« back to all changes in this revision
Viewing changes to sudoers.cat
- browse files at revision 18
- compare with another revision
- download diff
- download tarball
- view history from revision 18
- Committer: Bazaar Package Importer
- Author(s): Martin Pitt
- Date: 2007-11-14 14:23:47 UTC
- mfrom: (1.2.1 upstream)
- Revision ID: james.westby@ubuntu.com-20071114142347-qf0sn1r330r9s4v9
Tags: 1.6.9p6-1ubuntu1
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/prerm: Abort package removal if there is no root password.
Forwarded to Debian #451241.
- sudoers: Add some explanatory text why it is a REALLY good idea to use
visudo. (LP #11620)
Forwarded upstream: http://www.gratisoft.us/bugzilla/show_bug.cgi?id=269
- debian/rules: Disable lecture, enable tty_tickets by default.
- debian/rules: Configure less confusing default password prompt to point
out that it is sudo asking for the user's password, as opposed to
another program like ssh, or asking for the root password. (LP #8556)
Forwarded to Debian #343268.
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules.
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present.
* New upstream version 1.6.9 fixes the following bugs:
- Does not ask for password any more if stdin is not a terminal.
(LP: #130636)
- sudo -k/-K does not fail any more if timestamp is in the future.
(LP: #43233)
* Drop our very intrusive patch for selectively cleaning the environment
based on whether the user can execute all commands or only some. Debian
and upstream now default to cleaning the environment unconditionally and
provide option -E and the SETENV tag to override it.
Instead, do a tinpy patch to parse.yacc which enables SETENV implicitly
for 'ALL' commands.
Forwarded upstream: http://www.gratisoft.us/bugzilla/show_bug.cgi?id=268
* sudo.c: Disable i18n for now (upstream enabled it in 1.6.9), since this
causes PAM to output localized password prompts, which in turn breaks -p
and --with-passprompt, which finally breaks gksu. See
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=270 for details.
- debian/prerm: Abort package removal if there is no root password.
Forwarded to Debian #451241.
- sudoers: Add some explanatory text why it is a REALLY good idea to use
visudo. (LP #11620)
Forwarded upstream: http://www.gratisoft.us/bugzilla/show_bug.cgi?id=269
- debian/rules: Disable lecture, enable tty_tickets by default.
- debian/rules: Configure less confusing default password prompt to point
out that it is sudo asking for the user's password, as opposed to
another program like ssh, or asking for the root password. (LP #8556)
Forwarded to Debian #343268.
- Add debian/sudo_root.8: Explanation of root handling through sudo.
Install it in debian/rules.
- sudo.c: If the user successfully authenticated and he is in the 'admin'
group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
profile checks for this and displays a short intro about sudo if the
flag is not present.
* New upstream version 1.6.9 fixes the following bugs:
- Does not ask for password any more if stdin is not a terminal.
(LP: #130636)
- sudo -k/-K does not fail any more if timestamp is in the future.
(LP: #43233)
* Drop our very intrusive patch for selectively cleaning the environment
based on whether the user can execute all commands or only some. Debian
and upstream now default to cleaning the environment unconditionally and
provide option -E and the SETENV tag to override it.
Instead, do a tinpy patch to parse.yacc which enables SETENV implicitly
for 'ALL' commands.
Forwarded upstream: http://www.gratisoft.us/bugzilla/show_bug.cgi?id=268
* sudo.c: Disable i18n for now (upstream enabled it in 1.6.9), since this
causes PAM to output localized password prompts, which in turn breaks -p
and --with-passprompt, which finally breaks gksu. See
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=270 for details.
- files added:
- debian/preinst
- files removed:
- RUNSON
- files modified:
- BUGS
added
removed
sudoers.cat
13
13
(which specify who may run what).
14
14
15
15
When multiple entries match for a user, they are applied
16
in order. Where there are conflicting values, the last
16
in order. Where there are multiple matches, the last
17
17
match is used (which is not necessarily the most specific
18
18
match).
19
19
36
36
ular expressions. Do not, however, confuse them with
37
37
"wildcard" characters, which have different meanings.
38
38
39
? Means that the preceding symbol (or group of sym�
40
bols) is optional. That is, it may appear once or
41
not at all.
42
43
* Means that the preceding symbol (or group of sym�
44
bols) may appear zero or more times.
45
46
+ Means that the preceding symbol (or group of sym�
47
bols) may appear one or more times.
39
? Means that the preceding symbol (or group of symbols)
40
is optional. That is, it may appear once or not at
41
all.
42
43
* Means that the preceding symbol (or group of symbols)
44
may appear zero or more times.
45
46
+ Means that the preceding symbol (or group of symbols)
47
may appear one or more times.
48
48
49
49
Parentheses may be used to group symbols together. For
50
50
clarity, we will use single quotes ('') to designate what
61
61
62
62
63
63
64
1.6.8p12 June, 20 2005 1
64
1.6.9p6 October 9, 2007 1
65
65
66
66
67
67
127
127
128
128
129
129
130
1.6.8p12 June, 20 2005 2
130
1.6.9p6 October 9, 2007 2
131
131
132
132
133
133
158
158
addresses, network numbers, netgroups (prefixed with '+')
159
159
and other aliases. Again, the value of an item may be
160
160
negated with the '!' operator. If you do not specify a
161
netmask with a network number, the netmask of the host's
162
ethernet interface(s) will be used when matching. The
163
netmask may be specified either in dotted quad notation
164
(e.g. 255.255.255.0) or CIDR notation (number of bits,
165
e.g. 24). A hostname may include shell-style wildcards
166
(see the Wildcards section below), but unless the hostname
167
command on your machine returns the fully qualified host�
168
name, you'll need to use the _f_q_d_n option for wildcards to
169
be useful.
161
netmask along with the network number, ssuuddoo will query
162
each of the local host's network interfaces and, if the
163
network number corresponds to one of the hosts's network
164
interfaces, the corresponding netmask will be used. The
165
netmask may be specified either in standard IP address
166
notation (e.g. 255.255.255.0 or ffff:ffff:ffff:ffff::), or
167
CIDR notation (number of bits, e.g. 24 or 64). A hostname
168
may include shell-style wildcards (see the Wildcards sec�
169
tion below), but unless the hostname command on your
170
machine returns the fully qualified hostname, you'll need
171
to use the _f_q_d_n option for wildcards to be useful.
170
172
171
173
Cmnd_List ::= Cmnd |
172
174
Cmnd ',' Cmnd_List
188
190
he/she wishes. However, you may also specify command line
189
191
arguments (including wildcards). Alternately, you can
190
192
specify "" to indicate that the command may only be run
193
194
195
196
1.6.9p6 October 9, 2007 3
197
198
199
200
201
202
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
203
204
191
205
wwiitthhoouutt command line arguments. A directory is a fully
192
206
qualified pathname ending in a '/'. When you specify a
193
194
195
196
1.6.8p12 June, 20 2005 3
197
198
199
200
201
202
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
203
204
205
207
directory in a Cmnd_List, the user will be able to run any
206
208
file within that directory (but not in any subdirectories
207
209
therein).
225
227
as a specific user.
226
228
227
229
Default_Type ::= 'Defaults' |
228
'Defaults' '@' Host |
229
'Defaults' ':' User |
230
'Defaults' '>' RunasUser
230
'Defaults' '@' Host_List |
231
'Defaults' ':' User_List |
232
'Defaults' '>' Runas_List
231
233
232
234
Default_Entry ::= Default_Type Parameter_List
233
235
252
254
respectively. It is not an error to use the -= operator
253
255
to remove an element that does not exist in a list.
254
256
255
FFllaaggss:
256
257
long_otp_prompt
258
When validating with a One Time Password
259
260
261
262
1.6.8p12 June, 20 2005 4
263
264
265
266
267
268
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
269
270
271
scheme (SS//KKeeyy or OOPPIIEE), a two-line prompt is
272
used to make it easier to cut and paste the
273
challenge to a local window. It's not as
274
pretty as the default but some people find it
275
more convenient. This flag is _o_f_f by default.
276
277
ignore_dot If set, ssuuddoo will ignore '.' or '' (current
278
dir) in the PATH environment variable; the
279
PATH itself is not modified. This flag is _o_f_f
280
by default. Currently, while it is possible
281
to set _i_g_n_o_r_e___d_o_t in _s_u_d_o_e_r_s, its value is not
282
used. This option should be considered read-
283
only (it will be fixed in a future version of
284
ssuuddoo).
285
286
mail_always Send mail to the _m_a_i_l_t_o user every time a
287
users runs ssuuddoo. This flag is _o_f_f by default.
