Document that the target user's groups may be specified via the -g option.

diff --git a/doc/sudo.cat b/doc/sudo.cat
index 1fe43bdc0c9b321eb1b0bf791a852a6d0fd28882..eb679c1e2d080612dfec60e17784afb40d2813e0 100644 (file)
--- a/doc/sudo.cat
+++ b/doc/sudo.cat
@@ -167,7 +167,9 @@ D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
                  require that the `#' be escaped with a backslash (`\').  If
                  no -\b-u\bu option is specified, the command will be run as the
                  invoking user.  In either case, the primary group will be set
-                 to _\bg_\br_\bo_\bu_\bp.
+                 to _\bg_\br_\bo_\bu_\bp.  The _\bs_\bu_\bd_\bo_\be_\br_\bs policy permits any of the target
+                 user's groups to be specified via the -\b-g\bg option as long as
+                 the -\b-P\bP option is not in use.
 
      -\b-H\bH, -\b--\b-s\bse\bet\bt-\b-h\bho\bom\bme\be
                  Request that the security policy set the HOME environment
@@ -736,4 +738,4 @@ D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
      file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.26                    October 13, 2018                    Sudo 1.8.26
+Sudo 1.8.26                    October 27, 2018                    Sudo 1.8.26

diff --git a/doc/sudo.man.in b/doc/sudo.man.in
index 8551a61f093b70acd93bcebb4962d587ebc3881a..08049cc57a925da09050399895eeca4e3610d640 100644 (file)
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDO" "8" "October 13, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "8" "October 27, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -363,6 +363,14 @@ If no
 option is specified, the command will be run as the invoking user.
 In either case, the primary group will be set to
 \fIgroup\fR.
+The
+\fIsudoers\fR
+policy permits any of the target user's groups to be specified via
+the
+\fB\-g\fR
+option as long as the
+\fB\-P\fR
+option is not in use.
 .TP 12n
 \fB\-H\fR, \fB\--set-home\fR
 Request that the security policy set the

diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in
index 28fa7c35c8b1351820cd47ef47f428bbc321a991..0de854e6f83e6ad29f02113ac92cdf1cbec4691d 100644 (file)
--- a/doc/sudo.mdoc.in
+++ b/doc/sudo.mdoc.in
@@ -18,7 +18,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd October 13, 2018
+.Dd October 27, 2018
 .Dt SUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -330,6 +330,14 @@ If no
 option is specified, the command will be run as the invoking user.
 In either case, the primary group will be set to
 .Ar group .
+The
+.Em sudoers
+policy permits any of the target user's groups to be specified via
+the
+.Fl g
+option as long as the
+.Fl P
+option is not in use.
 .It Fl H , -set-home
 Request that the security policy set the
 .Ev HOME

diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 6d6ae2d4aac4d55491225e9d1b1e6c2d84252248..9574f6d82643a103ee2139673b1f8299a5023e41 100644 (file)
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -530,15 +530,16 @@ S\bSU\bUD\bDO\bOE\bER\bRS\bS F\bFI\bIL\bLE\bE F\bFO\bOR\bRM\bMA\bAT\bT
      defined above) separated by a colon (`:') and enclosed in a set of
      parentheses.  The first Runas_List indicates which users the command may
      be run as via s\bsu\bud\bdo\bo's -\b-u\bu option.  The second defines a list of groups that
-     can be specified via s\bsu\bud\bdo\bo's -\b-g\bg option.  If both Runas_Lists are
-     specified, the command may be run with any combination of users and
-     groups listed in their respective Runas_Lists. If only the first is
-     specified, the command may be run as any user in the list but no -\b-g\bg
-     option may be specified.  If the first Runas_List is empty but the second
-     is specified, the command may be run as the invoking user with the group
-     set to any listed in the Runas_List.  If both Runas_Lists are empty, the
-     command may only be run as the invoking user.  If no Runas_Spec is
-     specified the command may be run as r\bro\boo\bot\bt and no group may be specified.
+     can be specified via s\bsu\bud\bdo\bo's -\b-g\bg option in addition to any of the target
+     user's groups.  If both Runas_Lists are specified, the command may be run
+     with any combination of users and groups listed in their respective
+     Runas_Lists. If only the first is specified, the command may be run as
+     any user in the list but no -\b-g\bg option may be specified.  If the first
+     Runas_List is empty but the second is specified, the command may be run
+     as the invoking user with the group set to any listed in the Runas_List.
+     If both Runas_Lists are empty, the command may only be run as the
+     invoking user.  If no Runas_Spec is specified the command may be run as
+     r\bro\boo\bot\bt and no group may be specified.
 
      A Runas_Spec sets the default for the commands that follow it.  What this
      means is that for the entry:
@@ -2927,4 +2928,4 @@ D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
      file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.26                     October 7, 2018                    Sudo 1.8.26
+Sudo 1.8.26                    October 27, 2018                    Sudo 1.8.26

diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index 642f2fce96a376b0f6780152cdf2d2f61c83938f..cfa420171f44ba85bdb9daf2dd839489d3da9e74 100644 (file)
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDOERS" "5" "October 7, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "October 27, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -1092,7 +1092,7 @@ option.
 The second defines a list of groups that can be specified via
 \fBsudo\fR's
 \fB\-g\fR
-option.
+option in addition to any of the target user's groups.
 If both
 \fRRunas_List\fRs
 are specified, the command may be run with any combination of users

diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index c592edee70d1acccf9d024920619c940a1bb550c..9414c68cbdce4cb67b5651448e353bf6b464e67d 100644 (file)
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -18,7 +18,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd October 7, 2018
+.Dd October 27, 2018
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -1045,7 +1045,7 @@ option.
 The second defines a list of groups that can be specified via
 .Nm sudo Ns 's
 .Fl g
-option.
+option in addition to any of the target user's groups.
 If both
 .Li Runas_List Ns s
 are specified, the command may be run with any combination of users