suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gh-pages
man-pages/man5/sudoers_timestamp.5.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

434 lines
10 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of SUDOERS_TIMESTAMP</TITLE>
</HEAD><BODY>
<H1>SUDOERS_TIMESTAMP</H1>
Section: File Formats (5)<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<BR>BSD mandoc<BR>
Sudo 1.8.31
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>sudoers_timestamp</B>
- Sudoers Time Stamp Format
<A NAME="lbAC">&nbsp;</A>
<H2>DESCRIPTION</H2>
The
<B>sudoers</B>
plugin uses per-user time stamp files for credential caching.
Once a user has been authenticated, they may use
<B>sudo</B>
without a password for a short period of time
Po <B>15</B>
minutes unless overridden by the
<I>timestamp_timeout</I>
option
Pc .
By default,
<B>sudoers</B>
uses a separate record for each terminal, which means that
a user's login sessions are authenticated separately.
The
<I>timestamp_type</I>
option can be used to select the type of time stamp record
<B>sudoers</B>
will use.
<P>
A multi-record time stamp file format was introduced in
<B>sudo</B>
1.8.10 that uses a single file per user.
Previously, a separate file was used for each user and terminal
combination unless tty-based time stamps were disabled.
The new format is extensible and records of multiple types and versions
may coexist within the same file.
<P>
All records, regardless of type or version, begin with a 16-bit version
number and a 16-bit record size.
<P>
Time stamp records have the following structure:
<PRE>
/* Time stamp entry types */
#define TS_GLOBAL 0x01 /* not restricted by tty or ppid */
#define TS_TTY 0x02 /* restricted by tty */
#define TS_PPID 0x03 /* restricted by ppid */
#define TS_LOCKEXCL 0x04 /* special lock record */
/* Time stamp flags */
#define TS_DISABLED 0x01 /* entry disabled */
#define TS_ANYUID 0x02 /* ignore uid, only valid in key */
struct timestamp_entry {
unsigned short version; /* version number */
unsigned short size; /* entry size */
unsigned short type; /* TS_GLOBAL, TS_TTY, TS_PPID */
unsigned short flags; /* TS_DISABLED, TS_ANYUID */
uid_t auth_uid; /* uid to authenticate as */
pid_t sid; /* session ID associated with tty/ppid */
struct timespec start_time; /* session/ppid start time */
struct timespec ts; /* time stamp (CLOCK_MONOTONIC) */
union {
dev_t ttydev; /* tty device number */
pid_t ppid; /* parent pid */
} u;
};
</PRE>
<P>
The timestamp_entry struct fields are as follows:
<DL COMPACT>
<P>
<DT id="1"><B>version</B>
<DD>
The version number of the timestamp_entry struct.
New entries are created with a version number of 2.
Records with different version numbers may coexist in the
same file but are not inter-operable.
<DT id="2"><B>size</B>
<DD>
The size of the record in bytes.
<DT id="3"><B>type</B>
<DD>
The record type, currently
<B>TS_GLOBAL</B>
<B>TS_TTY</B>
or
<B>TS_PPID</B>
<DT id="4"><B>flags</B>
<DD>
Zero or more record flags which can be bit-wise ORed together.
Supported flags are
<B>TS_DISABLED</B>
for records disabled via
<B>sudo</B>
-<B>k</B>
and
<B>TS_ANYUID</B>
which is used only when matching records.
<DT id="5"><B>auth_uid</B>
<DD>
The user-ID that was used for authentication.
Depending on the value of the
<I>rootpw</I>
<I>runaspw</I>
and
<I>targetpw</I>
options, the user-ID may be that of the invoking user, the root user,
the default runas user or the target user.
<DT id="6"><B>sid</B>
<DD>
The ID of the user's terminal session, if present.
The session ID is only used when matching records of type
<B>TS_TTY</B>
<DT id="7"><B>start_time</B>
<DD>
The start time of the session leader for records of type
<B>TS_TTY</B>
or of the parent process for records of type
<B>TS_PPID</B>
The
<I>start_time</I>
is used to help prevent re-use of a time stamp record after a
user has logged out.
Not all systems support a method to easily retrieve a process's
start time.
The
<I>start_time</I>
field was added in
<B>sudoers</B>
version 1.8.22 for the second revision of the timestamp_entry struct.
<DT id="8"><B>ts</B>
<DD>
The actual time stamp.
A monotonic time source (which does not move backward) is used if the
system supports it.
Where possible,
<B>sudoers</B>
uses a monotonic timer that increments even while the system
is suspended.
The value of
<I>ts</I>
is updated each time a command is run via
<B>sudo</B>
If the difference between
<I>ts</I>
and the current time is less than the value of the
<I>timestamp_timeout</I>
option, no password is required.
<DT id="9"><B>u.ttydev</B>
<DD>
The device number of the terminal associated with the session for
records of type
<B>TS_TTY</B>
<DT id="10"><B>u.ppid</B>
<DD>
The ID of the parent process for records of type
<B>TS_PPID</B>
</DL>
<P>
<A NAME="lbAD">&nbsp;</A>
<H2>LOCKING</H2>
In
<B>sudoers</B>
versions 1.8.10 through 1.8.14, the entire time stamp file was
locked for exclusive access when reading or writing to the file.
Starting in
<B>sudoers</B>
1.8.15, individual records are locked in the time stamp file instead
of the entire file and the lock is held for a longer period of time.