288
289
mail_badpass
290
Send mail to the _m_a_i_l_t_o user if the user run�
291
ning sudo does not enter the correct password.
292
This flag is _o_f_f by default.
293
294
mail_no_user
295
If set, mail will be sent to the _m_a_i_l_t_o user
296
if the invoking user is not in the _s_u_d_o_e_r_s
297
file. This flag is _o_n by default.
298
299
mail_no_host
300
If set, mail will be sent to the _m_a_i_l_t_o user
301
if the invoking user exists in the _s_u_d_o_e_r_s
302
file, but is not allowed to run commands on
303
the current host. This flag is _o_f_f by
304
default.
305
306
mail_no_perms
307
If set, mail will be sent to the _m_a_i_l_t_o user
308
if the invoking user is allowed to use ssuuddoo
309
but the command they are trying is not listed
310
in their _s_u_d_o_e_r_s file entry or is explicitly
311
denied. This flag is _o_f_f by default.
312
313
tty_tickets If set, users must authenticate on a per-tty
314
basis. Normally, ssuuddoo uses a directory in the
315
ticket dir with the same name as the user run�
316
ning it. With this flag enabled, ssuuddoo will
317
use a file named for the tty the user is
318
logged in on in that directory. This flag is
319
_o_f_f by default.
320
321
authenticate
322
If set, users must authenticate themselves via
323
a password (or other means of authentication)
324
before they may run commands. This default
325
326
327
328
1.6.8p12 June, 20 2005 5
329
330
331
332
333
334
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
335
336
337
may be overridden via the PASSWD and NOPASSWD
338
tags. This flag is _o_n by default.
339
340
root_sudo If set, root is allowed to run ssuuddoo too. Dis�
341
abling this prevents users from "chaining"
342
ssuuddoo commands to get a root shell by doing
343
something like "sudo sudo /bin/sh". Note,
344
however, that turning off _r_o_o_t___s_u_d_o will also
345
prevent root and from running ssuuddooeeddiitt. Dis�
346
abling _r_o_o_t___s_u_d_o provides no real additional
347
security; it exists purely for historical rea�
348
sons. This flag is _o_n by default.
349
350
log_host If set, the hostname will be logged in the
351
(non-syslog) ssuuddoo log file. This flag is _o_f_f
352
by default.
353
354
log_year If set, the four-digit year will be logged in
355
the (non-syslog) ssuuddoo log file. This flag is
356
_o_f_f by default.
357
358
shell_noargs
359
If set and ssuuddoo is invoked with no arguments
360
it acts as if the --ss flag had been given.
361
That is, it runs a shell as root (the shell is
362
determined by the SHELL environment variable
363
if it is set, falling back on the shell listed
364
in the invoking user's /etc/passwd entry if
365
not). This flag is _o_f_f by default.
366
367
set_home If set and ssuuddoo is invoked with the --ss flag
368
the HOME environment variable will be set to
369
the home directory of the target user (which
370
is root unless the --uu option is used). This
371
effectively makes the --ss flag imply --HH. This
372
flag is _o_f_f by default.
373
374
always_set_home
375
If set, ssuuddoo will set the HOME environment
376
variable to the home directory of the target
377
user (which is root unless the --uu option is
378
used). This effectively means that the --HH
379
flag is always implied. This flag is _o_f_f by
380
default.
381
382
path_info Normally, ssuuddoo will tell the user when a com�
383
mand could not be found in their PATH environ�
384
ment variable. Some sites may wish to disable
385
this as it could be used to gather information
386
on the location of executables that the normal
387
user does not have access to. The disadvan�
388
tage is that if the executable is simply not
389
in the user's PATH, ssuuddoo will tell the user
390
that they are not allowed to run it, which can
391
392
393
394
1.6.8p12 June, 20 2005 6
395
396
397
398
399
400
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
401
402
403
be confusing. This flag is _o_f_f by default.
404
405
preserve_groups
406
By default ssuuddoo will initialize the group vec�
407
tor to the list of groups the target user is
408
in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's
409
existing group vector is left unaltered. The
410
real and effective group IDs, however, are
411
still set to match the target user. This flag
412
is _o_f_f by default.
413
414
fqdn Set this flag if you want to put fully quali�
415
fied hostnames in the _s_u_d_o_e_r_s file. I.e.,
416
instead of myhost you would use myhost.mydo�
417
main.edu. You may still use the short form if
418
you wish (and even mix the two). Beware that
419
turning on _f_q_d_n requires ssuuddoo to make DNS
420
lookups which may make ssuuddoo unusable if DNS
421
stops working (for example if the machine is
422
not plugged into the network). Also note that
423
you must use the host's official name as DNS
424
knows it. That is, you may not use a host
425
alias (CNAME entry) due to performance issues
426
and the fact that there is no way to get all
427
aliases from DNS. If your machine's hostname
428
(as returned by the hostname command) is
429
already fully qualified you shouldn't need to
430
set _f_q_d_n. This flag is _o_f_f by default.
431
432
insults If set, ssuuddoo will insult users when they enter
433
an incorrect password. This flag is _o_f_f by
434
default.
435
436
requiretty If set, ssuuddoo will only run when the user is
437
logged in to a real tty. This will disallow
438
things like "rsh somehost sudo ls" since
439
_r_s_h(1) does not allocate a tty. Because it is
440
not possible to turn off echo when there is no
441
tty present, some sites may with to set this
442
flag to prevent a user from entering a visible
443
password. This flag is _o_f_f by default.
444
445
env_editor If set, vviissuuddoo will use the value of the EDI�
446
TOR or VISUAL environment variables before
447
falling back on the default editor list. Note
448
that this may create a security hole as it
449
allows the user to run any arbitrary command
450
as root without logging. A safer alternative
451
is to place a colon-separated list of editors
452
in the editor variable. vviissuuddoo will then only
453
use the EDITOR or VISUAL if they match a value
454
specified in editor. This flag is off by
455
default.
456
457
458
459
460
1.6.8p12 June, 20 2005 7
461
462
463
464
465
466
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
467
468
469
rootpw If set, ssuuddoo will prompt for the root password
470
instead of the password of the invoking user.
471
This flag is _o_f_f by default.
472
473
runaspw If set, ssuuddoo will prompt for the password of
474
the user defined by the _r_u_n_a_s___d_e_f_a_u_l_t option
475
(defaults to root) instead of the password of
476
the invoking user. This flag is _o_f_f by
477
default.
478
479
targetpw If set, ssuuddoo will prompt for the password of
480
the user specified by the --uu flag (defaults to
481
root) instead of the password of the invoking
482
user. Note that this precludes the use of a
483
uid not listed in the passwd database as an
484
argument to the --uu flag. This flag is _o_f_f by
485
default.
486
487
set_logname Normally, ssuuddoo will set the LOGNAME and USER
488
environment variables to the name of the tar�
489
get user (usually root unless the --uu flag is
490
given). However, since some programs (includ�
491
ing the RCS revision control system) use LOG�
492
NAME to determine the real identity of the
493
user, it may be desirable to change this
494
behavior. This can be done by negating the
495
set_logname option.
496
497
stay_setuid Normally, when ssuuddoo executes a command the
498
real and effective UIDs are set to the target
499
user (root by default). This option changes
500
that behavior such that the real UID is left
501
as the invoking user's UID. In other words,
502
this makes ssuuddoo act as a setuid wrapper. This
503
can be useful on systems that disable some
504
potentially dangerous functionality when a
505
program is run setuid. Note, however, that
506
this means that sudo will run with the real
507
uid of the invoking user which may allow that
508
user to kill ssuuddoo before it can log a failure,
509
depending on how your OS defines the interac�
510
tion between signals and setuid processes.
511
512
env_reset If set, ssuuddoo will reset the environment to
513
only contain the following variables: HOME,
514
LOGNAME, PATH, SHELL, TERM, and USER (in addi�
515
tion to the SUDO_* variables). Of these, only
516
TERM is copied unaltered from the old environ�
517
ment. The other variables are set to default
518
values (possibly modified by the value of the
519
_s_e_t___l_o_g_n_a_m_e option). If ssuuddoo was compiled
520
with the SECURE_PATH option, its value will be
521
used for the PATH environment variable. Other
522
variables may be preserved with the _e_n_v___k_e_e_p
523
524
525
526
1.6.8p12 June, 20 2005 8
527
528
529
530
531
532
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
533
534
535
option.
536
537
use_loginclass
538
If set, ssuuddoo will apply the defaults specified
539
for the target user's login class if one
540
exists. Only available if ssuuddoo is configured
541
with the --with-logincap option. This flag is
542
_o_f_f by default.
