summaryrefslogtreecommitdiffstats
path: root/doc/sudoers_timestamp.cat
diff options
context:
space:
mode:
Diffstat (limited to 'doc/sudoers_timestamp.cat')
-rw-r--r--doc/sudoers_timestamp.cat201
1 files changed, 201 insertions, 0 deletions
diff --git a/doc/sudoers_timestamp.cat b/doc/sudoers_timestamp.cat
new file mode 100644
index 0000000..cf87d70
--- /dev/null
+++ b/doc/sudoers_timestamp.cat
@@ -0,0 +1,201 @@
+SUDOERS_TIMESTAMP(4) File Formats Manual SUDOERS_TIMESTAMP(4)
+
+NNAAMMEE
+ ssuuddooeerrss__ttiimmeessttaammpp - Sudoers Time Stamp Format
+
+DDEESSCCRRIIPPTTIIOONN
+ The ssuuddooeerrss plugin uses per-user time stamp files for credential caching.
+ Once a user has been authenticated, they may use ssuuddoo without a password
+ for a short period of time (5 minutes unless overridden by the
+ _t_i_m_e_s_t_a_m_p___t_i_m_e_o_u_t option). By default, ssuuddooeerrss uses a separate record
+ for each terminal, which means that a user's login sessions are
+ authenticated separately. The _t_i_m_e_s_t_a_m_p___t_y_p_e option can be used to
+ select the type of time stamp record ssuuddooeerrss will use.
+
+ A multi-record time stamp file format was introduced in ssuuddoo 1.8.10 that
+ uses a single file per user. Previously, a separate file was used for
+ each user and terminal combination unless tty-based time stamps were
+ disabled. The new format is extensible and records of multiple types and
+ versions may coexist within the same file.
+
+ All records, regardless of type or version, begin with a 16-bit version
+ number and a 16-bit record size.
+
+ Time stamp records have the following structure:
+
+ /* Time stamp entry types */
+ #define TS_GLOBAL 0x01 /* not restricted by tty or ppid */
+ #define TS_TTY 0x02 /* restricted by tty */
+ #define TS_PPID 0x03 /* restricted by ppid */
+ #define TS_LOCKEXCL 0x04 /* special lock record */
+
+ /* Time stamp flags */
+ #define TS_DISABLED 0x01 /* entry disabled */
+ #define TS_ANYUID 0x02 /* ignore uid, only valid in key */
+
+ struct timestamp_entry {
+ unsigned short version; /* version number */
+ unsigned short size; /* entry size */
+ unsigned short type; /* TS_GLOBAL, TS_TTY, TS_PPID */
+ unsigned short flags; /* TS_DISABLED, TS_ANYUID */
+ uid_t auth_uid; /* uid to authenticate as */
+ pid_t sid; /* session ID associated with tty/ppid */
+ struct timespec start_time; /* session/ppid start time */
+ struct timespec ts; /* time stamp (CLOCK_MONOTONIC) */
+ union {
+ dev_t ttydev; /* tty device number */
+ pid_t ppid; /* parent pid */
+ } u;
+ };
+
+ The timestamp_entry struct fields are as follows:
+
+ version
+ The version number of the timestamp_entry struct. New entries are
+ created with a version number of 2. Records with different version
+ numbers may coexist in the same file but are not inter-operable.
+
+ size The size of the record in bytes.
+
+ type The record type, currently TS_GLOBAL, TS_TTY, or TS_PPID.
+
+ flags
+ Zero or more record flags which can be bit-wise ORed together.
+ Supported flags are TS_DISABLED, for records disabled via ssuuddoo --kk
+ and TS_ANYUID, which is used only when matching records.
+
+ auth_uid
+ The user ID that was used for authentication. Depending on the
+ value of the _r_o_o_t_p_w, _r_u_n_a_s_p_w and _t_a_r_g_e_t_p_w options, the user ID may
+ be that of the invoking user, the root user, the default runas user
+ or the target user.
+
+ sid The ID of the user's terminal session, if present. The session ID
+ is only used when matching records of type TS_TTY.
+
+ start_time
+ The start time of the session leader for records of type TS_TTY or
+ of the parent process for records of type TS_PPID. The _s_t_a_r_t___t_i_m_e
+ is used to help prevent re-use of a time stamp record after a user
+ has logged out. Not all systems support a method to easily
+ retrieve a process's start time. The _s_t_a_r_t___t_i_m_e field was added in
+ ssuuddooeerrss version 1.8.22 for the second revision of the
+ timestamp_entry struct.
