o If pedantic > 1, it is a parse error.
o Add -s (strict) option to visudo which sets pedantic to 2.
/* Save the line the first error occured on. */
if (errorlineno == -1)
errorlineno = sudolineno ? sudolineno - 1 : 0;
+ if (s) {
#ifndef TRACELEXER
- (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
- sudolineno ? sudolineno - 1 : 0);
+ (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
+ sudolineno ? sudolineno - 1 : 0);
#else
- (void) fprintf(stderr, "<*> ");
+ (void) fprintf(stderr, "<*> ");
#endif
+ }
parse_error = TRUE;
}
%}
else if (strcasecmp(user_shost, $1) == 0)
$$ = TRUE;
else {
- if (pedantic)
+ if (pedantic) {
(void) fprintf(stderr,
- "Warning: undeclared Host_Alias `%s' referenced near line %d\n", $1, sudolineno);
+ "%s: undeclared Host_Alias `%s' referenced near line %d\n",
+ (pedantic == 1) ? "Warning" : "Error", $1, sudolineno);
+ if (pedantic > 1) {
+ yyerror(NULL);
+ YYERROR;
+ }
+ }
$$ = -1;
}
free($1);
else if (strcmp($1, user_runas) == 0)
$$ = TRUE;
else {
- if (pedantic)
+ if (pedantic) {
(void) fprintf(stderr,
- "Warning: undeclared Runas_Alias `%s' referenced near line %d\n", $1, sudolineno);
+ "%s: undeclared Runas_Alias `%s' referenced near line %d\n",
+ (pedantic == 1) ? "Warning" : "Error", $1, sudolineno);
+ if (pedantic > 1) {
+ yyerror(NULL);
+ YYERROR;
+ }
+ }
$$ = -1;
}
free($1);
if ((aip = find_alias($1, CMND_ALIAS)))
$$ = aip->val;
else {
- if (pedantic)
+ if (pedantic) {
(void) fprintf(stderr,
- "Warning: undeclared Cmnd_Alias `%s' referenced near line %d\n", $1, sudolineno);
+ "%s: undeclared Cmnd_Alias `%s' referenced near line %d\n",
+ (pedantic == 1) ? "Warning" : "Error", $1, sudolineno);
+ if (pedantic > 1) {
+ yyerror(NULL);
+ YYERROR;
+ }
+ }
$$ = -1;
}
free($1);
else if (strcmp($1, user_name) == 0)
$$ = TRUE;
else {
- if (pedantic)
+ if (pedantic) {
(void) fprintf(stderr,
- "Warning: undeclared User_Alias `%s' referenced near line %d\n", $1, sudolineno);
+ "%s: undeclared User_Alias `%s' referenced near line %d\n",
+ (pedantic == 1) ? "Warning" : "Error", $1, sudolineno);
+ if (pedantic > 1)
+ YYERROR;
+ }
$$ = -1;
}
free($1);
size_t n;
for (n = 0; n < naliases; n++) {
+ if (aliases[n].val == -1)
+ continue;
+
switch (aliases[n].type) {
case HOST_ALIAS:
(void) puts("HOST_ALIAS");
extern int Argc;
extern char **Argv;
-extern int NewArgc;
-extern char **NewArgv;
extern FILE *sudoers_fp;
#endif
extern int errno;
#define yyerrok (yyerrflag=0)
#define YYRECOVERING() (yyerrflag!=0)
#define YYPREFIX "yy"
-#line 2 "parse.yacc"
+#line 2 "./parse.yacc"
/*
* Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
/* Save the line the first error occured on. */
if (errorlineno == -1)
errorlineno = sudolineno ? sudolineno - 1 : 0;
+ if (s) {
#ifndef TRACELEXER
- (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
- sudolineno ? sudolineno - 1 : 0);
+ (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
+ sudolineno ? sudolineno - 1 : 0);
#else
- (void) fprintf(stderr, "<*> ");
+ (void) fprintf(stderr, "<*> ");
#endif
+ }
parse_error = TRUE;
}
-#line 209 "parse.yacc"
+#line 211 "./parse.yacc"
typedef union {
char *string;
int BOOLEAN;
struct sudo_command command;
int tok;
} YYSTYPE;
-#line 233 "sudo.tab.c"
+#line 235 "sudo.tab.c"
#define COMMAND 257
#define ALIAS 258
#define NTWKADDR 259
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
-#line 735 "parse.yacc"
+#line 759 "./parse.yacc"
#define MOREALIASES (32)
aliasinfo *aliases = NULL;
size_t n;
for (n = 0; n < naliases; n++) {
+ if (aliases[n].val == -1)
+ continue;
+
switch (aliases[n].type) {
case HOST_ALIAS:
(void) puts("HOST_ALIAS");
if (printmatches == TRUE)
expand_match_list();
}
-#line 879 "sudo.tab.c"