543
544
noexec If set, all commands run via sudo will behave
545
as if the NOEXEC tag has been set, unless
546
overridden by a EXEC tag. See the description
547
of _N_O_E_X_E_C _a_n_d _E_X_E_C below as well as the "PRE�
548
VENTING SHELL ESCAPES" section at the end of
549
this manual. This flag is _o_f_f by default.
550
551
ignore_local_sudoers
552
If set via LDAP, parsing of @sysconfdir@/sudo�
553
ers will be skipped. This is intended for an
554
Enterprises that wish to prevent the usage of
555
local sudoers files so that only LDAP is used.
556
This thwarts the efforts of rogue operators
557
who would attempt to add roles to
558
@sysconfdir@/sudoers. When this option is
559
present, @sysconfdir@/sudoers does not even
560
need to exist. Since this options tells sudo
561
how to behave when no specific LDAP entries
562
have been matched, this sudoOption is only
563
meaningful for the cn=defaults section. This
564
flag is _o_f_f by default.
565
566
IInntteeggeerrss:
567
568
passwd_tries
569
The number of tries a user gets to enter
570
his/her password before ssuuddoo logs the failure
571
and exits. The default is 3.
572
573
IInntteeggeerrss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
574
575
loglinelen Number of characters per line for the file
576
log. This value is used to decide when to
577
wrap lines for nicer log files. This has no
578
effect on the syslog log file, only the file
579
log. The default is 80 (use 0 or negate the
580
option to disable word wrap).
581
582
timestamp_timeout
583
Number of minutes that can elapse before ssuuddoo
584
will ask for a passwd again. The default is
585
5. Set this to 0 to always prompt for a pass�
586
word. If set to a value less than 0 the
587
user's timestamp will never expire. This can
588
be used to allow users to create or delete
589
590
591
592
1.6.8p12 June, 20 2005 9
593
594
595
596
597
598
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
599
600
601
their own timestamps via sudo -v and sudo -k
602
respectively.
603
604
passwd_timeout
605
Number of minutes before the ssuuddoo password
606
prompt times out. The default is 5, set this
607
to 0 for no password timeout.
608
609
umask Umask to use when running the command. Negate
610
this option or set it to 0777 to preserve the
611
user's umask. The default is 0022.
612
613
SSttrriinnggss:
614
615
mailsub Subject of the mail sent to the _m_a_i_l_t_o user.
616
The escape %h will expand to the hostname of
617
the machine. Default is *** SECURITY informa�
618
tion for %h ***.
619
620
badpass_message
621
Message that is displayed if a user enters an
622
incorrect password. The default is Sorry, try
623
again. unless insults are enabled.
624
625
timestampdir
626
The directory in which ssuuddoo stores its times�
627
tamp files. The default is _/_v_a_r_/_r_u_n_/_s_u_d_o.
628
629
timestampowner
630
The owner of the timestamp directory and the
631
timestamps stored therein. The default is
632
root.
633
634
passprompt The default prompt to use when asking for a
635
password; can be overridden via the --pp option
636
or the SUDO_PROMPT environment variable. The
637
following percent (`%') escapes are supported:
638
639
%u expanded to the invoking user's login
640
name
641
642
%U expanded to the login name of the user
643
the command will be run as (defaults
644
to root)
645
646
%h expanded to the local hostname without
647
the domain name
648
649
%H expanded to the local hostname includ�
650
ing the domain name (on if the
651
machine's hostname is fully qualified
652
or the _f_q_d_n option is set)
653
654
%% two consecutive % characters are
655
656
657
658
1.6.8p12 June, 20 2005 10
659
660
661
662
663
664
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
665
666
667
collaped into a single % character
668
669
The default value is Password:.
670
671
runas_default
672
The default user to run commands as if the --uu
673
flag is not specified on the command line.
674
This defaults to root. Note that if
675
_r_u_n_a_s___d_e_f_a_u_l_t is set it mmuusstt occur before any
676
Runas_Alias specifications.
677
678
syslog_goodpri
679
Syslog priority to use when user authenticates
680
successfully. Defaults to notice.
681
682
syslog_badpri
683
Syslog priority to use when user authenticates
684
unsuccessfully. Defaults to alert.
685
686
editor A colon (':') separated list of editors
687
allowed to be used with vviissuuddoo. vviissuuddoo will
688
choose the editor that matches the user's USER
689
environment variable if possible, or the first
690
editor in the list that exists and is exe�
691
cutable. The default is the path to vi on
692
your system.
693
694
noexec_file Path to a shared library containing dummy ver�
695
sions of the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and _f_e_x_e_c_v_e_(_)
696
library functions that just return an error.
697
This is used to implement the _n_o_e_x_e_c function�
698
ality on systems that support LD_PRELOAD or
699
its equivalent. Defaults to
700
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o.
701
702
SSttrriinnggss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
703
704
lecture This option controls when a short lecture will
705
be printed along with the password prompt. It
706
has the following possible values:
707
708
never Never lecture the user.
709
710
once Only lecture the user the first time
711
they run ssuuddoo.
712
713
always Always lecture the user.
714
715
If no value is specified, a value of _o_n_c_e is
716
implied. Negating the option results in a
717
value of _n_e_v_e_r being used. The default value
718
is _o_n_c_e.
719
720
721
722
723
724
1.6.8p12 June, 20 2005 11
725
726
727
728
729
730
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
731
732
733
lecture_file
734
Path to a file containing an alternate sudo
735
lecture that will be used in place of the
736
standard lecture if the named file exists.
737
738
logfile Path to the ssuuddoo log file (not the syslog log
739
file). Setting a path turns on logging to a
740
file; negating this option turns it off.
741
742
syslog Syslog facility if syslog is being used for
743
logging (negate to disable syslog logging).
744
Defaults to local2.
745
746
mailerpath Path to mail program used to send warning
747
mail. Defaults to the path to sendmail found
748
at configure time.
749
750
mailerflags Flags to use when invoking mailer. Defaults to
751
--tt.
752
753
mailto Address to send warning and error mail to.
754
The address should be enclosed in double
755
quotes (") to protect against sudo interpret�
756
ing the @ sign. Defaults to root.
757
758
exempt_group
759
Users in this group are exempt from password
760
and PATH requirements. This is not set by
761
default.
762
763
verifypw This option controls when a password will be
764
required when a user runs ssuuddoo with the --vv
765
flag. It has the following possible values:
766
767
all All the user's _s_u_d_o_e_r_s entries for the
768
current host must have the NOPASSWD
769
flag set to avoid entering a password.
770
771
any At least one of the user's _s_u_d_o_e_r_s
772
entries for the current host must have
773
the NOPASSWD flag set to avoid enter�
774
ing a password.
775
776
never The user need never enter a password
777
to use the --vv flag.
778
779
always The user must always enter a password
780
to use the --vv flag.
781
782
If no value is specified, a value of _a_l_l is
783
implied. Negating the option results in a
784
value of _n_e_v_e_r being used. The default value
785
is _a_l_l.
786
787
788
789
790
1.6.8p12 June, 20 2005 12
791
792
793
794
795
796
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
797
798
799
listpw This option controls when a password will be
800
required when a user runs ssuuddoo with the --ll
801
flag. It has the following possible values:
802
803
all All the user's _s_u_d_o_e_r_s entries for the
804
current host must have the NOPASSWD
805
flag set to avoid entering a password.
806
807
any At least one of the user's _s_u_d_o_e_r_s
808
entries for the current host must have
809
the NOPASSWD flag set to avoid enter�
810
ing a password.
811
812
never The user need never enter a password
813
to use the --ll flag.
814
815
always The user must always enter a password
816
to use the --ll flag.
817
818
If no value is specified, a value of _a_n_y is
819
implied. Negating the option results in a
820
value of _n_e_v_e_r being used. The default value
821
is _a_n_y.
822
823
LLiissttss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
824
825
env_check Environment variables to be removed from the
826
user's environment if the variable's value
827
contains % or / characters. This can be used
828
to guard against printf-style format vulnera�
829
bilities in poorly-written programs. The
830
argument may be a double-quoted, space-sepa�
831
rated list or a single value without dou�
832
ble-quotes. The list can be replaced, added
833
to, deleted from, or disabled by using the =,
834
+=, -=, and ! operators respectively. The
835
default list of environment variables to check
836
is printed when ssuuddoo is run by root with the
837
_-_V option.
838
839
env_delete Environment variables to be removed from the
840
user's environment. The argument may be a
841
double-quoted, space-separated list or a sin�
842
gle value without double-quotes. The list can
843
be replaced, added to, deleted from, or dis�
844
abled by using the =, +=, -=, and ! operators
845
respectively. The default list of environment
846
variables to remove is printed when ssuuddoo is
847
run by root with the _-_V option. Note that
848
many operating systems will remove potentially
849
dangerous variables from the environment of
850
any setuid process (such as ssuuddoo).
