Make the env_reset descriptions consistent.

--HG--
branch : 1.7

diff --git a/sudo.pod b/sudo.pod
index 555274cf2725f376afa94809ae118cbed90b2117..76755d0048ef2da44ab831005ec393e01a34d916 100644 (file)
--- a/sudo.pod
+++ b/sudo.pod
@@ -426,13 +426,14 @@ unreachable.
 
 B<sudo> tries to be safe when executing external commands.
 
-There are two distinct ways to deal with environment variables.
-By default, the I<env_reset> I<sudoers> option is enabled.
-This causes commands to be executed with a minimal environment
-containing C<TERM>, C<PATH>, C<HOME>, C<SHELL>, C<LOGNAME>, C<USER>
-and C<USERNAME> in addition to variables from the invoking process
-permitted by the I<env_check> and I<env_keep> I<sudoers> options.
-There is effectively a whitelist for environment variables.
+There are two distinct ways to deal with environment variables.  By
+default, the I<env_reset> I<sudoers> option is enabled.  This causes
+commands to be executed with a minimal environment containing the
+C<TERM>, C<PATH>, C<HOME>, C<MAIL>, C<SHELL>, C<LOGNAME>, C<USER>,
+C<USERNAME> and C<SUDO_*> variables in addition to variables from
+the invoking process permitted by the I<env_check> and I<env_keep>
+I<sudoers> options.  This is effectively a whitelist for environment
+variables.
 
 If, however, the I<env_reset> option is disabled in I<sudoers>, any
 variables not explicitly denied by the I<env_check> and I<env_delete>

diff --git a/sudoers.pod b/sudoers.pod
index 5a84a40f3d752d6c942e49995a283e4d8fc333e0..156b1421e55bd1a79de9a113bf313a69161d7280 100644 (file)
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -683,14 +683,17 @@ default.
 
 =item env_reset
 
-If set, B<sudo> will reset the environment to only contain the
-LOGNAME, MAIL, SHELL, USER, USERNAME and the C<SUDO_*> variables.  Any
+If set, B<sudo> will run the command in a minimal environment
+containing the C<TERM>, C<PATH>, C<HOME>, C<MAIL>, C<SHELL>,
+C<LOGNAME>, C<USER>, C<USERNAME> and C<SUDO_*> variables.  Any
 variables in the caller's environment that match the C<env_keep>
-and C<env_check> lists are then added.  The default contents of the
-C<env_keep> and C<env_check> lists are displayed when B<sudo> is
-run by root with the I<-V> option.  If the I<secure_path> option
-is set, its value will be used for the C<PATH> environment variable.
-This flag is I<@env_reset@> by default.
+and C<env_check> lists are then added, followed by any variables
+present in the file specified by the I<env_file> option (if any).
+The default contents of the C<env_keep> and C<env_check> lists are
+displayed when B<sudo> is run by root with the I<-V> option.  If
+the I<secure_path> option is set, its value will be used for the
+C<PATH> environment variable.  This flag is I<@env_reset@> by
+default.
 
 =item fast_glob
 
@@ -1204,7 +1207,7 @@ environment variable.
 
 =item env_file
 
-The I<env_file> options specifies the fully qualified path to a
+The I<env_file> option specifies the fully qualified path to a
 file containing variables to be set in the environment of the program
 being run.  Entries in this file should either be of the form
 C<VARIABLE=value> or C<export VARIABLE=value>.  The value may