+#line 884 "sudo.tab.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || __STDC__
static int yygrowstack(void)
switch (yyn)
{
case 3:
-#line 254 "parse.yacc"
+#line 256 "./parse.yacc"
{ ; }
break;
case 4:
-#line 256 "parse.yacc"
+#line 258 "./parse.yacc"
{ yyerrok; }
break;
case 5:
-#line 257 "parse.yacc"
+#line 259 "./parse.yacc"
{ push; }
break;
case 6:
-#line 257 "parse.yacc"
+#line 259 "./parse.yacc"
{
while (top && user_matches != TRUE)
pop;
}
break;
case 7:
-#line 262 "parse.yacc"
+#line 264 "./parse.yacc"
{ ; }
break;
case 8:
-#line 264 "parse.yacc"
+#line 266 "./parse.yacc"
{ ; }
break;
case 9:
-#line 266 "parse.yacc"
+#line 268 "./parse.yacc"
{ ; }
break;
case 10:
-#line 268 "parse.yacc"
+#line 270 "./parse.yacc"
{ ; }
break;
case 13:
-#line 276 "parse.yacc"
+#line 278 "./parse.yacc"
{
/*
* We already did a push if necessary in
}
break;
case 14:
-#line 288 "parse.yacc"
+#line 290 "./parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
host_matches = yyvsp[0].BOOLEAN;
}
break;
case 15:
-#line 292 "parse.yacc"
+#line 294 "./parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
host_matches = ! yyvsp[0].BOOLEAN;
}
break;
case 16:
-#line 297 "parse.yacc"
+#line 299 "./parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
case 17:
-#line 300 "parse.yacc"
+#line 302 "./parse.yacc"
{
if (addr_matches(yyvsp[0].string))
yyval.BOOLEAN = TRUE;
}
break;
case 18:
-#line 307 "parse.yacc"
+#line 309 "./parse.yacc"
{
if (netgr_matches(yyvsp[0].string, user_host, NULL))
yyval.BOOLEAN = TRUE;
}
break;
case 19:
-#line 314 "parse.yacc"
+#line 316 "./parse.yacc"
{
if (strcasecmp(user_shost, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE;
}
break;
case 20:
-#line 321 "parse.yacc"
+#line 323 "./parse.yacc"
{
if (strcasecmp(user_host, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE;
}
break;
case 21:
-#line 328 "parse.yacc"
+#line 330 "./parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, HOST_ALIAS);
else if (strcasecmp(user_shost, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE;
else {
- if (pedantic)
+ if (pedantic) {
(void) fprintf(stderr,
- "Warning: undeclared Host_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
+ "%s: undeclared Host_Alias `%s' referenced near line %d\n",
+ (pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
+ if (pedantic > 1) {
+ yyerror(NULL);
+ YYERROR;
+ }
+ }
yyval.BOOLEAN = -1;
}
free(yyvsp[0].string);
}
break;
case 24:
-#line 350 "parse.yacc"
+#line 358 "./parse.yacc"
{
/*
* Push the entry onto the stack if it is worth
}
break;
case 25:
-#line 364 "parse.yacc"
+#line 372 "./parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
cmnd_matches = yyvsp[0].BOOLEAN;
}
break;
case 26:
-#line 368 "parse.yacc"
+#line 376 "./parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 27:
-#line 376 "parse.yacc"
+#line 384 "./parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
cmnd_matches = ! yyvsp[0].BOOLEAN;
}
break;
case 28:
-#line 382 "parse.yacc"
+#line 390 "./parse.yacc"
{
if (printmatches == TRUE && host_matches == TRUE &&
user_matches == TRUE) {
}
break;
case 29:
-#line 405 "parse.yacc"
+#line 413 "./parse.yacc"
{ ; }
break;
case 32:
-#line 412 "parse.yacc"
+#line 420 "./parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
runas_matches = yyvsp[0].BOOLEAN;
}
break;
case 33:
-#line 416 "parse.yacc"
+#line 424 "./parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 34:
-#line 424 "parse.yacc"
+#line 432 "./parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
runas_matches = ! yyvsp[0].BOOLEAN;
}
break;
case 35:
-#line 429 "parse.yacc"
+#line 437 "./parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 36:
