.\" Automatically generated by Pandoc 3.1.3
.\"
.\" Define V font for inline verbatim, using C font in formats
.\" that render this, and otherwise B font.
.ie "\f[CB]x\f[]"x" \{\
. ftr V B
. ftr VI BI
. ftr VB B
. ftr VBI BI
.\}
.el \{\
. ftr V CR
. ftr VI CI
. ftr VB CB
. ftr VBI CBI
.\}
.TH "" "" "" "" ""
.hy
.SH NAME
.PP
\f[V]sudo\f[R] - execute a command as another user
.SH SYNOPSIS
.PP
\f[V]sudo\f[R] [\f[V]-u\f[R] \f[I]user\f[R]] [\f[V]-g\f[R]
\f[I]group\f[R]] [\f[V]-D\f[R] \f[I]directory\f[R]] [\f[V]-knS\f[R]]
[\f[V]-i\f[R] | \f[V]-s\f[R]] [<\f[I]command\f[R]>]
.PD 0
.P
.PD
\f[V]sudo\f[R] \f[V]-h\f[R] | \f[V]-K\f[R] | \f[V]-k\f[R] | \f[V]-V\f[R]
.SH DESCRIPTION
.PP
\f[V]sudo\f[R] allows a user that is permitted to do so to execute a
\f[I]command\f[R] as another user (for example \f[I]root\f[R]).
Permissions are specified by a security policy specified in
\f[V]/etc/sudoers\f[R] (see sudoers(5)).
.PP
Sudo-rs is a safety oriented and memory safe re-implementation of the
original sudo implementation by Todd Miller.
.PP
When a command is run, a session record is stored for that specific
session allowing users to run additional commands without having to
re-authenticate.
The timeout for session records can be specified in the policy.
.PP
Some care is taken to pass signals received by sudo-rs to the child
process, even if that process runs in its own pseudo terminal.
.SH OPTIONS
.TP
\f[V]-D\f[R] \f[I]directory\f[R], \f[V]--chdir\f[R]=\f[I]directory\f[R]
Run the \f[I]command\f[R] in the specified \f[I]directory\f[R] instead
of the current working directory.
The security policy may return an error if the user does not have the
permission to specify the working directory.
.TP
\f[V]-g\f[R] \f[I]group\f[R], \f[V]--group\f[R]=\f[I]group\f[R]
Use this \f[I]group\f[R] as the primary group instead of using the
primary group specified in the password database for the target user.
.TP
\f[V]-h\f[R], \f[V]--help\f[R]
Show a help message.
.TP
\f[V]-i\f[R], \f[V]--login\f[R]
Run the shell specified by the target user\[cq]s password database entry
as a login shell.
This means that login-specific resource files such as
\f[I].profile\f[R], \f[I].bash_profile\f[R] or \f[I].login\f[R] will be
read by the shell.
If a \f[I]command\f[R] is specified, it is passed to the shell using the
\f[V]-c\f[R] option.
.TP
\f[V]-K\f[R], \f[V]--remove-timestamp\f[R]
Removes every cached session record for the user, regardless of where
the command is executed.
The next time sudo-rs is run, authentication will take place if the
policy requires it.
No password is required to run this command.
.TP
\f[V]-k\f[R], \f[V]--reset-timestamp\f[R]
When used without a command, invalidates the user\[cq]s session record
for the current session.
The next time sudo-rs is run, authentication will take place if the
policy requires it.
.RS
.PP
When used in conjunction with a \f[I]command\f[R] or an option that may
require a password, this option will cause sudo-rs to ignore the
user\[cq]s session record.
As a result, authentication will take place if the policy requires it.
When used in conjunction with a \f[I]command\f[R] no invalidation of
existing session records will take place.
.RE
.TP
\f[V]-n\f[R], \f[V]--non-interactive\f[R]
Avoid prompting the user for input of any kind.
If any input is required for the \f[I]command\f[R] to run, sudo-rs will
display an error message and exit.
.TP
\f[V]-S\f[R], \f[V]--stdin\f[R]
Read from standard input instead of using the terminal device.
.TP
\f[V]-s\f[R], \f[V]--shell\f[R]
Run the shell specified by the \f[V]SHELL\f[R] environment variable.
If no shell was specified, the shell from the user\[cq]s password
database entry will be used instead.
If a \f[I]command\f[R] is specified, it is passed to the shell using the
\f[V]-c\f[R] option.
.TP
\f[V]-u\f[R] \f[I]user\f[R], \f[V]--user\f[R]=\f[I]user\f[R]
Run the \f[I]command\f[R] as another user than the default
(\f[B]root\f[R]).
.TP
\f[V]-V\f[R], \f[V]--version\f[R]
Display the current version of sudo-rs.
.TP
\f[V]-v\f[R], \f[V]--validate\f[R]
Update the session record for the current session, authenticating the
user if necessary.
.TP
\f[V]--\f[R]
Indicates the end of the sudo-rs options and start of the
\f[I]command\f[R].
.SH SEE ALSO
.PP
su(1), sudoers(5), visudo(8)