regular expression support, a simple substring
match is performed instead.
+ cwd _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by
+ Evaluates to true if the command was run with the
+ specified current working directory.
+
+ fromdate _\bd_\ba_\bt_\be
+ Evaluates to true if the command was run on or
+ after _\bd_\ba_\bt_\be. See "Date and time format" for a
+ description of supported date and time formats.
+
group _\br_\bu_\bn_\ba_\bs_\b__\bg_\br_\bo_\bu_\bp
Evaluates to true if the command was run with the
specified _\br_\bu_\bn_\ba_\bs_\b__\bg_\br_\bo_\bu_\bp. Note that unless a
_\br_\bu_\bn_\ba_\bs_\b__\bg_\br_\bo_\bu_\bp was explicitly specified when s\bsu\bud\bdo\bo was
run this field will be empty in the log.
- runas _\br_\bu_\bn_\ba_\bs_\b__\bu_\bs_\be_\br
- Evaluates to true if the command was run as the
- specified _\br_\bu_\bn_\ba_\bs_\b__\bu_\bs_\be_\br. Note that s\bsu\bud\bdo\bo runs commands
- as user _\br_\bo_\bo_\bt by default.
- tty _\bt_\bt_\by Evaluates to true if the command was run on the
- specified terminal device. The _\bt_\bt_\by should be
- specified without the _\b/_\bd_\be_\bv_\b/ prefix, e.g. _\bt_\bt_\by_\b0_\b1
+1.7.2 September 19, 2009 1
-1.7.2 September 13, 2009 1
+SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
+ runas _\br_\bu_\bn_\ba_\bs_\b__\bu_\bs_\be_\br
+ Evaluates to true if the command was run as the
+ specified _\br_\bu_\bn_\ba_\bs_\b__\bu_\bs_\be_\br. Note that s\bsu\bud\bdo\bo runs commands
+ as user _\br_\bo_\bo_\bt by default.
+ todate _\bd_\ba_\bt_\be
+ Evaluates to true if the command was run on or
+ prior to _\bd_\ba_\bt_\be. See "Date and time format" for a
+ description of supported date and time formats.
+ tty _\bt_\bt_\by Evaluates to true if the command was run on the
+ specified terminal device. The _\bt_\bt_\by should be
+ specified without the _\b/_\bd_\be_\bv_\b/ prefix, e.g. _\bt_\bt_\by_\b0_\b1
instead of _\b/_\bd_\be_\bv_\b/_\bt_\bt_\by_\b0_\b1.
user _\bu_\bs_\be_\br_\bn_\ba_\bm_\be
-V The -\b-V\bV (version) option causes s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by to print its
version number and exit.
+ D\bDa\bat\bte\be a\ban\bnd\bd t\bti\bim\bme\be f\bfo\bor\brm\bma\bat\bt
+
+ The time and date may be specified multiple ways, common formats
+ include:
+
+
+
+
+1.7.2 September 19, 2009 2
+
+
+
+
+
+SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
+
+
+ HH:MM:SS am MM/DD/CCYY timezone
+ 24 hour time may be used in place of am/pm.
+
+ HH:MM:SS am Month, Day Year timezone
+ 24 hour time may be used in place of am/pm, and month and day
+ names may be abbreviated. Note that month and day of the week
+ names must be specified in English.
+
+ CCYY-MM-DD HH:MM:SS
+ ISO time format
+
+ DD Month CCYY HH:MM:SS
+ The month name may be abbreviated.
+
+ Either time or date may be omitted, the am/pm and timezone are
+ optional. If no date is specified, the current day is assumed; if no
+ time is specified, the first second of the specified date is used. The
+ less significant parts of both time and date may also be omitted, in
+ which case zero is assumed. For example, the following are all valid:
+
+ The following are all valid time and date specifications:
+
+ now The current time and date.
+
+ tomorrow
+ Exactly one day from now.
+
+ yesterday
+ 24 hours ago.
+
+ 2 hours ago
+ 2 hours ago.
