doc/cvtsudoers.man.in
doc/cvtsudoers.mdoc.in
doc/fixman.sh
-doc/fixmdoc.sh
+doc/fixmdoc.sed
doc/schema.ActiveDirectory
doc/schema.OpenLDAP
doc/schema.iPlanet
doc/sudo.conf.man.in
doc/sudo.conf.mdoc.in
doc/sudo.man.in
+doc/sudo.man.in.sed
doc/sudo.mdoc.in
doc/sudo_plugin.cat
doc/sudo_plugin.man.in
doc/sudoers.ldap.man.in
doc/sudoers.ldap.mdoc.in
doc/sudoers.man.in
+doc/sudoers.man.in.sed
doc/sudoers.mdoc.in
doc/sudoers_timestamp.cat
doc/sudoers_timestamp.man.in
$(SED) -n '/Begin initial values for man page substitution/,/End initial values for man page substitution/{;p;}' $(top_srcdir)/configure.ac | $(SED) -e '/^#/d' -e 's/^/s#@/' -e 's/=[\\"]*/@#/' -e 's/[\\"]*$$/#g/' >> $@; \
fi
-$(srcdir)/sudo.man.in: $(srcdir)/sudo.mdoc.in
+$(srcdir)/sudo.man.in: $(srcdir)/sudo.mdoc.in $(srcdir)/sudo.man.in.sed
@if [ -n "$(DEVEL)" ]; then \
echo "Generating $@"; \
mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
- $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+ $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudo.man.in.sed > $@; \
fi
-sudo.man.sed: $(srcdir)/fixman.sh
- BAMAN=@BAMAN@ LCMAN=@LCMAN@ SEMAN=@SEMAN@ PSMAN=@PSMAN@ $(SHELL) $(srcdir)/fixman.sh $@
+fixman.sed: $(srcdir)/fixman.sh
+ $(SHELL) $(srcdir)/fixman.sh $@
-$(mansrcdir)/sudo.man: $(top_builddir)/config.status $(srcdir)/sudo.man.in sudo.man.sed
- (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.man.in | $(SED) -f $@.sed > $@
+$(mansrcdir)/sudo.man: $(top_builddir)/config.status $(srcdir)/sudo.man.in fixman.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.man.in | $(SED) -f fixman.sed > $@
-sudo.mdoc.sed: $(srcdir)/fixmdoc.sh
- BAMAN=@BAMAN@ LCMAN=@LCMAN@ SEMAN=@SEMAN@ PSMAN=@PSMAN@ $(SHELL) $(srcdir)/fixmdoc.sh $@
-
-$(mansrcdir)/sudo.mdoc: $(top_builddir)/config.status $(srcdir)/sudo.mdoc.in sudo.mdoc.sed
- (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.mdoc.in | $(SED) -f $@.sed > $@
+$(mansrcdir)/sudo.mdoc: $(top_builddir)/config.status $(srcdir)/sudo.mdoc.in
+ cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
$(srcdir)/sudo.cat: varsub $(srcdir)/sudo.mdoc.in
@if [ -n "$(DEVEL)" ]; then \
$(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/visudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
fi
-$(mansrcdir)/visudo.man: $(top_builddir)/config.status $(srcdir)/visudo.man.in
- cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
+$(mansrcdir)/visudo.man: $(top_builddir)/config.status $(srcdir)/visudo.man.in fixman.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/visudo.man.in | $(SED) -f fixman.sed > $@
$(mansrcdir)/visudo.mdoc: $(top_builddir)/config.status $(srcdir)/visudo.mdoc.in
cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
$(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
fi
-$(mansrcdir)/sudo.conf.man: $(top_builddir)/config.status $(srcdir)/sudo.conf.man.in
- cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
+$(mansrcdir)/sudo.conf.man: $(top_builddir)/config.status $(srcdir)/sudo.conf.man.in fixman.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.conf.man.in | $(SED) -f fixman.sed > $@
$(mansrcdir)/sudo.conf.mdoc: $(top_builddir)/config.status $(srcdir)/sudo.conf.mdoc.in
cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
$(SED) -f varsub $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -Tascii -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \
fi
-$(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in
+$(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in $(srcdir)/sudoers.man.in.sed
@if [ -n "$(DEVEL)" ]; then \
echo "Generating $@"; \
mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
- $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS" \)"5"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+ $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS" \)"5"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudoers.man.in.sed> $@; \
