i> > >-<a name="D%3c%2fbDE%3c%2fbES%3c%2fbSC%3c%2fbCR%3c%2fbRI%3c%2fbIP%3c%2fbPT%3c%2fbTI%3c%2fbIO%3c%2fbON%3c%2fbN" href="#end"><b>D</bDE</bES</bSC</bCR</bRI</bIP</bPT</bTI</bIO</bON</bN</b></a> >- <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> allows a permitted user to execute a <i>command</i> as the superuser or >+<a name="DESCRIPTION" href="#end"><b>DESCRIPTION</b></a> >+ <b>sudo</b> allows a permitted user to execute a <i>command</i> as the superuser or > another user, as specified in the <i>sudoers</i> file. The real and effective > uid and gid are set to match those of the target user as specified in > the passwd file (the group vector is also initialized when the target >- user is not root). By default, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> requires that users authenticate >+ user is not root). By default, <b>sudo</b> requires that users authenticate > themselves with a password (NOTE: by default this is the user's pass- > word, not the root password). Once a user has been authenticated, a > timestamp is updated and the user may then use sudo without a password > for a short period of time (5 minutes unless overridden in <i>sudoers</i>). > >- <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> determines who is an authorized user by consulting the file >- <i>/etc/sudoers</i>. By giving <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> the <b>-</b<b>-v</b<b>v</b> flag a user can update the time >+ <b>sudo</b> determines who is an authorized user by consulting the file >+ <i>/etc/sudoers</i>. By giving <b>sudo</b> the <b>-</b<b>-v</b<b>v</b> flag a user can update the time > stamp without running a <i>command.</i> The password prompt itself will also > time out if the user's password is not entered within 5 minutes (unless > overridden via <i>sudoers</i>). > > If a user who is not listed in the <i>sudoers</i> file tries to run a command >- via <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b>, mail is sent to the proper authorities, as defined at config- >+ via <b>sudo</b>, mail is sent to the proper authorities, as defined at config- > ure time or the <i>sudoers</i> file (defaults to root). Note that the mail > will not be sent if an unauthorized user tries to run sudo with the <b>-</b<b>-l</b<b>l</b> > or <b>-</b<b>-v</b<b>v</b> flags. This allows users to determine for themselves whether or >- not they are allowed to use <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b>. >+ not they are allowed to use <b>sudo</b>. > >- <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> can log both successful and unsuccessful attempts (as well as >- errors) to <a href="/cgi/man.cgi?query=syslog&sektion=3&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>syslog</i>(3)</a>, a log file, or both. By default <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will log >+ <b>sudo</b> can log both successful and unsuccessful attempts (as well as >+ errors) to <a href="/cgi/man.cgi?query=syslog&sektion=3&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>syslog</i>(3)</a>, a log file, or both. By default <b>sudo</b> will log > via <a href="/cgi/man.cgi?query=syslog&sektion=3&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>syslog</i>(3)</a> but this is changeable at configure time or via the <i>sudo-</i> > <i>ers</i> file. > >-<a name="O%3c%2fbOP%3c%2fbPT%3c%2fbTI%3c%2fbIO%3c%2fbON%3c%2fbNS%3c%2fbS" href="#end"><b>O</bOP</bPT</bTI</bIO</bON</bNS</bS</b></a> >- <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> accepts the following command line options: >+<a name="OPTIONS" href="#end"><b>OPTIONS</b></a> >+ <b>sudo</b> accepts the following command line options: > >- -V The <b>-</b<b>-V</b<b>V</b> (<i>version</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to print the version number and >- exit. If the invoking user is already root the <b>-</b<b>-V</b<b>V</b> option