-#line 443 "parse.yacc"
+#line 451 "./parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 37:
-#line 457 "parse.yacc"
+#line 465 "./parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 38:
-#line 471 "parse.yacc"
+#line 479 "./parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, RUNAS_ALIAS);
else if (strcmp(yyvsp[0].string, user_runas) == 0)
yyval.BOOLEAN = TRUE;
else {
- if (pedantic)
+ if (pedantic) {
(void) fprintf(stderr,
- "Warning: undeclared Runas_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
+ "%s: undeclared Runas_Alias `%s' referenced near line %d\n",
+ (pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
+ if (pedantic > 1) {
+ yyerror(NULL);
+ YYERROR;
+ }
+ }
yyval.BOOLEAN = -1;
}
free(yyvsp[0].string);
}
break;
case 39:
-#line 494 "parse.yacc"
+#line 508 "./parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 40:
-#line 506 "parse.yacc"
+#line 520 "./parse.yacc"
{
/* Inherit NOPASSWD/PASSWD status. */
if (printmatches == TRUE && host_matches == TRUE &&
}
break;
case 41:
-#line 516 "parse.yacc"
+#line 530 "./parse.yacc"
{
no_passwd = TRUE;
if (printmatches == TRUE && host_matches == TRUE &&
}
break;
case 42:
-#line 522 "parse.yacc"
+#line 536 "./parse.yacc"
{
no_passwd = FALSE;
if (printmatches == TRUE && host_matches == TRUE &&
}
break;
case 43:
-#line 530 "parse.yacc"
+#line 544 "./parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 44:
-#line 547 "parse.yacc"
+#line 561 "./parse.yacc"
{
aliasinfo *aip;
if ((aip = find_alias(yyvsp[0].string, CMND_ALIAS)))
yyval.BOOLEAN = aip->val;
else {
- if (pedantic)
+ if (pedantic) {
(void) fprintf(stderr,
- "Warning: undeclared Cmnd_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
+ "%s: undeclared Cmnd_Alias `%s' referenced near line %d\n",
+ (pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
+ if (pedantic > 1) {
+ yyerror(NULL);
+ YYERROR;
+ }
+ }
yyval.BOOLEAN = -1;
}
free(yyvsp[0].string);
}
break;
case 45:
-#line 570 "parse.yacc"
+#line 590 "./parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE) {
}
break;
case 48:
-#line 602 "parse.yacc"
+#line 622 "./parse.yacc"
{ push; }
break;
case 49:
-#line 602 "parse.yacc"
+#line 622 "./parse.yacc"
{
if ((host_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches))
}
break;
case 54:
-#line 618 "parse.yacc"
+#line 638 "./parse.yacc"
{
push;
if (printmatches == TRUE) {
}
break;
case 55:
-#line 626 "parse.yacc"
+#line 646 "./parse.yacc"
{
if ((cmnd_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches))
}
break;
case 56:
-#line 638 "parse.yacc"
+#line 658 "./parse.yacc"
{ ; }
break;
case 60:
-#line 646 "parse.yacc"
+#line 666 "./parse.yacc"
{
push;
if (printmatches == TRUE) {
}
break;
case 61:
-#line 654 "parse.yacc"
+#line 674 "./parse.yacc"
{
if ((runas_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, RUNAS_ALIAS, runas_matches))
}
break;
case 64:
-#line 670 "parse.yacc"
+#line 690 "./parse.yacc"
{ push; }
break;
case 65:
-#line 670 "parse.yacc"
+#line 690 "./parse.yacc"
{
if ((user_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches))
}
break;
case 66:
-#line 679 "parse.yacc"
+#line 699 "./parse.yacc"
{ ; }
break;
case 68:
-#line 683 "parse.yacc"
+#line 703 "./parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
user_matches = yyvsp[0].BOOLEAN;
}
break;
case 69:
-#line 687 "parse.yacc"
+#line 707 "./parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
user_matches = ! yyvsp[0].BOOLEAN;
}
break;
case 70:
-#line 692 "parse.yacc"
+#line 712 "./parse.yacc"
{
if (strcmp(yyvsp[0].string, user_name) == 0)
yyval.BOOLEAN = TRUE;
}
break;
case 71:
-#line 699 "parse.yacc"
+#line 719 "./parse.yacc"
{
if (usergr_matches(yyvsp[0].string, user_name))