fi
-sudoers.man.sed: $(srcdir)/fixman.sh
- LCMAN=@LCMAN@ SEMAN=@SEMAN@ PSMAN=@PSMAN@ $(SHELL) $(srcdir)/fixman.sh $@
-
-$(mansrcdir)/sudoers.man: $(top_builddir)/config.status $(srcdir)/sudoers.man.in sudoers.man.sed
- (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.man.in | $(SED) -f $@.sed > $@
-
-sudoers.mdoc.sed: $(srcdir)/fixmdoc.sh
- LCMAN=@LCMAN@ SEMAN=@SEMAN@ PSMAN=@PSMAN@ $(SHELL) $(srcdir)/fixmdoc.sh $@
+$(mansrcdir)/sudoers.man: $(top_builddir)/config.status $(srcdir)/sudoers.man.in fixman.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.man.in | $(SED) -f fixman.sed > $@
-$(mansrcdir)/sudoers.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers.mdoc.in sudoers.mdoc.sed
- (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.mdoc.in | $(SED) -f $@.sed > $@
+$(mansrcdir)/sudoers.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers.mdoc.in $(srcdir)/fixmdoc.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.mdoc.in | $(SED) -f $(srcdir)/fixmdoc.sed > $@
$(srcdir)/sudoers.cat: varsub $(srcdir)/sudoers.mdoc.in
@if [ -n "$(DEVEL)" ]; then \
$(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.ldap.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS.LDAP" \)"5"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
fi
-$(mansrcdir)/sudoers.ldap.man: $(top_builddir)/config.status $(srcdir)/sudoers.ldap.man.in
- cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
+$(mansrcdir)/sudoers.ldap.man: $(top_builddir)/config.status $(srcdir)/sudoers.ldap.man.in fixman.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.ldap.man.in | $(SED) -f fixman.sed > $@
$(mansrcdir)/sudoers.ldap.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers.ldap.mdoc.in
cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
$(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers_timestamp.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS.LDAP" \)"5"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
fi
-$(mansrcdir)/sudoers_timestamp.man: $(top_builddir)/config.status $(srcdir)/sudoers_timestamp.man.in
- cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
+$(mansrcdir)/sudoers_timestamp.man: $(top_builddir)/config.status $(srcdir)/sudoers_timestamp.man.in fixman.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers_timestamp.man.in | $(SED) -f fixman.sed > $@
$(mansrcdir)/sudoers_timestamp.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers_timestamp.mdoc.in
cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
$(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/cvtsudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
fi
-$(mansrcdir)/cvtsudoers.man: $(top_builddir)/config.status $(srcdir)/cvtsudoers.man.in
- cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
+$(mansrcdir)/cvtsudoers.man: $(top_builddir)/config.status $(srcdir)/cvtsudoers.man.in fixman.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/cvtsudoers.man.in | $(SED) -f fixman.sed > $@
$(mansrcdir)/cvtsudoers.mdoc: $(top_builddir)/config.status $(srcdir)/cvtsudoers.mdoc.in
cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
$(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoreplay.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOREPLAY" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
fi
-$(mansrcdir)/sudoreplay.man: $(top_builddir)/config.status $(srcdir)/sudoreplay.man.in
- cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
+$(mansrcdir)/sudoreplay.man: $(top_builddir)/config.status $(srcdir)/sudoreplay.man.in fixman.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoreplay.man.in | $(SED) -f fixman.sed > $@
$(mansrcdir)/sudoreplay.mdoc: $(top_builddir)/config.status $(srcdir)/sudoreplay.mdoc.in
cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
$(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
fi
-$(mansrcdir)/sudo_plugin.man: $(top_builddir)/config.status $(srcdir)/sudo_plugin.man.in
- cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
+$(mansrcdir)/sudo_plugin.man: $(top_builddir)/config.status $(srcdir)/sudo_plugin.man.in fixman.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_plugin.man.in | $(SED) -f fixman.sed > $@
$(mansrcdir)/sudo_plugin.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_plugin.mdoc.in
cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
check:
clean:
- -rm -f varsub *.sed
+ -rm -f varsub fixman.sed
mostlyclean: clean
EOF
fi
-# Page specific hacks
-case "$OUTFILE" in
- sudo.man.sed)
- # Replace "0 minutes" with "unlimited"
- cat >>"$OUTFILE" <<-'EOF'
- /^\\fR0\\fR$/ {
- N
- s/^\\fR0\\fR\nminutes\.$/unlimited./
- }
- EOF
-
- # BSD auth
- if [ X"$BAMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-'EOF'
- /^\[\\fB\\-a\\fR\\ \\fItype\\fR/d
- /^\\fB\\-a\\fR \\fItype\\fR$/,/^\.TP 12n$/ {
- /^\.PD$/!d
- }
- EOF
- fi
-
- # BSD login class
- if [ X"$LCMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-'EOF'
- /^\[\\fB\\-c\\fR\\ \\fIclass\\fR/d
- /^\\fB\\-c\\fR \\fIclass\\fR$/,/^\.TP 12n$/ {
- /^\.PD$/!d
- }
- /^login_cap(3),$/d
- /^BSD login class$/ {
- N
- N
- /^BSD login class\n\.TP 4n\n\\fBo\\fR$/d
- }
- EOF
- fi
-
- # SELinux
- if [ X"$SEMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-'EOF'
- /^\[\\fB\\-[rt]\\fR\\ \\fI[rt][oy][lp]e\\fR/d
- /^\\fB\\-[rt]\\fR \\fI[rt][oy][lp]e\\fR$/,/^\.TP 12n$/ {
- /^\.PD$/!d
- }
- /^SELinux role and type$/ {
- N
- N
- /^SELinux role and type\n\.TP 4n\n\\fBo\\fR$/d
- }
- EOF
- fi
-
- # Solaris privileges
- if [ X"$PSMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-'EOF'
- /^Solaris project$/ {
- N
- N
- N
- N
- N
- /^Solaris project\n\.TP 4n\n\\fBo\\fR\nSolaris privileges\n\.TP 4n\n\\fBo\\fR$/d
- }
- EOF
- fi
- ;;
- sudoers.man.sed)
- # Join tagged list line with the corresponding item and re-process
- cat >>"$OUTFILE" <<-'EOF'
- :again
- /^\.TP 18n$/ {
- N
- bagain
- }
- EOF
-
- # Subsections to remove (SELinux and Solaris are adjacent)
- RM_SS=
- if [ X"$PSMAN" != X"1" ]; then
- if [ X"$SEMAN" != X"1" ]; then
- RM_SS='/^\.SS "SELinux_Spec"/,/^\.SS "[^S]/{;/^\.SS "[^S][^o][^l]/!d;};'
- else
- RM_SS='/^\.SS "Solaris_Priv_Spec"/,/^\.SS/{;/^\.SS "[^S][^o][^l]/!d;};'
- fi
- elif [ X"$SEMAN" != X"1" ]; then
- RM_SS='/^\.SS "SELinux_Spec"/,/^\.SS/{;/^\.SS "[^S][^E][^L]/!d;};'
- fi
- if [ -n "$RM_SS" ]; then
- cat >>"$OUTFILE" <<-EOF
- $RM_SS
- EOF
- fi
-
- # BSD login class
- if [ X"$LCMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-EOF
- /^On BSD systems/,/\.$/d
- /^\.TP 18n\nuse_loginclass$/,/^by default\./d
- EOF
- fi
-
- # Solaris PrivSpec
- if [ X"$PSMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-EOF
- s/Solaris_Priv_Spec | //
- /^Solaris_Priv_Spec ::=/ {
- N
- d
- }
- /^\.TP 18n\n\(limit\)*privs$/,/^is built on Solaris 10 or higher\./d
- /^On Solaris 10/,/^\.[sP][pP]/d
- EOF
- fi
-
- # SELinux
- if [ X"$SEMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-EOF
- s/SELinux_Spec | //
- /^SELinux_Spec ::=/ {
- N
- d
- }
- /^\.TP 18n\n[rt][oy][lp]e$/,/^is built with SELinux support\.$/d
- EOF
- fi
- ;;
-esac
+# Replace "0 minutes" with "unlimited"
+cat >>"$OUTFILE" <<-'EOF'
+ /^\\fR0\\fR$/ {
+ N
+ s/^\\fR0\\fR\nminutes\.$/unlimited./
+ }
+EOF
--- /dev/null
+# Replace "0 minutes" with "unlimited"
+/^\.Li 0$/ {
+ N
+ s/^\.Li 0\nminutes\.$/unlimited./
+}
+++ /dev/null
-#!/bin/sh
-#
-# Copyright (c) 2012-2014, 2017 Todd C. Miller <Todd.Miller@sudo.ws>
-#
-# Permission to use, copy, modify, and distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-#
-
-OUTFILE="$1"
-rm -f "$OUTFILE"
-> "$OUTFILE"
-
-# Page specific hacks
-case "$OUTFILE" in
- sudo.mdoc.sed)
- # Replace "0 minutes" with "unlimited"
- cat >>"$OUTFILE" <<-'EOF'
- /^\.Li 0$/ {
- N
- s/^\.Li 0\nminutes\.$/unlimited./
- }
- EOF
-
- # BSD auth
- BA_FLAG=
