Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
Standard preamble:
========================================================================
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. | will give a
real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
expand to `' in nroff, nothing in troff, for use with C<>.
.tr \(*W-|\(bv\*(Tr . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\}
If the F register is turned on, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
. de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\}
For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================
Title "SUDOSCRIPT 8"
Standard preamble:
========================================================================
\\$1
.. ..
.... Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. | will give a
real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
expand to `' in nroff, nothing in troff, for use with C<>.
.tr \(*W-|\(bv\*(Tr . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\}
If the F register is turned on, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
. de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\}
For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================
Title "SUDOSCRIPT 8"
SUDOSCRIPT 8 "2003-06-13" "perl v5.8.0" "User Contributed Perl Documentation"
"NAME"
sudoscript -a system for audited shells with sudo(8) and script(1)
"DESCRIPTION"
Header "DESCRIPTION" \f(CW\*(C`sudoscript\*(C' is a system that audits a shell run under sudo(8) It does this
using the venerable unix command script(1) The system consists of two
Perl scripts and one Perl module.. The front-end script is called sudoshell(1)
(also ss(1)). The backend script is sudoscriptd(8). The Perl module is
\f(CW\*(C`Sudoscript(3pm)\*(C'. Each of these have their own man pages which it would
be well for a system administrator to read before implementing \*(C`sudoscript\*(C'.
This manpage describes where to get more information about sudoscript.
"DOCUMENTATION"
Header "DOCUMENTATION" \f(CW\*(C`sudoscript\*(C' comes with some documentation that is helpful for system administrators
who are deploying the system. On Linux, this documentation is in
/usr/share/doc/sudoscript-${\s-1VERSION\s0}. On all other platforms the documentation is
in /usr/local/doc/sudoscript-${\s-1VERSION\s0}. In each case, \*(L"${\s-1VERSION\s0}\*(R" is replaced with the
version of sudoscript.
.Sh "\s-1SECURITY\s0"
Subsection "SECURITY" Especially when enabling a root shell, \*(C`sudoscript\*(C' cannot prevent a user
from evading the the audit trail it provides. This is true even if the user is
not root. The file \s-1SECURITY\s0 in the distribution and in the documentation directory
describes this in detail. It should be mandatory reading before any attempt is made
to deploy \*(C`sudoscript\*(C'.
.Sh "\s-1INSTALLATION\s0"
Subsection "INSTALLATION" The steps required to install sudoscript are documented in the \s-1INSTALL\s0 file in
the distribution and in the documentation directory.
.Sh "\s-1CONFIGURATION\s0"
Subsection "CONFIGURATION" Given some configuration of the sudoers(5) file, \*(C`sudoscript\*(C' can enable
a root shell, or a shell as some other user. The details of how to go about this
are in the file \s-1SUDOCONFIG\s0 in the distribution, and in the documentation directory.
.Sh "\s-1README\s0"
Subsection "README" A description of sudoscript that goes into more detail than this man page can be
found in the \s-1README\s0 file in the distribution, and in the documentation directory.
.Sh "\s-1PORCMOLSULB\s0"
Subsection "PORCMOLSULB" The paper \*(L"The Problem of \s-1PORCMOLSULB:\s0 Can Root be Controlled in Engineering
Environments?\*(R" is included in the distribution, and in the documentation directory. This
paper describes the events that lead up to writing \*(C`sudoscript\*(C', and gives some
idea of why I consider the system useful.
.Sh "\s-1PORTING\s0"
Subsection "PORTING" Some thoughts about how to go about porting \*(C`sudoscript\*(C' to a new Unix platform
are given in the \s-1PORTING\s0 file in the distribution and in the documentation directory.
.Sh "\s-1WEB\s0 \s-1SITE\s0"
Subsection "WEB SITE" The \*(C`sudoscript\*(C' web site is at \*(C`http://www.egbok.com/sudoscript\*(C'. New versions
are released there first, before they hit sourceforge or freshmeat.
"PLATFORMS"
Header "PLATFORMS" \f(CW\*(C`sudoscript\*(C' currently runs on the following platforms:
Item "Linux" Tested on Red Hat 6.2 through 9, and Debian Woody.
Item "Solaris" Latest version tested on Solaris 9/Intel. Earlier versions were tested on
Solaris 7 and 8/Sparc and Solaris 8/Intel.
Item "FreeBSD" Tested on FreeBSD 4.3
Item "OpenBSD" Tested on version 3.3
Item "HP-UX" Tested on version 11 by Donny Jekels.
"SEE ALSO"
Header "SEE ALSO" \fIsudoscriptd\|(8)
\fIsudoshell\|(1)
\fISudoscript\|(3pm)
\fIsudo\|(8)
\fIsudoers\|(5)
http://www.egbok.com/sudoscript
"AUTHOR"
Header "AUTHOR" Howard Owen, <hbo@egbok.com>
"COPYRIGHT AND LICENSE"
Header "COPYRIGHT AND LICENSE" Copyright 2003 by Howard Owen
sudoscript is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
\*(L"The Problem of \s-1PORCMOLSULB\s0\*(R" was orginally published in the August 2002 issue of ;login. The paper is distributed under a Creative Commons license, which may be viewed at <http://creativecommons.org/licenses/by-sa/1.0/>.