will >- print out a list of the defaults <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> was compiled with as well as >+ -V The <b>-V</b> (<i>version</i>) option causes <b>sudo</b> to print the version number and >+ exit. If the invoking user is already root the <b>-V</b> option will >+ print out a list of the defaults <b>sudo</b> was compiled with as well as > the machine's local network addresses. > >- -l The <b>-</b<b>-l</b<b>l</b> (<i>list</i>) option will list out the allowed (and forbidden) com- >+ -l The <b>-l</b> (<i>list</i>) option will list out the allowed (and forbidden) com- > mands for the user on the current host. > >- -L The <b>-</b<b>-L</b<b>L</b> (<i>list</i> defaults) option will list out the parameters that may >+ -L The <b>-L</b> (<i>list</i> defaults) option will list out the parameters that may > be set in a <i>Defaults</i> line along with a short description for each. > This option is useful in conjunction with <a href="/cgi/man.cgi?query=grep&sektion=1&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>grep</i>(1)</a>. > >- -h The <b>-</b<b>-h</b<b>h</b> (<i>help</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to print a usage message and exit. >+ -h The <b>-h</b> (<i>help</i>) option causes <b>sudo</b> to print a usage message and exit. > >- -v If given the <b>-</b<b>-v</b<b>v</b> (<i>validate</i>) option, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will update the user's >+ -v If given the <b>-v</b> (<i>validate</i>) option, <b>sudo</b> will update the user's > timestamp, prompting for the user's password if necessary. This >- extends the <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> timeout for another 5 minutes (or whatever the >+ extends the <b>sudo</b> timeout for another 5 minutes (or whatever the > timeout is set to in <i>sudoers</i>) but does not run a command. > >- -k The <b>-</b<b>-k</b<b>k</b> (<i>kill</i>) option to <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> invalidates the user's timestamp by >- setting the time on it to the epoch. The next time <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> is run a >+ -k The <b>-k</b> (<i>kill</i>) option to <b>sudo</b> invalidates the user's timestamp by >+ setting the time on it to the epoch. The next time <b>sudo</b> is run a > password will be required. This option does not require a password >- and was added to allow a user to revoke <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> permissions from a >+ and was added to allow a user to revoke <b>sudo</b> permissions from a > .logout file. > >- -K The <b>-</b<b>-K</b<b>K</b> (sure <i>kill</i>) option to <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> removes the user's timestamp >+ -K The <b>-K</b> (sure <i>kill</i>) option to <b>sudo</b> removes the user's timestamp > entirely. Likewise, this option does not require a password. > >- -b The <b>-</b<b>-b</b<b>b</b> (<i>background</i>) option tells <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to run the given command in >- the background. Note that if you use the <b>-</b<b>-b</b<b>b</b> option you cannot use >+ -b The <b>-b</b> (<i>background</i>) option tells <b>sudo</b> to run the given command in >+ the background. Note that if you use the <b>-b</b> option you cannot use > shell job control to manipulate the process. > >- -p The <b>-</b<b>-p</b<b>p</b> (<i>prompt</i>) option allows you to override the default password >+ -p The <b>-p</b> (<i>prompt</i>) option allows you to override the default password > prompt and use a custom one. If the password prompt contains the > %u escape, %u will be replaced with the user's login name. Simi- > larly, %h will be replaced with the local hostname. > >- -c The <b>-</b<b>-c</b<b>c</b> (<i>class</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to run the specified command with >+ -c The <b>-c</b> (<i>class</i>) option causes <b>sudo</b> to run the specified command with > resources limited by the specified login class. The <i>class</i> argument > can be either a class name as defined in /etc/login.conf, or a sin- > gle '-' character. Specifying a <i>class</i> of - indicates that the com- > mand should be run restricted by the default login capabilities for > the user the command is run as. If the <i>class</i> argument specifies an >- existing user class, the command must be run as root, or the <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> >+ existing user class, the command must be run as root, or the <b>sudo</b> > command must be run from a shell that is already root. This option >- is only available on systems with BSD login classes where <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> has >+ is only available on systems with BSD login classes where <b>sudo</b> has > been configured with the --with-logincap option. > >- -a The <b>-</b<b>-a</b<b>a</b> (<i>authentication</i> <i>type</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to use the speci- >+ -a The <b>-a</b> (<i>authentication</i> <i>type</i>) option causes <b>sudo</b> to use the speci- > fied authentication type when validating the user, as allowed by > /etc/login.conf. The system administrator may specify a list of > sudo-specific authentication methods by adding an "auth-sudo" entry > in /etc/login.conf. This option is only available on systems that >- support BSD authentication where <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> has been configured with the >+ support BSD authentication where <b>sudo</b> has been configured with the > --with-bsdauth option. > >- -u The <b>-</b<b>-u</b<b>u</b> (<i>user</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to run the specified command as a >+ -u The <b>-u</b> (<i>user</i>) option causes <b>sudo</b> to run the specified command as a > user other than <i>root</i>. To specify a <i>uid</i> instead of a <i>username</i>, use > <i>#uid</i>. > >- -s The <b>-</b<b>-s</b<b>s</b> (<i>shell</i>) option runs the shell specified by the <i>SHELL</i> envi- >+ -s The <b>-s</b> (<i>shell</i>) option runs the shell specified by the <i>SHELL</i> envi- > ronment variable if it is set or the shell as specified in > <a href="/cgi/man.cgi?query=passwd&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>passwd</i>(5)</a>. > >- -H The <b>-</b<b>-H</b<b>H</b> (<i>HOME</i>) option sets the HOME environment variable to the >+ -H The <b>-H</b> (<i>HOME</i>) option sets the HOME environment variable to the > homedir of the target user (root by default) as specified in >- <a href="/cgi/man.cgi?query=passwd&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>passwd</i>(5)</a>. By default, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> does not modify HOME. >+ <a href="/cgi/man.cgi?query=passwd&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>passwd</i>(5)</a>. By default, <b>sudo</b> does not modify HOME. > >- -P The <b>-</b<b>-P</b<b>P</b> (<i>preserve</i> <i>group</i> <i>vector</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to preserve the >- user's group vector unaltered. By default, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will initialize >+ -P The <b>-P</b> (<i>preserve</i> <i>group</i> <i>vector</i>) option causes <b>sudo</b> to preserve the >+ user's group vector unaltered. By default, <b>sudo</b> will initialize > the group vector to the list of groups the target user is in. The > real and effective group IDs, however, are still set to match the > target user. > >- -S The <b>-</b<b>-S</b<b>S</b> (<i>stdin</i>) option causes <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to read the password from stan- >+ -S The <b>-S</b> (<i>stdin</i>) option causes <b>sudo</b> to read the password from stan- > dard input instead of the terminal device. > >- -- The <b>-</b<b>--</b<b>-</b> flag indicates