851
852
env_keep Environment variables to be preserved in the
853
854
855
856
1.6.8p12 June, 20 2005 13
857
858
859
860
861
862
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
863
864
865
user's environment when the _e_n_v___r_e_s_e_t option
866
is in effect. This allows fine-grained con�
867
trol over the environment ssuuddoo-spawned pro�
868
cesses will receive. The argument may be a
869
double-quoted, space-separated list or a sin�
870
gle value without double-quotes. The list can
871
be replaced, added to, deleted from, or dis�
872
abled by using the =, +=, -=, and ! operators
873
respectively. This list has no default mem�
874
bers.
875
876
When logging via _s_y_s_l_o_g(3), ssuuddoo accepts the following
877
values for the syslog facility (the value of the ssyysslloogg
878
Parameter): aauutthhpprriivv (if your OS supports it), aauutthh, ddaaee��
879
mmoonn, uusseerr, llooccaall00, llooccaall11, llooccaall22, llooccaall33, llooccaall44, llooccaall55,
880
llooccaall66, and llooccaall77. The following syslog priorities are
881
supported: aalleerrtt, ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee,
882
and wwaarrnniinngg.
257
See "SUDOERS OPTIONS" for a list of supported Defaults
258
parameters.
259
260
261
262
1.6.9p6 October 9, 2007 4
263
264
265
266
267
268
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
269
883
270
884
271
UUsseerr SSppeecciiffiiccaattiioonn
885
272
893
280
894
281
Runas_Spec ::= '(' Runas_List ')'
895
282
896
Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:')
283
Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
284
'SETENV:' | 'NOSETENV:')
897
285
898
286
A uusseerr ssppeecciiffiiccaattiioonn determines which commands a user may
899
287
run (and as what user) on specified hosts. By default,
916
304
The user ddggbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m
917
305
-- but only as ooppeerraattoorr. E.g.,
918
306
919
920
921
922
1.6.8p12 June, 20 2005 14
923
924
925
926
927
928
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
929
930
931
307
$ sudo -u operator /bin/ls.
932
308
933
309
It is also possible to override a Runas_Spec later on in
941
317
TTaagg__SSppeecc
942
318
943
319
A command may have zero or more tags associated with it.
944
There are four possible tag values, NOPASSWD, PASSWD,
945
NOEXEC, EXEC. Once a tag is set on a Cmnd, subsequent
946
Cmnds in the Cmnd_Spec_List, inherit the tag unless it is
947
overridden by the opposite tag (ie: PASSWD overrides
948
NOPASSWD and EXEC overrides NOEXEC).
320
There are six possible tag values, NOPASSWD, PASSWD,
321
NOEXEC, EXEC, SETENV and NOSETENV. Once a tag is set on a
322
Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit the
323
tag unless it is overridden by the opposite tag (i.e.:
324
PASSWD overrides NOPASSWD and NOEXEC overrides EXEC).
325
326
327
328
1.6.9p6 October 9, 2007 5
329
330
331
332
333
334
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
335
949
336
950
337
_N_O_P_A_S_S_W_D _a_n_d _P_A_S_S_W_D
951
338
967
354
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
968
355
969
356
Note, however, that the PASSWD tag has no effect on users
970
who are in the group specified by the exempt_group option.
357
who are in the group specified by the _e_x_e_m_p_t___g_r_o_u_p option.
971
358
972
359
By default, if the NOPASSWD tag is applied to any of the
973
360
entries for a user on the current host, he or she will be
979
366
980
367
_N_O_E_X_E_C _a_n_d _E_X_E_C
981
368
982
If sudo has been compiled with _n_o_e_x_e_c support and the
983
underlying operating system support it, the NOEXEC tag can
984
be used to prevent a dynamically-linked executable from
985
986
987
988
1.6.8p12 June, 20 2005 15
989
990
991
992
993
994
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
995
996
997
running further commands itself.
369
If ssuuddoo has been compiled with _n_o_e_x_e_c support and the
370
underlying operating system supports it, the NOEXEC tag
371
can be used to prevent a dynamically-linked executable
372
from running further commands itself.
998
373
999
374
In the following example, user aaaarroonn may run _/_u_s_r_/_b_i_n_/_m_o_r_e
1000
375
and _/_u_s_r_/_b_i_n_/_v_i but shell escapes will be disabled.
1002
377
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
1003
378
1004
379
See the "PREVENTING SHELL ESCAPES" section below for more
1005
details on how _n_o_e_x_e_c works and whether or not it will
380
details on how NOEXEC works and whether or not it will
1006
381
work on your system.
1007
382
383
_S_E_T_E_N_V _a_n_d _N_O_S_E_T_E_N_V
384
385
These tags override the value of the _s_e_t_e_n_v option on a
386
per-command basis. Note that if SETENV has been set for a
387
command, any environment variables set on the command line
388
way are not subject to the restrictions imposed by
389
_e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or _e_n_v___k_e_e_p. As such, only trusted
390
users should be allowed to set variables in this manner.
391
392
393
394
1.6.9p6 October 9, 2007 6
395
396
397
398
399
400
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
401
402
1008
403
WWiillddccaarrddss
1009
404
1010
405
ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s (aka meta or glob char�
1034
429
1035
430
match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m.
1036
431
1037
WARNING: a pathname with wildcards will nnoott match a user
1038
command that consists of a relative path. In other words,
1039
given the following _s_u_d_o_e_r_s entry:
1040
1041
billy workstation = /usr/bin/*
1042
1043
user billy will be able to run any command in /usr/bin as
1044
root, such as _/_u_s_r_/_b_i_n_/_w. The following two command will
1045
be allowed (the first assumes that _/_u_s_r_/_b_i_n is in the
1046
user's path):
1047
1048
$ sudo w
1049
$ sudo /usr/bin/w
1050
1051
1052
1053
1054
1.6.8p12 June, 20 2005 16
1055
1056
1057
1058
1059
1060
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1061
1062
1063
However, this will not:
1064
1065
$ cd /usr/bin
1066
$ sudo ./w
1067
1068
For this reason you should only ggrraanntt access to commands
1069
using wildcards and never rreessttrriicctt access using them.
1070
This limitation will be removed in a future version of
1071
ssuuddoo.
1072
1073
432
EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess
1074
433
1075
434
The following exceptions apply to the above rules:
1081
440
OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss
1082
441
1083
442
The pound sign ('#') is used to indicate a comment (unless
1084
it occurs in the context of a user name and is followed by
1085
one or more digits, in which case it is treated as a uid).
1086
Both the comment character and any text after it, up to
1087
the end of the line, are ignored.
443
it is part of a #include directive or unless it occurs in
444
the context of a user name and is followed by one or more
445
digits, in which case it is treated as a uid). Both the
446
comment character and any text after it, up to the end of
447
the line, are ignored.
1088
448
1089
449
The reserved word AALLLL is a built-in _a_l_i_a_s that always
1090
450
causes a match to succeed. It can be used wherever one
1095
455
dangerous since in a command context, it allows the user
1096
456
to run aannyy command on the system.
1097
457
458
459
460
1.6.9p6 October 9, 2007 7
461
462
463
464
465
466
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
467
468
1098
469
An exclamation point ('!') can be used as a logical _n_o_t
1099
470
operator both in an _a_l_i_a_s and in front of a Cmnd. This
1100
471
allows one to exclude certain values. Note, however, that
1113
484
('\') when used as part of a word (e.g. a username or
1114
485
hostname): '@', '!', '=', ':', ',', '(', ')', '\'.
1115
486
1116
1117
1118
1119
1120
1.6.8p12 June, 20 2005 17
1121
1122
1123
1124
1125
1126
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1127
487
SSUUDDOOEERRSS OOPPTTIIOONNSS
488
ssuuddoo's behavior can be modified by Default_Entry lines, as
489
explained earlier. A list of all supported Defaults
490
parameters, grouped by type, are listed below.
491
492
FFllaaggss:
493
494
always_set_home If set, ssuuddoo will set the HOME environment
495
variable to the home directory of the tar�
496
get user (which is root unless the --uu
497
option is used). This effectively means
498
that the --HH flag is always implied. This
499
flag is _o_f_f by default.
500
501
authenticate If set, users must authenticate themselves
502
via a password (or other means of authen�
503
tication) before they may run commands.
504
This default may be overridden via the
505
PASSWD and NOPASSWD tags. This flag is _o_n
506
by default.