- if [ X"$BAMAN" != X"1" ]; then
- BA_FLAG='/^.*\n\.Op Fl a Ar type/{;N;/^.*\n\.Ek$/d;};'
- cat >>"$OUTFILE" <<-'EOF'
- /^\.It Fl a Ar type/,/BSD authentication\.$/d
- EOF
- fi
-
- # BSD login class
- LC_FLAG=
- if [ X"$LCMAN" != X"1" ]; then
- LC_FLAG='/^.*\n\.Op Fl c Ar class/{;N;/^.*\n\.Ek$/d;};'
- cat >>"$OUTFILE" <<-'EOF'
- /^\.It Fl c Ar class/,/BSD login classes\.$/d
- /^\.Xr login_cap 3 ,$/d
- /^BSD login class$/ {
- N
- /^BSD login class\n\.It$/d
- }
- EOF
- fi
-
- # SELinux
- SE_FLAG=
- if [ X"$SEMAN" != X"1" ]; then
- SE_FLAG='/^.*\n\.Op Fl r Ar role/{;N;/^.*\n\.Ek$/d;};/^.*\n\.Op Fl t Ar type/{;N;/^.*\n\.Ek$/d;};'
- cat >>"$OUTFILE" <<-'EOF'
- /^\.It Fl r Ar role/,/^\.Ar role \.$/d
- /^\.It Fl t Ar type/,/derived from the role\.$/d
- /^SELinux role and type$/ {
- N
- /^SELinux role and type\n\.It$/d
- }
- EOF
- fi
-
- # Solaris privileges
- if [ X"$PSMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-'EOF'
- /^Solaris project$/ {
- N
- N
- N
- /^Solaris project\n\.It\nSolaris privileges\n\.It$/d
- }
- EOF
- fi
-
- # Unsupported flags must be removed together
- if [ -n "$BA_FLAG$LC_FLAG$SE_FLAG" ]; then
- cat >>"$OUTFILE" <<-EOF
- /^\.Bk -words\$/ {
- N
- $BA_FLAG$LC_FLAG$SE_FLAG
- }
- EOF
- fi
- ;;
- sudoers.mdoc.sed)
- # Subsections to remove (SELinux and Solaris are adjacent)
- RM_SS=
- if [ X"$PSMAN" != X"1" ]; then
- if [ X"$SEMAN" != X"1" ]; then
- RM_SS='/^\.Ss SELinux_Spec/,/^\.Ss [^S]/{;/^\.Ss [^S][^o][^l]/!d;};'
- else
- RM_SS='/^\.Ss Solaris_Priv_Spec/,/^\.Ss/{;/^\.Ss [^S][^o][^l]/!d;};'
- fi
- elif [ X"$SEMAN" != X"1" ]; then
- RM_SS='/^\.Ss SELinux_Spec/,/^\.Ss/{;/^\.Ss [^S][^E][^L]/!d;};'
- fi
- if [ -n "$RM_SS" ]; then
- cat >>"$OUTFILE" <<-EOF
- $RM_SS
- EOF
- fi
-
- # BSD login class
- if [ X"$LCMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-'EOF'
- /^On BSD systems/,/\.$/d
- /^\.It use_loginclass$/,/^by default\./d
- EOF
- fi
-
- # Solaris PrivSpec
- if [ X"$PSMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-'EOF'
- s/Solaris_Priv_Spec | //
- /^Solaris_Priv_Spec ::=/ {
- N
- d
- }
- /^\.It \(limit\)*privs$/,/is built on Solaris 10 or higher\.$/d
- /^On Solaris 10/,/^\.Pp/d
- EOF
- fi
-
- # SELinux
- if [ X"$SEMAN" != X"1" ]; then
- cat >>"$OUTFILE" <<-'EOF'
- s/SELinux_Spec | //
- /^SELinux_Spec ::=/ {
- N
- d
- }
- /^\.It [rt][oy][lp]e$/,/is built with SELinux support\.$/d
- EOF
- fi
- ;;
-esac
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.26 October 27, 2018 Sudo 1.8.26
+Sudo 1.8.26 November 25, 2018 Sudo 1.8.26
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDO" "8" "October 27, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.nr SL @SEMAN@
+.nr BA @BAMAN@
+.nr LC @LCMAN@
+.nr PS @PSMAN@
+.TH "SUDO" "8" "November 25, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudo\fR
\fB\-v\fR
[\fB\-AknS\fR]
-[\fB\-a\fR\ \fItype\fR]
+.if \n(BA [\fB\-a\fR\ \fItype\fR]
[\fB\-g\fR\ \fIgroup\fR]
[\fB\-h\fR\ \fIhost\fR]
[\fB\-p\fR\ \fIprompt\fR]
\fBsudo\fR
\fB\-l\fR
[\fB\-AknS\fR]
-[\fB\-a\fR\ \fItype\fR]
+.if \n(BA [\fB\-a\fR\ \fItype\fR]
[\fB\-g\fR\ \fIgroup\fR]
[\fB\-h\fR\ \fIhost\fR]
[\fB\-p\fR\ \fIprompt\fR]
.HP 5n
\fBsudo\fR
[\fB\-AbEHnPS\fR]
-[\fB\-a\fR\ \fItype\fR]
+.if \n(BA [\fB\-a\fR\ \fItype\fR]
[\fB\-C\fR\ \fInum\fR]
-[\fB\-c\fR\ \fIclass\fR]
+.if \n(LC [\fB\-c\fR\ \fIclass\fR]
[\fB\-g\fR\ \fIgroup\fR]
[\fB\-h\fR\ \fIhost\fR]
[\fB\-p\fR\ \fIprompt\fR]
-[\fB\-r\fR\ \fIrole\fR]
-[\fB\-t\fR\ \fItype\fR]
+.if \n(SL [\fB\-r\fR\ \fIrole\fR]
+.if \n(SL [\fB\-t\fR\ \fItype\fR]
[\fB\-T\fR\ \fItimeout\fR]
[\fB\-u\fR\ \fIuser\fR]
[\fIVAR\fR=\fIvalue\fR]
.HP 9n
\fBsudoedit\fR
[\fB\-AknS\fR]
-[\fB\-a\fR\ \fItype\fR]
+.if \n(BA [\fB\-a\fR\ \fItype\fR]
[\fB\-C\fR\ \fInum\fR]
-[\fB\-c\fR\ \fIclass\fR]
+.if \n(LC [\fB\-c\fR\ \fIclass\fR]
[\fB\-g\fR\ \fIgroup\fR]
[\fB\-h\fR\ \fIhost\fR]
[\fB\-p\fR\ \fIprompt\fR]
\fBsudo\fR
will exit with an error.