that <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> should stop processing command line >- arguments. It is most useful in conjunction with the <b>-</b<b>-s</b<b>s</b> flag. >+ -- The <b>--</b> flag indicates that <b>sudo</b> should stop processing command line >+ arguments. It is most useful in conjunction with the <b>-s</b> flag. > >-<a name="R%3c%2fbRE%3c%2fbET%3c%2fbTU%3c%2fbUR%3c%2fbRN%3c%2fbN_V%3c%2fbVA%3c%2fbAL%3c%2fbLU%3c%2fbUE%3c%2fbES%3c%2fbS" href="#end"><b>R</bRE</bET</bTU</bUR</bRN</bN V</bVA</bAL</bLU</bUE</bES</bS</b></a> >- Upon successful execution of a program, the return value from <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will >+<a name="RETURN VALUES" href="#end"><b>RETURN VALUES</b></a> >+ Upon successful execution of a program, the return value from <b>sudo</b> will > simply be the return value of the program that was executed. > >- Otherwise, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> quits with an exit value of 1 if there is a configura- >- tion/permission problem or if <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> cannot execute the given command. >- In the latter case the error string is printed to stderr. If <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> can- >+ Otherwise, <b>sudo</b> quits with an exit value of 1 if there is a configura- >+ tion/permission problem or if <b>sudo</b> cannot execute the given command. >+ In the latter case the error string is printed to stderr. If <b>sudo</b> can- > not <a href="/cgi/man.cgi?query=stat&sektion=2&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>stat</i>(2)</a> one or more entries in the user's PATH an error is printed > on stderr. (If the directory does not exist or if it is not really a > directory, the entry is ignored and no error is printed.) This should >@@ -586,40 +586,40 @@ > mounter and one of the directories in your PATH is on a machine that is > currently unreachable. > >-<a name="S%3c%2fbSE%3c%2fbEC%3c%2fbCU%3c%2fbUR%3c%2fbRI%3c%2fbIT%3c%2fbTY%3c%2fbY_N%3c%2fbNO%3c%2fbOT%3c%2fbTE%3c%2fbES%3c%2fbS" href="#end"><b>S</bSE</bEC</bCU</bUR</bRI</bIT</bTY</bY N</bNO</bOT</bTE</bES</bS</b></a> >- <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> tries to be safe when executing external commands. Variables that >+<a name="SECURITY NOTES" href="#end"><b>SECURITY NOTES</b></a> >+ <b>sudo</b> tries to be safe when executing external commands. Variables that > control how dynamic loading and binding is done can be used to subvert >- the program that <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> runs. To combat this the LD_*, _RLD_*, >+ the program that <b>sudo</b> runs. To combat this the LD_*, _RLD_*, > SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables > are removed from the environment passed on to all commands executed. >- <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will also remove the IFS, ENV, BASH_ENV, KRB_CONF, KRBCONFDIR, >+ <b>sudo</b> will also remove the IFS, ENV, BASH_ENV, KRB_CONF, KRBCONFDIR, > KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS, HOSTALIASES, NLSPATH, > PATH_LOCALE, TERMINFO, TERMINFO_DIRS and TERMPATH variables as they too > can pose a threat. If the TERMCAP variable is set and is a pathname, > it too is ignored. Additionally, if the LC_* or LANGUAGE variables >- contain the / or % characters, they are ignored. If <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> has been com- >+ contain the / or % characters, they are ignored. If <b>sudo</b> has been com- > piled with SecurID support, the VAR_ACE, USR_ACE and DLC_ACE variables >- are cleared as well. The list of environment variables that <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> >+ are cleared as well. The list of environment variables that <b>sudo</b> > clears is contained in the output of sudo -V when run as root. > >- To prevent command