507
508
env_editor If set, vviissuuddoo will use the value of the
509
EDITOR or VISUAL environment variables
510
before falling back on the default editor
511
list. Note that this may create a secu�
512
rity hole as it allows the user to run any
513
arbitrary command as root without logging.
514
A safer alternative is to place a colon-
515
separated list of editors in the editor
516
variable. vviissuuddoo will then only use the
517
EDITOR or VISUAL if they match a value
518
specified in editor. This flag is _o_f_f by
519
default.
520
521
env_reset If set, ssuuddoo will reset the environment to
522
only contain the LOGNAME, SHELL, USER,
523
524
525
526
1.6.9p6 October 9, 2007 8
527
528
529
530
531
532
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
533
534
535
USERNAME and the SUDO_* variables. Any
536
variables in the caller's environment that
537
match the env_keep and env_check lists are
538
then added. The default contents of the
539
env_keep and env_check lists are displayed
540
when ssuuddoo is run by root with the _-_V
541
option. If ssuuddoo was compiled with the
542
SECURE_PATH option, its value will be used
543
for the PATH environment variable. This
544
flag is _o_n by default.
545
546
fqdn Set this flag if you want to put fully
547
qualified hostnames in the _s_u_d_o_e_r_s file.
548
I.e., instead of myhost you would use
549
myhost.mydomain.edu. You may still use
550
the short form if you wish (and even mix
551
the two). Beware that turning on _f_q_d_n
552
requires ssuuddoo to make DNS lookups which
553
may make ssuuddoo unusable if DNS stops work�
554
ing (for example if the machine is not
555
plugged into the network). Also note that
556
you must use the host's official name as
557
DNS knows it. That is, you may not use a
558
host alias (CNAME entry) due to perfor�
559
mance issues and the fact that there is no
560
way to get all aliases from DNS. If your
561
machine's hostname (as returned by the
562
hostname command) is already fully quali�
563
fied you shouldn't need to set _f_q_d_n. This
564
flag is _o_f_f by default.
565
566
ignore_dot If set, ssuuddoo will ignore '.' or '' (cur�
567
rent dir) in the PATH environment vari�
568
able; the PATH itself is not modified.
569
This flag is _o_f_f by default. Currently,
570
while it is possible to set _i_g_n_o_r_e___d_o_t in
571
_s_u_d_o_e_r_s, its value is not used. This
572
option should be considered read-only (it
573
will be fixed in a future version of
574
ssuuddoo).
575
576
ignore_local_sudoers
577
If set via LDAP, parsing of
578
@sysconfdir@/sudoers will be skipped.
579
This is intended for Enterprises that wish
580
to prevent the usage of local sudoers
581
files so that only LDAP is used. This
582
thwarts the efforts of rogue operators who
583
would attempt to add roles to
584
@sysconfdir@/sudoers. When this option is
585
present, @sysconfdir@/sudoers does not
586
even need to exist. Since this option
587
tells ssuuddoo how to behave when no specific
588
LDAP entries have been matched, this
589
590
591
592
1.6.9p6 October 9, 2007 9
593
594
595
596
597
598
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
599
600
601
sudoOption is only meaningful for the
602
cn=defaults section. This flag is _o_f_f by
603
default.
604
605
insults If set, ssuuddoo will insult users when they
606
enter an incorrect password. This flag is
607
_o_f_f by default.
608
609
log_host If set, the hostname will be logged in the
610
(non-syslog) ssuuddoo log file. This flag is
611
_o_f_f by default.
612
613
log_year If set, the four-digit year will be logged
614
in the (non-syslog) ssuuddoo log file. This
615
flag is _o_f_f by default.
616
617
long_otp_prompt When validating with a One Time Password
618
(OPT) scheme such as SS//KKeeyy or OOPPIIEE, a two-
619
line prompt is used to make it easier to
620
cut and paste the challenge to a local
621
window. It's not as pretty as the default
622
but some people find it more convenient.
623
This flag is _o_f_f by default.
624
625
mail_always Send mail to the _m_a_i_l_t_o user every time a
626
users runs ssuuddoo. This flag is _o_f_f by
627
default.
628
629
mail_badpass Send mail to the _m_a_i_l_t_o user if the user
630
running ssuuddoo does not enter the correct
631
password. This flag is _o_f_f by default.
632
633
mail_no_host If set, mail will be sent to the _m_a_i_l_t_o
634
user if the invoking user exists in the
635
_s_u_d_o_e_r_s file, but is not allowed to run
636
commands on the current host. This flag
637
is _o_f_f by default.
638
639
mail_no_perms If set, mail will be sent to the _m_a_i_l_t_o
640
user if the invoking user is allowed to
641
use ssuuddoo but the command they are trying
642
is not listed in their _s_u_d_o_e_r_s file entry
643
or is explicitly denied. This flag is _o_f_f
644
by default.
645
646
mail_no_user If set, mail will be sent to the _m_a_i_l_t_o
647
user if the invoking user is not in the
648
_s_u_d_o_e_r_s file. This flag is _o_n by default.
649
650
noexec If set, all commands run via ssuuddoo will
651
behave as if the NOEXEC tag has been set,
652
unless overridden by a EXEC tag. See the
653
description of _N_O_E_X_E_C _a_n_d _E_X_E_C below as
654
well as the "PREVENTING SHELL ESCAPES"
655
656
657
658
1.6.9p6 October 9, 2007 10
659
660
661
662
663
664
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
665
666
667
section at the end of this manual. This
668
flag is _o_f_f by default.
669
670
path_info Normally, ssuuddoo will tell the user when a
671
command could not be found in their PATH
672
environment variable. Some sites may wish
673
to disable this as it could be used to
674
gather information on the location of exe�
675
cutables that the normal user does not
676
have access to. The disadvantage is that
677
if the executable is simply not in the
678
user's PATH, ssuuddoo will tell the user that
679
they are not allowed to run it, which can
680
be confusing. This flag is _o_n by default.
681
682
preserve_groups By default ssuuddoo will initialize the group
683
vector to the list of groups the target
684
user is in. When _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set,
685
the user's existing group vector is left
686
unaltered. The real and effective group
687
IDs, however, are still set to match the
688
target user. This flag is _o_f_f by default.
689
690
requiretty If set, ssuuddoo will only run when the user
691
is logged in to a real tty. This will
692
disallow things like "rsh somehost sudo
693
ls" since _r_s_h(1) does not allocate a tty.
694
Because it is not possible to turn off
695
echo when there is no tty present, some
696
sites may wish to set this flag to prevent
697
a user from entering a visible password.
698
This flag is _o_f_f by default.
699
700
root_sudo If set, root is allowed to run ssuuddoo too.
701
Disabling this prevents users from "chain�
702
ing" ssuuddoo commands to get a root shell by
703
doing something like "sudo sudo /bin/sh".
704
Note, however, that turning off _r_o_o_t___s_u_d_o
705
will also prevent root and from running
706
ssuuddooeeddiitt. Disabling _r_o_o_t___s_u_d_o provides no
707
real additional security; it exists purely
708
for historical reasons. This flag is _o_n
709
by default.
710
711
rootpw If set, ssuuddoo will prompt for the root
712
password instead of the password of the
713
invoking user. This flag is _o_f_f by
714
default.
715
716
runaspw If set, ssuuddoo will prompt for the password
717
of the user defined by the _r_u_n_a_s___d_e_f_a_u_l_t
718
option (defaults to root) instead of the
719
password of the invoking user. This flag
720
is _o_f_f by default.
721
722
723
724
1.6.9p6 October 9, 2007 11
725
726
727
728
729
730
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
731
732
733
set_home If set and ssuuddoo is invoked with the --ss
734
flag the HOME environment variable will be
735
set to the home directory of the target
736
user (which is root unless the --uu option
737
is used). This effectively makes the --ss
738
flag imply --HH. This flag is _o_f_f by
739
default.
740
741
set_logname Normally, ssuuddoo will set the LOGNAME, USER
742
and USERNAME environment variables to the
743
name of the target user (usually root
744
unless the --uu flag is given). However,
745
since some programs (including the RCS
746
revision control system) use LOGNAME to
747
determine the real identity of the user,
748
it may be desirable to change this behav�
749
ior. This can be done by negating the
750
set_logname option. Note that if the
751
_e_n_v___r_e_s_e_t option has not been disabled,
752
entries in the _e_n_v___k_e_e_p list will override
753
the value of _s_e_t___l_o_g_n_a_m_e. This flag is
754
_o_f_f by default.