.RE
+.if \n(BA \{\
.TP 12n
\fB\-a\fR \fItype\fR, \fB\--auth-type\fR=\fItype\fR
-Use the specified BSD authentication
+Use the specified
+BSD
+authentication
\fItype\fR
when validating the user, if allowed by
\fI/etc/login.conf\fR.
\(lqauth-sudo\(rq
entry in
\fI/etc/login.conf\fR.
-This option is only available on systems that support BSD authentication.
+This option is only available on systems that support
+BSD
+authentication.
+.\}
.TP 12n
\fB\-b\fR, \fB\--background\fR
Run the given command in the background.
option when the administrator has enabled the
\fIclosefrom_override\fR
option.
+.if \n(LC \{\
.TP 12n
\fB\-c\fR \fIclass\fR, \fB\--login-class\fR=\fIclass\fR
Run the command with resource limits and scheduling priority of
\fI/etc/login.conf\fR
settings, such as the umask and environment variables, will
be applied, if present.
-This option is only available on systems with BSD login classes.
+This option is only available on systems with
+BSD
+login classes.
+.\}
.TP 12n
\fB\-E\fR, \fB\--preserve-env\fR
Indicates to the security policy that the user wishes to
flag is disabled in
\fIsudoers\fR.
.RE
+.if \n(SL \{\
.TP 12n
\fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR
Run the command with an SELinux security context that includes
the specified
\fIrole\fR.
+.\}
.TP 12n
\fB\-S\fR, \fB\--stdin\fR
Write the prompt to the standard error and read the password from the
Note that most shells behave differently when a command is specified
as compared to an interactive session; consult the shell's manual
for details.
+.if \n(SL \{\
.TP 12n
\fB\-t\fR \fItype\fR, \fB\--type\fR=\fItype\fR
Run the command with an SELinux security context that includes
If no
\fItype\fR
is specified, the default type is derived from the role.
+.\}
.TP 12n
\fB\-U\fR \fIuser\fR, \fB\--other-user\fR=\fIuser\fR
Used in conjunction with the
.TP 3n
\fB\(bu\fR
file creation mode mask (umask)
+.if \n(SL \{\
.TP 3n
\fB\(bu\fR
SELinux role and type
+.\}
+.if \n(PS \{\
.TP 3n
\fB\(bu\fR
Solaris project
+.\}
+.if \n(PS \{\
.TP 3n
\fB\(bu\fR
Solaris privileges
+.\}
+.if \n(LC \{\
.TP 3n
\fB\(bu\fR
-BSD login class
+BSD
+login class
+.\}
.TP 3n
\fB\(bu\fR
scheduling priority (aka nice value)
--- /dev/null
+s/^\(.TH .*\)/.nr SL @SEMAN@\
+.nr BA @BAMAN@\
+.nr LC @LCMAN@\
+.nr PS @PSMAN@\
+\1/
+
+s/^\(\[\\fB\\-a\\fR.*\\fItype\\fR\]\) *$/.if \\n(BA \1/
+s/^\(\[\\fB\\-c\\fR.*\\fIclass\\fR\]\) *$/.if \\n(LC \1/
+s/^\(\[\\fB\\-r\\fR.*\\fIrole\\fR\]\) *$/.if \\n(SL \1/
+s/^\(\[\\fB\\-t\\fR.*\\fItype\\fR\]\) *$/.if \\n(SL \1/
+
+/^\.TP 12n$/ {
+ N
+ /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/,/^\.TP 12n/ {
+ /^\.TP 12n/ {
+ /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/i\
+.if \\n(BA \\{\\
+ /^\.TP 12n\n\\fB\\-a\\fR.*\\fItype\\fR$/!i\
+.\\}
+ }
+ }
+ /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/,/^\.TP 12n/ {
+ /^\.TP 12n/ {
+ /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/i\
+.if \\n(LC \\{\\
+ /^\.TP 12n\n\\fB\\-c\\fR.*\\fIclass\\fR$/!i\
+.\\}
+ }
+ }
+ /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/,/^\.TP 12n/ {
+ /^\.TP 12n/ {
+ /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/i\
+.if \\n(SL \\{\\
