Document that I/O logs are in gzip format by default.
log_host If set, the host name will be logged in the (non-
syslog) s\bsu\bud\bdo\bo log file. This flag is _\bo_\bf_\bf by default.
- log_input If set, s\bsu\bud\bdo\bo will run the command in a _\bp_\bs_\be_\bu_\bd_\bo _\bt_\bt_\by and
+ log_input If set, s\bsu\bud\bdo\bo will run the command in a _\bp_\bs_\be_\bu_\bd_\bo_\b-_\bt_\bt_\by and
log all user input. If the standard input is not
connected to the user's tty, due to I/O redirection or
because the command is part of a pipeline, that input
unique session ID that is included in the normal s\bsu\bud\bdo\bo
log line, prefixed with ``TSID=''. The _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be
option may be used to control the format of the session
- ID.
+ ID. Input from the user's tty is logged to the _\bt_\bt_\by_\bi_\bn
+ file. Input from a pipe or file is logged to the _\bs_\bt_\bd_\bi_\bn
+ file. These files are in gzip (compressed) format
+ unless the _\bc_\bo_\bm_\bp_\br_\be_\bs_\bs_\b__\bi_\bo option has been disabled. Due
+ to buffering, the I/O log data will not be complete
+ until the s\bsu\bud\bdo\bo command has completed.
Note that user input may contain sensitive information
such as passwords (even if they are not echoed to the
unencrypted. In most cases, logging the command output
via _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt is all that is required.
- log_output If set, s\bsu\bud\bdo\bo will run the command in a _\bp_\bs_\be_\bu_\bd_\bo _\bt_\bt_\by and
+ log_output If set, s\bsu\bud\bdo\bo will run the command in a _\bp_\bs_\be_\bu_\bd_\bo_\b-_\bt_\bt_\by and
log all output that is sent to the screen, similar to
the script(1) command. If the standard output or
standard error is not connected to the user's tty, due
unique session ID that is included in the normal s\bsu\bud\bdo\bo
log line, prefixed with ``TSID=''. The _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be
option may be used to control the format of the session
- ID.
+ ID. Output from the pseudo-tty is logged to the _\bt_\bt_\by_\bo_\bu_\bt
+ file. Output to a pipe or redirected to a file is
+ logged to the either the _\bs_\bt_\bd_\bo_\bu_\bt or _\bs_\bt_\bd_\be_\br_\br files. These
+ files are in gzip (compressed) format unless the
+ _\bc_\bo_\bm_\bp_\br_\be_\bs_\bs_\b__\bi_\bo option has been disabled. Due to
+ buffering, the I/O log data will not be complete until
+ the s\bsu\bud\bdo\bo command has completed.
Output logs may be viewed with the sudoreplay(1m)
utility, which can also be used to list or search the
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.16 November 20, 2015 Sudo 1.8.16
+Sudo 1.8.16 December 11, 2015 Sudo 1.8.16
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "5" "November 20, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "December 11, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
If set,
\fBsudo\fR
will run the command in a
-\fIpseudo tty\fR
+\fIpseudo-tty\fR
and log all user input.
If the standard input is not connected to the user's tty, due to
I/O redirection or because the command is part of a pipeline, that
The
\fIiolog_file\fR
option may be used to control the format of the session ID.
+Input from the user's tty is logged to the
+\fIttyin\fR
+file.
+Input from a pipe or file is logged to the
+\fIstdin\fR
+file.
+These files are in gzip (compressed) format unless the
+\fIcompress_io\fR
+option has been disabled.
+Due to buffering, the I/O log data will not be complete until the
+\fBsudo\fR
+command has completed.
.sp
Note that user input may contain sensitive information such as
passwords (even if they are not echoed to the screen), which will
If set,
\fBsudo\fR
will run the command in a
-\fIpseudo tty\fR
+\fIpseudo-tty\fR
and log all output that is sent to the screen, similar to the
script(1)
command.
The
\fIiolog_file\fR
option may be used to control the format of the session ID.
+Output from the pseudo-tty is logged to the
+\fIttyout\fR
+file.
+Output to a pipe or redirected to a file is logged to the either the
+\fIstdout\fR
+or
+\fIstderr\fR
+files.
+These files are in gzip (compressed) format unless the
+\fIcompress_io\fR
+option has been disabled.
+Due to buffering, the I/O log data will not be complete until the
+\fBsudo\fR
+command has completed.
.sp
Output logs may be viewed with the
sudoreplay(@mansectsu@)
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd November 20, 2015
+.Dd December 11, 2015
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
If set,
.Nm sudo
will run the command in a
-.Em pseudo tty
+.Em pseudo-tty
and log all user input.
If the standard input is not connected to the user's tty, due to
I/O redirection or because the command is part of a pipeline, that
The
.Em iolog_file
option may be used to control the format of the session ID.
+Input from the user's tty is logged to the
+.Pa ttyin
+file.
+Input from a pipe or file is logged to the
+.Pa stdin
+file.
+These files are in gzip (compressed) format unless the
+.Em compress_io
+option has been disabled.
+Due to buffering, the I/O log data will not be complete until the
+.Nm sudo
+command has completed.
.Pp
Note that user input may contain sensitive information such as
passwords (even if they are not echoed to the screen), which will
If set,
.Nm sudo
will run the command in a
-.Em pseudo tty
+.Em pseudo-tty
and log all output that is sent to the screen, similar to the
.Xr script 1
command.
The
.Em iolog_file
option may be used to control the format of the session ID.
+Output from the pseudo-tty is logged to the
+.Pa ttyout
+file.
+Output to a pipe or redirected to a file is logged to the either the
+.Pa stdout
+or
+.Pa stderr
+files.
+These files are in gzip (compressed) format unless the
+.Em compress_io
+option has been disabled.
+Due to buffering, the I/O log data will not be complete until the
+.Nm sudo
+command has completed.
.Pp
Output logs may be viewed with the
.Xr sudoreplay @mansectsu@
projects / sudo / commitdiff