yyval.BOOLEAN = TRUE;
}
break;
case 72:
-#line 706 "parse.yacc"
+#line 726 "./parse.yacc"
{
if (netgr_matches(yyvsp[0].string, NULL, user_name))
yyval.BOOLEAN = TRUE;
}
break;
case 73:
-#line 713 "parse.yacc"
+#line 733 "./parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
else if (strcmp(yyvsp[0].string, user_name) == 0)
yyval.BOOLEAN = TRUE;
else {
- if (pedantic)
+ if (pedantic) {
(void) fprintf(stderr,
- "Warning: undeclared User_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
+ "%s: undeclared User_Alias `%s' referenced near line %d\n",
+ (pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
+ if (pedantic > 1)
+ YYERROR;
+ }
yyval.BOOLEAN = -1;
}
free(yyvsp[0].string);
}
break;
case 74:
-#line 729 "parse.yacc"
+#line 753 "./parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
-#line 1633 "sudo.tab.c"
+#line 1660 "sudo.tab.c"
}
yyssp -= yym;
yystate = *yyssp;
* Globals
*/
char **Argv;
-char **NewArgv = NULL;
-int NewArgc = 0;
char *sudoers = _PATH_SUDOERS;
char *stmp = _PATH_SUDOERS_TMP;
struct sudo_user sudo_user;
time_t now; /* time now */
struct stat stmp_sb, sudoers_sb; /* to check for changes */
+ /* Warn about aliases that are used before being defined. */
+ pedantic = 1;
+
/*
* Parse command line options
*/
Argv = argv;
/*
- * Arg handling. For -V print version, else usage...
+ * Arg handling.
*/
- if (argc == 2) {
- if (!strcmp(Argv[1], "-V")) {
+ while (--argc) {
+ if (!strcmp(argv[argc], "-V")) {
(void) printf("visudo version %s\n", version);
exit(0);
+ } else if (!strcmp(argv[argc], "-s")) {
+ pedantic++; /* strict mode */
} else {
usage();
}
- } else if (argc != 1) {
- usage();
}
/* Mock up a fake sudo_user struct. */
exit(1);
}
- /* Warn about aliases that are used before being defined. */
- pedantic = TRUE;
-
#ifdef ENV_EDITOR
/*
* If we are allowing EDITOR and VISUAL envariables set Editor
static void
usage()
{
- (void) fprintf(stderr, "usage: %s [-V]\n", Argv[0]);
+ (void) fprintf(stderr, "usage: %s [-s] [-V]\n", Argv[0]);
exit(1);
}
visudo - edit the sudoers file
S\bS\bS\bSY\bY\bY\bYN\bN\bN\bNO\bO\bO\bOP\bP\bP\bPS\bS\bS\bSI\bI\bI\bIS\bS\bS\bS
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo [ -\b-\b-\b-V\bV\bV\bV ]
+ v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo [ -\b-\b-\b-s\bs\bs\bs ] [ -\b-\b-\b-V\bV\bV\bV ]
D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous
O\bO\bO\bOP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bNS\bS\bS\bS
v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following command line option:
+ -s Enable s\bs\bs\bst\bt\bt\btr\br\br\bri\bi\bi\bic\bc\bc\bct\bt\bt\bt checking of the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If an
+ alias is used before it is defined, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will
+ consider this a parse error. Note that it is not
+ possible to differentiate between an alias and a
+ hostname or username that consists solely of upper
+ case letters, digits, and the underscore ('_')
+ character.
+
-V The -V (version) option causes v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print the
version number and exit.
E\bE\bE\bER\bR\bR\bRR\bR\bR\bRO\bO\bO\bOR\bR\bR\bRS\bS\bS\bS
sudoers file busy, try again later.
- Either someone is currently editing the _\bs_\bu_\bd_\bo_\be_\br_\bs file
- or there is a stale sudoers lock file
- (/etc/sudoers.tmp by default) that you need to delete.
+ Someone else is currently editing the _\bs_\bu_\bd_\bo_\be_\br_\bs file.
/etc/sudoers.tmp: Permission denied
You didn't run v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo as root.
- Can't find you in the passwd database
- Your userid does not appear in the passwd file.