+ /^\.TP 12n\n\\fB\\-r\\fR.*\\fIrole\\fR$/!i\
+.\\}
+ }
+ }
+ /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/,/^\.TP 12n/ {
+ /^\.TP 12n/ {
+ /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/i\
+.if \\n(SL \\{\\
+ /^\.TP 12n\n\\fB\\-t\\fR.*\\fItype\\fR$/!i\
+.\\}
+ }
+ }
+}
+
+/^\.TP 3n$/ {
+ N
+ N
+ /^.TP 3n\n\\fB\\(bu\\fR\nSELinux role and type$/ {
+ i\
+.if \\n(SL \\{\\
+ a\
+.\\}
+ }
+ /^.TP 3n\n\\fB\\(bu\\fR\nSolaris project$/ {
+ i\
+.if \\n(PS \\{\\
+ a\
+.\\}
+ }
+ /^.TP 3n\n\\fB\\(bu\\fR\nSolaris privileges$/ {
+ i\
+.if \\n(PS \\{\\
+ a\
+.\\}
+ }
+ /^.TP 3n\n\\fB\\(bu\\fR\nBSD$/ {
+ N
+ i\
+.if \\n(LC \\{\\
+ a\
+.\\}
+ }
+}
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd October 27, 2018
+.nr SL @SEMAN@
+.nr BA @BAMAN@
+.nr LC @LCMAN@
+.nr PS @PSMAN@
+.Dd November 25, 2018
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Nm sudo
.Fl v
.Op Fl AknS
+.if \n(BA \{\
.Op Fl a Ar type
+.\}
.Op Fl g Ar group
.Op Fl h Ar host
.Op Fl p Ar prompt
.Nm sudo
.Fl l
.Op Fl AknS
+.if \n(BA \{\
.Op Fl a Ar type
+.\}
.Op Fl g Ar group
.Op Fl h Ar host
.Op Fl p Ar prompt
.Op Ar command
.Nm sudo
.Op Fl AbEHnPS
+.if \n(BA \{\
.Op Fl a Ar type
+.\}
.Op Fl C Ar num
+.if \n(LC \{\
.Op Fl c Ar class
+.\}
.Op Fl g Ar group
.Op Fl h Ar host
.Op Fl p Ar prompt
+.if \n(SL \{\
.Op Fl r Ar role
.Op Fl t Ar type
+.\}
.Op Fl T Ar timeout
.Op Fl u Ar user
.Op Ar VAR Ns = Ns Ar value
.Op Ar command
.Nm sudoedit
.Op Fl AknS
+.if \n(BA \{\
.Op Fl a Ar type
+.\}
.Op Fl C Ar num
+.if \n(LC \{\
.Op Fl c Ar class
+.\}
.Op Fl g Ar group
.Op Fl h Ar host
.Op Fl p Ar prompt
If no askpass program is available,
.Nm
will exit with an error.
+.if \n(BA \{\
.It Fl a Ar type , Fl -auth-type Ns = Ns Ar type
-Use the specified BSD authentication
+Use the specified
+.Bx
+authentication
.Ar type
when validating the user, if allowed by
.Pa /etc/login.conf .
.Dq auth-sudo
entry in
.Pa /etc/login.conf .
-This option is only available on systems that support BSD authentication.
+This option is only available on systems that support
+.Bx
+authentication.
+.\}
.It Fl b , -background
Run the given command in the background.
Note that it is not possible to use shell job control to manipulate
option when the administrator has enabled the
.Em closefrom_override
option.
+.if \n(LC \{\
.It Fl c Ar class , Fl -login-class Ns = Ns Ar class
Run the command with resource limits and scheduling priority of
the specified login
.Pa /etc/login.conf
settings, such as the umask and environment variables, will
be applied, if present.
-This option is only available on systems with BSD login classes.
+This option is only available on systems with
+.Bx
+login classes.
+.\}
.It Fl E , -preserve-env
Indicates to the security policy that the user wishes to
preserve their existing environment variables.
.Em passprompt_override
flag is disabled in
.Em sudoers .
+.if \n(SL \{\
.It Fl r Ar role , Fl -role Ns = Ns Ar role
Run the command with an SELinux security context that includes
the specified
.Ar role .
+.\}
.It Fl S , -stdin
Write the prompt to the standard error and read the password from the
standard input instead of using the terminal device.