spoofing, <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> checks "." and "" (both denoting cur- >+ To prevent command spoofing, <b>sudo</b> checks "." and "" (both denoting cur- > rent directory) last when searching for a command in the user's PATH > (if one or both are in the PATH). Note, however, that the actual PATH > environment variable is <i>not</i> modified and is passed unchanged to the >- program that <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> executes. >+ program that <b>sudo</b> executes. > > For security reasons, if your OS supports shared libraries and does not > disable user-defined library search paths for setuid programs (most > do), you should either use a linker option that disables this behavior >- or link <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> statically. >+ or link <b>sudo</b> statically. > >- <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will check the ownership of its timestamp directory (<i>/var/run/sudo</i> >+ <b>sudo</b> will check the ownership of its timestamp directory (<i>/var/run/sudo</i> > by default) and ignore the directory's contents if it is not owned by > root and only writable by root. On systems that allow non-root users > to give away files via <a href="/cgi/man.cgi?query=chown&sektion=2&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>chown</i>(2)</a>, if the timestamp directory is located > in a directory writable by anyone (e.g.: <i>/tmp</i>), it is possible for a >- user to create the timestamp directory before <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> is run. However, >- because <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> checks the ownership and mode of the directory and its >+ user to create the timestamp directory before <b>sudo</b> is run. However, >+ because <b>sudo</b> checks the ownership and mode of the directory and its > contents, the only damage that can be done is to "hide" files by > putting them in the timestamp dir. This is unlikely to happen since > once the timestamp dir is owned by root and inaccessible by any other >@@ -629,21 +629,21 @@ > <i>/var/run/sudo</i> with the appropriate owner (root) and permissions (0700) > in the system startup files. > >- <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will not honor timestamps set far in the future. Timestamps with >+ <b>sudo</b> will not honor timestamps set far in the future. Timestamps with > a date greater than current_time + 2 * TIMEOUT will be ignored and sudo > will log and complain. This is done to keep a user from creating > his/her own timestamp with a bogus date on systems that allow users to > give away files. > >- Please note that <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> will only log the command it explicitly runs. If >+ Please note that <b>sudo</b> will only log the command it explicitly runs. If > a user runs a command such as sudo su or sudo sh, subsequent commands >- run from that shell will <i>not</i> be logged, nor will <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b>'s access control >+ run from that shell will <i>not</i> be logged, nor will <b>sudo</b>'s access control > affect them. The same is true for commands that offer shell escapes > (including most editors). Because of this, care must be taken when >- giving users access to commands via <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> to verify that the command >+ giving users access to commands via <b>sudo</b> to verify that the command > does not inadvertantly give the user an effective root shell. > >-<a name="E%3c%2fbEX%3c%2fbXA%3c%2fbAM%3c%2fbMP%3c%2fbPL%3c%2fbLE%3c%2fbES%3c%2fbS" href="#end"><b>E</bEX</bXA</bAM</bMP</bPL</bLE</bES</bS</b></a> >+<a name="EXAMPLES" href="#end"><b>EXAMPLES</b></a> > Note: the following examples assume suitable <a href="/cgi/man.cgi?query=sudoers&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>sudoers</i>(5)</a> entries. > > To get a file listing of an unreadable directory: >@@ -669,8 +669,8 @@ > > % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" > >-<a name="E%3c%2fbEN%3c%2fbNV%3c%2fbVI%3c%2fbIR%3c%2fbRO%3c%2fbON%3c%2fbNM%3c%2fbME%3c%2fbEN%3c%2fbNT%3c%2fbT" href="#end"><b>E</bEN</bNV</bVI</bIR</bRO</bON</bNM</bME</bEN</bNT</bT</b></a> >- <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> utilizes the following environment variables: >+<a name="ENVIRONMENT" href="#end"><b>ENVIRONMENT</b></a> >+ <b>sudo</b> utilizes the following environment variables: > > PATH Set to a sane value if SECURE_PATH is set > SHELL Used to determine shell to run with -s option >@@ -686,31 +686,31 @@ > SUDO_GID Set to the gid of the user who invoked sudo > SUDO_PS1 If set, PS1 will be set to its value > >-<a name="F%3c%2fbFI%3c%2fbIL%3c%2fbLE%3c%2fbES%3c%2fbS" href="#end"><b>F</bFI</bIL</bLE</bES</bS</b></a> >+<a name="FILES" href="#end"><b>FILES</b></a> > /etc/sudoers List of who can run what > /var/run/sudo Directory containing timestamps > >-<a name="A%3c%2fbAU%3c%2fbUT%3c%2fbTH%3c%2fbHO%3c%2fbOR%3c%2fbRS%3c%2fbS" href="#end"><b>A</bAU</bUT</bTH</bHO</bOR</bRS</bS</b></a> >- Many people have worked on <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> over the years; this version consists >+<a name="AUTHORS" href="#end"><b>AUTHORS</b></a> >+ Many people have worked on <b>sudo</b> over the years; this version consists > of code written primarily by: > > Todd Miller > Chris Jepeway > >- See the HISTORY file in the <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> distribution or visit >- <a href="http://www.sudo.ws/sudo/history.html">http://www.sudo.ws/sudo/history.html</a> for a short history of <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b>. >+ See the HISTORY file in the <b>sudo</b> distribution or visit >+ <a href="http://www.sudo.ws/sudo/history.html">http://www.sudo.ws/sudo/history.html</a> for a short history of <b>sudo</b>. > >-<a name="B%3c%2fbBU%3c%2fbUG%3c%2fbGS%3c%2fbS" href="#end"><b>B</bBU</bUG</bGS</bS</b></a> >+<a name="BUGS" href="#end"><b>BUGS</b></a> > If you feel you have found a bug in sudo, please submit a bug report at > <a href="http://www.sudo.ws/sudo/bugs/">http://www.sudo.ws/sudo/bugs/</a> > >-<a name="D%3c%2fbDI%3c%2fbIS%3c%2fbSC%3c%2fbCL%3c%2fbLA%3c%2fbAI%3c%2fbIM%3c%2fbME%3c%2fbER%3c%2fbR" href="#end"><b>D</bDI</bIS</bSC</bCL</bLA</bAI</bIM</bME</bER</bR</b></a> >- <b>S</b<b>Su</b<b>ud</b<b>do</b<b>o</b> is provided ``AS IS'' and any express or implied warranties, >+<a name="DISCLAIMER" href="#end"><b>DISCLAIMER</b></a> >+ <b>Sudo</b> is provided ``AS IS'' and any express or implied warranties, > including, but not limited to, the implied warranties of merchantabil- > ity and fitness for a particular purpose are disclaimed. See the >- LICENSE file distributed with <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> for complete details. >+ LICENSE file distributed with <b>sudo</b> for complete details. > >-<a name="C%3c%2fbCA%3c%2fbAV%3c%2fbVE%3c%2fbEA%3c%2fbAT%3c%2fbTS%3c%2fbS" href="#end"><b>C</bCA</bAV</bVE</bEA</bAT</bTS</bS</b></a> >+<a name="CAVEATS" href="#end"><b>CAVEATS</b></a> > There is no easy way to prevent a user from gaining a root shell if > that user has access to commands allowing shell escapes. > >@@ -718,12 +718,12 @@ > their own program that gives them a root shell regardless of any '!' > elements in the user specification. > >- Running shell scripts via <b>s</b<b>su</b<b>ud</b<b>do</b<b>o</b> can expose the same kernel bugs that >+ Running shell scripts via <b>sudo</b> can expose the same kernel bugs that > make setuid shell scripts unsafe on some operating systems (if your OS > supports the /dev/fd/ directory, setuid shell scripts are generally > safe). > >-<a name="S%3c%2fbSE%3c%2fbEE%3c%2fbE_A%3c%2fbAL%3c%2fbLS%3c%2fbSO%3c%2fbO" href="#end"><b>S</bSE</bEE</bE