Linux repositories inspector

sudo - Give certain users the ability to run some commands as root

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines.
1.9.0
Fedora iconFedora rawhide
1.8.31p1
OpenSUSE iconOpenSUSE Tumbleweed
1.8.31.p1
Arch iconArch rolling
1.8.31
Ubuntu iconUbuntu 20.04
1.8.28
Fedora iconFedora 31
1.8.27
Debian iconDebian 10.0
Fedora iconFedora 30
Fedora iconFedora rawhide
Manjaro iconManjaro rolling
Ubuntu iconUbuntu 19.04
Ubuntu iconUbuntu 19.10
1.8.25p1
Fedora iconFedora 30
1.8.23
CentOS iconCentOS 7.7.1908
Fedora iconFedora 29
Ubuntu iconUbuntu 18.10
1.8.22
Fedora iconFedora 28
OpenSUSE iconOpenSUSE Leap 15.0
OpenSUSE iconOpenSUSE Leap 15.1
OpenSUSE iconOpenSUSE Leap 15.2
1.8.21p2
Ubuntu iconUbuntu 18.04 LTS
1.8.20p2
OpenSUSE iconOpenSUSE Leap 42.3
Ubuntu iconUbuntu 17.10
1.8.19p1
Debian iconDebian 9.0
1.8.16
Ubuntu iconUbuntu 16.04 LTS
DistributionVersionSincePackageInstalledPackager
Arch iconArch rolling core/oszst1.8.31.p1-12020-03-17870 kiB3.36 MiB
CentOS iconCentOS 7.7.1908 osrpm1.8.23-4.el72020-01-07841 kiB3.05 MiBCentOS BuildSystem
CentOS iconCentOS 7.7.1908 updatesrpm1.8.23-4.el7_7.22020-02-18842 kiB3.05 MiBCentOS BuildSystem
CentOS iconCentOS 7.7.1908 updatesrpm1.8.23-4.el7_7.12020-01-07841 kiB3.05 MiBCentOS BuildSystem
Debian iconDebian 10.0 buster/maindeb1.8.27-1+deb10u22020-02-081.19 MiB3.7 MiB
Debian iconDebian 9.0 stretch/maindeb1.8.19p1-2.1+deb9u22020-02-081.01 MiB2.96 MiB
Fedora iconFedora 28 releases/Everything-osrpm1.8.22-0.2.b1.fc282019-01-14780 kiB2.75 MiBFedora Project
Fedora iconFedora 28 releases/Server-osrpm1.8.22-0.2.b1.fc282019-01-14780 kiB2.75 MiBFedora Project
Fedora iconFedora 28 releases/Workstation-osrpm1.8.22-0.2.b1.fc282019-01-14780 kiB2.75 MiBFedora Project
Fedora iconFedora 29 releases/Everything-osrpm1.8.23-3.fc292019-01-14845 kiB3.19 MiBFedora Project
Fedora iconFedora 29 releases/Server-osrpm1.8.23-3.fc292019-01-14845 kiB3.19 MiBFedora Project
Fedora iconFedora 29 releases/Workstation-osrpm1.8.23-3.fc292019-01-14845 kiB3.19 MiBFedora Project
Fedora iconFedora 29 releases-test/Everything-osrpm1.8.23-3.fc292019-01-14845 kiB3.19 MiBFedora Project
Fedora iconFedora 29 releases-test/Server-osrpm1.8.23-3.fc292019-01-14845 kiB3.19 MiBFedora Project
Fedora iconFedora 29 releases-test/Workstation-osrpm1.8.23-3.fc292019-01-14845 kiB3.19 MiBFedora Project
Fedora iconFedora 30 releases/Everything-osrpm1.8.27-1.fc302019-06-17851 kiB3.59 MiBFedora Project
Fedora iconFedora 30 releases/Server-osrpm1.8.27-1.fc302019-06-17851 kiB3.59 MiBFedora Project
Fedora iconFedora 30 releases/Workstation-osrpm1.8.27-1.fc302019-06-17851 kiB3.59 MiBFedora Project
Fedora iconFedora 30 releases-test/Server-osrpm1.8.25p1-2.fc302019-06-17827 kiB3.48 MiBFedora Project
Fedora iconFedora 30 releases-test/Workstation-osrpm1.8.25p1-2.fc302019-06-17827 kiB3.48 MiBFedora Project
Fedora iconFedora 31 releases/Everything-osrpm1.8.28-1.fc312020-01-07902 kiB3.45 MiBFedora Project
Fedora iconFedora 31 releases/Server-osrpm1.8.28-1.fc312020-01-07902 kiB3.45 MiBFedora Project
Fedora iconFedora rawhide development/Everything-osrpm1.9.0-0.1.b1.fc332020-03-051 MiB3.84 MiBFedora Project
Fedora iconFedora rawhide development/Server-osrpm1.9.0-0.1.b1.fc332020-03-051 MiB3.84 MiBFedora Project
Fedora iconFedora rawhide development/Workstation-osrpm1.8.27-3.fc312019-08-03880 kiB3.32 MiBFedora Project
Manjaro iconManjaro rolling stable/corexz1.8.27-12019-01-24761 kiB3.22 MiB
Manjaro iconManjaro rolling testing/corexz1.8.27-12019-01-19761 kiB3.22 MiB
Manjaro iconManjaro rolling unstable/corexz1.8.27-12019-01-17761 kiB3.22 MiB
OpenSUSE iconOpenSUSE Leap 15.0 ossrpm1.8.22-lp150.2.62019-01-17760 kiB2.72 MiBhttps://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.0 update/ossrpm1.8.22-lp150.8.12019-10-17731 kiB2.72 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.0 update/ossrpm1.8.22-lp150.3.3.12019-01-18761 kiB2.72 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.1 ossrpm1.8.22-lp151.4.292019-04-09729 kiB2.71 MiBhttps://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.1 update/ossrpm1.8.22-lp151.5.6.12020-02-25731 kiB2.71 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.1 update/ossrpm1.8.22-lp151.5.3.12019-10-15731 kiB2.71 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.2 ossrpm1.8.22-lp152.7.42020-03-23730 kiB2.71 MiBhttps://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 ossrpm1.8.20p2-1.32019-01-171 MiB3.96 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm1.8.20p2-2.3.12019-01-211.01 MiB3.98 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Tumbleweed ossrpm1.8.31p1-1.12020-03-22828 kiB3.28 MiBhttps://bugs.opensuse.org
Ubuntu iconUbuntu 17.10 artful/maindeb1.8.20p2-1ubuntu12017-11-10406 kiB1.65 MiB
Ubuntu iconUbuntu 18.04 LTS bionic/maindeb1.8.21p2-3ubuntu12018-01-27418 kiB1.68 MiB
Ubuntu iconUbuntu 18.04 LTS bionic-security/maindeb1.8.21p2-3ubuntu1.22020-02-03417 kiB1.68 MiB
Ubuntu iconUbuntu 18.04 LTS bionic-updates/maindeb1.8.21p2-3ubuntu1.22020-02-03417 kiB1.68 MiB
Ubuntu iconUbuntu 18.10 cosmic/maindeb1.8.23-2ubuntu12019-01-14478 kiB2.02 MiB
Ubuntu iconUbuntu 19.04 disco/maindeb1.8.27-1ubuntu12019-02-19490 kiB2.06 MiB
Ubuntu iconUbuntu 19.04 disco-security/maindeb1.8.27-1ubuntu1.12019-10-14489 kiB2.06 MiB
Ubuntu iconUbuntu 19.04 disco-updates/maindeb1.8.27-1ubuntu1.12019-10-14489 kiB2.06 MiB
Ubuntu iconUbuntu 19.10 eoan/maindeb1.8.27-1ubuntu42019-10-15490 kiB2.08 MiB
Ubuntu iconUbuntu 19.10 eoan-security/maindeb1.8.27-1ubuntu4.12020-02-03490 kiB2.08 MiB
Ubuntu iconUbuntu 19.10 eoan-updates/maindeb1.8.27-1ubuntu4.12020-02-03490 kiB2.08 MiB
Ubuntu iconUbuntu 20.04 focal/maindeb1.8.31-1ubuntu12020-02-10501 kiB2.15 MiB
Ubuntu iconUbuntu 16.04 LTS xenial/maindeb1.8.16-0ubuntu12017-11-10380 kiB1.54 MiB
Ubuntu iconUbuntu 16.04 LTS xenial-security/maindeb1.8.16-0ubuntu1.92020-02-03381 kiB1.55 MiB
Ubuntu iconUbuntu 16.04 LTS xenial-updates/maindeb1.8.16-0ubuntu1.92020-02-03381 kiB1.55 MiB

Manual pages

cvtsudoers(1)

cvtsudoers - convert between sudoers file formats

sudo.conf(5)

sudo.conf - configuration for sudo front end

sudoers(5)

sudoers - default sudo security policy plugin

sudoers.ldap(5)

sudoers.ldap - sudo LDAP configuration

sudoers_timestamp(5)

sudoers_timestamp - Sudoers Time Stamp Format

sudo_logsrv.proto(5)

sudo_logsrv.proto - Sudo log server protocol

sudo_logsrvd.conf(5)

sudo_logsrvd.conf - configuration for sudo_logsrvd

sudo(8)

sudo, sudoedit - execute a command as another user

sudoreplay(8)

sudoreplay - replay sudo session logs

sudo_logsrvd(8)

sudo_logsrvd - sudo event and I/O log server

sudo_plugin(8)

sudo_plugin - Sudo Plugin API

sudo_plugin_python(8)

sudo_plugin_python - Sudo Plugin API (Python)

sudo_root(8)

sudo_root - How to run administrative commands

sudo_sendlog(8)

sudo_sendlog - send sudo I/O log to log server

visudo(8)

visudo - edit the sudoers file

Latest updates

OpenSUSE icon

OpenSUSE Leap 15.2 oss: Updated from 1.8.22-lp152.7.3 to 1.8.22-lp152.7.4

2020-03-23
  • add sudo-1.8.22-CVE-2019-18634.patch to fix a buffer overflow when pwfeedback is enabled and input is a not a tty [bsc#1162202]
    CVE-2019-18634
  • add sudo-1.8.22-fix_listpw.patch to fix listpw=never option in sudoers [bsc#1162675]
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 1.8.31-1.1 to 1.8.31p1-1.1

2020-03-22
  • Update to 1.8.31p1
    • Sudo once again ignores a failure to restore the RLIMIT_CORE resource limit, as it did prior to version 1.8.29.
      Linux containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY if we set the limit to zero, even for root, which resulted in a warning from sudo.
OpenSUSE icon

OpenSUSE Leap 15.2 oss: Updated from 1.8.22-lp152.7.1 to 1.8.22-lp152.7.3

2020-03-19
  • add sudo-1.8.22-CVE-2019-18634.patch to fix a buffer overflow when pwfeedback is enabled and input is a not a tty [bsc#1162202]
    CVE-2019-18634
  • add sudo-1.8.22-fix_listpw.patch to fix listpw=never option in sudoers [bsc#1162675]
Arch icon

Arch rolling testing/os: Version 1.8.31.p1-1 removed

2020-03-17
Arch icon

Arch rolling core/os: Updated from 1.8.31-1 to 1.8.31.p1-1

2020-03-17
Arch icon

Arch rolling testing/os: Version 1.8.31.p1-1 introduced

2020-03-16
Fedora icon

Fedora rawhide development/Server-os: Updated from 1.8.29-2.fc32 to 1.9.0-0.1.b1.fc33

2020-03-05
  • update to latest development version 1.9.0b1
  • added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages
Resolves: rhbz#1787823
  • Stack based buffer overflow in when pwfeedback is enabled
Resolves: rhbz#1796945
  • fixes: CVE-2019-18634
  • By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account
Resolves: rhbz#1786709
  • fixes CVE-2019-19234
  • attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user
Resolves: rhbz#1786705
  • fixes CVE-2019-19232
  • setrlimit(RLIMIT_CORE): Operation not permitted warning message fix
Resolves: rhbz#1773148
Fedora icon