Note that most shells behave differently when a command is specified
as compared to an interactive session; consult the shell's manual
for details.
+.if \n(SL \{\
.It Fl t Ar type , Fl -type Ns = Ns Ar type
Run the command with an SELinux security context that includes
the specified
If no
.Ar type
is specified, the default type is derived from the role.
+.\}
.It Fl U Ar user , Fl -other-user Ns = Ns Ar user
Used in conjunction with the
.Fl l
current working directory
.It
file creation mode mask (umask)
+.if \n(SL \{\
.It
SELinux role and type
+.\}
+.if \n(PS \{\
.It
Solaris project
.It
Solaris privileges
+.\}
+.if \n(LC \{\
.It
-BSD login class
+.Bx
+login class
+.\}
.It
scheduling priority (aka nice value)
.El
setting the group to operator or system.
O\bOp\bpt\bti\bio\bon\bn_\b_S\bSp\bpe\bec\bc
- A Cmnd may have zero or more options associated with it. Depending on
- the system, options may consist of SELinux roles and/or types, Solaris
- privileges sets, and command timeouts. Once an option is set for a Cmnd,
+ A Cmnd may have zero or more options associated with it. Options may
+ consist of SELinux roles and/or types, Solaris privileges sets, start
+ and/or end dates and command timeouts. Once an option is set for a Cmnd,
subsequent Cmnds in the Cmnd_Spec_List, inherit that option unless it is
overridden by another option.
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.26 October 27, 2018 Sudo 1.8.26
+Sudo 1.8.26 November 25, 2018 Sudo 1.8.26
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "5" "October 27, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.nr SL @SEMAN@
+.nr BA @BAMAN@
+.nr LC @LCMAN@
+.nr PS @PSMAN@
+.TH "SUDOERS" "5" "November 25, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
contents of the
\fI/etc/environment\fR
file.
-On BSD systems, if the
+.if \n(LC \{\
+On
+BSD
+systems, if the
\fIuse_loginclass\fR
option is enabled, the environment is initialized
based on the
\fIsetenv\fR
settings in
\fI/etc/login.conf\fR.
+.\}
The new environment contains the
\fRTERM\fR,
\fRPATH\fR,
\fI/etc/environment\fR
are also
included.
-On BSD systems, if the
+.if \n(LC \{\
+On
+BSD
+systems, if the
\fIuse_loginclass\fR
flag is
enabled, the
variables in
\fI/etc/login.conf\fR
are also applied.
+.\}
All other environment variables are removed unless permitted by
\fIenv_keep\fR
or
Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'
-Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec)
+.ie \n(SL \{\
+.ie \n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec)
+.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec)
+.\}
+.el \{\
+.ie \n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec)
+.el Option_Spec ::= (Date_Spec | Timeout_Spec)
+.\}
+.if \n(SL \{\
SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
+.\}
+.if \n(PS \{\
Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
+.\}
Date_Spec ::= ('NOTBEFORE=timestamp' | 'NOTAFTER=timestamp')
Timeout_Spec ::= 'TIMEOUT=timeout'
A
\fRCmnd\fR
may have zero or more options associated with it.
-Depending on the system, options may consist of SELinux roles
-and/or types, Solaris privileges sets, and command timeouts.
+Options may consist of
+.if \n(SL \{\
+SELinux roles and/or types,
+.\}
+.if \n(PS \{\
+Solaris privileges sets,
+.\}
+start and/or end dates and command timeouts.
Once an option is set for a
\fRCmnd\fR,
subsequent
in the
\fRCmnd_Spec_List\fR,
inherit that option unless it is overridden by another option.
+.if \n(SL \{\
.SS "SELinux_Spec"
On systems with SELinux support,
\fIsudoers\fR
A role or type specified on the command line,
however, will supersede the values in
\fIsudoers\fR.
+.\}
+.if \n(PS \{\
.SS "Solaris_Priv_Spec"
On Solaris systems,
\fIsudoers\fR
or
\(oq\-\(cq
character.
+.\}
.SS "Date_Spec"
\fBsudoers\fR
rules can be specified with a start and end date via the
This flag is
\fI@umask_override@\fR
by default.
+.if \n(BA \{\
.TP 18n
use_loginclass
If set,
This flag is
\fIoff\fR
by default.
+.\}
.TP 18n
use_netgroups
If set, netgroups (prefixed with
be cleared when the system reboots.
The default is
\fI@vardir@/lectured\fR.
+.if \n(PS \{\
.TP 18n
limitprivs
The default Solaris limit privileges to use when constructing a new
This option is only available if
\fBsudoers\fR
is built on Solaris 10 or higher.
+.\}
.TP 18n
mailsub
Subject of the mail sent to the
The default value is
\(lq\fR@passprompt@\fR\(rq.