-
-F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
- /etc/sudoers List of who can run what
- /etc/sudoers.tmp Lock file for visudo
-6/Aug/1999 1.6 1
+17/Aug/1999 1.6 1
VISUDO(8) MAINTENANCE COMMANDS VISUDO(8)
+ Can't find you in the passwd database
+ Your userid does not appear in the system passwd file.
+
+ Warning: undeclared Alias referenced near ...
+ Either you are using a {User,Runas,Host,Cmnd}_Alias
+ before defining it or you have a user or hostname
+ listed that consists solely of upper case letters,
+ digits, and the underscore ('_') character. If the
+ latter, you can ignore the warnings (s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will not
+ complain). In -\b-\b-\b-s\bs\bs\bs (strict) mode these are errors not
+ warnings.
+
+F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
+ /etc/sudoers List of who can run what
+ /etc/sudoers.tmp Lock file for visudo
+
+
E\bE\bE\bEN\bN\bN\bNV\bV\bV\bVI\bI\bI\bIR\bR\bR\bRO\bO\bO\bON\bN\bN\bNM\bM\bM\bME\bE\bE\bEN\bN\bN\bNT\bT\bT\bT V\bV\bV\bVA\bA\bA\bAR\bR\bR\bRI\bI\bI\bIA\bA\bA\bAB\bB\bB\bBL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
The following are used only if v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was configured with
the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\b-_\be_\bd_\bi_\bt_\bo_\br option:
See the HISTORY file in the sudo distribution for more
details.
+B\bB\bB\bBU\bU\bU\bUG\bG\bG\bGS\bS\bS\bS
Please send all bugs, comments, and changes to sudo-
bugs@courtesan.com. Be sure to include the version of
s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo you are using and the platform you are running it on.
with s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo for complete details.
C\bC\bC\bCA\bA\bA\bAV\bV\bV\bVE\bE\bE\bEA\bA\bA\bAT\bT\bT\bTS\bS\bS\bS
- Due to the syntax of the _\bs_\bu_\bd_\bo_\be_\br_\bs file, there is no way for
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to tell the difference between a mistyped
- {Host,User,Cmnd}_Alias and a user or host name.
-
There is no easy way to prevent a user from gaining a root
shell if the editor used by v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows shell escapes.
-B\bB\bB\bBU\bU\bU\bUG\bG\bG\bGS\bS\bS\bS
- The _\b-_\bV flag gives the version of the _\bs_\bu_\bd_\bo package rather
- than the individual v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo program.
-
S\bS\bS\bSE\bE\bE\bEE\bE\bE\bE A\bA\bA\bAL\bL\bL\bLS\bS\bS\bSO\bO\bO\bO
_\bs_\bu_\bd_\bo(8), _\bv_\bi_\bp_\bw(8).
-
-
-
-
-
-
-
-
-
-
-6/Aug/1999 1.6 2
+17/Aug/1999 1.6 2
-6/Aug/1999 1.6 3
+17/Aug/1999 1.6 3
<LI><A HREF="#FILES">FILES</A>
<LI><A HREF="#ENVIRONMENT_VARIABLES">ENVIRONMENT VARIABLES</A>
<LI><A HREF="#AUTHOR">AUTHOR</A>
+ <LI><A HREF="#BUGS">BUGS</A>
<LI><A HREF="#DISCLAIMER">DISCLAIMER</A>
<LI><A HREF="#CAVEATS">CAVEATS</A>
- <LI><A HREF="#BUGS">BUGS</A>
<LI><A HREF="#SEE_ALSO">SEE ALSO</A>
</UL>
<!-- INDEX END -->
<HR>
<H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1>
<P>
-<STRONG>visudo</STRONG> [ <STRONG>-V</STRONG> ]
+<STRONG>visudo</STRONG> [ <STRONG>-s</STRONG> ] [ <STRONG>-V</STRONG> ]
<P>
<HR>
<STRONG>visudo</STRONG> accepts the following command line option:
<DL>
+<DT><STRONG><A NAME="item__s">-s</A></STRONG><DD>
+<P>
+Enable <STRONG>strict</STRONG> checking of the <EM>sudoers</EM> file. If an alias is used before it is defined, <STRONG>visudo</STRONG> will consider this a parse error. Note that it is not possible to
+differentiate between an alias and a hostname or username that consists
+solely of upper case letters, digits, and the underscore ('_') character.