This scheme is described below.
<P>
The first record in the time stamp file is of type
<B>TS_LOCKEXCL</B>
and is used as a
<I>lock</I>
record to prevent more than one
<B>sudo</B>
process from adding a new record at the same time.
Once the desired time stamp record has been located or created (and
locked), the
<B>TS_LOCKEXCL</B>
record is unlocked.
The lock on the individual time stamp record, however, is held until
authentication is complete.
This allows
<B>sudoers</B>
to avoid prompting for a password multiple times when it
is used more than once in a pipeline.
<P>
Records of type
<B>TS_GLOBAL</B>
cannot be locked for a long period of time since doing so would
interfere with other
<B>sudo</B>
processes.
Instead, a separate lock record is used to prevent multiple
<B>sudo</B>
processes using the same terminal (or parent process ID) from
prompting for a password as the same time.
<A NAME="lbAE">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="/cgi-bin/man/man2html?5+sudoers">sudoers</A>(5),
<A HREF="/cgi-bin/man/man2html?8+sudo">sudo</A>(8)
<A NAME="lbAF">&nbsp;</A>
<H2>HISTORY</H2>
Originally,
<B>sudo</B>
used a single zero-length file per user and the file's modification
time was used as the time stamp.
Later versions of
<B>sudo</B>
added restrictions on the ownership of the time stamp files and
directory as well as sanity checks on the time stamp itself.
Notable changes were introduced in the following
<B>sudo</B>
versions:
<DL COMPACT>
<P>
<DT id="11"><B>1.4.0</B>
<DD>
Support for tty-based time stamp file was added
by appending the terminal name to the time stamp file name.
<DT id="12"><B>1.6.2</B>
<DD>
The time stamp file was replaced by a per-user directory which
contained any tty-based time stamp files.
<DT id="13"><B>1.6.3p2</B>
<DD>
The target user name was added to the time stamp file name when the
<I>targetpw</I>
option was set.
<DT id="14"><B>1.7.3</B>
<DD>
Information about the terminal device was stored in
tty-based time stamp files for sanity checking.
This included the terminal device numbers, inode number and, on systems
where it was not updated when the device was written to, the inode change time.
This helped prevent re-use of the time stamp file after logout.
<DT id="15"><B>1.8.6p7</B>
<DD>
The terminal session ID was added to tty-based time stamp files to
prevent re-use of the time stamp by the same user in a different
terminal session.
It also helped prevent re-use of the time stamp file on systems where
the terminal device's inode change time was updated by writing.
<DT id="16"><B>1.8.10</B>
<DD>
A new, multi-record time stamp file format was introduced that uses a
single file per user.
The terminal device's change time was not included since most
systems now update the change time after a write is performed
as required by POSIX.
<DT id="17"><B>1.8.15</B>
<DD>
Individual records are locked in the time stamp file instead of the
entire file and the lock is held until authentication is complete.
<DT id="18"><B>1.8.22</B>
<DD>
The start time of the terminal session leader or parent process is
now stored in non-global time stamp records.
This prevents re-use of the time stamp file after logout in most cases.
<P>
Support was added for the kernel-based tty time stamps available in
Ox which do not use an on-disk time stamp file.
</DL>
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHORS</H2>
Many people have worked on
<B>sudo</B>
over the years; this version consists of code written primarily by:
<BLOCKQUOTE>
An Todd C. Miller
</BLOCKQUOTE>
<P>
See the CONTRIBUTORS file in the
<B>sudo</B>
distribution (<A HREF="https://www.sudo.ws/contributors.html)">https://www.sudo.ws/contributors.html)</A> for an
exhaustive list of people who have contributed to
<B>sudo</B>
<A NAME="lbAH">&nbsp;</A>
<H2>BUGS</H2>
If you feel you have found a bug in
<B>sudo</B>
please submit a bug report at <A HREF="https://bugzilla.sudo.ws/">https://bugzilla.sudo.ws/</A>
<A NAME="lbAI">&nbsp;</A>
<H2>SUPPORT</H2>
Limited free support is available via the sudo-users mailing list,
see <A HREF="https://www.sudo.ws/mailman/listinfo/sudo-users">https://www.sudo.ws/mailman/listinfo/sudo-users</A> to subscribe or
search the archives.
<A NAME="lbAJ">&nbsp;</A>
<H2>DISCLAIMER</H2>
<B>sudo</B>
is provided
``AS IS''
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
See the LICENSE file distributed with
<B>sudo</B>
or <A HREF="https://www.sudo.ws/license.html">https://www.sudo.ws/license.html</A> for complete details.
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="19"><A HREF="#lbAB">NAME</A><DD>
<DT id="20"><A HREF="#lbAC">DESCRIPTION</A><DD>
<DT id="21"><A HREF="#lbAD">LOCKING</A><DD>
<DT id="22"><A HREF="#lbAE">SEE ALSO</A><DD>
<DT id="23"><A HREF="#lbAF">HISTORY</A><DD>
<DT id="24"><A HREF="#lbAG">AUTHORS</A><DD>
<DT id="25"><A HREF="#lbAH">BUGS</A><DD>
<DT id="26"><A HREF="#lbAI">SUPPORT</A><DD>
<DT id="27"><A HREF="#lbAJ">DISCLAIMER</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:06:06 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink