FreeBSD Manual Pages
MDO(1) General Commands Manual MDO(1) NAME mdo -- execute commands with specific credentials SYNOPSIS mdo [-u user | -k] [-i] [-g group] [-G group1,group2,...] [-s groups_mod1,groups_mod2,...] [-h] [--ruid user] [--svuid user] [--euid user] [--rgid group] [--svgid group] [--egid group] [--] [command [args ...]] DESCRIPTION The mdo utility executes the passed command with the requested process credentials or, if no command was specified, the program whose path is the value of the SHELL environment variable or /bin/sh if that variable is unset. The calling user must either be the superuser (effective user ID of 0) or the credentials transition from the caller's to the requested ones must be authorized by a MAC module such as mac_do(4). The target process credentials are applied atomically using setcred(2). Process credentials comprise the real, effective and saved user IDs, the real, effective and saved group IDs, hereby called the "primary" groups, and the supplementary groups as a set of group IDs. Below, the "user" phrase implies that the real, effective and saved user IDs all have or are going to be set to the same value. The "primary group" phrase is used similarly with respect to primary groups. The target process credentials have to be fully specified, either ex- plicitly by listing all attributes and their requested values, or indi- rectly by establishing a baseline that provides a default value for each attribute, which can then be amended by additional options. Possible baselines are either the full set of credentials established at login for a specific named user, the current credentials, or the current credentials' primary and supplementary groups which implies some user is specified explicitly. They are respectively established by using either option -u with a named user argument, option -k, or op- tion -i in conjunction with -u or no other options. If no other option than -i appears, a default of -u root is implied. The primary group can be set or amended with option -g, whereas the supplementary groups can be either fully replaced with an explicit list using option -G or amended through set-like operations with option -s. Any of the individual real, effective and saved user and group IDs can be overridden separately if desired through the options --ruid, --euid, and --svuid for users, and --rgid, --egid, and --svgid for groups re- spectively. The options are: --euid user Override the effective user. As for -u, user may either be a name or a numerical ID. --egid group Override the effective group. As for -g, group may either be a name or a numerical ID. -G group1,group2,... Set or replace the full set of supplementary groups. As for -g, groups can be specified by name or numerical ID. Groups must be separated by commas, and spaces around commas are not allowed. -g group Set or amend the primary group. group may be the name of a group in the group database, else will be interpreted as a nu- merical group ID. -h Display usage information and exit. -i Uses the current credentials' primary and supplementary groups as the baseline. If no other option is present, the target user is assumed to be "root". Otherwise, -u or -k must be specified. -k Use the current credentials as the baseline. Incompatible with -u. Implies -i. --ruid user Override the real user. As for -u, user may either be a name or a numerical ID. --rgid group Override the real group. As for -g, group may either be a name or a numerical ID. -s groups_mod1,groups_mod2,... Incrementally modify the supplementary groups set. The argu- ment is a comma-separated list of directives: @ Reset the set to the empty set. When present, must be the first directive. +group Include a group. -group Exclude a group. If -G is also specified, -s applies on the list installed by it. In this case, the @ directive cannot be used (this limitation may be lifted in the future). --svuid user Override the saved user. As for -u, user may either be a name or a numerical ID. --svgid group Override the saved group. As for -g, group may either be a name or a numerical ID. -u user Specify a target user. If user is the name of some user in the user database, this option establishes his full login creden- tials, as specified by the user and group databases, as the baseline. Else, user is interpreted as a numerical user ID, and that ID is used to set the target user only. EXAMPLES Run a command as another user: mdo -u alice id Run with explicit primary and supplementary groups: mdo -u 1001 -g wheel -G staff,operator /bin/sh Modify only supplementary groups for the current user: mdo -k -s +wheel,+operator /usr/bin/id Emulate the effect of a set-user-ID bit on the process image file, as- suming its user ID is "root": mdo -k --euid root --svuid root id SEE ALSO su(1), setcred(2), mac_do(4) HISTORY The mdo command first appeared in FreeBSD 14.2. Support for specifying or amending groups, group-only transitions and fine-grained control of real, effective and saved variants of user and primary group first appeared in FreeBSD 15.0. AUTHORS The mdo program was originally created by Baptiste Daroussin <bapt@FreeBSD.org>. It was modified to use the setcred(2) system call by Olivier Certner <olce@FreeBSD.org>, who designed the group-related and fine-grained-control-of-target-credentials functionalities and su- pervised Kushagra Srivastava <kushagra1403@gmail.com> to add them dur- ing Google Summer of Code 2025. SECURITY CONSIDERATIONS The mdo program is geared to role-based scenarios. Consequently, it does not ask for any password or request other form of authentication before trying to establish new credentials, instead relying solely on the requester's credentials for this purpose. Specific unprivileged uses may be enabled by using the mac_do(4) secu- rity policy. FreeBSD 15.0 November 26, 2025 MDO(1)
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | SEE ALSO | HISTORY | AUTHORS | SECURITY CONSIDERATIONS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=mdo&sektion=1&manpath=FreeBSD+15.0-RELEASE+and+Ports>