+
<DT><STRONG><A NAME="item__V">-V</A></STRONG><DD>
<P>
The <CODE>-V</CODE> (version) option causes <STRONG>visudo</STRONG> to print the version number and exit.
<DL>
<DT><STRONG><A NAME="item_sudoers">sudoers file busy, try again later.</A></STRONG><DD>
<P>
-Either someone is currently editing the <EM>sudoers</EM> file or there is a stale sudoers lock file (/etc/sudoers.tmp by default)
-that you need to delete.
+Someone else is currently editing the <EM>sudoers</EM> file.
<DT><STRONG><A NAME="item__etc_sudoers_tmp_">/etc/sudoers.tmp: Permission denied</A></STRONG><DD>
<P>
<DT><STRONG><A NAME="item_Can">Can't find you in the passwd database</A></STRONG><DD>
<P>
-Your userid does not appear in the passwd file.
+Your userid does not appear in the system passwd file.
+
+<DT><STRONG><A NAME="item_Warning">Warning: undeclared Alias referenced near ...</A></STRONG><DD>
+<P>
+Either you are using a {User,Runas,Host,Cmnd}_Alias before defining it or
+you have a user or hostname listed that consists solely of upper case
+letters, digits, and the underscore ('_') character. If the latter, you can
+ignore the warnings (<STRONG>sudo</STRONG> will not complain). In <STRONG>-s</STRONG> (strict) mode these are errors not warnings.
<H1><A NAME="FILES">FILES</A></H1>
<P>
<P>
See the HISTORY file in the sudo distribution for more details.
+<H1><A NAME="BUGS">BUGS</A></H1>
<P>
Please send all bugs, comments, and changes to <A
HREF="mailto:sudo-bugs@courtesan.com.">sudo-bugs@courtesan.com.</A> Be sure
particular purpose are disclaimed. See the LICENSE file distributed with <STRONG>sudo</STRONG> for complete details.
<H1><A NAME="CAVEATS">CAVEATS</A></H1>
-<P>
-Due to the syntax of the <EM>sudoers</EM> file, there is no way for
-<STRONG>visudo</STRONG> to tell the difference between a mistyped {Host,User,Cmnd}_Alias and a user
-or host name.
-
<P>
There is no easy way to prevent a user from gaining a root shell if the
editor used by <STRONG>visudo</STRONG> allows shell escapes.
-<H1><A NAME="BUGS">BUGS</A></H1>
-<P>
-The <EM>-V</EM> flag gives the version of the <EM>sudo</EM> package rather than the individual <STRONG>visudo</STRONG> program.
-
<H1><A NAME="SEE_ALSO">SEE ALSO</A></H1>
<P>
<CODE><A HREF="sudo.html">sudo(8)</A>, <CODE>vipw(8).</CODE>
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
-''' Revision 1.9 1999/08/06 09:37:02 millert
-''' o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow temp file
-''' o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP
+''' Revision 1.10 1999/08/17 15:29:47 millert
+''' o NewArgv and NewArgc don't need to be externally visible.
+''' o If pedantic > 1, it is a parse error.
+''' o Add -s (strict) option to visudo which sets pedantic to 2.
'''
'''
.de Sh
.nr % 0
.rr F
.\}
-.TH VISUDO 8 "1.6" "6/Aug/1999" "MAINTENANCE COMMANDS"
+.TH VISUDO 8 "1.6" "17/Aug/1999" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.if n .na
.SH "NAME"
visudo \- edit the sudoers file
.SH "SYNOPSIS"
-\fBvisudo\fR [ \fB\-V\fR ]
+\fBvisudo\fR [ \fB\-s\fR ] [ \fB\-V\fR ]
.SH "DESCRIPTION"
\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
\fIvipw\fR\|(8). \fBvisudo\fR locks the \fIsudoers\fR file against multiple
occurred (if the editor supports this feature).
.SH "OPTIONS"
\fBvisudo\fR accepts the following command line option:
+.Ip "-s" 4
+Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is
+used before it is defined, \fBvisudo\fR will consider this a parse
+error. Note that it is not possible to differentiate between an
+alias and a hostname or username that consists solely of upper case
+letters, digits, and the underscore ('_') character.
.Ip "-V" 4
The \f(CW-V\fR (version) option causes \fBvisudo\fR to print the version number
and exit.
.SH "ERRORS"
.Ip "sudoers file busy, try again later." 4
-Either someone is currently editing the \fIsudoers\fR file
-or there is a stale sudoers lock file (/etc/sudoers.tmp by default)
-that you need to delete.