755
756
setenv Allow the user to disable the _e_n_v___r_e_s_e_t
757
option from the command line. Addition�
758
ally, environment variables set via the
759
command line are not subject to the
760
restrictions imposed by _e_n_v___c_h_e_c_k,
761
_e_n_v___d_e_l_e_t_e, or _e_n_v___k_e_e_p. As such, only
762
trusted users should be allowed to set
763
variables in this manner. This flag is
764
_o_f_f by default.
765
766
shell_noargs If set and ssuuddoo is invoked with no argu�
767
ments it acts as if the --ss flag had been
768
given. That is, it runs a shell as root
769
(the shell is determined by the SHELL
770
environment variable if it is set, falling
771
back on the shell listed in the invoking
772
user's /etc/passwd entry if not). This
773
flag is _o_f_f by default.
774
775
stay_setuid Normally, when ssuuddoo executes a command the
776
real and effective UIDs are set to the
777
target user (root by default). This
778
option changes that behavior such that the
779
real UID is left as the invoking user's
780
UID. In other words, this makes ssuuddoo act
781
as a setuid wrapper. This can be useful
782
on systems that disable some potentially
783
dangerous functionality when a program is
784
run setuid. This option is only effective
785
on systems with either the _s_e_t_r_e_u_i_d_(_) or
786
_s_e_t_r_e_s_u_i_d_(_) function. This flag is _o_f_f by
787
788
789
790
1.6.9p6 October 9, 2007 12
791
792
793
794
795
796
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
797
798
799
default.
800
801
targetpw If set, ssuuddoo will prompt for the password
802
of the user specified by the --uu flag
803
(defaults to root) instead of the password
804
of the invoking user. Note that this pre�
805
cludes the use of a uid not listed in the
806
passwd database as an argument to the --uu
807
flag. This flag is _o_f_f by default.
808
809
tty_tickets If set, users must authenticate on a per-
810
tty basis. Normally, ssuuddoo uses a direc�
811
tory in the ticket dir with the same name
812
as the user running it. With this flag
813
enabled, ssuuddoo will use a file named for
814
the tty the user is logged in on in that
815
directory. This flag is _o_f_f by default.
816
817
use_loginclass If set, ssuuddoo will apply the defaults spec�
818
ified for the target user's login class if
819
one exists. Only available if ssuuddoo is
820
configured with the --with-logincap
821
option. This flag is _o_f_f by default.
822
823
IInntteeggeerrss:
824
825
passwd_tries The number of tries a user gets to enter
826
his/her password before ssuuddoo logs the
827
failure and exits. The default is 3.
828
829
IInntteeggeerrss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
830
831
loglinelen Number of characters per line for the file
832
log. This value is used to decide when to
833
wrap lines for nicer log files. This has
834
no effect on the syslog log file, only the
835
file log. The default is 80 (use 0 or
836
negate the option to disable word wrap).
837
838
passwd_timeout Number of minutes before the ssuuddoo password
839
prompt times out. The default is 5; set
840
this to 0 for no password timeout.
841
842
timestamp_timeout
843
Number of minutes that can elapse before
844
ssuuddoo will ask for a passwd again. The
845
default is 5. Set this to 0 to always
846
prompt for a password. If set to a value
847
less than 0 the user's timestamp will
848
never expire. This can be used to allow
849
users to create or delete their own times�
850
tamps via sudo -v and sudo -k respec�
851
tively.
852
853
854
855
856
1.6.9p6 October 9, 2007 13
857
858
859
860
861
862
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
863
864
865
umask Umask to use when running the command.
866
Negate this option or set it to 0777 to
867
preserve the user's umask. The default is
868
0022.
869
870
SSttrriinnggss:
871
872
badpass_message Message that is displayed if a user enters
873
an incorrect password. The default is
874
Sorry, try again. unless insults are
875
enabled.
876
877
editor A colon (':') separated list of editors
878
allowed to be used with vviissuuddoo. vviissuuddoo
879
will choose the editor that matches the
880
user's EDITOR environment variable if pos�
881
sible, or the first editor in the list
882
that exists and is executable. The
883
default is the path to vi on your system.
884
885
mailsub Subject of the mail sent to the _m_a_i_l_t_o
886
user. The escape %h will expand to the
887
hostname of the machine. Default is ***
888
SECURITY information for %h ***.
889
890
noexec_file Path to a shared library containing dummy
891
versions of the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and _f_e_x_�
892
_e_c_v_e_(_) library functions that just return
893
an error. This is used to implement the
894
_n_o_e_x_e_c functionality on systems that sup�
895
port LD_PRELOAD or its equivalent.
896
Defaults to
897
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o.
898
899
passprompt The default prompt to use when asking for
900
a password; can be overridden via the --pp
901
option or the SUDO_PROMPT environment
902
variable. The following percent (`%')
903
escapes are supported:
904
905
%H expanded to the local hostname includ�
906
ing the domain name (on if the
907
machine's hostname is fully qualified
908
or the _f_q_d_n option is set)
909
910
%h expanded to the local hostname without
911
the domain name
912
913
%U expanded to the login name of the user
914
the command will be run as (defaults
915
to root)
916
917
%u expanded to the invoking user's login
918
name
919
920
921
922
1.6.9p6 October 9, 2007 14
923
924
925
926
927
928
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
929
930
931
%% two consecutive % characters are col�
932
lapsed into a single % character
933
934
The default value is Password:.
935
936
runas_default The default user to run commands as if the
937
--uu flag is not specified on the command
938
line. This defaults to root. Note that
939
if _r_u_n_a_s___d_e_f_a_u_l_t is set it mmuusstt occur
940
before any Runas_Alias specifications.
941
942
syslog_badpri Syslog priority to use when user authenti�
943
cates unsuccessfully. Defaults to alert.
944
945
syslog_goodpri Syslog priority to use when user authenti�
946
cates successfully. Defaults to notice.
947
948
timestampdir The directory in which ssuuddoo stores its
949
timestamp files. The default is
950
_/_v_a_r_/_r_u_n_/_s_u_d_o.
951
952
timestampowner The owner of the timestamp directory and
953
the timestamps stored therein. The
954
default is root.
955
956
SSttrriinnggss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
957
958
exempt_group
959
Users in this group are exempt from password
960
and PATH requirements. This is not set by
961
default.
962
963
lecture This option controls when a short lecture will
964
be printed along with the password prompt. It
965
has the following possible values:
966
967
always Always lecture the user.
968
969
never Never lecture the user.
970
971
once Only lecture the user the first time
972
they run ssuuddoo.
973
974
If no value is specified, a value of _o_n_c_e is
975
implied. Negating the option results in a
976
value of _n_e_v_e_r being used. The default value
977
is _o_n_c_e.
978
979
lecture_file
980
Path to a file containing an alternate ssuuddoo
981
lecture that will be used in place of the
982
standard lecture if the named file exists. By
983
default, ssuuddoo uses a built-in lecture.
984
985
986
987
988
1.6.9p6 October 9, 2007 15
989
990
991
992
993
994
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
995
996
997
listpw This option controls when a password will be
998
required when a user runs ssuuddoo with the --ll
999
flag. It has the following possible values:
1000
1001
all All the user's _s_u_d_o_e_r_s entries for the
1002
current host must have the NOPASSWD
1003
flag set to avoid entering a password.
1004
1005
always The user must always enter a password
1006
to use the --ll flag.
1007
1008
any At least one of the user's _s_u_d_o_e_r_s
1009
entries for the current host must have
1010
the NOPASSWD flag set to avoid enter�
1011
ing a password.
1012
1013
never The user need never enter a password
1014
to use the --ll flag.
1015
1016
If no value is specified, a value of _a_n_y is
1017
implied. Negating the option results in a
1018
value of _n_e_v_e_r being used. The default value
1019
is _a_n_y.
1020
1021
logfile Path to the ssuuddoo log file (not the syslog log
1022
file). Setting a path turns on logging to a
1023
file; negating this option turns it off. By
1024
default, ssuuddoo logs via syslog.
1025
1026
mailerflags Flags to use when invoking mailer. Defaults to
1027
--tt.
1028
1029
mailerpath Path to mail program used to send warning
1030
mail. Defaults to the path to sendmail found
1031
at configure time.
1032
1033
mailto Address to send warning and error mail to.
1034
The address should be enclosed in double
1035
quotes (") to protect against ssuuddoo interpret�
1036
ing the @ sign. Defaults to root.
1037
1038
syslog Syslog facility if syslog is being used for
1039
logging (negate to disable syslog logging).
1040
Defaults to local2.
1041
1042
verifypw This option controls when a password will be
1043
required when a user runs ssuuddoo with the --vv
1044
flag. It has the following possible values:
1045
1046
all All the user's _s_u_d_o_e_r_s entries for the
1047
current host must have the NOPASSWD
1048
flag set to avoid entering a password.