+
+ next Friday
+ The first second of the next Friday.
+
+ this week
+ The current time but the first day of the coming week.
+
+ a fortnight ago
+ The current time but 14 days ago.
+
+ 10:01 am 9/17/2009
+ 10:01 am, September 17, 2009.
+
+ 10:01 am
+ 10:01 am on the current day.
+
+ 10 10:00 am on the current day.
+
+ 9/17/2009
+ 00:00 am, September 17, 2009.
+
+
+
+
+
+1.7.2 September 19, 2009 3
+
+
+
+
+
+SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
+
+
+ 10:01 am Sep 17, 2009
+ 10:01 am, September 17, 2009.
+
F\bFI\bIL\bLE\bES\bS
_\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bs_\be_\bs_\bs_\bi_\bo_\bn The default session directory.
List sessions run by user _\bb_\bo_\bb with a command containing the string vi:
-
-
-1.7.2 September 13, 2009 2
-
-
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
sudoreplay -l user bob command vi
List sessions run by user _\bj_\be_\bf_\bf that match a regular expression:
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.7.2 September 13, 2009 3
+1.7.2 September 19, 2009 4
.\" ========================================================================
.\"
.IX Title "SUDOREPLAY @mansectsu@"
-.TH SUDOREPLAY @mansectsu@ "September 13, 2009" "1.7.2" "MAINTENANCE COMMANDS"
+.TH SUDOREPLAY @mansectsu@ "September 19, 2009" "1.7.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
On systems with \s-1POSIX\s0 regular expression support, the pattern may
be an extended regular expression. On systems without \s-1POSIX\s0 regular
expression support, a simple substring match is performed instead.
+.IP "cwd \fIdirectory\fR" 8
+.IX Item "cwd directory"
+Evaluates to true if the command was run with the specified current
+working directory.
+.IP "fromdate \fIdate\fR" 8
+.IX Item "fromdate date"
+Evaluates to true if the command was run on or after \fIdate\fR.
+See \*(L"Date and time format\*(R" for a description of supported
+date and time formats.
.IP "group \fIrunas_group\fR" 8
.IX Item "group runas_group"
Evaluates to true if the command was run with the specified
.IX Item "runas runas_user"
Evaluates to true if the command was run as the specified \fIrunas_user\fR.
Note that \fBsudo\fR runs commands as user \fIroot\fR by default.
+.IP "todate \fIdate\fR" 8
+.IX Item "todate date"
+Evaluates to true if the command was run on or prior to \fIdate\fR.
+See \*(L"Date and time format\*(R" for a description of supported
+date and time formats.
.IP "tty \fItty\fR" 8
.IX Item "tty tty"
Evaluates to true if the command was run on the specified terminal
.IX Item "-V"
The \fB\-V\fR (version) option causes \fBsudoreplay\fR to print its version number
and exit.
+.Sh "Date and time format"
+.IX Subsection "Date and time format"
+The time and date may be specified multiple ways, common formats include:
+.IP "\s-1HH:MM:SS\s0 am \s-1MM/DD/CCYY\s0 timezone" 8
+.IX Item "HH:MM:SS am MM/DD/CCYY timezone"
+24 hour time may be used in place of am/pm.
+.IP "\s-1HH:MM:SS\s0 am Month, Day Year timezone" 8
+.IX Item "HH:MM:SS am Month, Day Year timezone"
+24 hour time may be used in place of am/pm, and month and day names
+may be abbreviated. Note that month and day of the week names must
+be specified in English.
+.IP "CCYY-MM-DD \s-1HH:MM:SS\s0" 8
+.IX Item "CCYY-MM-DD HH:MM:SS"
+\&\s-1ISO\s0 time format
+.IP "\s-1DD\s0 Month \s-1CCYY\s0 \s-1HH:MM:SS\s0" 8
+.IX Item "DD Month CCYY HH:MM:SS"
+The month name may be abbreviated.