+
+ ts The actual time stamp. A monotonic time source (which does not
+ move backward) is used if the system supports it. Where possible,
+ ssuuddooeerrss uses a monotonic timer that increments even while the
+ system is suspended. The value of _t_s is updated each time a
+ command is run via ssuuddoo. If the difference between _t_s and the
+ current time is less than the value of the _t_i_m_e_s_t_a_m_p___t_i_m_e_o_u_t
+ option, no password is required.
+
+ u.ttydev
+ The device number of the terminal associated with the session for
+ records of type TS_TTY.
+
+ u.ppid
+ The ID of the parent process for records of type TS_PPID.
+
+LLOOCCKKIINNGG
+ In ssuuddooeerrss versions 1.8.10 through 1.8.14, the entire time stamp file was
+ locked for exclusive access when reading or writing to the file.
+ Starting in ssuuddooeerrss 1.8.15, individual records are locked in the time
+ stamp file instead of the entire file and the lock is held for a longer
+ period of time. This scheme is described below.
+
+ The first record in the time stamp file is of type TS_LOCKEXCL and is
+ used as a _l_o_c_k record to prevent more than one ssuuddoo process from adding a
+ new record at the same time. Once the desired time stamp record has been
+ located or created (and locked), the TS_LOCKEXCL record is unlocked. The
+ lock on the individual time stamp record, however, is held until
+ authentication is complete. This allows ssuuddooeerrss to avoid prompting for a
+ password multiple times when it is used more than once in a pipeline.
+
+ Records of type TS_GLOBAL cannot be locked for a long period of time
+ since doing so would interfere with other ssuuddoo processes. Instead, a
+ separate lock record is used to prevent multiple ssuuddoo processes using the
+ same terminal (or parent process ID) from prompting for a password as the
+ same time.
+
+SSEEEE AALLSSOO
+ sudoers(4), sudo(1m)
+
+HHIISSTTOORRYY
+ Originally, ssuuddoo used a single zero-length file per user and the file's
+ modification time was used as the time stamp. Later versions of ssuuddoo
+ added restrictions on the ownership of the time stamp files and directory
+ as well as sanity checks on the time stamp itself. Notable changes were
+ introduced in the following ssuuddoo versions:
+
+ 1.4.0
+ Support for tty-based time stamp file was added by appending the
+ terminal name to the time stamp file name.
+
+ 1.6.2
+ The time stamp file was replaced by a per-user directory which
+ contained any tty-based time stamp files.
+
+ 1.6.3p2
+ The target user name was added to the time stamp file name when the
+ _t_a_r_g_e_t_p_w option was set.
+
+ 1.7.3
+ Information about the terminal device was stored in tty-based time
+ stamp files for sanity checking. This included the terminal device
+ numbers, inode number and, on systems where it was not updated when
+ the device was written to, the inode change time. This helped
+ prevent re-use of the time stamp file after logout.
+
+ 1.8.6p7
+ The terminal session ID was added to tty-based time stamp files to
+ prevent re-use of the time stamp by the same user in a different
+ terminal session. It also helped prevent re-use of the time stamp
+ file on systems where the terminal device's inode change time was
+ updated by writing.
+
+ 1.8.10
+ A new, multi-record time stamp file format was introduced that uses
+ a single file per user. The terminal device's change time was not
+ included since most systems now update the change time after a
+ write is performed as required by POSIX.
+
+ 1.8.15
+ Individual records are locked in the time stamp file instead of the
+ entire file and the lock is held until authentication is complete.
+
+ 1.8.22
+ The start time of the terminal session leader or parent process is
+ now stored in non-global time stamp records. This prevents re-use
+ of the time stamp file after logout in most cases.
+
+ Support was added for the kernel-based tty time stamps available in
+ OpenBSD which do not use an on-disk time stamp file.
+
+AAUUTTHHOORRSS
+ Many people have worked on ssuuddoo over the years; this version consists of
+ code written primarily by:
+
+ Todd C. Miller
+
+ See the CONTRIBUTORS file in the ssuuddoo distribution
+ (https://www.sudo.ws/contributors.html) for an exhaustive list of people
+ who have contributed to ssuuddoo.
+
+BBUUGGSS
+ If you feel you have found a bug in ssuuddoo, please submit a bug report at
+ https://bugzilla.sudo.ws/
+
+SSUUPPPPOORRTT
+ Limited free support is available via the sudo-users mailing list, see
+ https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+ the archives.
+
+DDIISSCCLLAAIIMMEERR
+ ssuuddoo is provided "AS IS" and any express or implied warranties,
+ including, but not limited to, the implied warranties of merchantability
+ and fitness for a particular purpose are disclaimed. See the LICENSE
+ file distributed with ssuuddoo or https://www.sudo.ws/license.html for
+ complete details.
+
+Sudo 1.8.26 October 7, 2018 Sudo 1.8.26