A</bAL</bLS</bSO</bO</b></a> >+<a name="SEE_ALSO" href="#end"><b>SEE_ALSO</b></a> > <a href="/cgi/man.cgi?query=stat&sektion=2&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>stat</i>(2)</a>, <i>login</i><b>_</b><a href="/cgi/man.cgi?query=cap&sektion=3&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>cap</i>(3)</a>, <a href="/cgi/man.cgi?query=sudoers&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>sudoers</i>(5)</a>, <a href="/cgi/man.cgi?query=passwd&sektion=5&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>passwd</i>(5)</a>, <a href="/cgi/man.cgi?query=visudo&sektion=8&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>visudo</i>(8)</a>, <a href="/cgi/man.cgi?query=grep&sektion=1&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>grep</i>(1)</a>, > <a href="/cgi/man.cgi?query=su&sektion=1&apropos=0&manpath=Red+Hat+Linux%2fi386+9"><i>su</i>(1)</a>. > >@@ -731,20 +731,21 @@ > </pre> > <a name="end" /> > <hr /> >-<a href="#N%3c%2fbNA%3c%2fbAM%3c%2fbME%3c%2fbE">N</bNA</bAM</bME</bE</a> | >-<a href="#S%3c%2fbSY%3c%2fbYN%3c%2fbNO%3c%2fbOP%3c%2fbPS%3c%2fbSI%3c%2fbIS%3c%2fbS">S</bSY</bYN</bNO</bOP</bPS</bSI</bIS</bS</a> | >-<a href="#D%3c%2fbDE%3c%2fbES%3c%2fbSC%3c%2fbCR%3c%2fbRI%3c%2fbIP%3c%2fbPT%3c%2fbTI%3c%2fbIO%3c%2fbON%3c%2fbN">D</bDE</bES</bSC</bCR</bRI</bIP</bPT</bTI</bIO</bON</bN</a> | >-<a href="#O%3c%2fbOP%3c%2fbPT%3c%2fbTI%3c%2fbIO%3c%2fbON%3c%2fbNS%3c%2fbS">O</bOP</bPT</bTI</bIO</bON</bNS</bS</a> | >-<a href="#R%3c%2fbRE%3c%2fbET%3c%2fbTU%3c%2fbUR%3c%2fbRN%3c%2fbN_V%3c%2fbVA%3c%2fbAL%3c%2fbLU%3c%2fbUE%3c%2fbES%3c%2fbS">R</bRE</bET</bTU</bUR</bRN</bN V</bVA</bAL</bLU</bUE</bES</bS</a> | >-<a href="#S%3c%2fbSE%3c%2fbEC%3c%2fbCU%3c%2fbUR%3c%2fbRI%3c%2fbIT%3c%2fbTY%3c%2fbY_N%3c%2fbNO%3c%2fbOT%3c%2fbTE%3c%2fbES%3c%2fbS">S</bSE</bEC</bCU</bUR</bRI</bIT</bTY</bY N</bNO</bOT</bTE</bES</bS</a> | >-<a href="#E%3c%2fbEX%3c%2fbXA%3c%2fbAM%3c%2fbMP%3c%2fbPL%3c%2fbLE%3c%2fbES%3c%2fbS">E</bEX</bXA</bAM</bMP</bPL</bLE</bES</bS</a> | >-<a href="#E%3c%2fbEN%3c%2fbNV%3c%2fbVI%3c%2fbIR%3c%2fbRO%3c%2fbON%3c%2fbNM%3c%2fbME%3c%2fbEN%3c%2fbNT%3c%2fbT">E</bEN</bNV</bVI</bIR</bRO</bON</bNM</bME</bEN</bNT</bT</a> | >-<a href="#F%3c%2fbFI%3c%2fbIL%3c%2fbLE%3c%2fbES%3c%2fbS">F</bFI</bIL</bLE</bES</bS</a> | >-<a href="#A%3c%2fbAU%3c%2fbUT%3c%2fbTH%3c%2fbHO%3c%2fbOR%3c%2fbRS%3c%2fbS">A</bAU</bUT</bTH</bHO</bOR</bRS</bS</a> | >-<a href="#B%3c%2fbBU%3c%2fbUG%3c%2fbGS%3c%2fbS">B</bBU</bUG</bGS</bS</a> | >-<a href="#D%3c%2fbDI%3c%2fbIS%3c%2fbSC%3c%2fbCL%3c%2fbLA%3c%2fbAI%3c%2fbIM%3c%2fbME%3c%2fbER%3c%2fbR">D</bDI</bIS</bSC</bCL</bLA</bAI</bIM</bME</bER</bR</a> | >-<a href="#C%3c%2fbCA%3c%2fbAV%3c%2fbVE%3c%2fbEA%3c%2fbAT%3c%2fbTS%3c%2fbS">C</bCA</bAV</bVE</bEA</bAT</bTS</bS</a> | >-<a href="#S%3c%2fbSE%3c%2fbEE%3c%2fbE_A%3c%2fbAL%3c%2fbLS%3c%2fbSO%3c%2fbO">S</bSE</bEE</bE A</bAL</bLS</bSO</bO</a> >+<a href="#NAME">NAME</a> | >+<a href="#SYNOPSIS">SYNOPSIS</a> | >+<a href="#DESCRIPTION">DESCRIPTION</a> | >+<a href="#OPTIONS">OPTIONS</a> | >+<a href="#RETURN_VALUES">RETURN VALUES</a> | >+<a href="#SECURITY_NOTES">SECURITY NOTES</a> | >+<a href="#ENVIRONMENT">ENVIRONMENT</a> | >+<a href="#FILES">FILES</a> | >+<a href="#EXAMPLES">EXAMPLES</a> | >+<a href="#SEE_ALSO">SEE ALSO</a> | >+<a href="#AUTHORS">AUTHORS</a> | >+<a href="#CAVEATS">CAVEATS</a> | >+<a href="#BUGS">BUGS</a> | >+<a href="#SUPPORT">SUPPORT</a> | >+<a href="#DISCLAIMER">DISCLAIMER</a> > <p align="left">Want to link to this manual page? Use this URL:<br/><<a href="http://www.freebsd.org/cgi/man.cgi?query=sudo&manpath=Red+Hat+Linux%2fi386+9">http://www.freebsd.org/cgi/man.cgi?query=sudo&manpath=Red+Hat+Linux%2fi386+9</a>></p> > <a href="/cgi/man.cgi?manpath=">home</a> | <a href="/cgi/man.cgi/help.html">help</a> > <hr noshade="noshade" />
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=120352">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 163149
: 120352