Document that "lecture" has changed from a flag to a tuple.

diff --git a/sudoers.man.in b/sudoers.man.in
index 970ecee145a8221bd3f2936087c4502e807296e6..fe82d626c5328236f862563e59e5177e3c0362e5 100644 (file)
--- a/sudoers.man.in
+++ b/sudoers.man.in
@@ -30,13 +30,13 @@
 .\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 .\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
+.\" 
 .\" Sponsored in part by the Defense Advanced Research Projects
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\" 
 .\" $Sudo$
-.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
+.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.13
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -167,7 +167,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "March 13, 2003" "1.6.7" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "December 30, 2003" "1.6.8" "MAINTENANCE COMMANDS"
 .SH "NAME"
 sudoers \- list of which users may execute what
 .SH "DESCRIPTION"
@@ -442,10 +442,6 @@ If set, users must authenticate on a per-tty basis.  Normally,
 the user running it.  With this flag enabled, \fBsudo\fR will use a
 file named for the tty the user is logged in on in that directory.
 This flag is \fI@tty_tickets@\fR by default.
-.IP "lecture" 12
-.IX Item "lecture"
-If set, a user will receive a short lecture the first time he/she
-runs \fBsudo\fR.  This flag is \fI@lecture@\fR by default.
 .IP "authenticate" 12
 .IX Item "authenticate"
 If set, users must authenticate themselves via a password (or other
@@ -691,6 +687,25 @@ list that exists and is executable.  The default is the path to vi
 on your system.
 .PP
 \&\fBStrings that can be used in a boolean context\fR:
+.IP "lecture" 12
+.IX Item "lecture"
+This option controls when a short lecture will be printed along with
+the password prompt.  It has the following possible values:
+.RS 12
+.IP "never" 8
+.IX Item "never"
+Never lecture the user.
+.IP "once" 8
+.IX Item "once"
+Only lecture the user the first time they run \fBsudo\fR.
+.IP "always" 8
+.IX Item "always"
+Always lecture the user.
+.RE
+.RS 12
+.Sp
+The default value is \fI@lecture@\fR.
+.RE
 .IP "logfile" 12
 .IX Item "logfile"
 Path to the \fBsudo\fR log file (not the syslog log file).  Setting a path
@@ -806,8 +821,8 @@ syslog priorities are supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\
 .Sh "User Specification"
 .IX Subsection "User Specification"
 .Vb 2
-\& User_Spec ::= User_list Host_List '=' Cmnd_Spec_List \e
-\&               (':' User_Spec)*
+\& User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e
+\&               (':' Host_List '=' Cmnd_Spec_List)*
 .Ve
 .PP
 .Vb 2
@@ -942,18 +957,18 @@ more digits, in which case it is treated as a uid).  Both the
 comment character and any text after it, up to the end of the line,
 are ignored.
 .PP
-The reserved word \fB\s-1ALL\s0\fR is a built in \fIalias\fR that always causes
+The reserved word \fB\s-1ALL\s0\fR is a built-in \fIalias\fR that always causes
 a match to succeed.  It can be used wherever one might otherwise
 use a \f(CW\*(C`Cmnd_Alias\*(C'\fR, \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, or \f(CW\*(C`Host_Alias\*(C'\fR.
 You should not try to define your own \fIalias\fR called \fB\s-1ALL\s0\fR as the
-built in alias will be used in preference to your own.  Please note
+built-in alias will be used in preference to your own.  Please note
 that using \fB\s-1ALL\s0\fR can be dangerous since in a command context, it
 allows the user to run \fBany\fR command on the system.
 .PP
 An exclamation point ('!') can be used as a logical \fInot\fR operator
 both in an \fIalias\fR and in front of a \f(CW\*(C`Cmnd\*(C'\fR.  This allows one to
 exclude certain values.  Note, however, that using a \f(CW\*(C`!\*(C'\fR in
-conjunction with the built in \f(CW\*(C`ALL\*(C'\fR alias to allow a user to
+conjunction with the built-in \f(CW\*(C`ALL\*(C'\fR alias to allow a user to
 run \*(L"all but a few\*(R" commands rarely works as intended (see \s-1SECURITY\s0
 \&\s-1NOTES\s0 below).
 .PP
@@ -1022,7 +1037,7 @@ make sure we log the year in each log line since the log entries
 will be kept around for several years.
 .PP
 .Vb 6
-\& # Override built in defaults
+\& # Override built-in defaults
 \& Defaults               syslog=auth
 \& Defaults>root          !set_logname
 \& Defaults:FULLTIMERS    !lecture

diff --git a/sudoers.pod b/sudoers.pod
index fb74fa7362ed1a70fda88638e59f4510c1545e75..655eae4ff66cec0b18d4d45def79d8adcbae2aaa 100644 (file)
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -291,11 +291,6 @@ the user running it.  With this flag enabled, B<sudo> will use a
 file named for the tty the user is logged in on in that directory.
 This flag is I<@tty_tickets@> by default.
 
-=item lecture
-
-If set, a user will receive a short lecture the first time he/she
-runs B<sudo>.  This flag is I<@lecture@> by default.
-
 =item authenticate
 
 If set, users must authenticate themselves via a password (or other
@@ -591,6 +586,30 @@ B<Strings that can be used in a boolean context>:
 
 =over 12
 
+=item lecture
+
+This option controls when a short lecture will be printed along with
+the password prompt.  It has the following possible values:
+
+=over 8
+
+=item never
+
+Never lecture the user.
+
+=item once
+
+Only lecture the user the first time they run B<sudo>.
+
+=item always
+
+Always lecture the user.
+
+=back
+
+The default value is I<@lecture@>.
+
+
 =item logfile
 
 Path to the B<sudo> log file (not the syslog log file).  Setting a path