1049
1050
always The user must always enter a password
1051
1052
1053
1054
1.6.9p6 October 9, 2007 16
1055
1056
1057
1058
1059
1060
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1061
1062
1063
to use the --vv flag.
1064
1065
any At least one of the user's _s_u_d_o_e_r_s
1066
entries for the current host must have
1067
the NOPASSWD flag set to avoid enter�
1068
ing a password.
1069
1070
never The user need never enter a password
1071
to use the --vv flag.
1072
1073
If no value is specified, a value of _a_l_l is
1074
implied. Negating the option results in a
1075
value of _n_e_v_e_r being used. The default value
1076
is _a_l_l.
1077
1078
LLiissttss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
1079
1080
env_check Environment variables to be removed from
1081
the user's environment if the variable's
1082
value contains % or / characters. This
1083
can be used to guard against printf-style
1084
format vulnerabilities in poorly-written
1085
programs. The argument may be a dou�
1086
ble-quoted, space-separated list or a sin�
1087
gle value without double-quotes. The list
1088
can be replaced, added to, deleted from,
1089
or disabled by using the =, +=, -=, and !
1090
operators respectively. Regardless of
1091
whether the env_reset option is enabled or
1092
disabled, variables specified by env_check
1093
will be preserved in the environment if
1094
they pass the aforementioned check. The
1095
default list of environment variables to
1096
check is displayed when ssuuddoo is run by
1097
root with the _-_V option.
1098
1099
env_delete Environment variables to be removed from
1100
the user's environment. The argument may
1101
be a double-quoted, space-separated list
1102
or a single value without double-quotes.
1103
The list can be replaced, added to,
1104
deleted from, or disabled by using the =,
1105
+=, -=, and ! operators respectively. The
1106
default list of environment variables to
1107
remove is displayed when ssuuddoo is run by
1108
root with the _-_V option. Note that many
1109
operating systems will remove potentially
1110
dangerous variables from the environment
1111
of any setuid process (such as ssuuddoo).
1112
1113
env_keep Environment variables to be preserved in
1114
the user's environment when the _e_n_v___r_e_s_e_t
1115
option is in effect. This allows fine-
1116
grained control over the environment
1117
1118
1119
1120
1.6.9p6 October 9, 2007 17
1121
1122
1123
1124
1125
1126
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1127
1128
1129
ssuuddoo-spawned processes will receive. The
1130
argument may be a double-quoted, space-
1131
separated list or a single value without
1132
double-quotes. The list can be replaced,
1133
added to, deleted from, or disabled by
1134
using the =, +=, -=, and ! operators
1135
respectively. The default list of vari�
1136
ables to keep is displayed when ssuuddoo is
1137
run by root with the _-_V option.
1138
1139
When logging via _s_y_s_l_o_g(3), ssuuddoo accepts the following
1140
values for the syslog facility (the value of the ssyysslloogg
1141
Parameter): aauutthhpprriivv (if your OS supports it), aauutthh, ddaaee��
1142
mmoonn, uusseerr, llooccaall00, llooccaall11, llooccaall22, llooccaall33, llooccaall44, llooccaall55,
1143
llooccaall66, and llooccaall77. The following syslog priorities are
1144
supported: aalleerrtt, ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee,
1145
and wwaarrnniinngg.
1128
1146
1129
1147
FFIILLEESS
1130
/etc/sudoers List of who can run what
1131
/etc/group Local groups file
1132
/etc/netgroup List of network groups
1148
_/_e_t_c_/_s_u_d_o_e_r_s List of who can run what
1149
_/_e_t_c_/_g_r_o_u_p Local groups file
1150
_/_e_t_c_/_n_e_t_g_r_o_u_p List of network groups
1133
1151
1134
1152
EEXXAAMMPPLLEESS
1135
1153
Since the _s_u_d_o_e_r_s file is parsed in a single pass, order
1162
1180
Host_Alias SERVERS = master, mail, www, ns
1163
1181
Host_Alias CDROM = orion, perseus, hercules
1164
1182
1183
1184
1185
1186
1.6.9p6 October 9, 2007 18
1187
1188
1189
1190
1191
1192
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1193
1194
1165
1195
# Cmnd alias specification
1166
1196
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
1167
1197
/usr/sbin/restore, /usr/sbin/rrestore
1174
1204
/usr/local/bin/tcsh, /usr/bin/rsh, \
1175
1205
/usr/local/bin/zsh
1176
1206
Cmnd_Alias SU = /usr/bin/su
1207
Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
1177
1208
1178
1209
Here we override some of the compiled in default values.
1179
1210
We want ssuuddoo to log via _s_y_s_l_o_g(3) using the _a_u_t_h facility
1180
1211
in all cases. We don't want to subject the full time
1181
1212
staff to the ssuuddoo lecture, user mmiilllleerrtt need not give a
1182
password, and we don't want to reset the LOGNAME or USER
1183
1184
1185
1186
1.6.8p12 June, 20 2005 18
1187
1188
1189
1190
1191
1192
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1193
1194
1195
environment variables when running commands as root.
1196
Additionally, on the machines in the _S_E_R_V_E_R_S Host_Alias,
1197
we keep an additional local log file and make sure we log
1198
the year in each log line since the log entries will be
1199
kept around for several years.
1213
password, and we don't want to reset the LOGNAME, USER or
1214
USERNAME environment variables when running commands as
1215
root. Additionally, on the machines in the _S_E_R_V_E_R_S
1216
Host_Alias, we keep an additional local log file and make
1217
sure we log the year in each log line since the log
1218
entries will be kept around for several years. Lastly, we
1219
disable shell escapes for the commands in the PAGERS
1220
Cmnd_Alias (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and _/_u_s_r_/_b_i_n_/_l_e_s_s).
1200
1221
1201
1222
# Override built-in defaults
1202
1223
Defaults syslog=auth
1204
1225
Defaults:FULLTIMERS !lecture
1205
1226
Defaults:millert !authenticate
1206
1227
Defaults@SERVERS log_year, logfile=/var/log/sudo.log
1228
Defaults!PAGERS noexec
1207
1229
1208
1230
The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually deter�
1209
1231
mines who may run what.
1225
1247
any command on any host but they must authenticate them�
1226
1248
selves first (since the entry lacks the NOPASSWD tag).
1227
1249
1250
1251
1252
1.6.9p6 October 9, 2007 19
1253
1254
1255
1256
1257
1258
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1259
1260
1228
1261
jack CSNETS = ALL
1229
1262
1230
1263
The user jjaacckk may run any command on the machines in the
1247
1280
killing processes, the printing system, shutting down the
1248
1281
system, and any commands in the directory _/_u_s_r_/_o_p_e_r_/_b_i_n_/.
1249
1282
1250
1251
1252
1.6.8p12 June, 20 2005 19
1253
1254
1255
1256
1257
1258
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1259
1260
1261
1283
joe ALL = /usr/bin/su operator
1262
1284
1263
1285
The user jjooee may only _s_u(1) to operator.
1278
1300
jim +biglab = ALL
1279
1301
1280
1302
The user jjiimm may run any command on machines in the _b_i_g_l_a_b
1281
netgroup. SSuuddoo knows that "biglab" is a netgroup due to
1303
netgroup. ssuuddoo knows that "biglab" is a netgroup due to
1282
1304
the '+' prefix.
1283
1305
1284
1306
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
1290
1312
fred ALL = (DB) NOPASSWD: ALL
1291
1313
1292
1314
The user ffrreedd can run commands as any user in the _D_B
1315
1316
1317
1318
1.6.9p6 October 9, 2007 20
1319
1320
1321
1322
1323
1324
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1325
1326
1293
1327
Runas_Alias (oorraaccllee or ssyybbaassee) without giving a password.
1294
1328
1295
1329
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
1306
1340
jill SERVERS = /usr/bin/, !SU, !SHELLS
1307
1341
1308
1342
For any machine in the _S_E_R_V_E_R_S Host_Alias, jjiillll may run
1309
any commands in the directory /usr/bin/ except for those
1343
any commands in the directory _/_u_s_r_/_b_i_n_/ except for those
1310
1344
commands belonging to the _S_U and _S_H_E_L_L_S Cmnd_Aliases.
1311
1345
1312
1346
steve CSNETS = (operator) /usr/local/op_commands/
1313
1347
1314
1348
The user sstteevvee may run any command in the directory
1315
1316
1317
1318
1.6.8p12 June, 20 2005 20
1319
1320
1321
1322
1323
1324
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1325
1326
1327
1349
/usr/local/op_commands/ but only as user operator.
