.\"
.\" SPDX-License-Identifier: ISC
.\"
-.\" Copyright (c) 2009-2018 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2009-2019 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.TH "SUDO_PLUGIN" "5" "October 24, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_PLUGIN" "5" "June 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
The vector is terminated by a
\fRNULL\fR
pointer.
-These settings correspond to flags the user specified when running
+These settings correspond to options the user specified when running
\fBsudo\fR.
-As such, they will only be present when the corresponding flag has
+As such, they will only be present when the corresponding option has
been specified on the command line.
.sp
When parsing
bsdauth_type=string
Authentication type, if specified by the
\fB\-a\fR
-flag, to use on
+option, to use on
systems where
BSD
authentication is supported.
closefrom=number
If specified, the user has requested via the
\fB\-C\fR
-flag that
+option that
\fBsudo\fR
close all files descriptors with a value of
\fInumber\fR
ignore_ticket=bool
Set to true if the user specified the
\fB\-k\fR
-flag along with a
+option along with a
command, indicating that the user wishes to ignore any cached
authentication credentials.
\fIimplied_shell\fR
login class to use when setting resource limits and nice value,
if specified by the
\fB\-c\fR
-flag.
+option.
.TP 6n
login_shell=bool
Set to true if the user specified the
\fB\-i\fR
-flag, indicating that
+option, indicating that
the user wishes to run a login shell.
.TP 6n
max_groups=int
noninteractive=bool
Set to true if the user specified the
\fB\-n\fR
-flag, indicating that
+option, indicating that
\fBsudo\fR
should operate in non-interactive mode.
The plugin may reject a command run in non-interactive mode if user
preserve_environment=bool
Set to true if the user specified the
\fB\-E\fR
-flag, indicating that
+option, indicating that
the user wishes to preserve the environment.
.TP 6n
preserve_groups=bool
Set to true if the user specified the
\fB\-P\fR
-flag, indicating that
+option, indicating that
the user wishes to preserve the group vector instead of setting it
based on the runas user.
.TP 6n
The prompt to use when requesting a password, if specified via
the
\fB\-p\fR
-flag.
+option.
.TP 6n
remote_host=string
The name of the remote host to run the command on, if specified via
run_shell=bool
Set to true if the user specified the
\fB\-s\fR
-flag, indicating that the user wishes to run a shell.
+option, indicating that the user wishes to run a shell.
.TP 6n
runas_group=string
The group name or gid to run the command as, if specified via
the
\fB\-g\fR
-flag.
+option.
.TP 6n
runas_user=string
The user name or uid to run the command as, if specified via the
\fB\-u\fR
-flag.
+option.
.TP 6n
selinux_role=string
SELinux role to use when executing the command, if specified by
the
\fB\-r\fR
-flag.
+option.
.TP 6n
selinux_type=string
SELinux type to use when executing the command, if specified by
the
\fB\-t\fR
-flag.
+option.
.TP 6n
set_home=bool
Set to true if the user specified the
\fB\-H\fR
-flag.
+option.
If true, set the
\fRHOME\fR
environment variable to the target user's home directory.
sudoedit=bool
Set to true when the
\fB\-e\fR
-flag is specified or if invoked as
+option is specified or if invoked as
\fBsudoedit\fR.
The plugin shall substitute an editor into
\fIargv\fR
and include it in
\fIargv_out\fR
(note that environment
-variables may include command line flags).
+variables may include command line options).
The files to be edited should be copied from
\fIargv\fR
into
\fBsudo\fR
is run with the
\fB\-v\fR
-flag.
+option.
For policy plugins such as
\fBsudoers\fR
that cache
\fB\-k\fR
or
\fB\-K\fR
-flag.
+option.
For policy plugins such as
\fBsudoers\fR
that
The vector is terminated by a
\fRNULL\fR
pointer.
-These settings correspond to flags the user specified when running
+These settings correspond to options the user specified when running
\fBsudo\fR.