+Someone else is currently editing the \fIsudoers\fR file.
.Ip "/etc/sudoers.tmp: Permission denied" 4
You didn't run \fBvisudo\fR as root.
.Ip "Can't find you in the passwd database" 4
-Your userid does not appear in the passwd file.
+Your userid does not appear in the system passwd file.
+.Ip "Warning: undeclared Alias referenced near ..." 4
+Either you are using a {User,Runas,Host,Cmnd}_Alias before
+defining it or you have a user or hostname listed that
+consists solely of upper case letters, digits, and the
+underscore ('_') character. If the latter, you can ignore
+the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict)
+mode these are errors not warnings.
.SH "FILES"
.Sp
.Vb 2
\& Todd Miller <Todd.Miller@courtesan.com>
.Ve
See the HISTORY file in the sudo distribution for more details.
-.Sp
+.SH "BUGS"
Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
Be sure to include the version of \fBsudo\fR you are using and the platform
you are running it on.
and fitness for a particular purpose are disclaimed.
See the LICENSE file distributed with \fBsudo\fR for complete details.
.SH "CAVEATS"
-Due to the syntax of the \fIsudoers\fR file, there is no way for
-\fBvisudo\fR to tell the difference between a mistyped {Host,User,Cmnd}_Alias
-and a user or host name.
-.Sp
There is no easy way to prevent a user from gaining a root shell if
the editor used by \fBvisudo\fR allows shell escapes.
-.SH "BUGS"
-The \fI\-V\fR flag gives the version of the \fIsudo\fR package rather than
-the individual \fBvisudo\fR program.
.SH "SEE ALSO"
\fIsudo\fR\|(8), \fIvipw\fR\|(8).
.IX Header "OPTIONS"
+.IX Item "-s"
+
.IX Item "-V"
.IX Header "ERRORS"
.IX Item "Can't find you in the passwd database"
+.IX Item "Warning: undeclared Alias referenced near ..."
+
.IX Header "FILES"
.IX Header "ENVIRONMENT VARIABLES"
.IX Header "AUTHOR"
+.IX Header "BUGS"
+
.IX Header "DISCLAIMER"
.IX Header "CAVEATS"
-.IX Header "BUGS"
-
.IX Header "SEE ALSO"
=head1 SYNOPSIS
-B<visudo> [ B<-V> ]
+B<visudo> [ B<-s> ] [ B<-V> ]
=head1 DESCRIPTION
=over 4
+=item -s
+
+Enable B<strict> checking of the I<sudoers> file. If an alias is
+used before it is defined, B<visudo> will consider this a parse
+error. Note that it is not possible to differentiate between an
+alias and a hostname or username that consists solely of upper case
+letters, digits, and the underscore ('_') character.
+
=item -V
The C<-V> (version) option causes B<visudo> to print the version number
=item sudoers file busy, try again later.
-Either someone is currently editing the I<sudoers> file
-or there is a stale sudoers lock file (/etc/sudoers.tmp by default)
-that you need to delete.
+Someone else is currently editing the I<sudoers> file.
=item /etc/sudoers.tmp: Permission denied
=item Can't find you in the passwd database
-Your userid does not appear in the passwd file.
+Your userid does not appear in the system passwd file.
+
+=item Warning: undeclared Alias referenced near ...
+
+Either you are using a {User,Runas,Host,Cmnd}_Alias before
+defining it or you have a user or hostname listed that
+consists solely of upper case letters, digits, and the
+underscore ('_') character. If the latter, you can ignore
+the warnings (B<sudo> will not complain). In B<-s> (strict)
+mode these are errors not warnings.
=head1 FILES
See the HISTORY file in the sudo distribution for more details.
+=head1 BUGS
+
Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
Be sure to include the version of B<sudo> you are using and the platform
you are running it on.
=head1 CAVEATS
-Due to the syntax of the I<sudoers> file, there is no way for
-B<visudo> to tell the difference between a mistyped {Host,User,Cmnd}_Alias
-and a user or host name.
-
There is no easy way to prevent a user from gaining a root shell if
the editor used by B<visudo> allows shell escapes.
-=head1 BUGS
-
-The I<-V> flag gives the version of the I<sudo> package rather than
-the individual B<visudo> program.
-
=head1 SEE ALSO
sudo(8), vipw(8).
projects / sudo / commitdiff