1328
1350
1329
1351
matt valkyrie = KILL
1355
1377
bill ALL = ALL, !SU, !SHELLS
1356
1378
1357
1379
Doesn't really prevent bbiillll from running the commands
1358
listed in _S_U or _S_H_E_L_L_S since he can simply copy those com�
1359
mands to a different name, or use a shell escape from an
1360
editor or other program. Therefore, these kind of
1380
listed in _S_U or _S_H_E_L_L_S since he can simply copy those
1381
1382
1383
1384
1.6.9p6 October 9, 2007 21
1385
1386
1387
1388
1389
1390
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1391
1392
1393
commands to a different name, or use a shell escape from
1394
an editor or other program. Therefore, these kind of
1361
1395
restrictions should be considered advisory at best (and
1362
1396
reinforced by policy).
1363
1397
1366
1400
whatever it pleases, including run other programs. This
1367
1401
can be a security issue since it is not uncommon for a
1368
1402
program to allow shell escapes, which lets a user bypass
1369
ssuuddoo's restrictions. Common programs that permit shell
1370
escapes include shells (obviously), editors, paginators,
1371
mail and terminal programs.
1372
1373
Many systems that support shared libraries have the abil�
1374
ity to override default library functions by pointing an
1375
environment variable (usually LD_PRELOAD) to an alternate
1376
shared library. On such systems, ssuuddoo's _n_o_e_x_e_c function�
1377
ality can be used to prevent a program run by sudo from
1378
executing any other programs. Note, however, that this
1379
applies only to native dynamically-linked executables.
1380
Statically-linked executables and foreign executables
1381
1382
1383
1384
1.6.8p12 June, 20 2005 21
1403
ssuuddoo's access control and logging. Common programs that
1404
permit shell escapes include shells (obviously), editors,
1405
paginators, mail and terminal programs.
1406
1407
There are two basic approaches to this problem:
1408
1409
restrict Avoid giving users access to commands that allow
1410
the user to run arbitrary commands. Many edi�
1411
tors have a restricted mode where shell escapes
1412
are disabled, though ssuuddooeeddiitt is a better solu�
1413
tion to running editors via ssuuddoo. Due to the
1414
large number of programs that offer shell
1415
escapes, restricting users to the set of pro�
1416
grams that do not if often unworkable.
1417
1418
noexec Many systems that support shared libraries have
1419
the ability to override default library func�
1420
tions by pointing an environment variable (usu�
1421
ally LD_PRELOAD) to an alternate shared library.
1422
On such systems, ssuuddoo's _n_o_e_x_e_c functionality can
1423
be used to prevent a program run by ssuuddoo from
1424
executing any other programs. Note, however,
1425
that this applies only to native dynamically-
1426
linked executables. Statically-linked executa�
1427
bles and foreign executables running under
1428
binary emulation are not affected.
1429
1430
To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you
1431
can run the following as root:
1432
1433
sudo -V | grep "dummy exec"
1434
1435
If the resulting output contains a line that
1436
begins with:
1437
1438
File containing dummy exec functions:
1439
1440
then ssuuddoo may be able to replace the exec family
1441
of functions in the standard library with its
1442
own that simply return an error. Unfortunately,
1443
there is no foolproof way to know whether or not
1444
_n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c should
1445
work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64
1446
UNIX, MacOS X, and HP-UX 11.x. It is known nnoott
1447
1448
1449
1450
1.6.9p6 October 9, 2007 22
1385
1451
1386
1452
1387
1453
1390
1456
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1391
1457
1392
1458
1393
running under binary emulation are not affected.
1394
1395
To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you can run
1396
the following as root:
1397
1398
sudo -V | grep "dummy exec"
1399
1400
If the resulting output contains a line that begins with:
1401
1402
File containing dummy exec functions:
1403
1404
then ssuuddoo may be able to replace the exec family of func�
1405
tions in the standard library with its own that simply
1406
return an error. Unfortunately, there is no foolproof way
1407
to know whether or not _n_o_e_x_e_c will work at compile-time.
1408
_N_o_e_x_e_c should work on SunOS, Solaris, *BSD, Linux, IRIX,
1409
Tru64 UNIX, MacOS X, and HP-UX 11.x. It is known nnoott to
1410
work on AIX and UnixWare. _N_o_e_x_e_c is expected to work on
1411
most operating systems that support the LD_PRELOAD envi�
1412
ronment variable. Check your operating system's manual
1413
pages for the dynamic linker (usually ld.so, ld.so.1,
1414
dyld, dld.sl, rld, or loader) to see if LD_PRELOAD is sup�
1415
ported.
1416
1417
To enable _n_o_e_x_e_c for a command, use the NOEXEC tag as doc�
1418
umented in the User Specification section above. Here is
1419
that example again:
1420
1421
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
1422
1423
This allows user aaaarroonn to run _/_u_s_r_/_b_i_n_/_m_o_r_e and
1424
_/_u_s_r_/_b_i_n_/_v_i with _n_o_e_x_e_c enabled. This will prevent those
1425
two commands from executing other commands (such as a
1426
shell). If you are unsure whether or not your system is
1427
capable of supporting _n_o_e_x_e_c you can always just try it
1428
out and see if it works.
1429
1430
Note that disabling shell escapes is not a panacea. Pro�
1431
grams running as root are still capable of many poten�
1459
to work on AIX and UnixWare. _n_o_e_x_e_c is expected
1460
to work on most operating systems that support
1461
the LD_PRELOAD environment variable. Check your
1462
operating system's manual pages for the dynamic
1463
linker (usually ld.so, ld.so.1, dyld, dld.sl,
1464
rld, or loader) to see if LD_PRELOAD is sup�
1465
ported.
1466
1467
To enable _n_o_e_x_e_c for a command, use the NOEXEC
1468
tag as documented in the User Specification sec�
1469
tion above. Here is that example again:
1470
1471
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
1472
1473
This allows user aaaarroonn to run _/_u_s_r_/_b_i_n_/_m_o_r_e and
1474
_/_u_s_r_/_b_i_n_/_v_i with _n_o_e_x_e_c enabled. This will pre�
1475
vent those two commands from executing other
1476
commands (such as a shell). If you are unsure
1477
whether or not your system is capable of sup�
1478
porting _n_o_e_x_e_c you can always just try it out
1479
and see if it works.
1480
1481
Note that restricting shell escapes is not a panacea.
1482
Programs running as root are still capable of many poten�
1432
1483
tially hazardous operations (such as changing or overwrit�
1433
1484
ing files) that could lead to unintended privilege escala�
1434
1485
tion. In the specific case of an editor, a safer approach
1435
1486
is to give the user permission to run ssuuddooeeddiitt.
1436
1487
1437
1488
SSEEEE AALLSSOO
1438
_r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), sudo(1m), visudo(1m)
1489
_r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _s_u_d_o(1m), _v_i_s_u_d_o(8)
1439
1490
1440
1491
CCAAVVEEAATTSS
1441
1492
The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo
1444
1495
errors since ssuuddoo will not run with a syntactically incor�
1445
1496
rect _s_u_d_o_e_r_s file.
1446
1497
1447
1448
1449
1450
1.6.8p12 June, 20 2005 22
1451
1452
1453
1454
1455
1456
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1457
1458
1459
1498
When using netgroups of machines (as opposed to users), if
1460
1499
you store fully qualified hostnames in the netgroup (as is
1461
1500
usually the case), you either need to have the machine's
1467
1506
bug report at http://www.sudo.ws/sudo/bugs/
1468
1507
1469
1508
SSUUPPPPOORRTT
1470
Commercial support is available for ssuuddoo, see
1471
http://www.sudo.ws/sudo/support.html for details.
1472
1473
1509
Limited free support is available via the sudo-users mail�
1474
1510
ing list, see http://www.sudo.ws/mail�
1475
1511
man/listinfo/sudo-users to subscribe or search the
1476
1512
archives.
1477
1513
1514
1515
1516
1.6.9p6 October 9, 2007 23
1517
1518
1519
1520
1521
1522
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1523
1524
1478
1525
DDIISSCCLLAAIIMMEERR
1479
SSuuddoo is provided ``AS IS'' and any express or implied war�
1526
ssuuddoo is provided ``AS IS'' and any express or implied war�
1480
1527
ranties, including, but not limited to, the implied war�
1481
1528
ranties of merchantability and fitness for a particular
1482
1529
purpose are disclaimed. See the LICENSE file distributed
1513
1560
1514
1561
1515
1562
1516
1.6.8p12 June, 20 2005 23
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1.6.9p6 October 9, 2007 24
1517
1583
1518
1584
Loggerhead is a web-based interface for Breezy
Version: 2.0.1