Sudo Environment Variables (Continued), Examples, and Diagnostics

tion is specified. SUDO_COMMAND Set to the command run by sudo, including any args. The args are truncated at 4096 characters to prevent a po‐ tential execution error. SUDO_EDITOR Default editor to use in -e (sudoedit) mode. SUDO_GID Set to the group‐ID of the user who invoked sudo. SUDO_PROMPT Used as the default password prompt unless the -p op‐ tion was specified. SUDO_PS1 If set, PS1 will be set to its value for the program being run. SUDO_UID Set to the user‐ID of the user who invoked sudo. SUDO_USER Set to the login name of the user who invoked sudo. USER Set to the same value as LOGNAME, described above. VISUAL Default editor to use in -e (sudoedit) mode if SUDO_EDITOR is not set. FILES /etc/sudo.conf sudo front‐end configuration EXAMPLES The following examples assume a properly configured security policy. To get a file listing of an unreadable directory: $ sudo ls /usr/local/protected To list the home directory of user yaz on a machine where the file sys‐ tem holding ~yaz is not exported as root: $ sudo ‐u yaz ls ~yaz To edit the index.html file as user www: $ sudoedit ‐u www ~www/htdocs/index.html To view system logs only accessible to root and users in the adm group: $ sudo ‐g adm more /var/log/syslog To run an editor as jim with a different primary group: $ sudoedit ‐u jim ‐g audio ~jim/sound.txt To shut down a machine: $ sudo shutdown ‐r +15 "quick reboot" To make a usage listing of the directories in the /home partition. The commands are run in a sub‐shell to allow the ‘cd’ command and file redi‐ rection to work. $ sudo sh ‐c "cd /home ; du ‐s * | sort ‐rn > USAGE" DIAGNOSTICS Error messages produced by sudo include: editing files in a writable directory is not permitted By default, sudoedit does not permit editing a file when any of the parent directories are writable by the invoking user. This avoids a race condition that could allow the user to overwrite an arbitrary file. See the sudoedit_checkdir option in sudoers(5) for more information. editing symbolic links is not permitted By default, sudoedit does not follow symbolic links when opening files. See the sudoedit_follow option in sudoers(5) for more in‐ formation. effective uid is not 0, is sudo installed setuid root? sudo was not run with root privileges. The sudo binary must be owned by the root user and have the set‐user‐ID bit set. Also, it must not be located on a file system mounted with the ‘nosuid’ op‐ tion or on an NFS file system that maps uid 0 to an unprivileged uid. effective uid is not 0, is sudo on a file system with the ’nosuid’ option set or an NFS file system without root privileges? sudo was not run with root privileges. The sudo binary has the proper owner and permissions but it still did not run with root privileges. The most common reason for this is that the file sys‐ tem the sudo binary is located on is mounted with the ‘nosuid’ op‐ tion or it is an NFS file system that maps uid 0 to an unprivi‐ leged uid. fatal error, unable to load plugins An error occurred while loading or initializing the plugins speci‐ fied in sudo.conf(5). invalid environment variable name One or more

This section continues listing environment variables used by sudo such as SUDO_COMMAND, SUDO_EDITOR, SUDO_GID, SUDO_PROMPT, SUDO_PS1, SUDO_UID, SUDO_USER, USER and VISUAL. It proceeds to give examples of how to use sudo to perform tasks like listing protected directories, editing files as another user, viewing system logs, and shutting down a machine. Finally, it lists common diagnostic error messages that can occur when using sudo and provides explanations for each, such as issues with sudoedit permissions, setuid root configuration, and plugin loading errors.