Document %#gid, and %:#nonunix_gid syntax.

--HG--
branch : 1.7

diff --git a/sudoers.pod b/sudoers.pod
index cc9e69d8b8acc3f5c92a01c75a378350d99d3577..d93cd60d7024a37cf92517608252166883e02723 100644 (file)
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -112,25 +112,32 @@ The definitions of what constitutes a valid I<alias> member follow.
               User ',' User_List
 
  User ::= '!'* user name |
-         '!'* '#'uid |
-         '!'* '%'group |
-         '!'* '+'netgroup |
-         '!'* '%:'nonunix_group |
+         '!'* #uid |
+         '!'* %group |
+         '!'* %#gid |
+         '!'* +netgroup |
+         '!'* %:nonunix_group |
+         '!'* %:#nonunix_gid |
          '!'* User_Alias
 
-A C<User_List> is made up of one or more user names, uids (prefixed
-with '#'), system groups (prefixed with '%'), netgroups (prefixed
-with '+') and C<User_Alias>es.  Each list item may be prefixed with
-zero or more '!' operators.  An odd number of '!' operators negate
-the value of the item; an even number just cancel each other out.
-
-A C<user name>, C<group>, C<netgroup> or C<nonunix_group> may
-be enclosed in double quotes to avoid the need for escaping special
-characters.  Alternately, special characters may be specified in
-escaped hex mode, e.g. \x20 for space.
-
-The C<nonunix_group> syntax depends on the underlying implementation.
-For instance, the QAS AD backend supports the following formats:
+A C<User_List> is made up of one or more user names, user ids
+(prefixed with '#'), system group names and ids (prefixed with '%'
+and '%#' respectively), netgroups (prefixed with '+'), non-Unix
+group names and IDs (prefixed with '%:' and '%:#' respectively) and
+C<User_Alias>es.  Each list item may be prefixed with zero or more
+'!' operators.  An odd number of '!' operators negate the value of
+the item; an even number just cancel each other out.
+
+A C<user name>, C<uid>, C<group>, C<gid>, C<netgroup>, C<nonunix_group>
+or C<nonunix_gid> may be enclosed in double quotes to avoid the
+need for escaping special characters.  Alternately, special characters
+may be specified in escaped hex mode, e.g. \x20 for space.  When
+using double quotes, any prefix characters must be included inside
+the quotes.
+
+The C<nonunix_group> and C<nonunix_gid> syntax depends on the
+underlying implementation.  For instance, the QAS AD backend supports
+the following formats:
 
 =over 4
 
@@ -157,8 +164,11 @@ characters that need to be escaped.
                Runas_Member ',' Runas_List
 
  Runas_Member ::= '!'* user name |
-                 '!'* '#'uid |
-                 '!'* '%'group |
+                 '!'* #uid |
+                 '!'* %group |
+                 '!'* %#gid |
+                 '!'* %:nonunix_group |
+                 '!'* %:#nonunix_gid |
                  '!'* +netgroup |
                  '!'* Runas_Alias
 
@@ -175,7 +185,7 @@ and toor), you can use a uid instead (#0 in the example given).
  Host ::= '!'* host name |
          '!'* ip_addr |
          '!'* network(/netmask)? |
-         '!'* '+'netgroup |
+         '!'* +netgroup |
          '!'* Host_Alias
 
 A C<Host_List> is made up of one or more host names, IP addresses,