Fedora rawhide development/Everything-os: Updated from 1.8.29-2.fc32 to 1.9.0-0.1.b1.fc33

2020-03-05
  • update to latest development version 1.9.0b1
  • added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages
Resolves: rhbz#1787823
  • Stack based buffer overflow in when pwfeedback is enabled
Resolves: rhbz#1796945
  • fixes: CVE-2019-18634
  • By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account
Resolves: rhbz#1786709
  • fixes CVE-2019-19234
  • attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user
Resolves: rhbz#1786705
  • fixes CVE-2019-19232
  • setrlimit(RLIMIT_CORE): Operation not permitted warning message fix
Resolves: rhbz#1773148
OpenSUSE icon

OpenSUSE Leap 15.2 oss: Updated from 1.8.22-lp152.6.11 to 1.8.22-lp152.7.1

2020-03-02
  • add sudo-1.8.22-CVE-2019-18634.patch to fix a buffer overflow when pwfeedback is enabled and input is a not a tty [bsc#1162202]
    CVE-2019-18634
  • add sudo-1.8.22-fix_listpw.patch to fix listpw=never option in sudoers [bsc#1162675]
OpenSUSE icon

OpenSUSE Leap 15.1 update/oss: Updated from 1.8.22-lp151.5.3.1 to 1.8.22-lp151.5.6.1

2020-02-25
  • add sudo-1.8.22-CVE-2019-18634.patch to fix a buffer overflow when pwfeedback is enabled and input is a not a tty [bsc#1162202]
    CVE-2019-18634
  • add sudo-1.8.22-fix_listpw.patch to fix listpw=never option in sudoers [bsc#1162675]
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 1.8.28p1-2.1 to 1.8.31-1.1

2020-02-20
  • Update to 1.8.31
    Major changes between version 1.8.31 and 1.8.30:
    • This version fixes a potential security issue that can lead to a buffer overflow if the pwfeedback option is enabled in sudoers [CVE-2019-18634] [bsc#1162202]
    • The sudoedit_checkdir option now treats a user-owned directory as writable, even if it does not have the write bit set at the time of check. Symbolic links will no longer be followed by sudoedit in any user-owned directory. Bug #912.
    • Fixed a crash introduced in sudo 1.8.30 when suspending sudo at the password prompt. Bug #914.
    • Fixed compilation on systems where the mmap MAP_ANON flag is not available. Bug #915.
    Major changes between version 1.8.30 and 1.8.29:
    • Sudo now closes file descriptors before changing uids. This prevents a non-root process from interfering with sudo's ability to close file descriptors on systems that support the prlimit(2) system call.
    • Sudo now treats an attempt to run sudo sudoedit as simply sudoedit If the sudoers file contains a fully-qualified path to sudoedit, sudo will now treat it simply as sudoedit
      (with no path). Visudo will will now treat a fully-qualified path to sudoedit as an error. Bug #871.
    • Fixed a bug introduced in sudo 1.8.28 where sudo would warn about a missing /etc/environment file on AIX and Linux when PAM is not enabled. Bug #907.
    • Fixed a bug on Linux introduced in sudo 1.8.29 that prevented the askpass program from running due to an unlimited stack size resource limit. Bug #908.
    • If a group provider plugin has optional arguments, the argument list passed to the plugin is now NULL terminated as per the documentation.
    • The user's time stamp file is now only updated if both authentication and approval phases succeed. This is consistent with the behavior of sudo prior to version 1.8.23. Bug #910.
    • The new allow_unknown_runas_id sudoers setting can be used to enable or disable the use of unknown user or group IDs. Previously, sudo would always allow unknown user or group IDs if the sudoers entry permitted it, including via the ALL alias. As of sudo 1.8.30, the admin must explicitly enable support for unknown IDs.
    • The new runas_check_shell sudoers setting can be used to require that the runas user have a shell listed in the /etc/shells file. On many systems, users such as bin, do not have a valid shell and this flag can be used to prevent commands from being run as those users.
    • Fixed a problem restoring the SELinux tty context during reboot if mctransd is killed before sudo finishes. GitHub Issue #17.
    • Fixed an intermittent warning on NetBSD when sudo restores the initial stack size limit.
    Major changes between version 1.8.29 and 1.8.28p1:
    • The cvtsudoers command will now reject non-LDIF input when converting from LDIF format to sudoers or JSON formats.
    • The new log_allowed and log_denied sudoers settings make it possible to disable logging and auditing of allowed and/or denied commands.
    • The umask is now handled differently on systems with PAM or login.conf. If the umask is explicitly set in sudoers, that value is used regardless of what PAM or login.conf may specify. However, if the umask is not explicitly set in sudoers, PAM or login.conf may now override the default sudoers umask. Bug #900.
    • For make install, the sudoers file is no longer checked for syntax errors when DESTDIR is set. The default sudoers file includes the contents of /etc/sudoers.d which may not be readable as non-root. Bug #902.
    • Sudo now sets most resource limits to their maximum value to avoid problems caused by insufficient resources, such as an inability to allocate memory or open files and pipes. Fixed a regression introduced in sudo 1.8.28 where sudo would refuse to run if the parent process was not associated with a session. This was due to sudo passing a session ID of -1 to the plugin.
  • refresh sudo-sudoers.patch
OpenSUSE icon

