-e The -e (edit) option indicates that, instead of running a command, the user wishes to edit
one or more files. In lieu of a command, the string "sudoedit" is used when consulting the
security policy. If the user is authorized by the policy, the following steps are taken:
1. Temporary copies are made of the files to be edited with the owner set to the invoking
user.
2. The editor specified by the policy is run to edit the temporary files. The sudoers
policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If
none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor
sudoers(5) option is used.
3. If they have been modified, the temporary files are copied back to their original
location and the temporary versions are removed.
If the specified file does not exist, it will be created. Note that unlike most commands run
by sudo, the editor is run with the invoking user's environment unmodified. If, for some
reason, sudo is unable to update a file with its edited version, the user will receive a
warning and the edited copy will remain in a temporary file.
|
-s [command]
The -s (shell) option runs the shell specified by the SHELL environment variable if it is set
or the shell as specified in the password database. If a command is specified, it is passed
to the shell for execution via the shell's -c option. If no command is specified, an
interactive shell is executed.
|
-k [command]
When used alone, the -k (kill) option to sudo invalidates the user's cached credentials. The
next time sudo is run a password will be required. This option does not require a password
and was added to allow a user to revoke sudo permissions from a .logout file. Not all
security policies support credential caching.
When used in conjunction with a command or an option that may require a password, the -k
option will cause sudo to ignore the user's cached credentials. As a result, sudo will
prompt for a password (if one is required by the security policy) and will not update the
user's cached credentials.
|
-u user The -u (user) option causes sudo to run the specified command as a user other than root. To
specify a uid instead of a user name, use #uid. When running commands as a uid, many shells
require that the '#' be escaped with a backslash ('\'). Security policies may restrict uids
to those listed in the password database. The sudoers policy allows uids that are not in the
password database as long as the targetpw option is not set. Other security policies may not
support this.
|