sudo(8)                MAINTENANCE COMMANDS               sudo(8)


NAME
       sudo - execute a command as the superuser



SYNOPSIS
       sudo -V | -h | -l | -v | -k | -s | -H | [ -b ] | [ -p
       prompt ] [ -u username/#uid] command

DESCRIPTION
       sudo allows a permitted user to execute a command as the
       superuser (real and effective uid and gid are set to 0 and
       root's group as set in the passwd file respectively).

       sudo determines who is an authorized user by consulting
       the file /etc/sudoers.  By giving sudo the -v flag a user
       can update the time stamp without running a command.  The
       password prompt itself will also time out if the password
       is not entered with N minutes (again, this is defined at
       installation time and defaults to 5 minutes).

       If an unauthorized user executes sudo, mail will be sent
       from the user to the local authorities (defined at
       installation time).

       sudo was designed to log via the 4.3 BSD syslog(3)
       facility but can log to a file instead if so desired (or
       to both syslog and a file).

       All preferences are defined at installation time and are
       derived from the options.h and pathnames.h include files
       as well as as well as the Makefile.

OPTIONS
       sudo accepts the following command line options:

       -V  The -V (version) option causes sudo to print the
           version number and exit.

       -l  The -l (list) option will list out the allowed and
           forbidden commands for the user on the current host.

       -h  The -h (help) option causes sudo to print the version
           of sudo and a usage message before exiting.

       -v  If given the -v (validate) option, sudo will update
           the user's timestamp file, prompting for a password if
           necessary.  This extends the sudo timeout to for
           another N minutes (where N is defined at installation
           time and defaults to 5 minutes) but does not run a
           command.

       -k  The -k (kill) option to sudo removes the user's
           timestamp file, thus requiring a password the next
           time sudo is run.  This option does not require a
           password and was added to allow a user to revoke sudo



20/Jan/98                     1.5.5                             1





sudo(8)                MAINTENANCE COMMANDS               sudo(8)


           permissions from a .logout file.

       -b  The -b (background) option tells sudo to run the given
           command in the background.  Note that if you use the
           -b option you cannot use shell job control to
           manipulate the command.

       -p  The -p (prompt) option allows you to override the
           default password prompt and use a custom one.  If the
           password prompt contains the %u escape, %u will be
           replaced by the user's login name.  Similarly, %h will
           be replaced by the local hostname.

       -u  The -u (user) option causes sudo to run the specified
           command as a user other than root.  To specify a uid
           instead of a username, use "#uid".

       -s  The -s (shell) option runs the shell specified by the
           SHELL environmental variable if it is set or the shell
           as specified in passwd(5).

       -H  The -H (HOME) option sets the HOME environmental
           variable to the homedir of the target user (root by
           default) as specified in passwd(5).

       --  The -- flag indicates that sudo should stop processing
           command line arguments.  It is most useful in
           conjunction with the -s flag.

RETURN VALUES
       sudo quits with an exit value of 1 if there is a
       configuration/permission problem or if sudo cannot execute
       the given command.  In the latter case the error string is
       printed to stderr via perror(3).  If sudo cannot stat(2)
       one or more entries in the user's PATH the error is
       printed on stderr via perror(3).  (If the directory does
       not exist or if it is not really a directory, the entry is
       ignored and no error is printed.)  This should not happen
       under normal circumstances.  The most common reason for
       stat(3) to return "permission denied" is if you are
       running an automounter and one of the directories in your
       PATH is on a machine that is currently unreachable.

SECURITY NOTES
       sudo tries to be safe when executing external commands.
       Variables that control how dynamic loading and binding is
       done can be used to subvert the program that sudo runs.
       To combat this the LD_*, SHLIB_PATH (HP-UX only), LIBPATH
       (AIX only), and _RLD_* environmental variables are removed
       from the environment passed on to all commands executed.
       sudo will also remove the IFS, ENV, BASH_ENV and KRB_CONF
       variables as they too can pose a threat.

       To prevent command spoofing, sudo checks "." and "" (both



20/Jan/98                     1.5.5                             2





sudo(8)                MAINTENANCE COMMANDS               sudo(8)


       denoting current directory) last when searching for a
       command in the user's PATH (if one or both are in the
       PATH).  Note, however, that the actual PATH environmental
       variable is not modified and is passed unchanged to the
       program that sudo executes.

       For security reasons, if your OS supports shared
       libraries, sudo should always be statically linked unless
       the dynamic loader disables user-defined library search
       paths for setuid programs.  (Most modern dynamic loaders
       do this.)

       sudo will check the ownership of its timestamp directory
       (/var/run/sudo or /tmp/.odus by default) and ignore the
       directory's contents if it is not owned by root and only
       read, writable, and executable by root.  On systems that
       allow users to give files away to root (via chown), if the
       timestamp directory is located in a directory writable by
       anyone (ie: /tmp), it is possible for a user to create the
       timestamp directory before sudo is run.  However, because
       sudo checks the ownership and mode of the directory, the
       only damage that can be done is to "hide" files by putting
       them in the timestamp dir.  This is unlikely to happen
       since once the timestamp dir is owned by root and
       inaccessible by any other user the user placing files
       there would be unable to get them back out.  To get around
       this issue you can use a directory that is not world-
       writable for the timestamps (/var/adm/sudo for instance).

       sudo will not honor timestamp files set far in the future.
       Timestamp files with a date greater than current_time + 2
       * TIMEOUT will be ignored and sudo will log the anomaly.
       This is done to keep a user from creating his/her own
       timestamp file with a bogus date.

FILES
        /etc/sudoers           file of authorized users.


ENVIRONMENT VARIABLES
        PATH                   Set to a sane value if SECURE_PATH is set
        SHELL                  Used to determine shell to run with -s option
        HOME                   In -s mode, set to homedir of root (or runas user)
                               if built with the SHELL_SETS_HOME option
        SUDO_PROMPT            Replaces the default password prompt
        SUDO_COMMAND           Set to the command run by sudo
        SUDO_USER              Set to the login of the user who invoked sudo
        SUDO_UID               Set to the uid of the user who invoked sudo
        SUDO_GID               Set to the gid of the user who invoked sudo
        SUDO_PS1               If set, PS1 will be set to its value


AUTHORS
       Many people have worked on sudo over the years, this



20/Jan/98                     1.5.5                             3





sudo(8)                MAINTENANCE COMMANDS               sudo(8)


       version consists of code written primarily by:

               Jeff Nieusma
               David Hieb
               Todd Miller
               Chris Jepeway

       See the HISTORY file in the sudo distribution for more
       details.

       Please send all bugs, comments, and changes to sudo-
       bugs@courtesan.com.

DISCLAIMER
       This program is distributed in the hope that it will be
       useful, but WITHOUT ANY WARRANTY; without even the implied
       warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
       PURPOSE.  See the GNU General Public License for more
       details.

       You should have received a copy of the GNU General Public
       License along with this program; if not, write to the Free
       Software Foundation, Inc., 675 Mass Ave, Cambridge, MA
       02139, USA.

CAVEATS
       There is no easy way to prevent a user from gaining a root
       shell if that user has access to commands allow shell
       escapes.

       If users have sudo ALL there is nothing to prevent them
       from creating their own program that gives them a root
       shell regardless of any '!'  elements in the user
       specification.

       Running shell scripts via sudo can expose the same kernel
       bugs that make setuid shell scripts unsafe on some
       operating systems.

SEE ALSO
       sudoers(5), visudo(8), su(1).
















20/Jan/98                     1.5.5                             4





sudo(8)                MAINTENANCE COMMANDS               sudo(8)



























































20/Jan/98                     1.5.5                             5