+.PP
+Either time or date may be omitted, the am/pm and timezone are
+optional. If no date is specified, the current day is assumed; if
+no time is specified, the first second of the specified date is
+used. The less significant parts of both time and date may also
+be omitted, in which case zero is assumed. For example, the following
+are all valid:
+.PP
+The following are all valid time and date specifications:
+.IP "now" 8
+.IX Item "now"
+The current time and date.
+.IP "tomorrow" 8
+.IX Item "tomorrow"
+Exactly one day from now.
+.IP "yesterday" 8
+.IX Item "yesterday"
+24 hours ago.
+.IP "2 hours ago" 8
+.IX Item "2 hours ago"
+2 hours ago.
+.IP "next Friday" 8
+.IX Item "next Friday"
+The first second of the next Friday.
+.IP "this week" 8
+.IX Item "this week"
+The current time but the first day of the coming week.
+.IP "a fortnight ago" 8
+.IX Item "a fortnight ago"
+The current time but 14 days ago.
+.IP "10:01 am 9/17/2009" 8
+.IX Item "10:01 am 9/17/2009"
+10:01 am, September 17, 2009.
+.IP "10:01 am" 8
+.IX Item "10:01 am"
+10:01 am on the current day.
+.IP "10" 8
+.IX Item "10"
+10:00 am on the current day.
+.IP "9/17/2009" 8
+.IX Item "9/17/2009"
+00:00 am, September 17, 2009.
+.IP "10:01 am Sep 17, 2009" 8
+.IX Item "10:01 am Sep 17, 2009"
+10:01 am, September 17, 2009.
.SH "FILES"
.IX Header "FILES"
.IP "\fI/var/log/sudo\-session\fR" 24
=back
-=head2 "Date and time format"
+=head2 Date and time format
-The time and date may be specified multiple ways:
+The time and date may be specified multiple ways, common formats include:
=over 8
=item HH:MM:SS am MM/DD/CCYY timezone
-Note that the date portion uses US format, regardless of locale.
+24 hour time may be used in place of am/pm.
=item HH:MM:SS am Month, Day Year timezone
-The month and day names may be abbreviated. Note that Month and
-Day of the week names must currently be specified in English.
+24 hour time may be used in place of am/pm, and month and day names
+may be abbreviated. Note that month and day of the week names must
+be specified in English.
+
+=item CCYY-MM-DD HH:MM:SS
+
+ISO time format
+
+=item DD Month CCYY HH:MM:SS
+
+The month name may be abbreviated.
+
+=back
+
+Either time or date may be omitted, the am/pm and timezone are
+optional. If no date is specified, the current day is assumed; if
+no time is specified, the first second of the specified date is
+used. The less significant parts of both time and date may also
+be omitted, in which case zero is assumed. For example, the following
+are all valid:
+
+The following are all valid time and date specifications:
+
+=over 8
=item now
=item tomorrow
-The current time but tomorrow's date.
+Exactly one day from now.
=item yesterday
-The current time but yesterday's date.
+24 hours ago.
+
+=item 2 hours ago
+
+2 hours ago.
=item next Friday
-The first second of the day, next Friday.
+The first second of the next Friday.
=item this week
The current time but the first day of the coming week.
-=back
+=item a fortnight ago
-Either time or date may be omitted, the am/pm and timezone are
-optional. If no date is specified, the current day is assumed; if
-no time is specified, the first second of the specified date is
-used. The less significant parts of both time and date may also
-be omitted, in which case zero is assumed. For example, the following
-are all valid:
+The current time but 14 days ago.
-=over 8
+=item 10:01 am 9/17/2009
-=item 10:01 am 9/17/2909
+10:01 am, September 17, 2009.
=item 10:01 am
+10:01 am on the current day.
+
=item 10
+10:00 am on the current day.
+
=item 9/17/2009
+00:00 am, September 17, 2009.
+
=item 10:01 am Sep 17, 2009
-=item Sep 17, 2009
+10:01 am, September 17, 2009.
=back
projects / sudo / commitdiff