.RE
+.if \n(PS \{\
.TP 18n
privs
The default Solaris privileges to use when constructing a new
This option is only available if
\fBsudoers\fR
is built on Solaris 10 or higher.
+.\}
+.if \n(SL \{\
.TP 18n
role
The default SELinux role to use when constructing a new security
This option is only available when
\fBsudo\fR
is built with SELinux support.
+.\}
.TP 18n
runas_default
The default user to run commands as if the
files stored therein.
The default is
\fRroot\fR.
+.if \n(SL \{\
.TP 18n
type
The default SELinux type to use when constructing a new security
.RE
.PP
\fBLists that can be used in a boolean context\fR:
+.\}
.TP 18n
env_check
Environment variables to be removed from the user's environment
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd October 27, 2018
+.nr SL @SEMAN@
+.nr BA @BAMAN@
+.nr LC @LCMAN@
+.nr PS @PSMAN@
+.Dd November 25, 2018
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
contents of the
.Pa /etc/environment
file.
-On BSD systems, if the
+.if \n(LC \{\
+On
+.Bx
+systems, if the
.Em use_loginclass
option is enabled, the environment is initialized
based on the
.Em setenv
settings in
.Pa /etc/login.conf .
+.\}
The new environment contains the
.Ev TERM ,
.Ev PATH ,
.Pa /etc/environment
are also
included.
-On BSD systems, if the
+.if \n(LC \{\
+On
+.Bx
+systems, if the
.Em use_loginclass
flag is
enabled, the
variables in
.Pa /etc/login.conf
are also applied.
+.\}
All other environment variables are removed unless permitted by
.Em env_keep
or
Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'
-Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec)
+.ie \n(SL \{\
+.ie \n(PS Option_Spec ::= (SELinux_Spec | Solaris_Priv_Spec | Date_Spec | Timeout_Spec)
+.el Option_Spec ::= (SELinux_Spec | Date_Spec | Timeout_Spec)
+.\}
+.el \{\
+.ie \n(PS Option_Spec ::= (Solaris_Priv_Spec | Date_Spec | Timeout_Spec)
+.el Option_Spec ::= (Date_Spec | Timeout_Spec)
+.\}
+.if \n(SL \{\
SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
+.\}
+.if \n(PS \{\
Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
+.\}
Date_Spec ::= ('NOTBEFORE=timestamp' | 'NOTAFTER=timestamp')
Timeout_Spec ::= 'TIMEOUT=timeout'
A
.Li Cmnd
may have zero or more options associated with it.
-Depending on the system, options may consist of SELinux roles
-and/or types, Solaris privileges sets, and command timeouts.
+Options may consist of
+.if \n(SL \{\
+SELinux roles and/or types,
+.\}
+.if \n(PS \{\
+Solaris privileges sets,
+.\}
+start and/or end dates and command timeouts.
Once an option is set for a
.Li Cmnd ,
subsequent
in the
.Li Cmnd_Spec_List ,
inherit that option unless it is overridden by another option.
+.if \n(SL \{\
.Ss SELinux_Spec
On systems with SELinux support,
.Em sudoers
A role or type specified on the command line,
however, will supersede the values in
.Em sudoers .
+.\}
+.if \n(PS \{\
.Ss Solaris_Priv_Spec
On Solaris systems,
.Em sudoers
or
.Ql \-
character.
+.\}
.Ss Date_Spec
.Nm sudoers
rules can be specified with a start and end date via the
This flag is
.Em @umask_override@
by default.
+.if \n(LC \{\
.It use_loginclass
If set,
.Nm sudo
This flag is
.Em off
by default.
+.\}
.It use_netgroups
If set, netgroups (prefixed with
.Ql + ) ,
be cleared when the system reboots.
The default is
.Pa @vardir@/lectured .
+.if \n(PS \{\
.It limitprivs
The default Solaris limit privileges to use when constructing a new
privilege set for a command.
This option is only available if
.Nm
is built on Solaris 10 or higher.
+.\}
.It mailsub
Subject of the mail sent to the
.Em mailto
.Pp
The default value is
.Dq Li "@passprompt@" .
+.if \n(PS \{\
.It privs
The default Solaris privileges to use when constructing a new
privilege set for a command.
This option is only available if
.Nm
is built on Solaris 10 or higher.
+.\}
+.if \n(SL \{\
.It role
The default SELinux role to use when constructing a new security
context to run the command.
This option is only available when
.Nm sudo
is built with SELinux support.
+.\}
.It runas_default
The default user to run commands as if the
.Fl u
files stored therein.
The default is
.Li root .
+.if \n(SL \{\
.It type
The default SELinux type to use when constructing a new security
context to run the command.
This option is only available when
.Nm sudo
is built with SELinux support.
+.\}
.El
.Pp
.Sy Strings that can be used in a boolean context :
projects / sudo / commitdiff