OpenSUSE Leap 15.2 oss: Updated from 1.8.22-lp152.6.9 to 1.8.22-lp152.6.11

2020-02-19
  • Fix CVE-2019-14287 (bsc#1153674)
    • A user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do that in sudoers
    • add sudo-CVE-2019-14287.patch
CentOS icon

CentOS 7.7.1908 updates: Updated from 1.8.23-4.el7_7.1 to 1.8.23-4.el7_7.2

2020-02-18
  • RHEL-7.7 erratum
    Resolves: rhbz#1672876 - Backporting sudo bug with expired passwords Resolves: rhbz#1665285 - Problem with sudo-1.8.23 and 'who am i'
Ubuntu icon

Ubuntu 20.04 focal-proposed/main: Version 1.8.31-1ubuntu1 removed

2020-02-10
Ubuntu icon

Ubuntu 20.04 focal/main: Updated from 1.8.29-1ubuntu1 to 1.8.31-1ubuntu1

2020-02-10
  • Merge from Debian unstable. Remaining changes:
    • debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop shipping init script and service file, as they are no longer necessary.
    • debian/rules:
      • compile with --without-lecture --with-tty-tickets --enable-admin-flag
      • install man/man8/sudo_root.8 in both flavours
      • install apport hooks
    • debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
      • add usr/share/apport/package-hooks
    • debian/sudo.pam:
      • Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons.
    • debian/sudoers:
      • also grant admin group sudo access
      • include /snap/bin in the secure_path
    • debian/control, debian/rules:
      • use dh-autoreconf
Fedora icon

Fedora rawhide development/Server-os: Updated from 1.8.29-1.fc32 to 1.8.29-2.fc32

2020-02-08
Fedora icon

Fedora rawhide development/Everything-os: Updated from 1.8.29-1.fc32 to 1.8.29-2.fc32

2020-02-08
Debian icon

Debian 10.0 buster-proposed-updates/main: Version 1.8.27-1+deb10u2 removed

2020-02-08
Debian icon

Debian 10.0 buster/main: Updated from 1.8.27-1+deb10u1 to 1.8.27-1+deb10u2

2020-02-08
  • Non-maintainer upload.
  • Fix a buffer overflow when pwfeedback is enabled and input is a not a tty (CVE-2019-18634) (Closes: #950371)
Debian icon

Debian 9.0 stretch-proposed-updates/main: Version 1.8.19p1-2.1+deb9u2 removed

2020-02-08

Related packages

sudo-debuginfo - Debug information for package sudo
sudo-debugsource - Debug sources for package sudo
sudo-devel - Header files needed for sudo plugin development
sudo-ldap - Provide limited super user privileges to specific users
sudo-test - Tests for the package
⇧ Top