To specify a uid instead of a username, use #uid. The -u (user) option causes sudo to run the specified command as a user other than root. This option is only available on systems that support BSD authentication where sudo is configured with the -with-bsdauth option. The system administrator may specify a list of sudo-specific authentication methods by adding an " auth-sudo" entry in /etc/nf. The -a (authentication type) option causes sudo to use the specified authentication type when validating the user, as allowed by /etc/nf. This option is only available on systems with BSD login classes where sudo is configured with the -with-logincap option. If the class argument specifies an existing user class, the command must run as root, or the sudo command must run from a shell that is already root. Specifying a class of - indicates that the command should run restricted by the default login capabilities for the user running the command. The class argument can be either a class name as defined in /etc/nf, or a single ' -' character. The -c (class) option causes sudo to run the specified command with resources limited by the specified login class. %% (two consecutive % characters) are collapsed into a single % character. %H is expanded to the local hostname including the domain name (only if the machine's hostname is fully qualified or the " fqdn" sudoers option is set) %h is expanded to the local hostname without the domain name %U is expanded to the login name of the user the command will run as (which defaults to root) %u is expanded to the invoking user's login name
The following percent (' %') escapes are supported:
#Ubuntu sudo not available switch to root password
The -p (prompt) option lets you override the default password prompt and use a custom one. Note that if you use the -b option you cannot use shell job control to manipulate the process. The -b (background) option tells sudo to run the given command in the background. Likewise, this option does not require a password. The -K (sure kill) option to sudo removes the user's timestamp entirely. This option does not require a password and was added to allow a user to revoke sudo permissions from a. The next time sudo is run a password will be required. The -k (kill) option to sudo invalidates the user's timestamp by setting the time on it to the epoch. This extends the sudo timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command. If given the -v (validate) option, sudo updates the user's timestamp, prompting for the user's password if necessary. The -h (help) option causes sudo to print a usage message and exit. This option is useful in conjunction with grep. The -L (list defaults) option lists out the parameters set in a Defaults line with a short description for each. The -l (list) option prints out the commands allowed (and forbidden) the user on the current host. If the invoking user is already root, the -V option prints out a list of the defaults sudo was compiled with and the machine's local network addresses. The -V (version) option causes sudo to print the version number and exit.
To edit the sudoers file, use the visudo command.
By default, sudo will log to syslog but this can be changed at configure time or in the sudoers file. Sudo can log both successful and unsuccessful attempts (and errors) to syslog, a unique log file, or both. Note that the mail isn't sent if an unauthorized user tries to run sudo with the -l or -v flags this allows users to determine for themselves whether or not they are allowed to use sudo. The default authority to be notified of unsuccessful sudo attempts is root. If a user not listed in sudoers tries to run a command using sudo, it is considered an unsuccessful attempt to breach system security and mail is sent to the proper authorities, as defined at configure time or in the sudoers file. This timestamp can be renewed if the user issues sudo with the -v flag. Once a user is authenticated, a timestamp is recorded and the user may use sudo without a password for a short time ( 5 minutes, unless configured differently in sudoers). By default, this is the user's password, not the root password itself. The real and effective uid and gid of the issuing user are then set to match those of the target user account as specified in the passwd file.īy default, sudo requires that users authenticate themselves with a password. Sudo allows a permitted user to execute a command as another user, according to specifications in the /etc/sudoers file.
0 kommentar(er)