-As such, they will only be present when the corresponding flag has
+As such, they will only be present when the corresponding option has
been specified on the command line.
.sp
When parsing
.\"
.\" SPDX-License-Identifier: ISC
.\"
-.\" Copyright (c) 2009-2018 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2009-2019 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd October 24, 2018
+.Dd June 20, 2019
.Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
The vector is terminated by a
.Dv NULL
pointer.
-These settings correspond to flags the user specified when running
+These settings correspond to options the user specified when running
.Nm sudo .
-As such, they will only be present when the corresponding flag has
+As such, they will only be present when the corresponding option has
been specified on the command line.
.Pp
When parsing
.It bsdauth_type=string
Authentication type, if specified by the
.Fl a
-flag, to use on
+option, to use on
systems where
.Bx
authentication is supported.
.It closefrom=number
If specified, the user has requested via the
.Fl C
-flag that
+option that
.Nm sudo
close all files descriptors with a value of
.Em number
.It ignore_ticket=bool
Set to true if the user specified the
.Fl k
-flag along with a
+option along with a
command, indicating that the user wishes to ignore any cached
authentication credentials.
.Em implied_shell
login class to use when setting resource limits and nice value,
if specified by the
.Fl c
-flag.
+option.
.It login_shell=bool
Set to true if the user specified the
.Fl i
-flag, indicating that
+option, indicating that
the user wishes to run a login shell.
.It max_groups=int
The maximum number of groups a user may belong to.
.It noninteractive=bool
Set to true if the user specified the
.Fl n
-flag, indicating that
+option, indicating that
.Nm sudo
should operate in non-interactive mode.
The plugin may reject a command run in non-interactive mode if user
.It preserve_environment=bool
Set to true if the user specified the
.Fl E
-flag, indicating that
+option, indicating that
the user wishes to preserve the environment.
.It preserve_groups=bool
Set to true if the user specified the
.Fl P
-flag, indicating that
+option, indicating that
the user wishes to preserve the group vector instead of setting it
based on the runas user.
.It progname=string
The prompt to use when requesting a password, if specified via
the
.Fl p
-flag.
+option.
.It remote_host=string
The name of the remote host to run the command on, if specified via
the
.It run_shell=bool
Set to true if the user specified the
.Fl s
-flag, indicating that the user wishes to run a shell.
+option, indicating that the user wishes to run a shell.
.It runas_group=string
The group name or gid to run the command as, if specified via
the
.Fl g
-flag.
+option.
.It runas_user=string
The user name or uid to run the command as, if specified via the
.Fl u
-flag.
+option.
.It selinux_role=string
SELinux role to use when executing the command, if specified by
the
.Fl r
-flag.
+option.
.It selinux_type=string
SELinux type to use when executing the command, if specified by
the
.Fl t
-flag.
+option.
.It set_home=bool
Set to true if the user specified the
.Fl H
-flag.
+option.
If true, set the
.Li HOME
environment variable to the target user's home directory.
.It sudoedit=bool
Set to true when the
.Fl e
-flag is specified or if invoked as
+option is specified or if invoked as
.Nm sudoedit .
The plugin shall substitute an editor into
.Em argv
and include it in
.Em argv_out
(note that environment
-variables may include command line flags).
+variables may include command line options).
The files to be edited should be copied from
.Em argv
into
.Nm sudo
is run with the
.Fl v
-flag.
+option.
For policy plugins such as
.Nm sudoers
that cache
.Fl k
or
.Fl K
-flag.
+option.
For policy plugins such as
.Nm sudoers
that
The vector is terminated by a
.Dv NULL
pointer.
-These settings correspond to flags the user specified when running
+These settings correspond to options the user specified when running
.Nm sudo .
-As such, they will only be present when the corresponding flag has
+As such, they will only be present when the corresponding option has
been specified on the command line.
.Pp
When parsing
projects / sudo / commitdiff